diff options
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID')
13 files changed, 213 insertions, 71 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php index c9b5c6af7..54c5f9a63 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php @@ -11,8 +11,19 @@ use OAuth2\ResponseInterface; */ class AuthorizeController extends BaseAuthorizeController implements AuthorizeControllerInterface { + /** + * @var mixed + */ private $nonce; + /** + * Set not authorized response + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @param string $redirect_uri + * @param null $user_id + */ protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null) { $prompt = $request->query('prompt', 'consent'); @@ -32,6 +43,14 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message); } + /** + * @TODO: add dependency injection for the parameters in this method + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @param mixed $user_id + * @return array + */ protected function buildAuthorizeParameters($request, $response, $user_id) { if (!$params = parent::buildAuthorizeParameters($request, $response, $user_id)) { @@ -49,6 +68,11 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo return $params; } + /** + * @param RequestInterface $request + * @param ResponseInterface $response + * @return bool + */ public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response) { if (!parent::validateAuthorizeRequest($request, $response)) { @@ -69,6 +93,11 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo return true; } + /** + * Array of valid response types + * + * @return array + */ protected function getValidResponseTypes() { return array( @@ -87,11 +116,8 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo * method checks whether OpenID Connect is enabled in the server settings * and whether the openid scope was requested. * - * @param $request_scope - * A space-separated string of scopes. - * - * @return - * TRUE if an id token is needed, FALSE otherwise. + * @param string $request_scope - A space-separated string of scopes. + * @return boolean - TRUE if an id token is needed, FALSE otherwise. */ public function needsIdToken($request_scope) { @@ -99,6 +125,9 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo return $this->scopeUtil->checkScope('openid', $request_scope); } + /** + * @return mixed + */ public function getNonce() { return $this->nonce; diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php index 1e231d844..b4967c317 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php @@ -5,6 +5,8 @@ namespace OAuth2\OpenID\Controller; interface AuthorizeControllerInterface { const RESPONSE_TYPE_ID_TOKEN = 'id_token'; + const RESPONSE_TYPE_ID_TOKEN_TOKEN = 'id_token token'; + const RESPONSE_TYPE_CODE_ID_TOKEN = 'code id_token'; } diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php index 30cb942d0..c489b7af3 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php @@ -16,30 +16,34 @@ use OAuth2\ResponseInterface; */ class UserInfoController extends ResourceController implements UserInfoControllerInterface { - private $token; - - protected $tokenType; - protected $tokenStorage; + /** + * @var UserClaimsInterface + */ protected $userClaimsStorage; - protected $config; - protected $scopeUtil; + /** + * Constructor + * + * @param TokenTypeInterface $tokenType + * @param AccessTokenInterface $tokenStorage + * @param UserClaimsInterface $userClaimsStorage + * @param array $config + * @param ScopeInterface $scopeUtil + */ public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, UserClaimsInterface $userClaimsStorage, $config = array(), ScopeInterface $scopeUtil = null) { - $this->tokenType = $tokenType; - $this->tokenStorage = $tokenStorage; - $this->userClaimsStorage = $userClaimsStorage; - - $this->config = array_merge(array( - 'www_realm' => 'Service', - ), $config); + parent::__construct($tokenType, $tokenStorage, $config, $scopeUtil); - if (is_null($scopeUtil)) { - $scopeUtil = new Scope(); - } - $this->scopeUtil = $scopeUtil; + $this->userClaimsStorage = $userClaimsStorage; } + /** + * Handle the user info request + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @return void + */ public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response) { if (!$this->verifyResourceRequest($request, $response, 'openid')) { @@ -55,4 +59,4 @@ class UserInfoController extends ResourceController implements UserInfoControlle ); $response->addParameters($claims); } -} +}
\ No newline at end of file diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php index a89049d49..88e9228d0 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php @@ -9,15 +9,22 @@ use OAuth2\ResponseInterface; * This controller is called when the user claims for OpenID Connect's * UserInfo endpoint should be returned. * - * ex: - * > $response = new OAuth2\Response(); - * > $userInfoController->handleUserInfoRequest( - * > OAuth2\Request::createFromGlobals(), - * > $response; - * > $response->send(); - * + * @code + * $response = new OAuth2\Response(); + * $userInfoController->handleUserInfoRequest( + * OAuth2\Request::createFromGlobals(), + * $response + * ); + * $response->send(); + * @endcode */ interface UserInfoControllerInterface { + /** + * Handle user info request + * + * @param RequestInterface $request + * @param ResponseInterface $response + */ public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response); } diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php index 8ed1edc26..ee113a0e5 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php @@ -6,11 +6,19 @@ use OAuth2\GrantType\AuthorizationCode as BaseAuthorizationCode; use OAuth2\ResponseType\AccessTokenInterface; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ class AuthorizationCode extends BaseAuthorizationCode { + /** + * Create access token + * + * @param AccessTokenInterface $accessToken + * @param mixed $client_id - client identifier related to the access token. + * @param mixed $user_id - user id associated with the access token + * @param string $scope - scopes to be stored in space-separated string. + * @return array + */ public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope) { $includeRefreshToken = true; diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php index 8971954c5..b8ad41ffb 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php @@ -6,16 +6,26 @@ use OAuth2\ResponseType\AuthorizationCode as BaseAuthorizationCode; use OAuth2\OpenID\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCodeInterface { + /** + * Constructor + * + * @param AuthorizationCodeStorageInterface $storage + * @param array $config + */ public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array()) { parent::__construct($storage, $config); } + /** + * @param $params + * @param null $user_id + * @return array + */ public function getAuthorizeResponse($params, $user_id = null) { // build the URL to redirect to @@ -35,18 +45,14 @@ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCo /** * Handle the creation of the authorization code. * - * @param $client_id - * Client identifier related to the authorization code - * @param $user_id - * User ID associated with the authorization code - * @param $redirect_uri - * An absolute URI to which the authorization server will redirect the - * user-agent to when the end-user authorization step is completed. - * @param $scope - * (optional) Scopes to be stored in space-separated string. - * @param $id_token - * (optional) The OpenID Connect id_token. + * @param mixed $client_id - Client identifier related to the authorization code + * @param mixed $user_id - User ID associated with the authorization code + * @param string $redirect_uri - An absolute URI to which the authorization server will redirect the + * user-agent to when the end-user authorization step is completed. + * @param string $scope - OPTIONAL Scopes to be stored in space-separated string. + * @param string $id_token - OPTIONAL The OpenID Connect id_token. * + * @return string * @see http://tools.ietf.org/html/rfc6749#section-4 * @ingroup oauth2_section_4 */ diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php index ea4779255..eb94ef077 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php @@ -5,7 +5,6 @@ namespace OAuth2\OpenID\ResponseType; use OAuth2\ResponseType\AuthorizationCodeInterface as BaseAuthorizationCodeInterface; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface @@ -13,12 +12,13 @@ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface /** * Handle the creation of the authorization code. * - * @param $client_id Client identifier related to the authorization code - * @param $user_id User ID associated with the authorization code - * @param $redirect_uri An absolute URI to which the authorization server will redirect the - * user-agent to when the end-user authorization step is completed. - * @param $scope OPTIONAL Scopes to be stored in space-separated string. - * @param $id_token OPTIONAL The OpenID Connect id_token. + * @param mixed $client_id - Client identifier related to the authorization code + * @param mixed $user_id - User ID associated with the authorization code + * @param string $redirect_uri - An absolute URI to which the authorization server will redirect the + * user-agent to when the end-user authorization step is completed. + * @param string $scope - OPTIONAL Scopes to be stored in space-separated string. + * @param string $id_token - OPTIONAL The OpenID Connect id_token. + * @return string * * @see http://tools.ietf.org/html/rfc6749#section-4 * @ingroup oauth2_section_4 diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php index ac7764d6c..2696ada37 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php @@ -4,15 +4,31 @@ namespace OAuth2\OpenID\ResponseType; class CodeIdToken implements CodeIdTokenInterface { + /** + * @var AuthorizationCodeInterface + */ protected $authCode; + + /** + * @var IdTokenInterface + */ protected $idToken; + /** + * @param AuthorizationCodeInterface $authCode + * @param IdTokenInterface $idToken + */ public function __construct(AuthorizationCodeInterface $authCode, IdTokenInterface $idToken) { $this->authCode = $authCode; $this->idToken = $idToken; } + /** + * @param array $params + * @param mixed $user_id + * @return mixed + */ public function getAuthorizeResponse($params, $user_id = null) { $result = $this->authCode->getAuthorizeResponse($params, $user_id); diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php index 97777fbf2..55e446074 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php @@ -6,14 +6,38 @@ use OAuth2\Encryption\EncryptionInterface; use OAuth2\Encryption\Jwt; use OAuth2\Storage\PublicKeyInterface; use OAuth2\OpenID\Storage\UserClaimsInterface; +use LogicException; class IdToken implements IdTokenInterface { + /** + * @var UserClaimsInterface + */ protected $userClaimsStorage; + /** + * @var PublicKeyInterface + */ protected $publicKeyStorage; + + /** + * @var array + */ protected $config; + + /** + * @var EncryptionInterface + */ protected $encryptionUtil; + /** + * Constructor + * + * @param UserClaimsInterface $userClaimsStorage + * @param PublicKeyInterface $publicKeyStorage + * @param array $config + * @param EncryptionInterface $encryptionUtil + * @throws LogicException + */ public function __construct(UserClaimsInterface $userClaimsStorage, PublicKeyInterface $publicKeyStorage, array $config = array(), EncryptionInterface $encryptionUtil = null) { $this->userClaimsStorage = $userClaimsStorage; @@ -24,13 +48,18 @@ class IdToken implements IdTokenInterface $this->encryptionUtil = $encryptionUtil; if (!isset($config['issuer'])) { - throw new \LogicException('config parameter "issuer" must be set'); + throw new LogicException('config parameter "issuer" must be set'); } $this->config = array_merge(array( 'id_lifetime' => 3600, ), $config); } + /** + * @param array $params + * @param null $userInfo + * @return array|mixed + */ public function getAuthorizeResponse($params, $userInfo = null) { // build the URL to redirect to @@ -50,6 +79,16 @@ class IdToken implements IdTokenInterface return array($params['redirect_uri'], $result); } + /** + * Create id token + * + * @param string $client_id + * @param mixed $userInfo + * @param mixed $nonce + * @param mixed $userClaims + * @param mixed $access_token + * @return mixed|string + */ public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null) { // pull auth_time from user info if supplied @@ -79,6 +118,11 @@ class IdToken implements IdTokenInterface return $this->encodeToken($token, $client_id); } + /** + * @param $access_token + * @param null $client_id + * @return mixed|string + */ protected function createAtHash($access_token, $client_id = null) { // maps HS256 and RS256 to sha256, etc. @@ -90,6 +134,11 @@ class IdToken implements IdTokenInterface return $this->encryptionUtil->urlSafeB64Encode($at_hash); } + /** + * @param array $token + * @param null $client_id + * @return mixed|string + */ protected function encodeToken(array $token, $client_id = null) { $private_key = $this->publicKeyStorage->getPrivateKey($client_id); @@ -98,6 +147,11 @@ class IdToken implements IdTokenInterface return $this->encryptionUtil->encode($token, $private_key, $algorithm); } + /** + * @param $userInfo + * @return array + * @throws LogicException + */ private function getUserIdAndAuthTime($userInfo) { $auth_time = null; @@ -105,7 +159,7 @@ class IdToken implements IdTokenInterface // support an array for user_id / auth_time if (is_array($userInfo)) { if (!isset($userInfo['user_id'])) { - throw new \LogicException('if $user_id argument is an array, user_id index must be set'); + throw new LogicException('if $user_id argument is an array, user_id index must be set'); } $auth_time = isset($userInfo['auth_time']) ? $userInfo['auth_time'] : null; diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php index 0bd2f8391..226a3bcbb 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php @@ -15,12 +15,13 @@ interface IdTokenInterface extends ResponseTypeInterface * If the Implicit Flow is used, the token and id_token are generated and * returned together. * - * @param string $client_id The client id. - * @param string $user_id The user id. - * @param string $nonce OPTIONAL The nonce. - * @param string $userClaims OPTIONAL Claims about the user. - * @param string $access_token OPTIONAL The access token, if known. - * + * @param string $client_id - The client id. + * @param mixed $userInfo - User info + * @param string $nonce - OPTIONAL The nonce. + * @param string $userClaims - OPTIONAL Claims about the user. + * @param string $access_token - OPTIONAL The access token, if known. + + * @internal param string $user_id - The user id. * @return string The ID Token represented as a JSON Web Token (JWT). * * @see http://openid.net/specs/openid-connect-core-1_0.html#IDToken diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php index f0c59799b..94c51ae4d 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php @@ -6,15 +6,33 @@ use OAuth2\ResponseType\AccessTokenInterface; class IdTokenToken implements IdTokenTokenInterface { + /** + * @var AccessTokenInterface + */ protected $accessToken; + + /** + * @var IdTokenInterface + */ protected $idToken; + /** + * Constructor + * + * @param AccessTokenInterface $accessToken + * @param IdTokenInterface $idToken + */ public function __construct(AccessTokenInterface $accessToken, IdTokenInterface $idToken) { $this->accessToken = $accessToken; $this->idToken = $idToken; } + /** + * @param array $params + * @param mixed $user_id + * @return mixed + */ public function getAuthorizeResponse($params, $user_id = null) { $result = $this->accessToken->getAuthorizeResponse($params, $user_id); diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php index 51dd867ec..446cec928 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php @@ -23,13 +23,13 @@ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface * * Required for OAuth2::GRANT_TYPE_AUTH_CODE. * - * @param $code authorization code to be stored. - * @param $client_id client identifier to be stored. - * @param $user_id user identifier to be stored. - * @param string $redirect_uri redirect URI(s) to be stored in a space-separated string. - * @param int $expires expiration to be stored as a Unix timestamp. - * @param string $scope OPTIONAL scopes to be stored in space-separated string. - * @param string $id_token OPTIONAL the OpenID Connect id_token. + * @param string $code - authorization code to be stored. + * @param mixed $client_id - client identifier to be stored. + * @param mixed $user_id - user identifier to be stored. + * @param string $redirect_uri - redirect URI(s) to be stored in a space-separated string. + * @param int $expires - expiration to be stored as a Unix timestamp. + * @param string $scope - OPTIONAL scopes to be stored in space-separated string. + * @param string $id_token - OPTIONAL the OpenID Connect id_token. * * @ingroup oauth2_section_4 */ diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php index f230bef9e..9c5e7c8c4 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php @@ -23,14 +23,11 @@ interface UserClaimsInterface * Groups of claims are returned based on the requested scopes. No group * is required, and no claim is required. * - * @param $user_id - * The id of the user for which claims should be returned. - * @param $scope - * The requested scope. + * @param mixed $user_id - The id of the user for which claims should be returned. + * @param string $scope - The requested scope. * Scopes with matching claims: profile, email, address, phone. * - * @return - * An array in the claim => value format. + * @return array - An array in the claim => value format. * * @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims */ |