diff options
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php')
-rw-r--r-- | vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php | 283 |
1 files changed, 211 insertions, 72 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php index 9cfcb83a5..62ae8970d 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php @@ -30,25 +30,28 @@ use OAuth2\GrantType\UserCredentials; use OAuth2\GrantType\ClientCredentials; use OAuth2\GrantType\RefreshToken; use OAuth2\GrantType\AuthorizationCode; +use OAuth2\Storage\ClientCredentialsInterface; +use OAuth2\Storage\ClientInterface; use OAuth2\Storage\JwtAccessToken as JwtAccessTokenStorage; use OAuth2\Storage\JwtAccessTokenInterface; +use InvalidArgumentException; +use LogicException; /** * Server class for OAuth2 * This class serves as a convience class which wraps the other Controller classes * -* @see OAuth2\Controller\ResourceController -* @see OAuth2\Controller\AuthorizeController -* @see OAuth2\Controller\TokenController +* @see \OAuth2\Controller\ResourceController +* @see \OAuth2\Controller\AuthorizeController +* @see \OAuth2\Controller\TokenController */ class Server implements ResourceControllerInterface, AuthorizeControllerInterface, TokenControllerInterface, UserInfoControllerInterface { - // misc properties /** - * @var Response + * @var ResponseInterface */ protected $response; @@ -62,7 +65,6 @@ class Server implements ResourceControllerInterface, */ protected $storages; - // servers /** * @var AuthorizeControllerInterface */ @@ -83,17 +85,34 @@ class Server implements ResourceControllerInterface, */ protected $userInfoController; - // config classes - protected $grantTypes; - protected $responseTypes; + /** + * @var array + */ + protected $grantTypes = []; + + /** + * @var array + */ + protected $responseTypes = []; + + /** + * @var TokenTypeInterface + */ protected $tokenType; /** * @var ScopeInterface */ protected $scopeUtil; + + /** + * @var ClientAssertionTypeInterface + */ protected $clientAssertionType; + /** + * @var array + */ protected $storageMap = array( 'access_token' => 'OAuth2\Storage\AccessTokenInterface', 'authorization_code' => 'OAuth2\Storage\AuthorizationCodeInterface', @@ -107,6 +126,9 @@ class Server implements ResourceControllerInterface, 'scope' => 'OAuth2\Storage\ScopeInterface', ); + /** + * @var array + */ protected $responseTypeMap = array( 'token' => 'OAuth2\ResponseType\AccessTokenInterface', 'code' => 'OAuth2\ResponseType\AuthorizationCodeInterface', @@ -116,15 +138,15 @@ class Server implements ResourceControllerInterface, ); /** - * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the - * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum) - * @param array $config specify a different token lifetime, token header name, etc - * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens - * @param array $responseTypes Response types to use. array keys should be "code" and and "token" for - * Access Token and Authorization Code response types - * @param \OAuth2\TokenType\TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac" - * @param \OAuth2\ScopeInterface $scopeUtil The scope utility class to use to validate scope - * @param \OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic + * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the + * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum) + * @param array $config specify a different token lifetime, token header name, etc + * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens + * @param array $responseTypes Response types to use. array keys should be "code" and "token" for + * Access Token and Authorization Code response types + * @param TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac" + * @param ScopeInterface $scopeUtil The scope utility class to use to validate scope + * @param ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic * * @ingroup oauth2_section_7 */ @@ -172,6 +194,9 @@ class Server implements ResourceControllerInterface, } } + /** + * @return AuthorizeControllerInterface + */ public function getAuthorizeController() { if (is_null($this->authorizeController)) { @@ -181,6 +206,9 @@ class Server implements ResourceControllerInterface, return $this->authorizeController; } + /** + * @return TokenController + */ public function getTokenController() { if (is_null($this->tokenController)) { @@ -190,6 +218,9 @@ class Server implements ResourceControllerInterface, return $this->tokenController; } + /** + * @return ResourceControllerInterface + */ public function getResourceController() { if (is_null($this->resourceController)) { @@ -199,6 +230,9 @@ class Server implements ResourceControllerInterface, return $this->resourceController; } + /** + * @return UserInfoControllerInterface + */ public function getUserInfoController() { if (is_null($this->userInfoController)) { @@ -209,8 +243,6 @@ class Server implements ResourceControllerInterface, } /** - * every getter deserves a setter - * * @param AuthorizeControllerInterface $authorizeController */ public function setAuthorizeController(AuthorizeControllerInterface $authorizeController) @@ -219,8 +251,6 @@ class Server implements ResourceControllerInterface, } /** - * every getter deserves a setter - * * @param TokenControllerInterface $tokenController */ public function setTokenController(TokenControllerInterface $tokenController) @@ -229,8 +259,6 @@ class Server implements ResourceControllerInterface, } /** - * every getter deserves a setter - * * @param ResourceControllerInterface $resourceController */ public function setResourceController(ResourceControllerInterface $resourceController) @@ -239,8 +267,6 @@ class Server implements ResourceControllerInterface, } /** - * every getter deserves a setter - * * @param UserInfoControllerInterface $userInfoController */ public function setUserInfoController(UserInfoControllerInterface $userInfoController) @@ -252,12 +278,8 @@ class Server implements ResourceControllerInterface, * Return claims about the authenticated end-user. * This would be called from the "/UserInfo" endpoint as defined in the spec. * - * @param $request - \OAuth2\RequestInterface - * Request object to grant access token - * - * @param $response - \OAuth2\ResponseInterface - * Response object containing error messages (failure) or user claims (success) - * + * @param RequestInterface $request - Request object to grant access token + * @param ResponseInterface $response - Response object containing error messages (failure) or user claims (success) * @return ResponseInterface * * @throws \InvalidArgumentException @@ -278,12 +300,8 @@ class Server implements ResourceControllerInterface, * This would be called from the "/token" endpoint as defined in the spec. * Obviously, you can call your endpoint whatever you want. * - * @param $request - \OAuth2\RequestInterface - * Request object to grant access token - * - * @param $response - \OAuth2\ResponseInterface - * Response object containing error messages (failure) or access token (success) - * + * @param RequestInterface $request - Request object to grant access token + * @param ResponseInterface $response - Response object containing error messages (failure) or access token (success) * @return ResponseInterface * * @throws \InvalidArgumentException @@ -303,6 +321,11 @@ class Server implements ResourceControllerInterface, return $this->response; } + /** + * @param RequestInterface $request - Request object to grant access token + * @param ResponseInterface $response - Response object + * @return mixed + */ public function grantAccessToken(RequestInterface $request, ResponseInterface $response = null) { $this->response = is_null($response) ? new Response() : $response; @@ -336,25 +359,18 @@ class Server implements ResourceControllerInterface, * authorization server should call this function to redirect the user * appropriately. * - * @param $request - * The request should have the follow parameters set in the querystring: - * - response_type: The requested response: an access token, an - * authorization code, or both. + * @param RequestInterface $request - The request should have the follow parameters set in the querystring: + * - response_type: The requested response: an access token, an authorization code, or both. * - client_id: The client identifier as described in Section 2. - * - redirect_uri: An absolute URI to which the authorization server - * will redirect the user-agent to when the end-user authorization - * step is completed. - * - scope: (optional) The scope of the resource request expressed as a - * list of space-delimited strings. - * - state: (optional) An opaque value used by the client to maintain - * state between the request and callback. - * @param ResponseInterface $response - * @param $is_authorized - * TRUE or FALSE depending on whether the user authorized the access. - * @param $user_id - * Identifier of user who authorized the client + * - redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the + * end-user authorization step is completed. + * - scope: (optional) The scope of the resource request expressed as a list of space-delimited strings. + * - state: (optional) An opaque value used by the client to maintain state between the request and callback. * - * @return Response + * @param ResponseInterface $response - Response object + * @param bool $is_authorized - TRUE or FALSE depending on whether the user authorized the access. + * @param mixed $user_id - Identifier of user who authorized the client + * @return ResponseInterface * * @see http://tools.ietf.org/html/rfc6749#section-4 * @@ -371,14 +387,17 @@ class Server implements ResourceControllerInterface, /** * Pull the authorization request data out of the HTTP request. * - The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it - * by setting $config['enforce_redirect'] to true. + * by setting $config['enforce_redirect'] to true. * - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that - * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true. + * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true. * * The draft specifies that the parameters should be retrieved from GET, override the Response * object to change this * - * @return + * @param RequestInterface $request - Request object + * @param ResponseInterface $response - Response object + * @return bool + * * The authorization parameters so the authorization server can prompt * the user for approval if valid. * @@ -395,6 +414,12 @@ class Server implements ResourceControllerInterface, return $value; } + /** + * @param RequestInterface $request - Request object + * @param ResponseInterface $response - Response object + * @param string $scope - Scope + * @return mixed + */ public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response = null, $scope = null) { $this->response = is_null($response) ? new Response() : $response; @@ -403,6 +428,11 @@ class Server implements ResourceControllerInterface, return $value; } + /** + * @param RequestInterface $request - Request object + * @param ResponseInterface $response - Response object + * @return mixed + */ public function getAccessTokenData(RequestInterface $request, ResponseInterface $response = null) { $this->response = is_null($response) ? new Response() : $response; @@ -411,10 +441,14 @@ class Server implements ResourceControllerInterface, return $value; } + /** + * @param GrantTypeInterface $grantType + * @param mixed $identifier + */ public function addGrantType(GrantTypeInterface $grantType, $identifier = null) { if (!is_string($identifier)) { - $identifier = $grantType->getQuerystringIdentifier(); + $identifier = $grantType->getQueryStringIdentifier(); } $this->grantTypes[$identifier] = $grantType; @@ -428,11 +462,10 @@ class Server implements ResourceControllerInterface, /** * Set a storage object for the server * - * @param $storage - * An object implementing one of the Storage interfaces - * @param $key - * If null, the storage is set to the key of each storage interface it implements + * @param object $storage - An object implementing one of the Storage interfaces + * @param mixed $key - If null, the storage is set to the key of each storage interface it implements * + * @throws InvalidArgumentException * @see storageMap */ public function addStorage($storage, $key = null) @@ -446,11 +479,11 @@ class Server implements ResourceControllerInterface, // special logic to handle "client" and "client_credentials" strangeness if ($key === 'client' && !isset($this->storages['client_credentials'])) { - if ($storage instanceof \OAuth2\Storage\ClientCredentialsInterface) { + if ($storage instanceof ClientCredentialsInterface) { $this->storages['client_credentials'] = $storage; } } elseif ($key === 'client_credentials' && !isset($this->storages['client'])) { - if ($storage instanceof \OAuth2\Storage\ClientInterface) { + if ($storage instanceof ClientInterface) { $this->storages['client'] = $storage; } } @@ -471,6 +504,12 @@ class Server implements ResourceControllerInterface, } } + /** + * @param ResponseTypeInterface $responseType + * @param mixed $key + * + * @throws InvalidArgumentException + */ public function addResponseType(ResponseTypeInterface $responseType, $key = null) { $key = $this->normalizeResponseType($key); @@ -497,6 +536,9 @@ class Server implements ResourceControllerInterface, } } + /** + * @return ScopeInterface + */ public function getScopeUtil() { if (!$this->scopeUtil) { @@ -508,8 +550,6 @@ class Server implements ResourceControllerInterface, } /** - * every getter deserves a setter - * * @param ScopeInterface $scopeUtil */ public function setScopeUtil($scopeUtil) @@ -517,6 +557,10 @@ class Server implements ResourceControllerInterface, $this->scopeUtil = $scopeUtil; } + /** + * @return AuthorizeControllerInterface + * @throws LogicException + */ protected function createDefaultAuthorizeController() { if (!isset($this->storages['client'])) { @@ -541,6 +585,10 @@ class Server implements ResourceControllerInterface, return new AuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil()); } + /** + * @return TokenControllerInterface + * @throws LogicException + */ protected function createDefaultTokenController() { if (0 == count($this->grantTypes)) { @@ -562,7 +610,7 @@ class Server implements ResourceControllerInterface, } if (!isset($this->storages['client'])) { - throw new \LogicException('You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server'); + throw new LogicException("You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server"); } $accessTokenResponseType = $this->getAccessTokenResponseType(); @@ -570,6 +618,10 @@ class Server implements ResourceControllerInterface, return new TokenController($accessTokenResponseType, $this->storages['client'], $this->grantTypes, $this->clientAssertionType, $this->getScopeUtil()); } + /** + * @return ResourceControllerInterface + * @throws LogicException + */ protected function createDefaultResourceController() { if ($this->config['use_jwt_access_tokens']) { @@ -590,6 +642,10 @@ class Server implements ResourceControllerInterface, return new ResourceController($this->tokenType, $this->storages['access_token'], $config, $this->getScopeUtil()); } + /** + * @return UserInfoControllerInterface + * @throws LogicException + */ protected function createDefaultUserInfoController() { if ($this->config['use_jwt_access_tokens']) { @@ -614,6 +670,9 @@ class Server implements ResourceControllerInterface, return new UserInfoController($this->tokenType, $this->storages['access_token'], $this->storages['user_claims'], $config, $this->getScopeUtil()); } + /** + * @return Bearer + */ protected function getDefaultTokenType() { $config = array_intersect_key($this->config, array_flip(explode(' ', 'token_param_name token_bearer_header_name'))); @@ -621,6 +680,10 @@ class Server implements ResourceControllerInterface, return new Bearer($config); } + /** + * @return array + * @throws LogicException + */ protected function getDefaultResponseTypes() { $responseTypes = array(); @@ -656,6 +719,10 @@ class Server implements ResourceControllerInterface, return $responseTypes; } + /** + * @return array + * @throws LogicException + */ protected function getDefaultGrantTypes() { $grantTypes = array(); @@ -692,6 +759,9 @@ class Server implements ResourceControllerInterface, return $grantTypes; } + /** + * @return AccessToken + */ protected function getAccessTokenResponseType() { if (isset($this->responseTypes['token'])) { @@ -705,6 +775,9 @@ class Server implements ResourceControllerInterface, return $this->createDefaultAccessTokenResponseType(); } + /** + * @return IdToken + */ protected function getIdTokenResponseType() { if (isset($this->responseTypes['id_token'])) { @@ -714,6 +787,9 @@ class Server implements ResourceControllerInterface, return $this->createDefaultIdTokenResponseType(); } + /** + * @return IdTokenToken + */ protected function getIdTokenTokenResponseType() { if (isset($this->responseTypes['id_token token'])) { @@ -725,6 +801,9 @@ class Server implements ResourceControllerInterface, /** * For Resource Controller + * + * @return JwtAccessTokenStorage + * @throws LogicException */ protected function createDefaultJwtAccessTokenStorage() { @@ -741,6 +820,9 @@ class Server implements ResourceControllerInterface, /** * For Authorize and Token Controllers + * + * @return JwtAccessToken + * @throws LogicException */ protected function createDefaultJwtAccessTokenResponseType() { @@ -763,10 +845,14 @@ class Server implements ResourceControllerInterface, return new JwtAccessToken($this->storages['public_key'], $tokenStorage, $refreshStorage, $config); } + /** + * @return AccessToken + * @throws LogicException + */ protected function createDefaultAccessTokenResponseType() { if (!isset($this->storages['access_token'])) { - throw new \LogicException('You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server'); + throw new LogicException("You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server"); } $refreshStorage = null; @@ -780,13 +866,17 @@ class Server implements ResourceControllerInterface, return new AccessToken($this->storages['access_token'], $refreshStorage, $config); } + /** + * @return IdToken + * @throws LogicException + */ protected function createDefaultIdTokenResponseType() { if (!isset($this->storages['user_claims'])) { - throw new \LogicException('You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect'); + throw new LogicException("You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect"); } if (!isset($this->storages['public_key'])) { - throw new \LogicException('You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect'); + throw new LogicException("You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect"); } $config = array_intersect_key($this->config, array_flip(explode(' ', 'issuer id_lifetime'))); @@ -794,11 +884,17 @@ class Server implements ResourceControllerInterface, return new IdToken($this->storages['user_claims'], $this->storages['public_key'], $config); } + /** + * @return IdTokenToken + */ protected function createDefaultIdTokenTokenResponseType() { return new IdTokenToken($this->getAccessTokenResponseType(), $this->getIdTokenResponseType()); } + /** + * @throws InvalidArgumentException + */ protected function validateOpenIdConnect() { $authCodeGrant = $this->getGrantType('authorization_code'); @@ -807,6 +903,10 @@ class Server implements ResourceControllerInterface, } } + /** + * @param string $name + * @return string + */ protected function normalizeResponseType($name) { // for multiple-valued response types - make them alphabetical @@ -819,36 +919,60 @@ class Server implements ResourceControllerInterface, return $name; } + /** + * @return mixed + */ public function getResponse() { return $this->response; } + /** + * @return array + */ public function getStorages() { return $this->storages; } + /** + * @param string $name + * @return object|null + */ public function getStorage($name) { return isset($this->storages[$name]) ? $this->storages[$name] : null; } + /** + * @return array + */ public function getGrantTypes() { return $this->grantTypes; } + /** + * @param string $name + * @return object|null + */ public function getGrantType($name) { return isset($this->grantTypes[$name]) ? $this->grantTypes[$name] : null; } + /** + * @return array + */ public function getResponseTypes() { return $this->responseTypes; } + /** + * @param string $name + * @return object|null + */ public function getResponseType($name) { // for multiple-valued response types - make them alphabetical @@ -857,23 +981,38 @@ class Server implements ResourceControllerInterface, return isset($this->responseTypes[$name]) ? $this->responseTypes[$name] : null; } + /** + * @return TokenTypeInterface + */ public function getTokenType() { return $this->tokenType; } + /** + * @return ClientAssertionTypeInterface + */ public function getClientAssertionType() { return $this->clientAssertionType; } + /** + * @param string $name + * @param mixed $value + */ public function setConfig($name, $value) { $this->config[$name] = $value; } + /** + * @param string $name + * @param mixed $default + * @return mixed + */ public function getConfig($name, $default = null) { return isset($this->config[$name]) ? $this->config[$name] : $default; } -} +}
\ No newline at end of file |