aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/bshaffer/oauth2-server-php
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php')
-rw-r--r--vendor/bshaffer/oauth2-server-php/.github/workflows/tests.yml23
-rw-r--r--vendor/bshaffer/oauth2-server-php/README.md2
-rw-r--r--vendor/bshaffer/oauth2-server-php/composer.json7
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php1
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/FirebaseJwt.php27
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php35
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php8
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php40
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php8
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php8
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php4
-rwxr-xr-xvendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php17
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php4
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php4
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Mongo.php6
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/MongoDB.php9
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php18
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Redis.php4
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php10
23 files changed, 186 insertions, 58 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/.github/workflows/tests.yml b/vendor/bshaffer/oauth2-server-php/.github/workflows/tests.yml
index 958f65765..fe13e48b8 100644
--- a/vendor/bshaffer/oauth2-server-php/.github/workflows/tests.yml
+++ b/vendor/bshaffer/oauth2-server-php/.github/workflows/tests.yml
@@ -2,7 +2,7 @@ name: Test Suite
on:
push:
branches:
- - master
+ - main
pull_request:
jobs:
test:
@@ -35,7 +35,7 @@ jobs:
options: --health-cmd="pg_isready -h localhost" --health-interval=10s --health-timeout=5s --health-retries=5
strategy:
matrix:
- php: [ 7.1, 7.2, 7.3, 7.4, "8.0", 8.1 ]
+ php: [ 7.2, 7.3, 7.4, "8.0", 8.1, 8.2 ]
name: "PHP ${{ matrix.php }} Unit Test"
steps:
- uses: actions/checkout@v2
@@ -53,3 +53,22 @@ jobs:
command: composer install
- name: Run PHPUnit
run: vendor/bin/phpunit -v
+ phpstan:
+ name: "PHPStan"
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Setup PHP
+ uses: shivammathur/setup-php@v2
+ with:
+ php-version: 8.1
+ - name: Install composer dependencies
+ uses: nick-invision/retry@v1
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ command: composer install
+ - name: Run PHPStan
+ run: |
+ composer require phpstan/phpstan
+ vendor/bin/phpstan analyse --level=0 src/
diff --git a/vendor/bshaffer/oauth2-server-php/README.md b/vendor/bshaffer/oauth2-server-php/README.md
index 117743d4f..a0366bf12 100644
--- a/vendor/bshaffer/oauth2-server-php/README.md
+++ b/vendor/bshaffer/oauth2-server-php/README.md
@@ -1,8 +1,6 @@
oauth2-server-php
=================
-[![Build Status](https://travis-ci.org/bshaffer/oauth2-server-php.svg?branch=master)](https://travis-ci.org/bshaffer/oauth2-server-php)
-
[![Total Downloads](https://poser.pugx.org/bshaffer/oauth2-server-php/downloads.png)](https://packagist.org/packages/bshaffer/oauth2-server-php)
View the [complete documentation](https://bshaffer.github.io/oauth2-server-php-docs/)
diff --git a/vendor/bshaffer/oauth2-server-php/composer.json b/vendor/bshaffer/oauth2-server-php/composer.json
index 5b763a6f1..50a950774 100644
--- a/vendor/bshaffer/oauth2-server-php/composer.json
+++ b/vendor/bshaffer/oauth2-server-php/composer.json
@@ -16,22 +16,21 @@
"psr-0": { "OAuth2": "src/" }
},
"require":{
- "php":">=7.1"
+ "php":">=7.2"
},
"require-dev": {
"phpunit/phpunit": "^7.5||^8.0",
"aws/aws-sdk-php": "^2.8",
- "firebase/php-jwt": "^2.2",
+ "firebase/php-jwt": "^6.4",
"predis/predis": "^1.1",
"thobbs/phpcassa": "dev-master",
- "mongodb/mongodb": "^1.1",
"yoast/phpunit-polyfills": "^1.0"
},
"suggest": {
"predis/predis": "Required to use Redis storage",
"thobbs/phpcassa": "Required to use Cassandra storage",
"aws/aws-sdk-php": "~2.8 is required to use DynamoDB storage",
- "firebase/php-jwt": "~2.2 is required to use JWT features",
+ "firebase/php-jwt": "~v6.4 is required to use JWT features",
"mongodb/mongodb": "^1.1 is required to use MongoDB storage"
}
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php
index 4ec08cbdd..b025db34c 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php
@@ -39,7 +39,7 @@ class Autoloader
* Handles autoloading of classes.
*
* @param string $class - A class name.
- * @return boolean - Returns true if the class has been loaded
+ * @return void
*/
public function autoload($class)
{
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php
index 4bafb1d24..b2e12bb5d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php
@@ -87,6 +87,7 @@ class AuthorizeController implements AuthorizeControllerInterface
'enforce_state' => true,
'require_exact_redirect_uri' => true,
'redirect_status_code' => 302,
+ 'enforce_pkce' => false,
), $config);
if (is_null($scopeUtil)) {
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/FirebaseJwt.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/FirebaseJwt.php
index 1b527e0a0..8524bb32c 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/FirebaseJwt.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/FirebaseJwt.php
@@ -2,6 +2,9 @@
namespace OAuth2\Encryption;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
/**
* Bridge file to use the firebase/php-jwt package for JWT encoding and decoding.
* @author Francis Chuang <francis.chuang@gmail.com>
@@ -10,26 +13,36 @@ class FirebaseJwt implements EncryptionInterface
{
public function __construct()
{
- if (!class_exists('\JWT')) {
+ if (!class_exists(JWT::class)) {
throw new \ErrorException('firebase/php-jwt must be installed to use this feature. You can do this by running "composer require firebase/php-jwt"');
}
}
public function encode($payload, $key, $alg = 'HS256', $keyId = null)
{
- return \JWT::encode($payload, $key, $alg, $keyId);
+ return JWT::encode($payload, $key, $alg, $keyId);
}
public function decode($jwt, $key = null, $allowedAlgorithms = null)
{
try {
-
//Maintain BC: Do not verify if no algorithms are passed in.
if (!$allowedAlgorithms) {
- $key = null;
+ $tks = \explode('.', $jwt);
+ if (\count($tks) === 3) {
+ [$headb64] = $tks;
+ $headerRaw = JWT::urlsafeB64Decode($headb64);
+ if (($header = JWT::jsonDecode($headerRaw))) {
+ $key = new Key($key, $header->alg);
+ }
+ }
+ } elseif(is_array($allowedAlgorithms)) {
+ $key = new Key($key, $allowedAlgorithms[0]);
+ } else {
+ $key = new Key($key, $allowedAlgorithms);
}
- return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
+ return (array) JWT::decode($jwt, $key);
} catch (\Exception $e) {
return false;
}
@@ -37,11 +50,11 @@ class FirebaseJwt implements EncryptionInterface
public function urlSafeB64Encode($data)
{
- return \JWT::urlsafeB64Encode($data);
+ return JWT::urlsafeB64Encode($data);
}
public function urlSafeB64Decode($b64)
{
- return \JWT::urlsafeB64Decode($b64);
+ return JWT::urlsafeB64Decode($b64);
}
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
index 784f6b3a3..5bcb4f253 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
@@ -84,6 +84,41 @@ class AuthorizationCode implements GrantTypeInterface
return false;
}
+ if (isset($authCode['code_challenge']) && $authCode['code_challenge']) {
+ if (!($code_verifier = $request->request('code_verifier'))) {
+ $response->setError(400, 'code_verifier_missing', "The PKCE code verifier parameter is required.");
+
+ return false;
+ }
+ // Validate code_verifier according to RFC-7636
+ // @see: https://tools.ietf.org/html/rfc7636#section-4.1
+ if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $code_verifier) !== 1) {
+ $response->setError(400, 'code_verifier_invalid', "The PKCE code verifier parameter is invalid.");
+
+ return false;
+ }
+ $code_verifier = $request->request('code_verifier');
+ switch ($authCode['code_challenge_method']) {
+ case 'S256':
+ $code_verifier_hashed = strtr(rtrim(base64_encode(hash('sha256', $code_verifier, true)), '='), '+/', '-_');
+ break;
+
+ case 'plain':
+ $code_verifier_hashed = $code_verifier;
+ break;
+
+ default:
+ $response->setError(400, 'code_challenge_method_invalid', "Unknown PKCE code challenge method.");
+
+ return FALSE;
+ }
+ if ($code_verifier_hashed !== $authCode['code_challenge']) {
+ $response->setError(400, 'code_verifier_mismatch', "The PKCE code verifier parameter does not match the code challenge.");
+
+ return FALSE;
+ }
+ }
+
if (!isset($authCode['code'])) {
$authCode['code'] = $code; // used to expire the code after the access token is granted
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php
index 62c1efabd..10d01ff51 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php
@@ -46,13 +46,13 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
$jwtUtil = new Jwt();
}
- $this->config = array_merge(array(
+ $config = array_merge(array(
'allowed_algorithms' => array('RS256', 'RS384', 'RS512')
), $config);
$this->jwtUtil = $jwtUtil;
- $this->allowedAlgorithms = $this->config['allowed_algorithms'];
+ $this->allowedAlgorithms = $config['allowed_algorithms'];
}
/**
@@ -127,7 +127,7 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
}
// Check expiration
- if (ctype_digit($jwt['exp'])) {
+ if (ctype_digit((string)$jwt['exp'])) {
if ($jwt['exp'] <= time()) {
$response->setError(400, 'invalid_grant', "JWT has expired");
@@ -141,7 +141,7 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
// Check the not before time
if ($notBefore = $jwt['nbf']) {
- if (ctype_digit($notBefore)) {
+ if (ctype_digit((string)$notBefore)) {
if ($notBefore > time()) {
$response->setError(400, 'invalid_grant', "JWT cannot be used before the Not Before (nbf) time");
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
index 54c5f9a63..52e183bb3 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -17,6 +17,16 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
private $nonce;
/**
+ * @var mixed
+ */
+ protected $code_challenge;
+
+ /**
+ * @var mixed
+ */
+ protected $code_challenge_method;
+
+ /**
* Set not authorized response
*
* @param RequestInterface $request
@@ -65,6 +75,10 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
// add the nonce to return with the redirect URI
$params['nonce'] = $this->nonce;
+ // Add PKCE code challenge.
+ $params['code_challenge'] = $this->code_challenge;
+ $params['code_challenge_method'] = $this->code_challenge_method;
+
return $params;
}
@@ -90,6 +104,32 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
$this->nonce = $nonce;
+ $code_challenge = $request->query('code_challenge');
+ $code_challenge_method = $request->query('code_challenge_method');
+
+ if ($this->config['enforce_pkce']) {
+ if (!$code_challenge) {
+ $response->setError(400, 'missing_code_challenge', 'This application requires you provide a PKCE code challenge');
+
+ return false;
+ }
+
+ if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $code_challenge) !== 1) {
+ $response->setError(400, 'invalid_code_challenge', 'The PKCE code challenge supplied is invalid');
+
+ return false;
+ }
+
+ if (!in_array($code_challenge_method, array('plain', 'S256'), true)) {
+ $response->setError(400, 'missing_code_challenge_method', 'This application requires you specify a PKCE code challenge method');
+
+ return false;
+ }
+ }
+
+ $this->code_challenge = $code_challenge;
+ $this->code_challenge_method = $code_challenge_method;
+
return true;
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
index b8ad41ffb..19e04104d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
@@ -31,9 +31,9 @@ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCo
// build the URL to redirect to
$result = array('query' => array());
- $params += array('scope' => null, 'state' => null, 'id_token' => null);
+ $params += array('scope' => null, 'state' => null, 'id_token' => null, 'code_challenge' => null, 'code_challenge_method' => null);
- $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token']);
+ $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token'], $params['code_challenge'], $params['code_challenge_method']);
if (isset($params['state'])) {
$result['query']['state'] = $params['state'];
@@ -56,10 +56,10 @@ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCo
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
*/
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null)
+ public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
$code = $this->generateAuthorizationCode();
- $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token);
+ $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token, $code_challenge, $code_challenge_method);
return $code;
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
index 446cec928..8e0988ff4 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
@@ -33,5 +33,5 @@ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
*
* @ingroup oauth2_section_4
*/
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null);
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php
index b92c73cda..12a9f8c38 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php
@@ -26,9 +26,9 @@ class AuthorizationCode implements AuthorizationCodeInterface
// build the URL to redirect to
$result = array('query' => array());
- $params += array('scope' => null, 'state' => null);
+ $params += array('scope' => null, 'state' => null, 'code_challenge' => null, 'code_challenge_method' => null);
- $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope']);
+ $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['code_challenge'], $params['code_challenge_method']);
if (isset($params['state'])) {
$result['query']['state'] = $params['state'];
@@ -53,10 +53,10 @@ class AuthorizationCode implements AuthorizationCodeInterface
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
*/
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null)
+ public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $code_challenge = null, $code_challenge_method = null)
{
$code = $this->generateAuthorizationCode();
- $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope);
+ $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, null, $code_challenge, $code_challenge_method);
return $code;
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
index cf040c2bc..1fbc6666d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
@@ -172,6 +172,7 @@ class Server implements ResourceControllerInterface,
'enforce_state' => true,
'require_exact_redirect_uri' => true,
'allow_implicit' => false,
+ 'enforce_pkce' => false,
'allow_credentials_in_request_body' => true,
'allow_public_clients' => true,
'always_issue_new_refresh_token' => false,
@@ -577,7 +578,7 @@ class Server implements ResourceControllerInterface,
}
}
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'allow_implicit enforce_state require_exact_redirect_uri')));
+ $config = array_intersect_key($this->config, array_flip(explode(' ', 'allow_implicit enforce_state require_exact_redirect_uri enforce_pkce')));
if ($this->config['use_openid_connect']) {
return new OpenIDAuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php
index e60e9d3ad..3a138bb52 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php
@@ -191,11 +191,11 @@ class Cassandra implements AuthorizationCodeInterface,
* @param string $id_token
* @return bool
*/
- public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
return $this->setValue(
$this->config['code_key'] . $authorization_code,
- compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
+ compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token', 'code_challenge', 'code_challenge_method'),
$expires
);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php
index 9e8148b6b..31b0cd301 100755
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php
@@ -2,6 +2,7 @@
namespace OAuth2\Storage;
+use Couchbase;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
/**
@@ -27,14 +28,18 @@ class CouchbaseDB implements AuthorizationCodeInterface,
public function __construct($connection, $config = array())
{
- if ($connection instanceof \Couchbase) {
+ if (!class_exists(Couchbase::class)) {
+ throw new \RuntimeException('Missing Couchbase');
+ }
+
+ if ($connection instanceof Couchbase) {
$this->db = $connection;
} else {
if (!is_array($connection) || !is_array($connection['servers'])) {
throw new \InvalidArgumentException('First argument to OAuth2\Storage\CouchbaseDB must be an instance of Couchbase or a configuration array containing a server array');
}
- $this->db = new \Couchbase($connection['servers'], (!isset($connection['username'])) ? '' : $connection['username'], (!isset($connection['password'])) ? '' : $connection['password'], $connection['bucket'], false);
+ $this->db = new Couchbase($connection['servers'], (!isset($connection['username'])) ? '' : $connection['username'], (!isset($connection['password'])) ? '' : $connection['password'], $connection['bucket'], false);
}
$this->config = array_merge(array(
@@ -173,7 +178,7 @@ class CouchbaseDB implements AuthorizationCodeInterface,
return is_null($code) ? false : $code;
}
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
@@ -185,6 +190,8 @@ class CouchbaseDB implements AuthorizationCodeInterface,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
+ 'code_challenge' => $code_challenge,
+ 'code_challenge_method' => $code_challenge_method,
));
} else {
$this->setObjectByType('code_table',$code,array(
@@ -195,6 +202,8 @@ class CouchbaseDB implements AuthorizationCodeInterface,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
+ 'code_challenge' => $code_challenge,
+ 'code_challenge_method' => $code_challenge_method,
));
}
@@ -328,4 +337,4 @@ class CouchbaseDB implements AuthorizationCodeInterface,
//TODO: Needs couchbase implementation.
throw new \Exception('setJti() for the Couchbase driver is currently unimplemented.');
}
-} \ No newline at end of file
+}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php
index a54cb3712..713189d23 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php
@@ -213,12 +213,12 @@ class DynamoDB implements
}
- public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
// convert expires to datestring
$expires = date('Y-m-d H:i:s', $expires);
- $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
+ $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token', 'code_challenge', 'code_challenge_method');
$clientData = array_filter($clientData, 'self::isNotEmpty');
$result = $this->client->putItem(array(
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php
index 6ccacd6d9..99ec6481c 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php
@@ -84,4 +84,4 @@ class JwtAccessToken implements JwtAccessTokenInterface
return $tokenData;
}
-} \ No newline at end of file
+}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php
index 2c60b71ce..c33bd0ebb 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php
@@ -74,9 +74,9 @@ class Memory implements AuthorizationCodeInterface,
), $this->authorizationCodes[$code]);
}
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
- $this->authorizationCodes[$code] = compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token');
+ $this->authorizationCodes[$code] = compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token', 'code_challenge', 'code_challenge_method');
return true;
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Mongo.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Mongo.php
index eea06e315..92f93d5b2 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Mongo.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Mongo.php
@@ -179,7 +179,7 @@ class Mongo implements AuthorizationCodeInterface,
return is_null($code) ? false : $code;
}
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
@@ -192,6 +192,8 @@ class Mongo implements AuthorizationCodeInterface,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
+ 'code_challenge' => $code_challenge,
+ 'code_challenge_method' => $code_challenge_method,
))
);
} else {
@@ -203,6 +205,8 @@ class Mongo implements AuthorizationCodeInterface,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
+ 'code_challenge' => $code_challenge,
+ 'code_challenge_method' => $code_challenge_method,
);
$this->collection('code_table')->insert($token);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/MongoDB.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/MongoDB.php
index 64f740fc1..0b28a7797 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/MongoDB.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/MongoDB.php
@@ -32,6 +32,9 @@ class MongoDB implements AuthorizationCodeInterface,
public function __construct($connection, $config = array())
{
+ if (!class_exists(Database::class) || !class_exists(Client::class)) {
+ throw new \LogicException('Missing MongoDB php extension. Please install mongodb.so');
+ }
if ($connection instanceof Database) {
$this->db = $connection;
} else {
@@ -167,7 +170,7 @@ class MongoDB implements AuthorizationCodeInterface,
return is_null($code) ? false : $code;
}
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
@@ -180,6 +183,8 @@ class MongoDB implements AuthorizationCodeInterface,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
+ 'code_challenge' => $code_challenge,
+ 'code_challenge_method' => $code_challenge_method,
))
);
return $result->getMatchedCount() > 0;
@@ -192,6 +197,8 @@ class MongoDB implements AuthorizationCodeInterface,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
+ 'code_challenge' => $code_challenge,
+ 'code_challenge_method' => $code_challenge_method,
);
$result = $this->collection('code_table')->insertOne($token);
return $result->getInsertedCount() > 0;
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
index 074cee447..46c873359 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
@@ -247,7 +247,7 @@ class Pdo implements
* @param string $id_token
* @return bool|mixed
*/
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
if (func_num_args() > 6) {
// we are calling with an id token
@@ -259,12 +259,12 @@ class Pdo implements
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
- $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope where authorization_code=:code', $this->config['code_table']));
+ $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, code_challenge=:code_challenge, code_challenge_method=:code_challenge_method where authorization_code=:code', $this->config['code_table']));
} else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope)', $this->config['code_table']));
+ $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, code_challenge, code_challenge_method) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :code_challenge, :code_challenge_method)', $this->config['code_table']));
}
- return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope'));
+ return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'code_challenge', 'code_challenge_method'));
}
/**
@@ -277,19 +277,19 @@ class Pdo implements
* @param string $id_token
* @return bool
*/
- private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
// convert expires to datestring
$expires = date('Y-m-d H:i:s', $expires);
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
- $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, id_token =:id_token where authorization_code=:code', $this->config['code_table']));
+ $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, id_token =:id_token, code_challenge=:code_challenge, code_challenge_method=:code_challenge_method where authorization_code=:code', $this->config['code_table']));
} else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :id_token)', $this->config['code_table']));
+ $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token, code_challenge, code_challenge_method) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :id_token, :code_challenge, :code_challenge_method)', $this->config['code_table']));
}
- return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'));
+ return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token', 'code_challenge', 'code_challenge_method'));
}
/**
@@ -676,6 +676,8 @@ class Pdo implements
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
id_token VARCHAR(1000),
+ code_challenge VARCHAR(1000),
+ code_challenge_method VARCHAR(20),
PRIMARY KEY (authorization_code)
);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Redis.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Redis.php
index e6294e22d..5a41dfc22 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Redis.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Redis.php
@@ -95,11 +95,11 @@ class Redis implements AuthorizationCodeInterface,
return $this->getValue($this->config['code_key'] . $code);
}
- public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+ public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
return $this->setValue(
$this->config['code_key'] . $authorization_code,
- compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
+ compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token', 'code_challenge', 'code_challenge_method'),
$expires
);
}
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php
index 6195d557a..ad90e535b 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php
@@ -40,20 +40,20 @@ class JwtAccessTokenTest extends TestCase
$this->assertEquals(3600, $delta);
$this->assertEquals($decodedAccessToken['id'], $decodedAccessToken['jti']);
}
-
+
public function testExtraPayloadCallback()
{
$jwtconfig = array('jwt_extra_payload_callable' => function() {
return array('custom_param' => 'custom_value');
});
-
+
$server = $this->getTestServer($jwtconfig);
$jwtResponseType = $server->getResponseType('token');
-
+
$accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false);
$jwt = new Jwt;
$decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false);
-
+
$this->assertArrayHasKey('custom_param', $decodedAccessToken);
$this->assertEquals('custom_value', $decodedAccessToken['custom_param']);
}
@@ -162,7 +162,7 @@ class JwtAccessTokenTest extends TestCase
$memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
$storage = array(
- 'access_token' => new JwtAccessTokenStorage($memoryStorage),
+ 'access_token' => new JwtAccessTokenStorage($memoryStorage, $memoryStorage),
'client' => $memoryStorage,
'client_credentials' => $memoryStorage,
);