Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Passport Compatibility for V9 #1402

Merged
merged 19 commits into from
May 13, 2024
Merged

Fix Passport Compatibility for V9 #1402

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
db79663
Change identifier types to int or string
Sephster Apr 9, 2024
bd459d7
Change getUserIdentifier to return an int
Sephster Apr 14, 2024
39d3cd3
Change method signatures for ClientId to accept ints
Sephster Apr 14, 2024
6dbbc9f
Fix docblock return type
Sephster Apr 22, 2024
8264a40
Revert identifiers to strings
Sephster Apr 22, 2024
e4dfdd6
Make identifiers strings
Sephster Apr 22, 2024
d9d061d
Removed mixed statements and made getRequestParameter stricter typed
Sephster Apr 29, 2024
fc15889
Revert type to mixed for makeRedirectUri return
Sephster Apr 29, 2024
689b2c7
Revert type changes to getRequestParameter and co
Sephster May 5, 2024
74f8abc
Revert mixed types
Sephster May 5, 2024
d1dc453
Fix CS issues
Sephster May 5, 2024
efd742b
Parse request params
eugene-borovov May 6, 2024
df39bf6
Fix style
eugene-borovov May 6, 2024
7596935
Merge pull request #1407 from eugene-borovov/fix-passport-compatibility
Sephster May 10, 2024
16bd02c
Fix styling
Sephster May 10, 2024
02a85f2
Merge master into this branch
Sephster May 13, 2024
669debf
revert scopeId to scope
Sephster May 13, 2024
c64d95e
revert formatting changes
Sephster May 13, 2024
26b33a6
Update changelog
Sephster May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions examples/src/Entities/UserEntity.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ class UserEntity implements UserEntityInterface
/**
* Return the user's identifier.
*/
public function getIdentifier(): mixed
public function getIdentifier(): string
{
return 1;
return '1';
}
}
2 changes: 2 additions & 0 deletions phpcs.xml.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
<file>tests</file>
<file>examples</file>

<exclude-pattern>examples/vendor/*</exclude-pattern>

<rule ref="PSR12">
<exclude name="Generic.Files.LineLength.TooLong" />
</rule>
Expand Down
6 changes: 5 additions & 1 deletion src/Entities/RefreshTokenEntityInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,17 @@ interface RefreshTokenEntityInterface
{
/**
* Get the token's identifier.
*
* @return non-empty-string
*/
public function getIdentifier(): string;

/**
* Set the token's identifier.
*
* @param non-empty-string $identifier
*/
public function setIdentifier(mixed $identifier): void;
public function setIdentifier(string $identifier): void;

/**
* Get the token's expiry date time.
Expand Down
2 changes: 2 additions & 0 deletions src/Entities/ScopeEntityInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ interface ScopeEntityInterface extends JsonSerializable
{
/**
* Get the scope's identifier.
*
* @return non-empty-string
*/
public function getIdentifier(): string;
}
10 changes: 8 additions & 2 deletions src/Entities/TokenInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,17 @@ interface TokenInterface
{
/**
* Get the token's identifier.
*
* @return non-empty-string
*/
public function getIdentifier(): string;

/**
* Set the token's identifier.
*
* @param non-empty-string $identifier
*/
public function setIdentifier(mixed $identifier): void;
public function setIdentifier(string $identifier): void;

/**
* Get the token's expiry date time.
Expand All @@ -45,8 +49,10 @@ public function setUserIdentifier(string $identifier): void;

/**
* Get the token user's identifier.
*
* @return non-empty-string|null
*/
public function getUserIdentifier(): string|int|null;
public function getUserIdentifier(): string|null;

/**
* Get the client that the token was issued to.
Expand Down
3 changes: 3 additions & 0 deletions src/Entities/Traits/DeviceCodeTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@ abstract public function getExpiryDateTime(): DateTimeImmutable;
*/
abstract public function getScopes(): array;

/**
* @return non-empty-string
*/
abstract public function getIdentifier(): string;

public function getLastPolledAt(): ?DateTimeImmutable
Expand Down
5 changes: 4 additions & 1 deletion src/Entities/Traits/EntityTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,10 @@ public function getIdentifier(): string
return $this->identifier;
}

public function setIdentifier(mixed $identifier): void
/**
* @param non-empty-string $identifier
*/
public function setIdentifier(string $identifier): void
{
$this->identifier = $identifier;
}
Expand Down
4 changes: 3 additions & 1 deletion src/Entities/UserEntityInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ interface UserEntityInterface
{
/**
* Return the user's identifier.
*
* @return non-empty-string
*/
public function getIdentifier(): mixed;
public function getIdentifier(): string;
}
6 changes: 3 additions & 3 deletions src/Exception/OAuthServerException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,16 +114,16 @@ public static function invalidClient(ServerRequestInterface $serverRequest): sta
/**
* Invalid scope error
*/
public static function invalidScope(string $scope, string|null $redirectUri = null): static
public static function invalidScope(string $scopeId, string|null $redirectUri = null): static
{
$errorMessage = 'The requested scope is invalid, unknown, or malformed';

if ($scope === '') {
if ($scopeId === '') {
$hint = 'Specify a scope in the request or set a default scope';
} else {
$hint = sprintf(
'Check the `%s` scope',
htmlspecialchars($scope, ENT_QUOTES, 'UTF-8', false)
htmlspecialchars($scopeId, ENT_QUOTES, 'UTF-8', false)
);
}

Expand Down
12 changes: 7 additions & 5 deletions src/Grant/AbstractGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ protected function getClientEntityOrFail(string $clientId, ServerRequestInterfac
* Gets the client credentials from the request from the request body or
* the Http Basic Authorization header
*
* @return string[]
* @return mixed[]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* @return mixed[]
* @return string[]

*/
protected function getClientCredentials(ServerRequestInterface $request): array
{
Expand Down Expand Up @@ -330,23 +330,23 @@ protected function getBasicAuthCredentials(ServerRequestInterface $request): arr
/**
* Retrieve query string parameter.
*/
protected function getQueryStringParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): ?string
protected function getQueryStringParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): mixed
{
return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
}

/**
* Retrieve cookie parameter.
*/
protected function getCookieParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): ?string
protected function getCookieParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): mixed
{
return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
}

/**
* Retrieve server parameter.
*/
protected function getServerParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): ?string
protected function getServerParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): mixed
{
return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
}
Expand All @@ -362,7 +362,7 @@ protected function getServerParameter(string $parameter, ServerRequestInterface
protected function issueAccessToken(
DateInterval $accessTokenTTL,
ClientEntityInterface $client,
string|int|null $userIdentifier,
string|null $userIdentifier,
array $scopes = []
): AccessTokenEntityInterface {
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
Expand Down Expand Up @@ -473,6 +473,8 @@ protected function issueRefreshToken(AccessTokenEntityInterface $accessToken): ?
/**
* Generate a new unique identifier.
*
* @return non-empty-string
*
* @throws OAuthServerException
*/
protected function generateUniqueIdentifier(int $length = 40): string
Expand Down
4 changes: 2 additions & 2 deletions src/Grant/DeviceCodeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,10 +153,10 @@ public function respondToAccessTokenRequest(
}

// Finalize the requested scopes
$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, (string) $deviceCodeEntity->getUserIdentifier());
$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $deviceCodeEntity->getUserIdentifier());

// Issue and persist new access token
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, (string) $deviceCodeEntity->getUserIdentifier(), $finalizedScopes);
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $deviceCodeEntity->getUserIdentifier(), $finalizedScopes);
$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
$responseType->setAccessToken($accessToken);

Expand Down
2 changes: 2 additions & 0 deletions src/Grant/RefreshTokenGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ public function respondToAccessTokenRequest(
// Validate request
$client = $this->validateClient($request);
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());

$scopes = $this->validateScopes(
$this->getRequestParameter(
'scope',
Expand Down Expand Up @@ -103,6 +104,7 @@ public function respondToAccessTokenRequest(
protected function validateOldRefreshToken(ServerRequestInterface $request, string $clientId): array
{
$encryptedRefreshToken = $this->getRequestParameter('refresh_token', $request);

if (!is_string($encryptedRefreshToken)) {
throw OAuthServerException::invalidRequest('refresh_token');
}
Expand Down
2 changes: 1 addition & 1 deletion src/Repositories/AccessTokenRepositoryInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ interface AccessTokenRepositoryInterface extends RepositoryInterface
public function getNewToken(
ClientEntityInterface $clientEntity,
array $scopes,
mixed $userIdentifier = null
string|null $userIdentifier = null
): AccessTokenEntityInterface;

/**
Expand Down
2 changes: 1 addition & 1 deletion src/Repositories/ScopeRepositoryInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ public function finalizeScopes(
array $scopes,
string $grantType,
ClientEntityInterface $clientEntity,
string|int|null $userIdentifier = null,
string|null $userIdentifier = null,
?string $authCodeId = null
): array;
}
6 changes: 3 additions & 3 deletions tests/Grant/AbstractGrantTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,8 @@ public function testGetClientCredentialsClientSecretNotAString(): void
[],
[],
[
'client_id' => 'client_id',
'client_secret' => ['not', 'a', 'string'],
'client_id' => 'client_id',
'client_secret' => ['not', 'a', 'string'],
]
);
$getClientCredentialsMethod = $abstractGrantReflection->getMethod('getClientCredentials');
Expand Down Expand Up @@ -432,7 +432,7 @@ public function testIssueAccessToken(): void
$grantMock,
new DateInterval('PT1H'),
new ClientEntity(),
123,
'123',
[new ScopeEntity()]
);

Expand Down
30 changes: 15 additions & 15 deletions tests/Grant/AuthCodeGrantTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ public function testRespondToAccessTokenRequest(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down Expand Up @@ -665,7 +665,7 @@ public function testRespondToAccessTokenRequestUsingHttpBasicAuth(): void
'auth_code_id' => uniqid(),
'client_id' => 'foo',
'expire_time' => time() + 3600,
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down Expand Up @@ -730,7 +730,7 @@ public function testRespondToAccessTokenRequestForPublicClient(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down Expand Up @@ -795,7 +795,7 @@ public function testRespondToAccessTokenRequestNullRefreshToken(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down Expand Up @@ -867,7 +867,7 @@ public function testRespondToAccessTokenRequestCodeChallengePlain(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => self::CODE_VERIFIER,
Expand Down Expand Up @@ -941,7 +941,7 @@ public function testRespondToAccessTokenRequestCodeChallengeS256(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => self::CODE_CHALLENGE,
Expand Down Expand Up @@ -1013,7 +1013,7 @@ public function testPKCEDowngradeBlocked(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
],
Expand Down Expand Up @@ -1561,7 +1561,7 @@ public function testRespondToAccessTokenRequestBadCodeVerifierPlain(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => 'foobar',
Expand Down Expand Up @@ -1636,7 +1636,7 @@ public function testRespondToAccessTokenRequestBadCodeVerifierS256(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => 'foobar',
Expand Down Expand Up @@ -1711,7 +1711,7 @@ public function testRespondToAccessTokenRequestMalformedCodeVerifierS256WithInva
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => self::CODE_CHALLENGE,
Expand Down Expand Up @@ -1786,7 +1786,7 @@ public function testRespondToAccessTokenRequestMalformedCodeVerifierS256WithInva
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => 'R7T1y1HPNFvs1WDCrx4lfoBS6KD2c71pr8OHvULjvv8',
Expand Down Expand Up @@ -1860,7 +1860,7 @@ public function testRespondToAccessTokenRequestMissingCodeVerifier(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
'code_challenge' => 'foobar',
Expand Down Expand Up @@ -2034,7 +2034,7 @@ public function testRefreshTokenRepositoryUniqueConstraintCheck(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down Expand Up @@ -2099,7 +2099,7 @@ public function testRefreshTokenRepositoryFailToPersist(): void
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down Expand Up @@ -2167,7 +2167,7 @@ public function testRefreshTokenRepositoryFailToPersistUniqueNoInfiniteLoop(): v
'auth_code_id' => uniqid(),
'expire_time' => time() + 3600,
'client_id' => 'foo',
'user_id' => 123,
'user_id' => '123',
'scopes' => ['foo'],
'redirect_uri' => self::REDIRECT_URI,
], JSON_THROW_ON_ERROR)
Expand Down
Loading