Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Passport Compatibility for V9 #1402

Merged
merged 19 commits into from
May 13, 2024
Merged

Fix Passport Compatibility for V9 #1402

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
db79663
Change identifier types to int or string
Sephster Apr 9, 2024
bd459d7
Change getUserIdentifier to return an int
Sephster Apr 14, 2024
39d3cd3
Change method signatures for ClientId to accept ints
Sephster Apr 14, 2024
6dbbc9f
Fix docblock return type
Sephster Apr 22, 2024
8264a40
Revert identifiers to strings
Sephster Apr 22, 2024
e4dfdd6
Make identifiers strings
Sephster Apr 22, 2024
d9d061d
Removed mixed statements and made getRequestParameter stricter typed
Sephster Apr 29, 2024
fc15889
Revert type to mixed for makeRedirectUri return
Sephster Apr 29, 2024
689b2c7
Revert type changes to getRequestParameter and co
Sephster May 5, 2024
74f8abc
Revert mixed types
Sephster May 5, 2024
d1dc453
Fix CS issues
Sephster May 5, 2024
efd742b
Parse request params
eugene-borovov May 6, 2024
df39bf6
Fix style
eugene-borovov May 6, 2024
7596935
Merge pull request #1407 from eugene-borovov/fix-passport-compatibility
Sephster May 10, 2024
16bd02c
Fix styling
Sephster May 10, 2024
02a85f2
Merge master into this branch
Sephster May 13, 2024
669debf
revert scopeId to scope
Sephster May 13, 2024
c64d95e
revert formatting changes
Sephster May 13, 2024
26b33a6
Update changelog
Sephster May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 6 additions & 9 deletions src/Grant/AbstractGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,15 +200,15 @@ protected function getClientEntityOrFail(string $clientId, ServerRequestInterfac
* Gets the client credentials from the request from the request body or
* the Http Basic Authorization header
*
* @return string[]
* @return mixed[]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* @return mixed[]
* @return string[]

*/
protected function getClientCredentials(ServerRequestInterface $request): array
{
[$basicAuthUser, $basicAuthPassword] = $this->getBasicAuthCredentials($request);

$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);

if (is_null($clientId) || !is_string($clientId)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we were on the right track here, checking if client_id is string.

if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}

Expand All @@ -218,7 +218,6 @@ protected function getClientCredentials(ServerRequestInterface $request): array
throw OAuthServerException::invalidRequest('client_secret');
}

/* @phpstan-ignore-next-line */
return [$clientId, $clientSecret];
}

Expand Down Expand Up @@ -287,10 +286,8 @@ private function convertScopesQueryStringToArray(string $scopes): array

/**
* Retrieve request parameter.
*
* @return string[]|string|null
*/
protected function getRequestParameter(string $parameter, ServerRequestInterface $request, string $default = null): array|string|null
protected function getRequestParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): mixed
{
$requestParameters = (array) $request->getParsedBody();

Expand Down Expand Up @@ -333,23 +330,23 @@ protected function getBasicAuthCredentials(ServerRequestInterface $request): arr
/**
* Retrieve query string parameter.
*/
protected function getQueryStringParameter(string $parameter, ServerRequestInterface $request, ?string $default = null): ?string
protected function getQueryStringParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): ?string
{
return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
}

/**
* Retrieve cookie parameter.
*/
protected function getCookieParameter(string $parameter, ServerRequestInterface $request, ?string $default = null): ?string
protected function getCookieParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): ?string
{
return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
}

/**
* Retrieve server parameter.
*/
protected function getServerParameter(string $parameter, ServerRequestInterface $request, ?string $default = null): ?string
protected function getServerParameter(string $parameter, ServerRequestInterface $request, mixed $default = null): ?string
{
return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
}
Expand Down
4 changes: 0 additions & 4 deletions src/Grant/AuthCodeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,6 @@ public function respondToAccessTokenRequest(
);
}

if ($codeVerifier !== null && !is_string($codeVerifier)) {
throw OAuthServerException::invalidRequest('code_verifier');
}

if (isset($authCodePayload->code_challenge)) {
$this->validateCodeChallenge($authCodePayload, $codeVerifier);
}
Expand Down
4 changes: 2 additions & 2 deletions src/Grant/DeviceCodeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public function respondToDeviceAuthorizationRequest(ServerRequestInterface $requ
$this->getServerParameter('PHP_AUTH_USER', $request)
);

if ($clientId === null || !is_string($clientId)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above.

if ($clientId === null) {
throw OAuthServerException::invalidRequest('client_id');
}

Expand Down Expand Up @@ -180,7 +180,7 @@ protected function validateDeviceCode(ServerRequestInterface $request, ClientEnt
{
$deviceCode = $this->getRequestParameter('device_code', $request);

if (is_null($deviceCode) || !is_string($deviceCode)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same.

if (is_null($deviceCode)) {
throw OAuthServerException::invalidRequest('device_code');
}

Expand Down
32 changes: 32 additions & 0 deletions tests/Grant/AbstractGrantTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,38 @@ public function testHttpBasicNoColon(): void
self::assertSame([null, null], $basicAuthMethod->invoke($grantMock, $serverRequest));
}

public function testGetClientCredentialsClientSecretNotAString(): void
{
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();

/** @var AbstractGrant $grantMock */
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
$grantMock->setClientRepository($clientRepositoryMock);

$abstractGrantReflection = new ReflectionClass($grantMock);

$serverRequest = new ServerRequest(
[],
[],
null,
'POST',
'php://input',
[],
[],
[],
[
'client_id' => 'client_id',
'client_secret' => ['not', 'a', 'string'],
]
);
$getClientCredentialsMethod = $abstractGrantReflection->getMethod('getClientCredentials');
$getClientCredentialsMethod->setAccessible(true);

$this->expectException(OAuthServerException::class);

$getClientCredentialsMethod->invoke($grantMock, $serverRequest, true, true);
}

public function testValidateClientPublic(): void
{
$client = new ClientEntity();
Expand Down
38 changes: 38 additions & 0 deletions tests/Grant/AuthCodeGrantTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1231,6 +1231,44 @@ public function testRespondToAccessTokenRequestWithRefreshTokenInsteadOfAuthCode
}
}

public function testRespondToAccessTokenRequestWithAuthCodeNotAString(): void
{
$client = new ClientEntity();
$client->setRedirectUri(self::REDIRECT_URI);

$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client);

$grant = new AuthCodeGrant(
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
new DateInterval('PT10M')
);

$grant->setClientRepository($clientRepositoryMock);
$grant->setEncryptionKey($this->cryptStub->getKey());

$request = new ServerRequest(
[],
[],
null,
'POST',
'php://input',
[],
[],
[],
[
'grant_type' => 'authorization_code',
'client_id' => 'foo',
'redirect_uri' => self::REDIRECT_URI,
'code' => ['not', 'a', 'string'],
]
);

$this->expectException(OAuthServerException::class);
$grant->respondToAccessTokenRequest($request, new StubResponseType(), new DateInterval('PT10M'));
}

public function testRespondToAccessTokenRequestExpiredCode(): void
{
$client = new ClientEntity();
Expand Down
Loading