From a24415a560174783a51ecfcd86a644490389cb13 Mon Sep 17 00:00:00 2001 From: gschafra Date: Thu, 20 Dec 2018 18:20:24 +0100 Subject: [PATCH] Pass CryptKey instance to oauth2 with permission check disabled (#10) Disable permission checks for private/public keys --- DependencyInjection/TrikoderOAuth2Extension.php | 13 +++++++++++-- Tests/Integration/AbstractIntegrationTest.php | 5 +++-- Tests/TestHelper.php | 2 +- Tests/TestKernel.php | 4 ---- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/DependencyInjection/TrikoderOAuth2Extension.php b/DependencyInjection/TrikoderOAuth2Extension.php index b3b09074..9d99352d 100644 --- a/DependencyInjection/TrikoderOAuth2Extension.php +++ b/DependencyInjection/TrikoderOAuth2Extension.php @@ -3,6 +3,7 @@ namespace Trikoder\Bundle\OAuth2Bundle\DependencyInjection; use DateInterval; +use League\OAuth2\Server\CryptKey; use LogicException; use Symfony\Component\Config\FileLocator; use Symfony\Component\Config\Loader\LoaderInterface; @@ -64,7 +65,11 @@ private function configureAuthorizationServer(ContainerBuilder $container, array { $authorizationServer = $container ->getDefinition('league.oauth2.server.authorization_server') - ->replaceArgument('$privateKey', $config['private_key']) + ->replaceArgument('$privateKey', new Definition(CryptKey::class, [ + $config['private_key'], + null, + false, + ])) ->replaceArgument('$encryptionKey', $config['encryption_key']) ; @@ -160,7 +165,11 @@ private function configureResourceServer(ContainerBuilder $container, array $con { $container ->getDefinition('league.oauth2.server.resource_server') - ->replaceArgument('$publicKey', $config['public_key']) + ->replaceArgument('$publicKey', new Definition(CryptKey::class, [ + $config['public_key'], + null, + false, + ])) ; } diff --git a/Tests/Integration/AbstractIntegrationTest.php b/Tests/Integration/AbstractIntegrationTest.php index c2687bdd..d936eae3 100644 --- a/Tests/Integration/AbstractIntegrationTest.php +++ b/Tests/Integration/AbstractIntegrationTest.php @@ -5,6 +5,7 @@ use Defuse\Crypto\Crypto; use Defuse\Crypto\Exception\CryptoException; use League\OAuth2\Server\AuthorizationServer; +use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Grant\PasswordGrant; @@ -196,7 +197,7 @@ private function createAuthorizationServer( $clientRepository, $accessTokenRepository, $scopeRepository, - TestHelper::PRIVATE_KEY_PATH, + new CryptKey(TestHelper::PRIVATE_KEY_PATH, null, false), TestHelper::ENCRYPTION_KEY ); @@ -211,7 +212,7 @@ private function createResourceServer(AccessTokenRepositoryInterface $accessToke { return new ResourceServer( $accessTokenRepository, - TestHelper::PUBLIC_KEY_PATH + new CryptKey(TestHelper::PUBLIC_KEY_PATH, null, false) ); } } diff --git a/Tests/TestHelper.php b/Tests/TestHelper.php index 2995fb36..bdd2cd01 100644 --- a/Tests/TestHelper.php +++ b/Tests/TestHelper.php @@ -58,7 +58,7 @@ public static function generateJwtToken(AccessTokenModel $accessToken): string } return $accessTokenEntity->convertToJWT( - new CryptKey(self::PRIVATE_KEY_PATH) + new CryptKey(self::PRIVATE_KEY_PATH, null, false) ); } diff --git a/Tests/TestKernel.php b/Tests/TestKernel.php index b282f30a..a5e4bb7d 100644 --- a/Tests/TestKernel.php +++ b/Tests/TestKernel.php @@ -27,10 +27,6 @@ public function boot() putenv(sprintf('PUBLIC_KEY_PATH=%s', TestHelper::PUBLIC_KEY_PATH)); putenv(sprintf('ENCRYPTION_KEY=%s', TestHelper::ENCRYPTION_KEY)); - // The authorization server requires proper file permissions for public/private keys. - chmod(TestHelper::PRIVATE_KEY_PATH, 0600); - chmod(TestHelper::PUBLIC_KEY_PATH, 0600); - parent::boot(); }