Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,18 @@
"laminas/laminas-diactoros": "^3",
"laminas/laminas-httphandlerrunner": "^2",
"lcobucci/jwt": "^5.3",
"league/oauth2-server": "^8.5.3",
"league/oauth2-server": "^9.4",
"nette/forms": "^3",
"psr/container": "^2.0",
"psr/log": "^3",
"psr/simple-cache": "^3",
"simplesamlphp/composer-module-installer": "^1.3",
"simplesamlphp/openid": "~0.3.8",
"spomky-labs/base64url": "^2.0",
"symfony/cache": "^7.4",
"symfony/expression-language": "^7.4",
"symfony/psr-http-message-bridge": "^7.4",
"web-token/jwt-framework": "^3.4.10",
"symfony/cache": "^7.4",
"psr/simple-cache": "^3"
"web-token/jwt-framework": "^3.4.10"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3",
Expand Down
21 changes: 15 additions & 6 deletions src/Entities/AccessTokenEntity.php
Original file line number Diff line number Diff line change
Expand Up @@ -75,13 +75,22 @@ public function __construct(
protected readonly ?string $boundRedirectUri = null,
protected readonly ?string $issuerState = null,
) {
if ($id === '') {
throw new \InvalidArgumentException('Access token identifier cannot be empty.');
}

$this->setIdentifier($id);
$this->setClient($clientEntity);
foreach ($scopes as $scope) {
$this->addScope($scope);
}
$this->setExpiryDateTime($expiryDateTime);
$this->setUserIdentifier($userIdentifier);
if (!is_null($userIdentifier)) {
$userIdentifier = (string)$userIdentifier;
}
if (!empty($userIdentifier)) {
$this->setUserIdentifier($userIdentifier);
}
$this->setAuthCodeId($authCodeId);
$this->setRequestedClaims($requestedClaims ?? []);
if ($isRevoked) {
Expand Down Expand Up @@ -134,16 +143,16 @@ public function getState(): array
*/
public function __toString(): string
{
return $this->stringRepresentation = $this->convertToJWT()->getToken();
return $this->toString();
}

/**
* Get string representation of access token at the moment of casting it to string.
* @return string|null String representation or null if it was not cast to string yet.
* @return string String representation of the access token.
*/
public function toString(): ?string
public function toString(): string
{
return $this->stringRepresentation;
return $this->stringRepresentation ??= $this->convertToJWT()->getToken();
}

/**
Expand All @@ -162,7 +171,7 @@ protected function convertToJWT(): ParsedJws
$payload = array_filter([
ClaimsEnum::Iss->value => $this->moduleConfig->getIssuer(),
ClaimsEnum::Iat->value => $currentTimestamp,
ClaimsEnum::Jti->value => (string)$this->getIdentifier(),
ClaimsEnum::Jti->value => $this->getIdentifier(),
ClaimsEnum::Aud->value => $this->getClient()->getIdentifier(),
ClaimsEnum::Nbf->value => $currentTimestamp,
ClaimsEnum::Exp->value => $this->expiryDateTime->getTimestamp(),
Expand Down
6 changes: 5 additions & 1 deletion src/Entities/AuthCodeEntity.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,15 @@ public function __construct(
protected readonly ?string $boundRedirectUri = null,
protected readonly ?string $issuerState = null,
) {
if ($id === '') {
throw new \InvalidArgumentException('Authorization code identifier cannot be empty.');
}

$this->identifier = $id;
$this->client = $client;
$this->scopes = $scopes;
$this->expiryDateTime = $expiryDateTime;
$this->userIdentifier = $userIdentifier;
$this->userIdentifier = $userIdentifier === '' ? null : $userIdentifier;
$this->redirectUri = $redirectUri;
$this->nonce = $nonce;
$this->isRevoked = $isRevoked;
Expand Down
4 changes: 4 additions & 0 deletions src/Entities/ClientEntity.php
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,10 @@ public function __construct(
?array $extraMetadata = null,
?string $registrationAccessToken = null,
) {
if ($identifier === '') {
throw new \InvalidArgumentException('Client identifier cannot be empty.');
}

$this->identifier = $identifier;
$this->secret = $secret;
$this->name = $name;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ interface EntityStringRepresentationInterface
/**
* Generate string representation of entity.
*/
public function toString(): ?string;
public function toString(): string;
}
4 changes: 4 additions & 0 deletions src/Entities/RefreshTokenEntity.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ public function __construct(
?string $authCodeId = null,
bool $isRevoked = false,
) {
if ($id === '') {
throw new \InvalidArgumentException('Refresh token identifier cannot be empty.');
}

$this->setIdentifier($id);
$this->setExpiryDateTime($expiryDateTime);
$this->setAccessToken($accessTokenEntity);
Expand Down
6 changes: 5 additions & 1 deletion src/Entities/ScopeEntity.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ public function __construct(
protected ?string $icon = null,
protected array $claims = [],
) {
if ($identifier === '') {
throw new \InvalidArgumentException('Scope identifier cannot be empty.');
}

$this->identifier = $identifier;
}

Expand All @@ -58,6 +62,6 @@ public function getClaims(): array

public function jsonSerialize(): string
{
return (string) $this->getIdentifier();
return $this->getIdentifier();
}
}
10 changes: 9 additions & 1 deletion src/Entities/UserEntity.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,20 @@
*/
class UserEntity implements UserEntityInterface, MementoInterface, ClaimSetInterface
{
/** @var non-empty-string */
private readonly string $identifier;

public function __construct(
private readonly string $identifier,
string $identifier,
private readonly DateTimeImmutable $createdAt,
private DateTimeImmutable $updatedAt,
private array $claims = [],
) {
if ($identifier === '') {
throw new \InvalidArgumentException('User identifier cannot be empty.');
}

$this->identifier = $identifier;
}

/**
Expand Down
6 changes: 4 additions & 2 deletions src/Factories/Entities/ClientEntityFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -168,8 +168,10 @@ public function fromRegistrationData(
$isDcrUpdate = $existingClient !== null && $registrationType === RegistrationTypeEnum::Dynamic;
$metadataFallbackClient = $isDcrUpdate ? null : $existingClient;

$id = $clientIdentifier ?? $existingClient?->getIdentifier() ??
$this->sspBridge->utils()->random()->generateID();
$id = $clientIdentifier ?: $existingClient?->getIdentifier();
if (empty($id)) {
$id = $this->sspBridge->utils()->random()->generateID();
}

$secret = $existingClient?->getSecret() ?? $this->sspBridge->utils()->random()->generateID();

Expand Down
15 changes: 6 additions & 9 deletions src/Repositories/AccessTokenRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,12 @@ public function getTableName(): string
public function getNewToken(
OAuth2ClientEntityInterface $clientEntity,
array $scopes,
$userIdentifier = null,
?string $userIdentifier = null,
?string $authCodeId = null,
?array $requestedClaims = null,
?string $id = null,
?DateTimeImmutable $expiryDateTime = null,
): AccessTokenEntityInterface {
if (!is_null($userIdentifier)) {
$userIdentifier = (string)$userIdentifier;
}
if (empty($userIdentifier)) {
$userIdentifier = null;
}
Expand Down Expand Up @@ -145,7 +142,7 @@ public function persistNewAccessToken(OAuth2AccessTokenEntityInterface $accessTo
$this->helpers->dateTime()->getSecondsToExpirationTime(
$accessTokenEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$accessTokenEntity->getIdentifier()),
$this->getCacheKey($accessTokenEntity->getIdentifier()),
);
}

Expand Down Expand Up @@ -184,7 +181,7 @@ public function findById(string $tokenId): ?AccessTokenEntity
$this->helpers->dateTime()->getSecondsToExpirationTime(
$accessTokenEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$accessTokenEntity->getIdentifier()),
$this->getCacheKey($accessTokenEntity->getIdentifier()),
);

return $accessTokenEntity;
Expand All @@ -195,7 +192,7 @@ public function findById(string $tokenId): ?AccessTokenEntity
* @throws \JsonException
* @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
*/
public function revokeAccessToken($tokenId): void
public function revokeAccessToken(string $tokenId): void
{
$accessToken = $this->findById($tokenId);

Expand Down Expand Up @@ -227,7 +224,7 @@ public function revokeByAuthCodeId(string $authCodeId): void
* {@inheritdoc}
* @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
*/
public function isAccessTokenRevoked($tokenId): bool
public function isAccessTokenRevoked(string $tokenId): bool
{
$accessToken = $this->findById($tokenId);

Expand Down Expand Up @@ -286,7 +283,7 @@ private function update(AccessTokenEntity $accessTokenEntity): void
$this->helpers->dateTime()->getSecondsToExpirationTime(
$accessTokenEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$accessTokenEntity->getIdentifier()),
$this->getCacheKey($accessTokenEntity->getIdentifier()),
);
}

Expand Down
10 changes: 5 additions & 5 deletions src/Repositories/AuthCodeRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ public function persistNewAuthCode(OAuth2AuthCodeEntityInterface $authCodeEntity
$this->helpers->dateTime()->getSecondsToExpirationTime(
$authCodeEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$authCodeEntity->getIdentifier()),
$this->getCacheKey($authCodeEntity->getIdentifier()),
);
}

Expand Down Expand Up @@ -155,7 +155,7 @@ public function findById(string $codeId): ?AuthCodeEntity
$this->helpers->dateTime()->getSecondsToExpirationTime(
$authCodeEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$authCodeEntity->getIdentifier()),
$this->getCacheKey($authCodeEntity->getIdentifier()),
);

return $authCodeEntity;
Expand All @@ -166,7 +166,7 @@ public function findById(string $codeId): ?AuthCodeEntity
* @throws \Exception
* @throws \JsonException
*/
public function revokeAuthCode($codeId): void
public function revokeAuthCode(string $codeId): void
{
$authCode = $this->findById($codeId);

Expand All @@ -182,7 +182,7 @@ public function revokeAuthCode($codeId): void
* {@inheritdoc}
* @throws \Exception
*/
public function isAuthCodeRevoked($codeId): bool
public function isAuthCodeRevoked(string $codeId): bool
{
$authCode = $this->findById($codeId);

Expand Down Expand Up @@ -245,7 +245,7 @@ private function update(AuthCodeEntity $authCodeEntity): void
$this->helpers->dateTime()->getSecondsToExpirationTime(
$authCodeEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$authCodeEntity->getIdentifier()),
$this->getCacheKey($authCodeEntity->getIdentifier()),
);
}

Expand Down
5 changes: 3 additions & 2 deletions src/Repositories/ClientRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
namespace SimpleSAML\Module\oidc\Repositories;

use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use PDO;
use SimpleSAML\Database;
Expand Down Expand Up @@ -48,7 +49,7 @@ public function getTableName(): string
* @throws \JsonException
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
public function getClientEntity($clientIdentifier)
public function getClientEntity(string $clientIdentifier): ?OAuth2ClientEntityInterface
{
$client = $this->findById($clientIdentifier);

Expand All @@ -72,7 +73,7 @@ public function getClientEntity($clientIdentifier)
* @throws \JsonException
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
public function validateClient($clientIdentifier, $clientSecret, $grantType): bool
public function validateClient(string $clientIdentifier, ?string $clientSecret, ?string $grantType): bool
{
$client = $this->getClientEntity($clientIdentifier);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ public function revokeByAuthCodeId(string $authCodeId): void;
*
* @param \League\OAuth2\Server\Entities\ClientEntityInterface $clientEntity
* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
* @param mixed $userIdentifier
* @param string|null $userIdentifier
* @param string|null $authCodeId
* @param array|null $requestedClaims Any requested claims
* @return \SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface
*/
public function getNewToken(
OAuth2ClientEntityInterface $clientEntity,
array $scopes,
$userIdentifier = null,
?string $userIdentifier = null,
?string $authCodeId = null,
?array $requestedClaims = null,
): AccessTokenEntityInterface;
Expand Down
10 changes: 5 additions & 5 deletions src/Repositories/RefreshTokenRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public function getTableName(): string
/**
* {@inheritdoc}
*/
public function getNewRefreshToken(): RefreshTokenEntityInterface
public function getNewRefreshToken(): ?RefreshTokenEntityInterface
{
throw new RuntimeException('Not implemented. Use RefreshTokenEntityFactory instead.');
}
Expand Down Expand Up @@ -88,7 +88,7 @@ public function persistNewRefreshToken(OAuth2RefreshTokenEntityInterface $refres
$this->helpers->dateTime()->getSecondsToExpirationTime(
$refreshTokenEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$refreshTokenEntity->getIdentifier()),
$this->getCacheKey($refreshTokenEntity->getIdentifier()),
);
}

Expand Down Expand Up @@ -127,7 +127,7 @@ public function findById(string $tokenId): ?RefreshTokenEntityInterface
$this->helpers->dateTime()->getSecondsToExpirationTime(
$refreshTokenEntity->getExpiryDateTime()->getTimestamp(),
),
$this->getCacheKey((string)$refreshTokenEntity->getIdentifier()),
$this->getCacheKey($refreshTokenEntity->getIdentifier()),
);

return $refreshTokenEntity;
Expand All @@ -137,7 +137,7 @@ public function findById(string $tokenId): ?RefreshTokenEntityInterface
* {@inheritdoc}
* @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
*/
public function revokeRefreshToken($tokenId): void
public function revokeRefreshToken(string $tokenId): void
{
$refreshToken = $this->findById($tokenId);

Expand Down Expand Up @@ -168,7 +168,7 @@ public function revokeByAuthCodeId(string $authCodeId): void
* {@inheritdoc}
* @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
*/
public function isRefreshTokenRevoked($tokenId): bool
public function isRefreshTokenRevoked(string $tokenId): bool
{
$refreshToken = $this->findById($tokenId);

Expand Down
7 changes: 4 additions & 3 deletions src/Repositories/ScopeRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public function __construct(
* {@inheritdoc}
* @throws \Exception
*/
public function getScopeEntityByIdentifier($identifier): ScopeEntity|ScopeEntityInterface|null
public function getScopeEntityByIdentifier(string $identifier): ScopeEntity|ScopeEntityInterface|null
{
$scopes = $this->moduleConfig->getScopes();

Expand Down Expand Up @@ -68,9 +68,10 @@ public function getScopeEntityByIdentifier($identifier): ScopeEntity|ScopeEntity
*/
public function finalizeScopes(
array $scopes,
$grantType,
string $grantType,
OAuth2ClientEntityInterface $clientEntity,
$userIdentifier = null,
?string $userIdentifier = null,
?string $authCodeId = null,
): array {
if (!$clientEntity instanceof ClientEntity) {
return [];
Expand Down
Loading
Loading