Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix key files permission on Windows #1447

Merged
merged 3 commits into from
Dec 20, 2024
Merged

Fix key files permission on Windows #1447

merged 3 commits into from
Dec 20, 2024

Conversation

hafezdivandari
Copy link
Contributor

@hafezdivandari hafezdivandari commented Sep 26, 2024
edited
Loading

Closes #901
Related to laravel/passport#1789

This PR adds windows tests and fixes the permission check on Windows. The possible file permissions on Windows are '666' and '444'.

hafezdivandari
hafezdivandari commented Sep 26, 2024
View reviewed changes
.github/workflows/tests.yml
@@ -29,7 +29,7 @@ jobs:
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
extensions: dom, curl, libxml, mbstring, zip
extensions: dom, curl, libxml, mbstring, sodium, zip
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sodium is not enabled on Windows by default, it is required by lcobucci/jwt package.

tests/AuthorizationServerTest.php
self::assertSame($permission, decoct(fileperms(__DIR__ . '/Stubs/public.key') & 0777));
self::assertSame($permission, decoct(fileperms(__DIR__ . '/Stubs/private.key.crlf') & 0777));
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may delete this test, I added this to prove the difference on Windows only!

src/CryptKey.php
@@ -72,7 +72,7 @@ public function __construct(string $keyPath, protected ?string $passPhrase = nul
throw new LogicException('Invalid key supplied');
}

if ($keyPermissionsCheck === true) {
if ($keyPermissionsCheck === true && PHP_OS_FAMILY !== 'Windows') {
Copy link
Contributor Author

@hafezdivandari hafezdivandari Sep 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignore key permissions check on Windows, as it always will be '666' or '444'.

This was referenced Sep 30, 2024
Draft
Closed
@hafezdivandari hafezdivandari mentioned this pull request Oct 10, 2024
Open
8 tasks
@Sephster
Copy link
Member

Sephster commented Dec 4, 2024

We've had a similar PR for this submitted in the past. It was rejected on the basis that the implementer can ignore these checks if need be by setting the appropriate construct argument to false.

This change does mean that regardless of this flag, on windows we will ignore it. This is potentially not obvious to the end user and while nothing bad will come of it, it doesn't feel right.

Why can't this option be exposed in Laravel so folks can turn it off if need be?

@hafezdivandari
Copy link
Contributor Author

This change does mean that regardless of this flag, on windows we will ignore it. This is potentially not obvious to the end user and while nothing bad will come of it, it doesn't feel right.

The ignored check is not working on Windows anyway. The tests are always failing on Windows without this change.

Why can't this option be exposed in Laravel so folks can turn it off if need be?

On Passport, we had to turn this off on Windows, but it doesn't feel right either! What if additional checks added in future, or the code changed in a way that works on Windows?

Feel free to close this PR if it was not convincing. We will continue to ignore this for Windows on Passport for now, so it's not a blocking pull request.

@Sephster
Copy link
Member

Thanks @hafezdivandari - I hadn't really considered testing against Windows so this does make sense. Will merge on that basis. Cheers!

@Sephster Sephster merged commit 70dc310 into thephpleague:master Dec 20, 2024
27 checks passed
@hafezdivandari hafezdivandari deleted the fix-windows branch December 20, 2024 22:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hafezdivandari @Sephster