Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix key files permission on Windows #1447

Merged
merged 3 commits into from
Dec 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,24 @@ jobs:
fail-fast: false
matrix:
php: [8.1, 8.2, 8.3, 8.4]
os: [ubuntu-22.04]
os: [ubuntu-latest, windows-latest]
stability: [prefer-lowest, prefer-stable]

runs-on: ${{ matrix.os }}

name: PHP ${{ matrix.php }} - ${{ matrix.stability }}
name: PHP ${{ matrix.php }} - ${{ matrix.stability }} - ${{ matrix.os }}

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
with:
fetch-depth: 0

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
extensions: dom, curl, libxml, mbstring, zip
extensions: dom, curl, libxml, mbstring, sodium, zip
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sodium is not enabled on Windows by default, it is required by lcobucci/jwt package.

coverage: pcov

- name: Install dependencies
Expand Down
2 changes: 1 addition & 1 deletion src/CryptKey.php
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public function __construct(string $keyPath, protected ?string $passPhrase = nul
throw new LogicException('Invalid key supplied');
}

if ($keyPermissionsCheck === true) {
if ($keyPermissionsCheck === true && PHP_OS_FAMILY !== 'Windows') {
Copy link
Contributor Author

@hafezdivandari hafezdivandari Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignore key permissions check on Windows, as it always will be '666' or '444'.

// Verify the permissions of the key
$keyPathPerms = decoct(fileperms($this->keyPath) & 0777);
if (in_array($keyPathPerms, ['400', '440', '600', '640', '660'], true) === false) {
Expand Down
9 changes: 9 additions & 0 deletions tests/AuthorizationServerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,15 @@ public function setUp(): void
chmod(__DIR__ . '/Stubs/private.key.crlf', 0600);
}

public function testKeyPermissions(): void
{
$permission = PHP_OS_FAMILY === 'Windows' ? '666' : '600';

self::assertSame($permission, decoct(fileperms(__DIR__ . '/Stubs/private.key') & 0777));
self::assertSame($permission, decoct(fileperms(__DIR__ . '/Stubs/public.key') & 0777));
self::assertSame($permission, decoct(fileperms(__DIR__ . '/Stubs/private.key.crlf') & 0777));
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may delete this test, I added this to prove the difference on Windows only!

public function testGrantTypeGetsEnabled(): void
{
$server = new AuthorizationServer(
Expand Down