From b40fd512f467368fbe143da80823f07577bd0700 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Obradovi=C4=87?= Date: Wed, 26 Feb 2020 17:57:18 +0100 Subject: [PATCH 1/7] Update branch alias --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 4957c30e..4ef3478d 100644 --- a/composer.json +++ b/composer.json @@ -59,7 +59,7 @@ }, "extra": { "branch-alias": { - "dev-master": "3.x-dev" + "dev-master": "4.x-dev" } } } From 9ec7875c1571976bc7e40ce18f2ac02f1b13448a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berislav=20Balogovi=C4=87?= Date: Wed, 18 Mar 2020 19:48:23 +0100 Subject: [PATCH 2/7] Fix casing of OAuth2AuthenticationFailedException --- EventListener/ConvertExceptionToResponseListener.php | 4 ++-- ...dException.php => OAuth2AuthenticationFailedException.php} | 2 +- Security/Firewall/OAuth2Listener.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) rename Security/Exception/{Oauth2AuthenticationFailedException.php => OAuth2AuthenticationFailedException.php} (84%) diff --git a/EventListener/ConvertExceptionToResponseListener.php b/EventListener/ConvertExceptionToResponseListener.php index b29fdffe..535eee16 100644 --- a/EventListener/ConvertExceptionToResponseListener.php +++ b/EventListener/ConvertExceptionToResponseListener.php @@ -7,7 +7,7 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\ExceptionEvent; use Trikoder\Bundle\OAuth2Bundle\Security\Exception\InsufficientScopesException; -use Trikoder\Bundle\OAuth2Bundle\Security\Exception\Oauth2AuthenticationFailedException; +use Trikoder\Bundle\OAuth2Bundle\Security\Exception\OAuth2AuthenticationFailedException; /** * @author Tobias Nyholm @@ -17,7 +17,7 @@ final class ConvertExceptionToResponseListener public function onKernelException(ExceptionEvent $event): void { $exception = $event->getThrowable(); - if ($exception instanceof InsufficientScopesException || $exception instanceof Oauth2AuthenticationFailedException) { + if ($exception instanceof InsufficientScopesException || $exception instanceof OAuth2AuthenticationFailedException) { $event->setResponse(new Response($exception->getMessage(), $exception->getCode())); } } diff --git a/Security/Exception/Oauth2AuthenticationFailedException.php b/Security/Exception/OAuth2AuthenticationFailedException.php similarity index 84% rename from Security/Exception/Oauth2AuthenticationFailedException.php rename to Security/Exception/OAuth2AuthenticationFailedException.php index f42097ed..b21d4d09 100644 --- a/Security/Exception/Oauth2AuthenticationFailedException.php +++ b/Security/Exception/OAuth2AuthenticationFailedException.php @@ -9,7 +9,7 @@ /** * @author Tobias Nyholm */ -class Oauth2AuthenticationFailedException extends AuthenticationException +class OAuth2AuthenticationFailedException extends AuthenticationException { public static function create(string $message): self { diff --git a/Security/Firewall/OAuth2Listener.php b/Security/Firewall/OAuth2Listener.php index 618cdc51..0bf62ae3 100644 --- a/Security/Firewall/OAuth2Listener.php +++ b/Security/Firewall/OAuth2Listener.php @@ -13,7 +13,7 @@ use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2Token; use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2TokenFactory; use Trikoder\Bundle\OAuth2Bundle\Security\Exception\InsufficientScopesException; -use Trikoder\Bundle\OAuth2Bundle\Security\Exception\Oauth2AuthenticationFailedException; +use Trikoder\Bundle\OAuth2Bundle\Security\Exception\OAuth2AuthenticationFailedException; final class OAuth2Listener { @@ -68,7 +68,7 @@ public function __invoke(RequestEvent $event) /** @var OAuth2Token $authenticatedToken */ $authenticatedToken = $this->authenticationManager->authenticate($this->oauth2TokenFactory->createOAuth2Token($request, null, $this->providerKey)); } catch (AuthenticationException $e) { - throw Oauth2AuthenticationFailedException::create($e->getMessage()); + throw OAuth2AuthenticationFailedException::create($e->getMessage()); } if (!$this->isAccessToRouteGranted($event->getRequest(), $authenticatedToken)) { From 60e9cadef8220e3fa650dd4777a7e3f2bd904414 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berislav=20Balogovi=C4=87?= Date: Mon, 5 Oct 2020 02:29:35 +0200 Subject: [PATCH 3/7] Remove deprecated config options. --- DependencyInjection/Configuration.php | 65 +----------------------- README.md | 22 --------- Tests/Unit/ExtensionTest.php | 71 +++------------------------ 3 files changed, 8 insertions(+), 150 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 707b2266..8c16b06d 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -79,48 +79,9 @@ private function createAuthorizationServerNode(): NodeDefinition ->cannotBeEmpty() ->defaultValue('P1M') ->end() - - // @TODO Remove in v4 start - - ->scalarNode('auth_code_ttl') - ->info("How long the issued authorization code should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters") - ->cannotBeEmpty() - ->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.auth_code_ttl" instead.') - ->beforeNormalization() - ->ifNull() - ->thenUnset() - ->end() - ->end() - ->booleanNode('require_code_challenge_for_public_clients') - ->info('Whether to require code challenge for public clients for the authorization code grant.') - ->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.') - ->beforeNormalization() - ->ifNull() - ->thenUnset() - ->end() - ->end() ->end() ; - foreach (OAuth2Grants::ALL as $grantType => $grantTypeName) { - $oldGrantType = 'authorization_code' === $grantType ? 'auth_code' : $grantType; - - $node - ->children() - ->booleanNode(sprintf('enable_%s_grant', $oldGrantType)) - ->info(sprintf('Whether to enable the %s grant.', $grantTypeName)) - ->setDeprecated(sprintf('"%%path%%.%%node%%" is deprecated, use "%%path%%.grant_types.%s.enable" instead.', $grantType)) - ->beforeNormalization() - ->ifNull() - ->thenUnset() - ->end() - ->end() - ->end() - ; - } - - // @TODO Remove in v4 end - $node->append($this->createAuthorizationServerGrantTypesNode()); $node @@ -134,33 +95,9 @@ private function createAuthorizationServerNode(): NodeDefinition if (isset($grantTypesWithRefreshToken[$grantType])) { $grantTypeConfig['refresh_token_ttl'] = $grantTypeConfig['refresh_token_ttl'] ?? $v['refresh_token_ttl']; } - - // @TODO Remove in v4 start - $oldGrantType = 'authorization_code' === $grantType ? 'auth_code' : $grantType; - - $grantTypeConfig['enable'] = $v[sprintf('enable_%s_grant', $oldGrantType)] ?? $grantTypeConfig['enable']; - - if ('authorization_code' === $grantType) { - $grantTypeConfig['auth_code_ttl'] = $v['auth_code_ttl'] ?? $grantTypeConfig['auth_code_ttl']; - $grantTypeConfig['require_code_challenge_for_public_clients'] = $v['require_code_challenge_for_public_clients'] - ?? $grantTypeConfig['require_code_challenge_for_public_clients']; - } - // @TODO Remove in v4 end } - unset( - $v['access_token_ttl'], - $v['refresh_token_ttl'], - // @TODO Remove in v4 start - $v['enable_auth_code_grant'], - $v['enable_client_credentials_grant'], - $v['enable_implicit_grant'], - $v['enable_password_grant'], - $v['enable_refresh_token_grant'], - $v['auth_code_ttl'], - $v['require_code_challenge_for_public_clients'] - // @TODO Remove in v4 end - ); + unset($v['access_token_ttl'], $v['refresh_token_ttl']); return $v; }) diff --git a/README.md b/README.md index 63a53d83..1fc84135 100644 --- a/README.md +++ b/README.md @@ -68,28 +68,6 @@ This package is currently in the active development. # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters refresh_token_ttl: P1M - # How long the issued authorization code should be valid for. - # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters - auth_code_ttl: ~ # Deprecated ("trikoder_oauth2.authorization_server.auth_code_ttl" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.auth_code_ttl" instead.) - - # Whether to require code challenge for public clients for the authorization code grant. - require_code_challenge_for_public_clients: ~ # Deprecated ("trikoder_oauth2.authorization_server.require_code_challenge_for_public_clients" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.) - - # Whether to enable the authorization code grant. - enable_auth_code_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_auth_code_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.enable" instead.) - - # Whether to enable the client credentials grant. - enable_client_credentials_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_client_credentials_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.client_credentials.enable" instead.) - - # Whether to enable the implicit grant. - enable_implicit_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_implicit_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.implicit.enable" instead.) - - # Whether to enable the password grant. - enable_password_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_password_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.password.enable" instead.) - - # Whether to enable the refresh token grant. - enable_refresh_token_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_refresh_token_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.refresh_token.enable" instead.) - # Enable and configure grant types. grant_types: authorization_code: diff --git a/Tests/Unit/ExtensionTest.php b/Tests/Unit/ExtensionTest.php index 146ae35f..3ed16159 100644 --- a/Tests/Unit/ExtensionTest.php +++ b/Tests/Unit/ExtensionTest.php @@ -265,44 +265,12 @@ public function grantsProvider(): iterable yield 'Refresh token grant can be disabled' => [ RefreshTokenGrant::class, 'refresh_token.enable', false, ]; - - yield 'Legacy authorization code grant can be enabled' => [ - AuthCodeGrant::class, 'enable_auth_code_grant', true, - ]; - yield 'Legacy authorization code grant can be disabled' => [ - AuthCodeGrant::class, 'enable_auth_code_grant', false, - ]; - yield 'Legacy client credentials grant can be enabled' => [ - ClientCredentialsGrant::class, 'enable_client_credentials_grant', true, - ]; - yield 'Legacy client credentials grant can be disabled' => [ - ClientCredentialsGrant::class, 'enable_client_credentials_grant', false, - ]; - yield 'Legacy implicit grant can be enabled' => [ - ImplicitGrant::class, 'enable_implicit_grant', true, - ]; - yield 'Legacy implicit grant can be disabled' => [ - ImplicitGrant::class, 'enable_implicit_grant', false, - ]; - yield 'Legacy password grant can be enabled' => [ - PasswordGrant::class, 'enable_password_grant', true, - ]; - yield 'Legacy password grant can be disabled' => [ - PasswordGrant::class, 'enable_password_grant', false, - ]; - yield 'Legacy refresh token grant can be enabled' => [ - RefreshTokenGrant::class, 'enable_refresh_token_grant', true, - ]; - yield 'Legacy refresh token grant can be disabled' => [ - RefreshTokenGrant::class, 'enable_refresh_token_grant', false, - ]; } /** * @dataProvider requireCodeChallengeForPublicClientsProvider */ public function testAuthCodeGrantDisableRequireCodeChallengeForPublicClientsConfig( - string $configKey, ?bool $requireCodeChallengeForPublicClients, bool $shouldTheRequirementBeDisabled ): void { @@ -313,7 +281,7 @@ public function testAuthCodeGrantDisableRequireCodeChallengeForPublicClientsConf $extension = new TrikoderOAuth2Extension(); $configuration = $this->getValidConfiguration([ - $configKey => $requireCodeChallengeForPublicClients, + 'authorization_code.require_code_challenge_for_public_clients' => $requireCodeChallengeForPublicClients, ]); $extension->load($configuration, $container); @@ -336,23 +304,13 @@ public function testAuthCodeGrantDisableRequireCodeChallengeForPublicClientsConf public function requireCodeChallengeForPublicClientsProvider(): iterable { yield 'When not requiring code challenge for public clients the requirement should be disabled' => [ - 'authorization_code.require_code_challenge_for_public_clients', false, true, + false, true, ]; yield 'When code challenge for public clients is required the requirement should not be disabled' => [ - 'authorization_code.require_code_challenge_for_public_clients', true, false, + true, false, ]; yield 'With the default value the requirement should not be disabled' => [ - 'authorization_code.require_code_challenge_for_public_clients', null, false, - ]; - - yield 'Legacy when not requiring code challenge for public clients the requirement should be disabled' => [ - 'require_code_challenge_for_public_clients', false, true, - ]; - yield 'Legacy when code challenge for public clients is required the requirement should not be disabled' => [ - 'require_code_challenge_for_public_clients', true, false, - ]; - yield 'Legacy with the default value the requirement should not be disabled' => [ - 'require_code_challenge_for_public_clients', null, false, + null, false, ]; } @@ -360,7 +318,6 @@ public function requireCodeChallengeForPublicClientsProvider(): iterable * @dataProvider authCodeTTLProvider */ public function testAuthCodeTTLConfig( - string $configKey, ?string $authCodeTTL, string $expectedAuthCodeTTL ): void { @@ -371,7 +328,7 @@ public function testAuthCodeTTLConfig( $extension = new TrikoderOAuth2Extension(); $configuration = $this->getValidConfiguration([ - $configKey => $authCodeTTL, + 'authorization_code.auth_code_ttl' => $authCodeTTL, ]); $extension->load($configuration, $container); @@ -384,17 +341,10 @@ public function testAuthCodeTTLConfig( public function authCodeTTLProvider(): iterable { yield 'Authorization code TTL can be set' => [ - 'authorization_code.auth_code_ttl', 'PT20M', 'PT20M', + 'PT20M', 'PT20M', ]; yield 'When no authorization code TTL is set, the default is used' => [ - 'authorization_code.auth_code_ttl', null, 'PT10M', - ]; - - yield 'Legacy authorization code TTL can be set' => [ - 'auth_code_ttl', 'PT20M', 'PT20M', - ]; - yield 'Legacy when no authorization code TTL is set, the default is used' => [ - 'auth_code_ttl', null, 'PT10M', + null, 'PT10M', ]; } @@ -405,15 +355,8 @@ private function getValidConfiguration(array $options = []): array 'authorization_server' => [ 'private_key' => 'foo', 'encryption_key' => 'foo', - 'enable_auth_code_grant' => $options['enable_auth_code_grant'] ?? null, 'access_token_ttl' => $options['access_token_ttl'] ?? 'PT1H', 'refresh_token_ttl' => $options['refresh_token_ttl'] ?? 'P1M', - 'enable_client_credentials_grant' => $options['enable_client_credentials_grant'] ?? null, - 'enable_implicit_grant' => $options['enable_implicit_grant'] ?? null, - 'enable_password_grant' => $options['enable_password_grant'] ?? null, - 'enable_refresh_token_grant' => $options['enable_refresh_token_grant'] ?? null, - 'require_code_challenge_for_public_clients' => $options['require_code_challenge_for_public_clients'] ?? null, - 'auth_code_ttl' => $options['auth_code_ttl'] ?? null, 'grant_types' => [ 'authorization_code' => [ 'enable' => $options['authorization_code.enable'] ?? true, From 3710d33cfbd9625d936dc88ba4d065e9dc026be6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berislav=20Balogovi=C4=87?= Date: Mon, 5 Oct 2020 02:29:51 +0200 Subject: [PATCH 4/7] Remove deprecated OAuth2Grants::has method. --- OAuth2Grants.php | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/OAuth2Grants.php b/OAuth2Grants.php index d823f17e..025a617e 100644 --- a/OAuth2Grants.php +++ b/OAuth2Grants.php @@ -54,14 +54,4 @@ final class OAuth2Grants self::PASSWORD => 'password', self::REFRESH_TOKEN => 'refresh token', ]; - - /** - * @deprecated Will be removed in v4, use {@see OAuth2Grants::ALL} instead - * - * @TODO Remove in v4. - */ - public static function has(string $grant): bool - { - return isset(self::ALL[$grant]); - } } From 9701bd5ba70eecf0fa90e5ae67d947e0c23608bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berislav=20Balogovi=C4=87?= Date: Mon, 5 Oct 2020 02:33:47 +0200 Subject: [PATCH 5/7] Add previous argument to OAuth2AuthenticationFailedException::create method --- Security/Exception/OAuth2AuthenticationFailedException.php | 5 +++-- Security/Firewall/OAuth2Listener.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Security/Exception/OAuth2AuthenticationFailedException.php b/Security/Exception/OAuth2AuthenticationFailedException.php index b21d4d09..35d8fd20 100644 --- a/Security/Exception/OAuth2AuthenticationFailedException.php +++ b/Security/Exception/OAuth2AuthenticationFailedException.php @@ -5,14 +5,15 @@ namespace Trikoder\Bundle\OAuth2Bundle\Security\Exception; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Throwable; /** * @author Tobias Nyholm */ class OAuth2AuthenticationFailedException extends AuthenticationException { - public static function create(string $message): self + public static function create(string $message, ?Throwable $previous = null): self { - return new self($message, 401); + return new self($message, 401, $previous); } } diff --git a/Security/Firewall/OAuth2Listener.php b/Security/Firewall/OAuth2Listener.php index 817c3a43..8f1ae8a6 100644 --- a/Security/Firewall/OAuth2Listener.php +++ b/Security/Firewall/OAuth2Listener.php @@ -68,7 +68,7 @@ public function __invoke(RequestEvent $event) /** @var OAuth2Token $authenticatedToken */ $authenticatedToken = $this->authenticationManager->authenticate($this->oauth2TokenFactory->createOAuth2Token($request, null, $this->providerKey)); } catch (AuthenticationException $e) { - throw new OAuth2AuthenticationFailedException($e->getMessage(), 401, $e); + throw OAuth2AuthenticationFailedException::create($e->getMessage(), $e); } if (!$this->isAccessToRouteGranted($event->getRequest(), $authenticatedToken)) { From b011094cd8908b0fdb29f43951d58a90a84831e8 Mon Sep 17 00:00:00 2001 From: denismacak Date: Mon, 1 Feb 2021 19:39:44 +0100 Subject: [PATCH 6/7] Decoupled managers from models, created interfaces for models --- Manager/AccessTokenManagerInterface.php | 6 +-- Manager/AuthorizationCodeManagerInterface.php | 6 +-- Manager/ClientFilter.php | 24 ++++++------ Manager/ClientManagerInterface.php | 8 ++-- Manager/Doctrine/AccessTokenManager.php | 5 ++- Manager/Doctrine/AuthorizationCodeManager.php | 5 ++- Manager/Doctrine/ClientManager.php | 7 ++-- Manager/Doctrine/RefreshTokenManager.php | 5 ++- Manager/InMemory/AccessTokenManager.php | 12 +++--- Manager/InMemory/AuthorizationCodeManager.php | 9 +++-- Manager/InMemory/ClientManager.php | 12 +++--- Manager/InMemory/RefreshTokenManager.php | 12 +++--- Manager/InMemory/ScopeManager.php | 8 ++-- Manager/RefreshTokenManagerInterface.php | 6 +-- Manager/ScopeManagerInterface.php | 6 +-- Model/AccessToken.php | 12 +++--- Model/AccessTokenInterface.php | 26 +++++++++++++ Model/AuthorizationCode.php | 12 +++--- Model/AuthorizationCodeInterface.php | 26 +++++++++++++ Model/Client.php | 26 ++++++------- Model/ClientInterface.php | 38 +++++++++++++++++++ Model/Grant.php | 2 +- Model/GrantInterface.php | 10 +++++ Model/RedirectUri.php | 2 +- Model/RedirectUriInterface.php | 10 +++++ Model/RefreshToken.php | 6 +-- Model/RefreshTokenInterface.php | 22 +++++++++++ Model/Scope.php | 2 +- Model/ScopeInterface.php | 10 +++++ Service/ClientFinderInterface.php | 4 +- 30 files changed, 243 insertions(+), 96 deletions(-) create mode 100644 Model/AccessTokenInterface.php create mode 100644 Model/AuthorizationCodeInterface.php create mode 100644 Model/ClientInterface.php create mode 100644 Model/GrantInterface.php create mode 100644 Model/RedirectUriInterface.php create mode 100644 Model/RefreshTokenInterface.php create mode 100644 Model/ScopeInterface.php diff --git a/Manager/AccessTokenManagerInterface.php b/Manager/AccessTokenManagerInterface.php index 31f1158b..60435d40 100644 --- a/Manager/AccessTokenManagerInterface.php +++ b/Manager/AccessTokenManagerInterface.php @@ -4,16 +4,16 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager; -use Trikoder\Bundle\OAuth2Bundle\Model\AccessToken; +use Trikoder\Bundle\OAuth2Bundle\Model\AccessTokenInterface; /** * @method int clearRevoked() not defining this method is deprecated since version 3.2 */ interface AccessTokenManagerInterface { - public function find(string $identifier): ?AccessToken; + public function find(string $identifier): ?AccessTokenInterface; - public function save(AccessToken $accessToken): void; + public function save(AccessTokenInterface $accessToken): void; public function clearExpired(): int; } diff --git a/Manager/AuthorizationCodeManagerInterface.php b/Manager/AuthorizationCodeManagerInterface.php index c39c78df..e9c895aa 100644 --- a/Manager/AuthorizationCodeManagerInterface.php +++ b/Manager/AuthorizationCodeManagerInterface.php @@ -4,16 +4,16 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager; -use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCode; +use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCodeInterface; /** * @method int clearRevoked() not defining this method is deprecated since version 3.2 */ interface AuthorizationCodeManagerInterface { - public function find(string $identifier): ?AuthorizationCode; + public function find(string $identifier): ?AuthorizationCodeInterface; - public function save(AuthorizationCode $authCode): void; + public function save(AuthorizationCodeInterface $authCode): void; public function clearExpired(): int; } diff --git a/Manager/ClientFilter.php b/Manager/ClientFilter.php index ad789009..4f3a3511 100644 --- a/Manager/ClientFilter.php +++ b/Manager/ClientFilter.php @@ -4,24 +4,24 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager; -use Trikoder\Bundle\OAuth2Bundle\Model\Grant; -use Trikoder\Bundle\OAuth2Bundle\Model\RedirectUri; -use Trikoder\Bundle\OAuth2Bundle\Model\Scope; +use Trikoder\Bundle\OAuth2Bundle\Model\GrantInterface; +use Trikoder\Bundle\OAuth2Bundle\Model\RedirectUriInterface; +use Trikoder\Bundle\OAuth2Bundle\Model\ScopeInterface; final class ClientFilter { /** - * @var Grant[] + * @var GrantInterface[] */ private $grants = []; /** - * @var RedirectUri[] + * @var RedirectUriInterface[] */ private $redirectUris = []; /** - * @var Scope[] + * @var ScopeInterface[] */ private $scopes = []; @@ -30,17 +30,17 @@ public static function create(): self return new static(); } - public function addGrantCriteria(Grant ...$grants): self + public function addGrantCriteria(GrantInterface ...$grants): self { return $this->addCriteria($this->grants, ...$grants); } - public function addRedirectUriCriteria(RedirectUri ...$redirectUris): self + public function addRedirectUriCriteria(RedirectUriInterface ...$redirectUris): self { return $this->addCriteria($this->redirectUris, ...$redirectUris); } - public function addScopeCriteria(Scope ...$scopes): self + public function addScopeCriteria(ScopeInterface ...$scopes): self { return $this->addCriteria($this->scopes, ...$scopes); } @@ -57,7 +57,7 @@ private function addCriteria(&$field, ...$values): self } /** - * @return Grant[] + * @return GrantInterface[] */ public function getGrants(): array { @@ -65,7 +65,7 @@ public function getGrants(): array } /** - * @return RedirectUri[] + * @return RedirectUriInterface[] */ public function getRedirectUris(): array { @@ -73,7 +73,7 @@ public function getRedirectUris(): array } /** - * @return Scope[] + * @return ScopeInterface[] */ public function getScopes(): array { diff --git a/Manager/ClientManagerInterface.php b/Manager/ClientManagerInterface.php index 35169386..833fa8e4 100644 --- a/Manager/ClientManagerInterface.php +++ b/Manager/ClientManagerInterface.php @@ -4,17 +4,17 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager; -use Trikoder\Bundle\OAuth2Bundle\Model\Client; +use Trikoder\Bundle\OAuth2Bundle\Model\ClientInterface; use Trikoder\Bundle\OAuth2Bundle\Service\ClientFinderInterface; interface ClientManagerInterface extends ClientFinderInterface { - public function save(Client $client): void; + public function save(ClientInterface $client): void; - public function remove(Client $client): void; + public function remove(ClientInterface $client): void; /** - * @return Client[] + * @return ClientInterface[] */ public function list(?ClientFilter $clientFilter): array; } diff --git a/Manager/Doctrine/AccessTokenManager.php b/Manager/Doctrine/AccessTokenManager.php index 40ab3f7d..970dad24 100644 --- a/Manager/Doctrine/AccessTokenManager.php +++ b/Manager/Doctrine/AccessTokenManager.php @@ -8,6 +8,7 @@ use Doctrine\ORM\EntityManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Manager\AccessTokenManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Model\AccessToken; +use Trikoder\Bundle\OAuth2Bundle\Model\AccessTokenInterface; final class AccessTokenManager implements AccessTokenManagerInterface { @@ -24,7 +25,7 @@ public function __construct(EntityManagerInterface $entityManager) /** * {@inheritdoc} */ - public function find(string $identifier): ?AccessToken + public function find(string $identifier): ?AccessTokenInterface { return $this->entityManager->find(AccessToken::class, $identifier); } @@ -32,7 +33,7 @@ public function find(string $identifier): ?AccessToken /** * {@inheritdoc} */ - public function save(AccessToken $accessToken): void + public function save(AccessTokenInterface $accessToken): void { $this->entityManager->persist($accessToken); $this->entityManager->flush(); diff --git a/Manager/Doctrine/AuthorizationCodeManager.php b/Manager/Doctrine/AuthorizationCodeManager.php index 766800af..8136b04e 100644 --- a/Manager/Doctrine/AuthorizationCodeManager.php +++ b/Manager/Doctrine/AuthorizationCodeManager.php @@ -8,6 +8,7 @@ use Doctrine\ORM\EntityManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Manager\AuthorizationCodeManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCode; +use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCodeInterface; final class AuthorizationCodeManager implements AuthorizationCodeManagerInterface { @@ -24,7 +25,7 @@ public function __construct(EntityManagerInterface $entityManager) /** * {@inheritdoc} */ - public function find(string $identifier): ?AuthorizationCode + public function find(string $identifier): ?AuthorizationCodeInterface { return $this->entityManager->find(AuthorizationCode::class, $identifier); } @@ -32,7 +33,7 @@ public function find(string $identifier): ?AuthorizationCode /** * {@inheritdoc} */ - public function save(AuthorizationCode $authorizationCode): void + public function save(AuthorizationCodeInterface $authorizationCode): void { $this->entityManager->persist($authorizationCode); $this->entityManager->flush(); diff --git a/Manager/Doctrine/ClientManager.php b/Manager/Doctrine/ClientManager.php index 797923b6..a5848219 100644 --- a/Manager/Doctrine/ClientManager.php +++ b/Manager/Doctrine/ClientManager.php @@ -8,6 +8,7 @@ use Trikoder\Bundle\OAuth2Bundle\Manager\ClientFilter; use Trikoder\Bundle\OAuth2Bundle\Manager\ClientManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Model\Client; +use Trikoder\Bundle\OAuth2Bundle\Model\ClientInterface; final class ClientManager implements ClientManagerInterface { @@ -24,7 +25,7 @@ public function __construct(EntityManagerInterface $entityManager) /** * {@inheritdoc} */ - public function find(string $identifier): ?Client + public function find(string $identifier): ?ClientInterface { return $this->entityManager->find(Client::class, $identifier); } @@ -32,7 +33,7 @@ public function find(string $identifier): ?Client /** * {@inheritdoc} */ - public function save(Client $client): void + public function save(ClientInterface $client): void { $this->entityManager->persist($client); $this->entityManager->flush(); @@ -41,7 +42,7 @@ public function save(Client $client): void /** * {@inheritdoc} */ - public function remove(Client $client): void + public function remove(ClientInterface $client): void { $this->entityManager->remove($client); $this->entityManager->flush(); diff --git a/Manager/Doctrine/RefreshTokenManager.php b/Manager/Doctrine/RefreshTokenManager.php index 29e4b6ca..fcdd1d04 100644 --- a/Manager/Doctrine/RefreshTokenManager.php +++ b/Manager/Doctrine/RefreshTokenManager.php @@ -8,6 +8,7 @@ use Doctrine\ORM\EntityManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Manager\RefreshTokenManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Model\RefreshToken; +use Trikoder\Bundle\OAuth2Bundle\Model\RefreshTokenInterface; final class RefreshTokenManager implements RefreshTokenManagerInterface { @@ -24,7 +25,7 @@ public function __construct(EntityManagerInterface $entityManager) /** * {@inheritdoc} */ - public function find(string $identifier): ?RefreshToken + public function find(string $identifier): ?RefreshTokenInterface { return $this->entityManager->find(RefreshToken::class, $identifier); } @@ -32,7 +33,7 @@ public function find(string $identifier): ?RefreshToken /** * {@inheritdoc} */ - public function save(RefreshToken $refreshToken): void + public function save(RefreshTokenInterface $refreshToken): void { $this->entityManager->persist($refreshToken); $this->entityManager->flush(); diff --git a/Manager/InMemory/AccessTokenManager.php b/Manager/InMemory/AccessTokenManager.php index 7a1f2cd8..eea81b64 100644 --- a/Manager/InMemory/AccessTokenManager.php +++ b/Manager/InMemory/AccessTokenManager.php @@ -6,19 +6,19 @@ use DateTimeImmutable; use Trikoder\Bundle\OAuth2Bundle\Manager\AccessTokenManagerInterface; -use Trikoder\Bundle\OAuth2Bundle\Model\AccessToken; +use Trikoder\Bundle\OAuth2Bundle\Model\AccessTokenInterface; final class AccessTokenManager implements AccessTokenManagerInterface { /** - * @var AccessToken[] + * @var AccessTokenInterface[] */ private $accessTokens = []; /** * {@inheritdoc} */ - public function find(string $identifier): ?AccessToken + public function find(string $identifier): ?AccessTokenInterface { return $this->accessTokens[$identifier] ?? null; } @@ -26,7 +26,7 @@ public function find(string $identifier): ?AccessToken /** * {@inheritdoc} */ - public function save(AccessToken $accessToken): void + public function save(AccessTokenInterface $accessToken): void { $this->accessTokens[$accessToken->getIdentifier()] = $accessToken; } @@ -36,7 +36,7 @@ public function clearExpired(): int $count = \count($this->accessTokens); $now = new DateTimeImmutable(); - $this->accessTokens = array_filter($this->accessTokens, static function (AccessToken $accessToken) use ($now): bool { + $this->accessTokens = array_filter($this->accessTokens, static function (AccessTokenInterface $accessToken) use ($now): bool { return $accessToken->getExpiry() >= $now; }); @@ -47,7 +47,7 @@ public function clearRevoked(): int { $count = \count($this->accessTokens); - $this->accessTokens = array_filter($this->accessTokens, static function (AccessToken $accessToken): bool { + $this->accessTokens = array_filter($this->accessTokens, static function (AccessTokenInterface $accessToken): bool { return !$accessToken->isRevoked(); }); diff --git a/Manager/InMemory/AuthorizationCodeManager.php b/Manager/InMemory/AuthorizationCodeManager.php index 8e0bff9c..82a51b21 100644 --- a/Manager/InMemory/AuthorizationCodeManager.php +++ b/Manager/InMemory/AuthorizationCodeManager.php @@ -7,6 +7,7 @@ use DateTimeImmutable; use Trikoder\Bundle\OAuth2Bundle\Manager\AuthorizationCodeManagerInterface; use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCode; +use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCodeInterface; final class AuthorizationCodeManager implements AuthorizationCodeManagerInterface { @@ -15,12 +16,12 @@ final class AuthorizationCodeManager implements AuthorizationCodeManagerInterfac */ private $authorizationCodes = []; - public function find(string $identifier): ?AuthorizationCode + public function find(string $identifier): ?AuthorizationCodeInterface { return $this->authorizationCodes[$identifier] ?? null; } - public function save(AuthorizationCode $authorizationCode): void + public function save(AuthorizationCodeInterface $authorizationCode): void { $this->authorizationCodes[$authorizationCode->getIdentifier()] = $authorizationCode; } @@ -30,7 +31,7 @@ public function clearExpired(): int $count = \count($this->authorizationCodes); $now = new DateTimeImmutable(); - $this->authorizationCodes = array_filter($this->authorizationCodes, static function (AuthorizationCode $authorizationCode) use ($now): bool { + $this->authorizationCodes = array_filter($this->authorizationCodes, static function (AuthorizationCodeInterface $authorizationCode) use ($now): bool { return $authorizationCode->getExpiryDateTime() >= $now; }); @@ -41,7 +42,7 @@ public function clearRevoked(): int { $count = \count($this->authorizationCodes); - $this->authorizationCodes = array_filter($this->authorizationCodes, static function (AuthorizationCode $authorizationCode): bool { + $this->authorizationCodes = array_filter($this->authorizationCodes, static function (AuthorizationCodeInterface $authorizationCode): bool { return !$authorizationCode->isRevoked(); }); diff --git a/Manager/InMemory/ClientManager.php b/Manager/InMemory/ClientManager.php index 10a5fbd9..1187c93c 100644 --- a/Manager/InMemory/ClientManager.php +++ b/Manager/InMemory/ClientManager.php @@ -6,19 +6,19 @@ use Trikoder\Bundle\OAuth2Bundle\Manager\ClientFilter; use Trikoder\Bundle\OAuth2Bundle\Manager\ClientManagerInterface; -use Trikoder\Bundle\OAuth2Bundle\Model\Client; +use Trikoder\Bundle\OAuth2Bundle\Model\ClientInterface; final class ClientManager implements ClientManagerInterface { /** - * @var Client[] + * @var ClientInterface[] */ private $clients = []; /** * {@inheritdoc} */ - public function find(string $identifier): ?Client + public function find(string $identifier): ?ClientInterface { return $this->clients[$identifier] ?? null; } @@ -26,7 +26,7 @@ public function find(string $identifier): ?Client /** * {@inheritdoc} */ - public function save(Client $client): void + public function save(ClientInterface $client): void { $this->clients[$client->getIdentifier()] = $client; } @@ -34,7 +34,7 @@ public function save(Client $client): void /** * {@inheritdoc} */ - public function remove(Client $client): void + public function remove(ClientInterface $client): void { unset($this->clients[$client->getIdentifier()]); } @@ -48,7 +48,7 @@ public function list(?ClientFilter $clientFilter): array return $this->clients; } - return array_filter($this->clients, static function (Client $client) use ($clientFilter): bool { + return array_filter($this->clients, static function (ClientInterface $client) use ($clientFilter): bool { $grantsPassed = self::passesFilter($client->getGrants(), $clientFilter->getGrants()); $scopesPassed = self::passesFilter($client->getScopes(), $clientFilter->getScopes()); $redirectUrisPassed = self::passesFilter($client->getRedirectUris(), $clientFilter->getRedirectUris()); diff --git a/Manager/InMemory/RefreshTokenManager.php b/Manager/InMemory/RefreshTokenManager.php index 864db995..d0e69c2f 100644 --- a/Manager/InMemory/RefreshTokenManager.php +++ b/Manager/InMemory/RefreshTokenManager.php @@ -6,19 +6,19 @@ use DateTimeImmutable; use Trikoder\Bundle\OAuth2Bundle\Manager\RefreshTokenManagerInterface; -use Trikoder\Bundle\OAuth2Bundle\Model\RefreshToken; +use Trikoder\Bundle\OAuth2Bundle\Model\RefreshTokenInterface; final class RefreshTokenManager implements RefreshTokenManagerInterface { /** - * @var RefreshToken[] + * @var RefreshTokenInterface[] */ private $refreshTokens = []; /** * {@inheritdoc} */ - public function find(string $identifier): ?RefreshToken + public function find(string $identifier): ?RefreshTokenInterface { return $this->refreshTokens[$identifier] ?? null; } @@ -26,7 +26,7 @@ public function find(string $identifier): ?RefreshToken /** * {@inheritdoc} */ - public function save(RefreshToken $refreshToken): void + public function save(RefreshTokenInterface $refreshToken): void { $this->refreshTokens[$refreshToken->getIdentifier()] = $refreshToken; } @@ -36,7 +36,7 @@ public function clearExpired(): int $count = \count($this->refreshTokens); $now = new DateTimeImmutable(); - $this->refreshTokens = array_filter($this->refreshTokens, static function (RefreshToken $refreshToken) use ($now): bool { + $this->refreshTokens = array_filter($this->refreshTokens, static function (RefreshTokenInterface $refreshToken) use ($now): bool { return $refreshToken->getExpiry() >= $now; }); @@ -47,7 +47,7 @@ public function clearRevoked(): int { $count = \count($this->refreshTokens); - $this->refreshTokens = array_filter($this->refreshTokens, static function (RefreshToken $refreshToken): bool { + $this->refreshTokens = array_filter($this->refreshTokens, static function (RefreshTokenInterface $refreshToken): bool { return !$refreshToken->isRevoked(); }); diff --git a/Manager/InMemory/ScopeManager.php b/Manager/InMemory/ScopeManager.php index 2c0233bb..e99f2050 100644 --- a/Manager/InMemory/ScopeManager.php +++ b/Manager/InMemory/ScopeManager.php @@ -5,19 +5,19 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager\InMemory; use Trikoder\Bundle\OAuth2Bundle\Manager\ScopeManagerInterface; -use Trikoder\Bundle\OAuth2Bundle\Model\Scope; +use Trikoder\Bundle\OAuth2Bundle\Model\ScopeInterface; final class ScopeManager implements ScopeManagerInterface { /** - * @var Scope[] + * @var ScopeInterface[] */ private $scopes = []; /** * {@inheritdoc} */ - public function find(string $identifier): ?Scope + public function find(string $identifier): ?ScopeInterface { return $this->scopes[$identifier] ?? null; } @@ -25,7 +25,7 @@ public function find(string $identifier): ?Scope /** * {@inheritdoc} */ - public function save(Scope $scope): void + public function save(ScopeInterface $scope): void { $this->scopes[(string) $scope] = $scope; } diff --git a/Manager/RefreshTokenManagerInterface.php b/Manager/RefreshTokenManagerInterface.php index b1025e2c..3b72488e 100644 --- a/Manager/RefreshTokenManagerInterface.php +++ b/Manager/RefreshTokenManagerInterface.php @@ -4,16 +4,16 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager; -use Trikoder\Bundle\OAuth2Bundle\Model\RefreshToken; +use Trikoder\Bundle\OAuth2Bundle\Model\RefreshTokenInterface; /** * @method int clearRevoked() not defining this method is deprecated since version 3.2 */ interface RefreshTokenManagerInterface { - public function find(string $identifier): ?RefreshToken; + public function find(string $identifier): ?RefreshTokenInterface; - public function save(RefreshToken $refreshToken): void; + public function save(RefreshTokenInterface $refreshToken): void; public function clearExpired(): int; } diff --git a/Manager/ScopeManagerInterface.php b/Manager/ScopeManagerInterface.php index 36815599..979af964 100644 --- a/Manager/ScopeManagerInterface.php +++ b/Manager/ScopeManagerInterface.php @@ -4,11 +4,11 @@ namespace Trikoder\Bundle\OAuth2Bundle\Manager; -use Trikoder\Bundle\OAuth2Bundle\Model\Scope; +use Trikoder\Bundle\OAuth2Bundle\Model\ScopeInterface; interface ScopeManagerInterface { - public function find(string $identifier): ?Scope; + public function find(string $identifier): ?ScopeInterface; - public function save(Scope $scope): void; + public function save(ScopeInterface $scope): void; } diff --git a/Model/AccessToken.php b/Model/AccessToken.php index f18a0a1e..4cfeab6a 100644 --- a/Model/AccessToken.php +++ b/Model/AccessToken.php @@ -6,7 +6,7 @@ use DateTimeInterface; -class AccessToken +class AccessToken implements AccessTokenInterface { /** * @var string @@ -24,12 +24,12 @@ class AccessToken private $userIdentifier; /** - * @var Client + * @var ClientInterface */ private $client; /** - * @var Scope[] + * @var ScopeInterface[] */ private $scopes = []; @@ -41,7 +41,7 @@ class AccessToken public function __construct( string $identifier, DateTimeInterface $expiry, - Client $client, + ClientInterface $client, ?string $userIdentifier, array $scopes ) { @@ -72,7 +72,7 @@ public function getUserIdentifier(): ?string return $this->userIdentifier; } - public function getClient(): Client + public function getClient(): ClientInterface { return $this->client; } @@ -90,7 +90,7 @@ public function isRevoked(): bool return $this->revoked; } - public function revoke(): self + public function revoke(): AccessTokenInterface { $this->revoked = true; diff --git a/Model/AccessTokenInterface.php b/Model/AccessTokenInterface.php new file mode 100644 index 00000000..92188fbc --- /dev/null +++ b/Model/AccessTokenInterface.php @@ -0,0 +1,26 @@ +userIdentifier; } - public function getClient(): Client + public function getClient(): ClientInterface { return $this->client; } @@ -90,7 +90,7 @@ public function isRevoked(): bool return $this->revoked; } - public function revoke(): self + public function revoke(): AuthorizationCodeInterface { $this->revoked = true; diff --git a/Model/AuthorizationCodeInterface.php b/Model/AuthorizationCodeInterface.php new file mode 100644 index 00000000..8b3c1cad --- /dev/null +++ b/Model/AuthorizationCodeInterface.php @@ -0,0 +1,26 @@ +secret; } - public function setSecret(?string $secret): self + public function setSecret(?string $secret): ClientInterface { $this->secret = $secret; @@ -70,14 +70,14 @@ public function setSecret(?string $secret): self } /** - * @return RedirectUri[] + * @return RedirectUriInterface[] */ public function getRedirectUris(): array { return $this->redirectUris; } - public function setRedirectUris(RedirectUri ...$redirectUris): self + public function setRedirectUris(RedirectUriInterface ...$redirectUris): ClientInterface { $this->redirectUris = $redirectUris; @@ -85,14 +85,14 @@ public function setRedirectUris(RedirectUri ...$redirectUris): self } /** - * @return Grant[] + * @return GrantInterface[] */ public function getGrants(): array { return $this->grants; } - public function setGrants(Grant ...$grants): self + public function setGrants(GrantInterface ...$grants): ClientInterface { $this->grants = $grants; @@ -100,14 +100,14 @@ public function setGrants(Grant ...$grants): self } /** - * @return Scope[] + * @return ScopeInterface[] */ public function getScopes(): array { return $this->scopes; } - public function setScopes(Scope ...$scopes): self + public function setScopes(ScopeInterface ...$scopes): ClientInterface { $this->scopes = $scopes; @@ -119,7 +119,7 @@ public function isActive(): bool return $this->active; } - public function setActive(bool $active): self + public function setActive(bool $active): ClientInterface { $this->active = $active; @@ -136,7 +136,7 @@ public function isPlainTextPkceAllowed(): bool return $this->allowPlainTextPkce; } - public function setAllowPlainTextPkce(bool $allowPlainTextPkce): self + public function setAllowPlainTextPkce(bool $allowPlainTextPkce): ClientInterface { $this->allowPlainTextPkce = $allowPlainTextPkce; diff --git a/Model/ClientInterface.php b/Model/ClientInterface.php new file mode 100644 index 00000000..854617a2 --- /dev/null +++ b/Model/ClientInterface.php @@ -0,0 +1,38 @@ +expiry; } - public function getAccessToken(): ?AccessToken + public function getAccessToken(): ?AccessTokenInterface { return $this->accessToken; } @@ -60,7 +60,7 @@ public function isRevoked(): bool return $this->revoked; } - public function revoke(): self + public function revoke(): RefreshTokenInterface { $this->revoked = true; diff --git a/Model/RefreshTokenInterface.php b/Model/RefreshTokenInterface.php new file mode 100644 index 00000000..50e9f497 --- /dev/null +++ b/Model/RefreshTokenInterface.php @@ -0,0 +1,22 @@ + Date: Mon, 6 Sep 2021 10:35:15 +0200 Subject: [PATCH 7/7] Implement new security features since SF 5.3 --- .../Provider/OAuth2Provider.php | 3 +-- .../Authenticator/OAuth2Authenticator.php | 22 +++++++++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/Security/Authentication/Provider/OAuth2Provider.php b/Security/Authentication/Provider/OAuth2Provider.php index 3528b2e7..97cf5fbb 100644 --- a/Security/Authentication/Provider/OAuth2Provider.php +++ b/Security/Authentication/Provider/OAuth2Provider.php @@ -7,7 +7,6 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\ResourceServer; use RuntimeException; -use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; @@ -15,7 +14,7 @@ use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2Token; use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2TokenFactory; -final class OAuth2Provider implements AuthenticationProviderInterface +final class OAuth2Provider { /** * @var UserProviderInterface diff --git a/Security/Guard/Authenticator/OAuth2Authenticator.php b/Security/Guard/Authenticator/OAuth2Authenticator.php index 4fd87a81..4545c7c9 100644 --- a/Security/Guard/Authenticator/OAuth2Authenticator.php +++ b/Security/Guard/Authenticator/OAuth2Authenticator.php @@ -14,7 +14,10 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Guard\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator; +use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; +use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface; +use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2Token; use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2TokenFactory; use Trikoder\Bundle\OAuth2Bundle\Security\Exception\InsufficientScopesException; @@ -24,7 +27,7 @@ * @author Yonel Ceruto * @author Antonio J. GarcĂ­a Lagar */ -final class OAuth2Authenticator implements AuthenticatorInterface +final class OAuth2Authenticator extends AbstractAuthenticator { private $httpMessageFactory; private $resourceServer; @@ -73,9 +76,9 @@ public function checkCredentials($token, UserInterface $user): bool return true; } - public function createAuthenticatedToken(UserInterface $user, $providerKey): OAuth2Token + public function createAuthenticatedToken(PassportInterface $passport, $providerKey): TokenInterface { - $tokenUser = $user instanceof NullUser ? null : $user; + $tokenUser = $passport instanceof NullUser ? null : $passport->getUser(); $oauth2Token = $this->oauth2TokenFactory->createOAuth2Token($this->psr7Request, $tokenUser, $providerKey); @@ -100,6 +103,17 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token, return $this->psr7Request = null; } + public function authenticate(Request $request): PassportInterface + { + if (null === $this->psr7Request) { + $this->getCredentials($request); + } + + $token = $this->psr7Request->getAttribute('oauth_user_id'); + + return new SelfValidatingPassport(new UserBadge($token)); + } + public function supportsRememberMe(): bool { return false;