Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security manager update #292

Open
wants to merge 17 commits into
base: v3.x
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 1 addition & 64 deletions DependencyInjection/Configuration.php
Original file line number Diff line number Diff line change
Expand Up @@ -79,48 +79,9 @@ private function createAuthorizationServerNode(): NodeDefinition
->cannotBeEmpty()
->defaultValue('P1M')
->end()

// @TODO Remove in v4 start

->scalarNode('auth_code_ttl')
->info("How long the issued authorization code should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
->cannotBeEmpty()
->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.auth_code_ttl" instead.')
->beforeNormalization()
->ifNull()
->thenUnset()
->end()
->end()
->booleanNode('require_code_challenge_for_public_clients')
->info('Whether to require code challenge for public clients for the authorization code grant.')
->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.')
->beforeNormalization()
->ifNull()
->thenUnset()
->end()
->end()
->end()
;

foreach (OAuth2Grants::ALL as $grantType => $grantTypeName) {
$oldGrantType = 'authorization_code' === $grantType ? 'auth_code' : $grantType;

$node
->children()
->booleanNode(sprintf('enable_%s_grant', $oldGrantType))
->info(sprintf('Whether to enable the %s grant.', $grantTypeName))
->setDeprecated(sprintf('"%%path%%.%%node%%" is deprecated, use "%%path%%.grant_types.%s.enable" instead.', $grantType))
->beforeNormalization()
->ifNull()
->thenUnset()
->end()
->end()
->end()
;
}

// @TODO Remove in v4 end

$node->append($this->createAuthorizationServerGrantTypesNode());

$node
Expand All @@ -134,33 +95,9 @@ private function createAuthorizationServerNode(): NodeDefinition
if (isset($grantTypesWithRefreshToken[$grantType])) {
$grantTypeConfig['refresh_token_ttl'] = $grantTypeConfig['refresh_token_ttl'] ?? $v['refresh_token_ttl'];
}

// @TODO Remove in v4 start
$oldGrantType = 'authorization_code' === $grantType ? 'auth_code' : $grantType;

$grantTypeConfig['enable'] = $v[sprintf('enable_%s_grant', $oldGrantType)] ?? $grantTypeConfig['enable'];

if ('authorization_code' === $grantType) {
$grantTypeConfig['auth_code_ttl'] = $v['auth_code_ttl'] ?? $grantTypeConfig['auth_code_ttl'];
$grantTypeConfig['require_code_challenge_for_public_clients'] = $v['require_code_challenge_for_public_clients']
?? $grantTypeConfig['require_code_challenge_for_public_clients'];
}
// @TODO Remove in v4 end
}

unset(
$v['access_token_ttl'],
$v['refresh_token_ttl'],
// @TODO Remove in v4 start
$v['enable_auth_code_grant'],
$v['enable_client_credentials_grant'],
$v['enable_implicit_grant'],
$v['enable_password_grant'],
$v['enable_refresh_token_grant'],
$v['auth_code_ttl'],
$v['require_code_challenge_for_public_clients']
// @TODO Remove in v4 end
);
unset($v['access_token_ttl'], $v['refresh_token_ttl']);

return $v;
})
Expand Down
4 changes: 2 additions & 2 deletions EventListener/ConvertExceptionToResponseListener.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\ExceptionEvent;
use Trikoder\Bundle\OAuth2Bundle\Security\Exception\InsufficientScopesException;
use Trikoder\Bundle\OAuth2Bundle\Security\Exception\Oauth2AuthenticationFailedException;
use Trikoder\Bundle\OAuth2Bundle\Security\Exception\OAuth2AuthenticationFailedException;

/**
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
Expand All @@ -17,7 +17,7 @@ final class ConvertExceptionToResponseListener
public function onKernelException(ExceptionEvent $event): void
{
$exception = $event->getThrowable();
if ($exception instanceof InsufficientScopesException || $exception instanceof Oauth2AuthenticationFailedException) {
if ($exception instanceof InsufficientScopesException || $exception instanceof OAuth2AuthenticationFailedException) {
$event->setResponse(new Response($exception->getMessage(), $exception->getCode()));
}
}
Expand Down
6 changes: 3 additions & 3 deletions Manager/AccessTokenManagerInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@

namespace Trikoder\Bundle\OAuth2Bundle\Manager;

use Trikoder\Bundle\OAuth2Bundle\Model\AccessToken;
use Trikoder\Bundle\OAuth2Bundle\Model\AccessTokenInterface;

/**
* @method int clearRevoked() not defining this method is deprecated since version 3.2
*/
interface AccessTokenManagerInterface
{
public function find(string $identifier): ?AccessToken;
public function find(string $identifier): ?AccessTokenInterface;

public function save(AccessToken $accessToken): void;
public function save(AccessTokenInterface $accessToken): void;

public function clearExpired(): int;
}
6 changes: 3 additions & 3 deletions Manager/AuthorizationCodeManagerInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@

namespace Trikoder\Bundle\OAuth2Bundle\Manager;

use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCode;
use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCodeInterface;

/**
* @method int clearRevoked() not defining this method is deprecated since version 3.2
*/
interface AuthorizationCodeManagerInterface
{
public function find(string $identifier): ?AuthorizationCode;
public function find(string $identifier): ?AuthorizationCodeInterface;

public function save(AuthorizationCode $authCode): void;
public function save(AuthorizationCodeInterface $authCode): void;

public function clearExpired(): int;
}
24 changes: 12 additions & 12 deletions Manager/ClientFilter.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,24 @@

namespace Trikoder\Bundle\OAuth2Bundle\Manager;

use Trikoder\Bundle\OAuth2Bundle\Model\Grant;
use Trikoder\Bundle\OAuth2Bundle\Model\RedirectUri;
use Trikoder\Bundle\OAuth2Bundle\Model\Scope;
use Trikoder\Bundle\OAuth2Bundle\Model\GrantInterface;
use Trikoder\Bundle\OAuth2Bundle\Model\RedirectUriInterface;
use Trikoder\Bundle\OAuth2Bundle\Model\ScopeInterface;

final class ClientFilter
{
/**
* @var Grant[]
* @var GrantInterface[]
*/
private $grants = [];

/**
* @var RedirectUri[]
* @var RedirectUriInterface[]
*/
private $redirectUris = [];

/**
* @var Scope[]
* @var ScopeInterface[]
*/
private $scopes = [];

Expand All @@ -30,17 +30,17 @@ public static function create(): self
return new static();
}

public function addGrantCriteria(Grant ...$grants): self
public function addGrantCriteria(GrantInterface ...$grants): self
{
return $this->addCriteria($this->grants, ...$grants);
}

public function addRedirectUriCriteria(RedirectUri ...$redirectUris): self
public function addRedirectUriCriteria(RedirectUriInterface ...$redirectUris): self
{
return $this->addCriteria($this->redirectUris, ...$redirectUris);
}

public function addScopeCriteria(Scope ...$scopes): self
public function addScopeCriteria(ScopeInterface ...$scopes): self
{
return $this->addCriteria($this->scopes, ...$scopes);
}
Expand All @@ -57,23 +57,23 @@ private function addCriteria(&$field, ...$values): self
}

/**
* @return Grant[]
* @return GrantInterface[]
*/
public function getGrants(): array
{
return $this->grants;
}

/**
* @return RedirectUri[]
* @return RedirectUriInterface[]
*/
public function getRedirectUris(): array
{
return $this->redirectUris;
}

/**
* @return Scope[]
* @return ScopeInterface[]
*/
public function getScopes(): array
{
Expand Down
8 changes: 4 additions & 4 deletions Manager/ClientManagerInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@

namespace Trikoder\Bundle\OAuth2Bundle\Manager;

use Trikoder\Bundle\OAuth2Bundle\Model\Client;
use Trikoder\Bundle\OAuth2Bundle\Model\ClientInterface;
use Trikoder\Bundle\OAuth2Bundle\Service\ClientFinderInterface;

interface ClientManagerInterface extends ClientFinderInterface
{
public function save(Client $client): void;
public function save(ClientInterface $client): void;

public function remove(Client $client): void;
public function remove(ClientInterface $client): void;

/**
* @return Client[]
* @return ClientInterface[]
*/
public function list(?ClientFilter $clientFilter): array;
}
5 changes: 3 additions & 2 deletions Manager/Doctrine/AccessTokenManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Doctrine\ORM\EntityManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Manager\AccessTokenManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Model\AccessToken;
use Trikoder\Bundle\OAuth2Bundle\Model\AccessTokenInterface;

final class AccessTokenManager implements AccessTokenManagerInterface
{
Expand All @@ -24,15 +25,15 @@ public function __construct(EntityManagerInterface $entityManager)
/**
* {@inheritdoc}
*/
public function find(string $identifier): ?AccessToken
public function find(string $identifier): ?AccessTokenInterface
{
return $this->entityManager->find(AccessToken::class, $identifier);
}

/**
* {@inheritdoc}
*/
public function save(AccessToken $accessToken): void
public function save(AccessTokenInterface $accessToken): void
{
$this->entityManager->persist($accessToken);
$this->entityManager->flush();
Expand Down
5 changes: 3 additions & 2 deletions Manager/Doctrine/AuthorizationCodeManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Doctrine\ORM\EntityManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Manager\AuthorizationCodeManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCode;
use Trikoder\Bundle\OAuth2Bundle\Model\AuthorizationCodeInterface;

final class AuthorizationCodeManager implements AuthorizationCodeManagerInterface
{
Expand All @@ -24,15 +25,15 @@ public function __construct(EntityManagerInterface $entityManager)
/**
* {@inheritdoc}
*/
public function find(string $identifier): ?AuthorizationCode
public function find(string $identifier): ?AuthorizationCodeInterface
{
return $this->entityManager->find(AuthorizationCode::class, $identifier);
}

/**
* {@inheritdoc}
*/
public function save(AuthorizationCode $authorizationCode): void
public function save(AuthorizationCodeInterface $authorizationCode): void
{
$this->entityManager->persist($authorizationCode);
$this->entityManager->flush();
Expand Down
7 changes: 4 additions & 3 deletions Manager/Doctrine/ClientManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Trikoder\Bundle\OAuth2Bundle\Manager\ClientFilter;
use Trikoder\Bundle\OAuth2Bundle\Manager\ClientManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Model\Client;
use Trikoder\Bundle\OAuth2Bundle\Model\ClientInterface;

final class ClientManager implements ClientManagerInterface
{
Expand All @@ -24,15 +25,15 @@ public function __construct(EntityManagerInterface $entityManager)
/**
* {@inheritdoc}
*/
public function find(string $identifier): ?Client
public function find(string $identifier): ?ClientInterface
{
return $this->entityManager->find(Client::class, $identifier);
}

/**
* {@inheritdoc}
*/
public function save(Client $client): void
public function save(ClientInterface $client): void
{
$this->entityManager->persist($client);
$this->entityManager->flush();
Expand All @@ -41,7 +42,7 @@ public function save(Client $client): void
/**
* {@inheritdoc}
*/
public function remove(Client $client): void
public function remove(ClientInterface $client): void
{
$this->entityManager->remove($client);
$this->entityManager->flush();
Expand Down
5 changes: 3 additions & 2 deletions Manager/Doctrine/RefreshTokenManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Doctrine\ORM\EntityManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Manager\RefreshTokenManagerInterface;
use Trikoder\Bundle\OAuth2Bundle\Model\RefreshToken;
use Trikoder\Bundle\OAuth2Bundle\Model\RefreshTokenInterface;

final class RefreshTokenManager implements RefreshTokenManagerInterface
{
Expand All @@ -24,15 +25,15 @@ public function __construct(EntityManagerInterface $entityManager)
/**
* {@inheritdoc}
*/
public function find(string $identifier): ?RefreshToken
public function find(string $identifier): ?RefreshTokenInterface
{
return $this->entityManager->find(RefreshToken::class, $identifier);
}

/**
* {@inheritdoc}
*/
public function save(RefreshToken $refreshToken): void
public function save(RefreshTokenInterface $refreshToken): void
{
$this->entityManager->persist($refreshToken);
$this->entityManager->flush();
Expand Down
Loading