Loading .gitignore +1 −0 Original line number Diff line number Diff line composer.lock config.php config.json config.yaml logs/ vendor/ client-icons/ Loading README.md +1 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ Requirements: On Ubuntu: sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server php7.2-xml php7.2-mbstring php-mysql php-curl sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server php7.2-xml php7.2-mbstring php-mysql php-curl php-yaml ### PHP Loading classes/ClientAuthChecker.php +3 −13 Original line number Diff line number Diff line Loading @@ -22,27 +22,17 @@ class ClientAuthChecker { $clientId = $basic[0]; $clientSecret = $basic[1]; $client = $this->locator->getOAuth2ClientDAO()->getOAuth2ClientByClientId($clientId); if ($client === null) { throw new UnauthorizedException("Client '$clientId' not configured"); } if ($clientSecret !== $client->secret) { throw new UnauthorizedException("Invalid client secret"); } $this->locator->getBrowserBasedOAuth2ClientByIdAndSecret($clientId, $clientSecret); } public function validateCliClientAuth(): CliClient { public function validateCliClientAuth(): CliOAuth2Client { $basic = $this->getBasicAuthArray(); $clientId = $basic[0]; $clientSecret = $basic[1]; $client = $this->locator->getOAuth2ClientDAO()->getCliClient($clientId, $clientSecret); if ($client === null) { throw new UnauthorizedException("Client '$clientId' not configured or wrong password"); } return $client; return $this->locator->getCliClientByIdAndSecret($clientId, $clientSecret); } private function getBasicAuthArray(): array { Loading classes/ClientsLocator.php 0 → 100644 +56 −0 Original line number Diff line number Diff line <?php namespace RAP; trait ClientsLocator { public function getBrowserBasedOAuth2Clients(): array { return array_map(function($clientConfig) { return new BrowserBasedOAuth2Client($clientConfig); }, $this->config->clients); } public function getBrowserBasedOAuth2ClientById(string $clientId, bool $allowNull = false): ?BrowserBasedOAuth2Client { $clientConfig = $this->getClientConfigFromListById($this->config->clients, $clientId, $allowNull); if ($allowNull && $clientConfig === null) { return null; } return new BrowserBasedOAuth2Client($clientConfig); } public function getBrowserBasedOAuth2ClientByIdAndSecret(string $clientId, string $secret): BrowserBasedOAuth2Client { $clientConfig = $this->getClientConfigFromListByIdAndSecret($this->config->clients, $clientId, $secret); return new BrowserBasedOAuth2Client($clientConfig); } public function getCliClientByIdAndSecret(string $clientId, string $secret): CliOAuth2Client { $clientConfig = $this->getClientConfigFromListByIdAndSecret($this->config->cliClients, $clientId, $secret); return new CliOAuth2Client($clientConfig); } private function getClientConfigFromListByIdAndSecret(array $clients, string $clientId, string $secret): object { $client = $this->getClientConfigFromListById($clients, $clientId); $secretHash = hash('sha256', $secret); if ($client->secretHash !== $secretHash) { throw new UnauthorizedException("Wrong secret provided for client '$clientId'"); } return $client; } private function getClientConfigFromListById(array $clients, string $clientId, bool $allowNull = false): ?object { $client = null; foreach ($clients as $c) { if ($c->id === $clientId) { if ($client !== null) { throw new ServerErrorException("Found multiple clients having id '$clientId'"); } $client = $c; } } if ($client === null && !$allowNull) { throw new BadRequestException("Client '$clientId' not configured"); } return $client; } } classes/Locator.php +2 −10 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ namespace RAP; */ class Locator { use ClientsLocator; public $config; private $serviceLogger; private $auditLogger; Loading Loading @@ -42,16 +44,6 @@ class Locator { } } public function getOAuth2ClientDAO(): OAuth2ClientDAO { $databaseConfig = $this->config->databaseConfig; switch ($databaseConfig->dbtype) { case 'MySQL': return new MySQLOAuth2ClientDAO($this); default: throw new \Exception($databaseConfig->dbtype . ' not supported yet'); } } public function getJWKSDAO(): JWKSDAO { $databaseConfig = $this->config->databaseConfig; switch ($databaseConfig->dbtype) { Loading Loading
.gitignore +1 −0 Original line number Diff line number Diff line composer.lock config.php config.json config.yaml logs/ vendor/ client-icons/ Loading
README.md +1 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ Requirements: On Ubuntu: sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server php7.2-xml php7.2-mbstring php-mysql php-curl sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server php7.2-xml php7.2-mbstring php-mysql php-curl php-yaml ### PHP Loading
classes/ClientAuthChecker.php +3 −13 Original line number Diff line number Diff line Loading @@ -22,27 +22,17 @@ class ClientAuthChecker { $clientId = $basic[0]; $clientSecret = $basic[1]; $client = $this->locator->getOAuth2ClientDAO()->getOAuth2ClientByClientId($clientId); if ($client === null) { throw new UnauthorizedException("Client '$clientId' not configured"); } if ($clientSecret !== $client->secret) { throw new UnauthorizedException("Invalid client secret"); } $this->locator->getBrowserBasedOAuth2ClientByIdAndSecret($clientId, $clientSecret); } public function validateCliClientAuth(): CliClient { public function validateCliClientAuth(): CliOAuth2Client { $basic = $this->getBasicAuthArray(); $clientId = $basic[0]; $clientSecret = $basic[1]; $client = $this->locator->getOAuth2ClientDAO()->getCliClient($clientId, $clientSecret); if ($client === null) { throw new UnauthorizedException("Client '$clientId' not configured or wrong password"); } return $client; return $this->locator->getCliClientByIdAndSecret($clientId, $clientSecret); } private function getBasicAuthArray(): array { Loading
classes/ClientsLocator.php 0 → 100644 +56 −0 Original line number Diff line number Diff line <?php namespace RAP; trait ClientsLocator { public function getBrowserBasedOAuth2Clients(): array { return array_map(function($clientConfig) { return new BrowserBasedOAuth2Client($clientConfig); }, $this->config->clients); } public function getBrowserBasedOAuth2ClientById(string $clientId, bool $allowNull = false): ?BrowserBasedOAuth2Client { $clientConfig = $this->getClientConfigFromListById($this->config->clients, $clientId, $allowNull); if ($allowNull && $clientConfig === null) { return null; } return new BrowserBasedOAuth2Client($clientConfig); } public function getBrowserBasedOAuth2ClientByIdAndSecret(string $clientId, string $secret): BrowserBasedOAuth2Client { $clientConfig = $this->getClientConfigFromListByIdAndSecret($this->config->clients, $clientId, $secret); return new BrowserBasedOAuth2Client($clientConfig); } public function getCliClientByIdAndSecret(string $clientId, string $secret): CliOAuth2Client { $clientConfig = $this->getClientConfigFromListByIdAndSecret($this->config->cliClients, $clientId, $secret); return new CliOAuth2Client($clientConfig); } private function getClientConfigFromListByIdAndSecret(array $clients, string $clientId, string $secret): object { $client = $this->getClientConfigFromListById($clients, $clientId); $secretHash = hash('sha256', $secret); if ($client->secretHash !== $secretHash) { throw new UnauthorizedException("Wrong secret provided for client '$clientId'"); } return $client; } private function getClientConfigFromListById(array $clients, string $clientId, bool $allowNull = false): ?object { $client = null; foreach ($clients as $c) { if ($c->id === $clientId) { if ($client !== null) { throw new ServerErrorException("Found multiple clients having id '$clientId'"); } $client = $c; } } if ($client === null && !$allowNull) { throw new BadRequestException("Client '$clientId' not configured"); } return $client; } }
classes/Locator.php +2 −10 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ namespace RAP; */ class Locator { use ClientsLocator; public $config; private $serviceLogger; private $auditLogger; Loading Loading @@ -42,16 +44,6 @@ class Locator { } } public function getOAuth2ClientDAO(): OAuth2ClientDAO { $databaseConfig = $this->config->databaseConfig; switch ($databaseConfig->dbtype) { case 'MySQL': return new MySQLOAuth2ClientDAO($this); default: throw new \Exception($databaseConfig->dbtype . ' not supported yet'); } } public function getJWKSDAO(): JWKSDAO { $databaseConfig = $this->config->databaseConfig; switch ($databaseConfig->dbtype) { Loading
