Loading classes/Locator.php +4 −0 Original line number Diff line number Diff line Loading @@ -114,6 +114,10 @@ class Locator { return $this->auditLogger; } public function getJWKSHandler(): JWKSHandler { return new JWKSHandler($this); } private function setupLoggers() { // Monolog require timezone to be set date_default_timezone_set($this->config->timeZone); Loading classes/OAuth2RequestHandler.php +2 −12 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ class OAuth2RequestHandler { $result = []; $result['access_token'] = $accessToken->token; $result['token_type'] = 'Bearer'; $result['expires_in'] = $this->getExpiresIn($accessToken); $result['expires_in'] = $accessToken->expirationTime - time(); if ($accessToken->scope !== null && in_array('openid', $accessToken->scope)) { $result['id_token'] = $this->locator->getIdTokenBuilder()->getIdToken($accessToken); Loading Loading @@ -125,15 +125,11 @@ class OAuth2RequestHandler { public function handleCheckTokenRequest($token): array { if (!isset($_POST['token'])) { throw new BadRequestException("Access token id is required"); } $accessToken = $this->locator->getAccessTokenDAO()->getAccessToken($token); $user = $this->locator->getUserDAO()->findUserById($accessToken->userId); $result = []; $result['exp'] = $this->getExpiresIn($accessToken); $result['exp'] = $accessToken->expirationTime - time(); $result['user_name'] = $user->id; $result['client_id'] = $accessToken->clientId; Loading @@ -147,12 +143,6 @@ class OAuth2RequestHandler { return $result; } private function getExpiresIn(AccessToken $accessToken) { $expTime = strtotime($accessToken->expirationTime); $now = time(); return $expTime - $now; } public function validateToken(): void { $headers = apache_request_headers(); Loading classes/datalayer/JWKSDAO.php +1 −1 Original line number Diff line number Diff line Loading @@ -10,5 +10,5 @@ interface JWKSDAO { public function insertRSAKeyPair(RSAKeyPair $keyPair): RSAKeyPair; public function getNewestKeyPair(): RSAKeyPair; public function getNewestKeyPair(): ?RSAKeyPair; } classes/datalayer/mysql/MySQLAccessTokenDAO.php +4 −5 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { $dbh = $this->getDBHandler(); $stmt = $dbh->prepare("INSERT INTO access_token (token, code, user_id, redirect_uri, client_id, scope, expiration_time)" . " VALUES(:token, :code, :user_id, :redirect_uri, :client_id, :scope, " . " TIMESTAMPADD(HOUR, 1, CURRENT_TIMESTAMP))"); . " UNIX_TIMESTAMP(TIMESTAMPADD(HOUR, 1, CURRENT_TIMESTAMP)))"); $scope = null; if ($accessToken->scope !== null) { Loading @@ -30,7 +30,6 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { ); if ($stmt->execute($params)) { $accessToken->expired = false; return $accessToken; } else { error_log($stmt->errorInfo()[2]); Loading @@ -44,8 +43,8 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { // Access token can be retrieved from code in 1 minute from the creation $stmt = $dbh->prepare("SELECT token, code, user_id, redirect_uri, client_id, creation_time, expiration_time, scope," . " (expiration_time < CURRENT_TIMESTAMP) AS expired " . " FROM access_token WHERE code = :code AND CURRENT_TIMESTAMP < TIMESTAMPADD(MINUTE, 1, creation_time)"); . " (expiration_time < UNIX_TIMESTAMP()) AS expired " . " FROM access_token WHERE code = :code AND UNIX_TIMESTAMP() < (creation_time + 60)"); $stmt->bindParam(':code', $code); $stmt->execute(); Loading @@ -63,7 +62,7 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { $dbh = $this->getDBHandler(); $stmt = $dbh->prepare("SELECT token, code, user_id, redirect_uri, client_id, creation_time, expiration_time, scope," . " (expiration_time < CURRENT_TIMESTAMP) AS expired " . " (expiration_time < UNIX_TIMESTAMP()) AS expired " . " FROM access_token WHERE token = :token"); $stmt->bindParam(':token', $token); Loading classes/datalayer/mysql/MySQLJWKSDAO.php +6 −3 Original line number Diff line number Diff line Loading @@ -60,7 +60,7 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { return null; } public function getNewestKeyPair(): RSAKeyPair { public function getNewestKeyPair(): ?RSAKeyPair { $dbh = $this->getDBHandler(); $query = "SELECT id, private_key, public_key, alg, creation_time FROM rsa_keypairs ORDER BY creation_time DESC LIMIT 1"; Loading @@ -68,10 +68,13 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { $stmt = $dbh->prepare($query); $stmt->execute(); $row = $stmt->fetch(); foreach ($stmt->fetchAll() as $row) { return $this->getRSAKeyPairFromResultRow($row); } return null; } private function getRSAKeyPairFromResultRow(array $row): RSAKeyPair { $keyPair = new RSAKeyPair(); $keyPair->keyId = $row['id']; Loading Loading
classes/Locator.php +4 −0 Original line number Diff line number Diff line Loading @@ -114,6 +114,10 @@ class Locator { return $this->auditLogger; } public function getJWKSHandler(): JWKSHandler { return new JWKSHandler($this); } private function setupLoggers() { // Monolog require timezone to be set date_default_timezone_set($this->config->timeZone); Loading
classes/OAuth2RequestHandler.php +2 −12 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ class OAuth2RequestHandler { $result = []; $result['access_token'] = $accessToken->token; $result['token_type'] = 'Bearer'; $result['expires_in'] = $this->getExpiresIn($accessToken); $result['expires_in'] = $accessToken->expirationTime - time(); if ($accessToken->scope !== null && in_array('openid', $accessToken->scope)) { $result['id_token'] = $this->locator->getIdTokenBuilder()->getIdToken($accessToken); Loading Loading @@ -125,15 +125,11 @@ class OAuth2RequestHandler { public function handleCheckTokenRequest($token): array { if (!isset($_POST['token'])) { throw new BadRequestException("Access token id is required"); } $accessToken = $this->locator->getAccessTokenDAO()->getAccessToken($token); $user = $this->locator->getUserDAO()->findUserById($accessToken->userId); $result = []; $result['exp'] = $this->getExpiresIn($accessToken); $result['exp'] = $accessToken->expirationTime - time(); $result['user_name'] = $user->id; $result['client_id'] = $accessToken->clientId; Loading @@ -147,12 +143,6 @@ class OAuth2RequestHandler { return $result; } private function getExpiresIn(AccessToken $accessToken) { $expTime = strtotime($accessToken->expirationTime); $now = time(); return $expTime - $now; } public function validateToken(): void { $headers = apache_request_headers(); Loading
classes/datalayer/JWKSDAO.php +1 −1 Original line number Diff line number Diff line Loading @@ -10,5 +10,5 @@ interface JWKSDAO { public function insertRSAKeyPair(RSAKeyPair $keyPair): RSAKeyPair; public function getNewestKeyPair(): RSAKeyPair; public function getNewestKeyPair(): ?RSAKeyPair; }
classes/datalayer/mysql/MySQLAccessTokenDAO.php +4 −5 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { $dbh = $this->getDBHandler(); $stmt = $dbh->prepare("INSERT INTO access_token (token, code, user_id, redirect_uri, client_id, scope, expiration_time)" . " VALUES(:token, :code, :user_id, :redirect_uri, :client_id, :scope, " . " TIMESTAMPADD(HOUR, 1, CURRENT_TIMESTAMP))"); . " UNIX_TIMESTAMP(TIMESTAMPADD(HOUR, 1, CURRENT_TIMESTAMP)))"); $scope = null; if ($accessToken->scope !== null) { Loading @@ -30,7 +30,6 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { ); if ($stmt->execute($params)) { $accessToken->expired = false; return $accessToken; } else { error_log($stmt->errorInfo()[2]); Loading @@ -44,8 +43,8 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { // Access token can be retrieved from code in 1 minute from the creation $stmt = $dbh->prepare("SELECT token, code, user_id, redirect_uri, client_id, creation_time, expiration_time, scope," . " (expiration_time < CURRENT_TIMESTAMP) AS expired " . " FROM access_token WHERE code = :code AND CURRENT_TIMESTAMP < TIMESTAMPADD(MINUTE, 1, creation_time)"); . " (expiration_time < UNIX_TIMESTAMP()) AS expired " . " FROM access_token WHERE code = :code AND UNIX_TIMESTAMP() < (creation_time + 60)"); $stmt->bindParam(':code', $code); $stmt->execute(); Loading @@ -63,7 +62,7 @@ class MySQLAccessTokenDAO extends BaseMySQLDAO implements AccessTokenDAO { $dbh = $this->getDBHandler(); $stmt = $dbh->prepare("SELECT token, code, user_id, redirect_uri, client_id, creation_time, expiration_time, scope," . " (expiration_time < CURRENT_TIMESTAMP) AS expired " . " (expiration_time < UNIX_TIMESTAMP()) AS expired " . " FROM access_token WHERE token = :token"); $stmt->bindParam(':token', $token); Loading
classes/datalayer/mysql/MySQLJWKSDAO.php +6 −3 Original line number Diff line number Diff line Loading @@ -60,7 +60,7 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { return null; } public function getNewestKeyPair(): RSAKeyPair { public function getNewestKeyPair(): ?RSAKeyPair { $dbh = $this->getDBHandler(); $query = "SELECT id, private_key, public_key, alg, creation_time FROM rsa_keypairs ORDER BY creation_time DESC LIMIT 1"; Loading @@ -68,10 +68,13 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { $stmt = $dbh->prepare($query); $stmt->execute(); $row = $stmt->fetch(); foreach ($stmt->fetchAll() as $row) { return $this->getRSAKeyPairFromResultRow($row); } return null; } private function getRSAKeyPairFromResultRow(array $row): RSAKeyPair { $keyPair = new RSAKeyPair(); $keyPair->keyId = $row['id']; Loading
