mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-23 02:04:46 +02:00
[Web] add league/oauth2-client
This commit is contained in:
parent
b251c58b23
commit
a805d3b2e3
@ -10,6 +10,7 @@
|
||||
"mustangostang/spyc": "^0.6.3",
|
||||
"directorytree/ldaprecord": "^2.4",
|
||||
"twig/twig": "^3.0",
|
||||
"stevenmaguire/oauth2-keycloak": "^3.2"
|
||||
"stevenmaguire/oauth2-keycloak": "^3.2",
|
||||
"league/oauth2-client": "^2.7"
|
||||
}
|
||||
}
|
||||
|
14
data/web/inc/lib/composer.lock
generated
14
data/web/inc/lib/composer.lock
generated
@ -4,7 +4,7 @@
|
||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "65fe6638523a3a93c55e67a061725223",
|
||||
"content-hash": "ee35a2bf8c80a87b6825c3e86635f709",
|
||||
"packages": [
|
||||
{
|
||||
"name": "bshaffer/oauth2-server-php",
|
||||
@ -654,16 +654,16 @@
|
||||
},
|
||||
{
|
||||
"name": "league/oauth2-client",
|
||||
"version": "2.6.1",
|
||||
"version": "2.7.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/thephpleague/oauth2-client.git",
|
||||
"reference": "2334c249907190c132364f5dae0287ab8666aa19"
|
||||
"reference": "160d6274b03562ebeb55ed18399281d8118b76c8"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
|
||||
"reference": "2334c249907190c132364f5dae0287ab8666aa19",
|
||||
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8",
|
||||
"reference": "160d6274b03562ebeb55ed18399281d8118b76c8",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -718,9 +718,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/thephpleague/oauth2-client/issues",
|
||||
"source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
|
||||
"source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0"
|
||||
},
|
||||
"time": "2021-12-22T16:42:49+00:00"
|
||||
"time": "2023-04-16T18:19:15+00:00"
|
||||
},
|
||||
{
|
||||
"name": "matthiasmullie/minify",
|
||||
|
@ -18,7 +18,7 @@ return array(
|
||||
'RobThree\\Auth\\' => array($vendorDir . '/robthree/twofactorauth/lib'),
|
||||
'Psr\\SimpleCache\\' => array($vendorDir . '/psr/simple-cache/src'),
|
||||
'Psr\\Log\\' => array($vendorDir . '/psr/log/src'),
|
||||
'Psr\\Http\\Message\\' => array($vendorDir . '/psr/http-message/src', $vendorDir . '/psr/http-factory/src'),
|
||||
'Psr\\Http\\Message\\' => array($vendorDir . '/psr/http-factory/src', $vendorDir . '/psr/http-message/src'),
|
||||
'Psr\\Http\\Client\\' => array($vendorDir . '/psr/http-client/src'),
|
||||
'Psr\\Container\\' => array($vendorDir . '/psr/container/src'),
|
||||
'PhpMimeMailParser\\' => array($vendorDir . '/php-mime-mail-parser/php-mime-mail-parser/src'),
|
||||
|
@ -140,8 +140,8 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
|
||||
),
|
||||
'Psr\\Http\\Message\\' =>
|
||||
array (
|
||||
0 => __DIR__ . '/..' . '/psr/http-message/src',
|
||||
1 => __DIR__ . '/..' . '/psr/http-factory/src',
|
||||
0 => __DIR__ . '/..' . '/psr/http-factory/src',
|
||||
1 => __DIR__ . '/..' . '/psr/http-message/src',
|
||||
),
|
||||
'Psr\\Http\\Client\\' =>
|
||||
array (
|
||||
|
14
data/web/inc/lib/vendor/composer/installed.json
vendored
14
data/web/inc/lib/vendor/composer/installed.json
vendored
@ -668,17 +668,17 @@
|
||||
},
|
||||
{
|
||||
"name": "league/oauth2-client",
|
||||
"version": "2.6.1",
|
||||
"version_normalized": "2.6.1.0",
|
||||
"version": "2.7.0",
|
||||
"version_normalized": "2.7.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/thephpleague/oauth2-client.git",
|
||||
"reference": "2334c249907190c132364f5dae0287ab8666aa19"
|
||||
"reference": "160d6274b03562ebeb55ed18399281d8118b76c8"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
|
||||
"reference": "2334c249907190c132364f5dae0287ab8666aa19",
|
||||
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8",
|
||||
"reference": "160d6274b03562ebeb55ed18399281d8118b76c8",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -692,7 +692,7 @@
|
||||
"phpunit/phpunit": "^5.7 || ^6.0 || ^9.5",
|
||||
"squizlabs/php_codesniffer": "^2.3 || ^3.0"
|
||||
},
|
||||
"time": "2021-12-22T16:42:49+00:00",
|
||||
"time": "2023-04-16T18:19:15+00:00",
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
@ -735,7 +735,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/thephpleague/oauth2-client/issues",
|
||||
"source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
|
||||
"source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0"
|
||||
},
|
||||
"install-path": "../league/oauth2-client"
|
||||
},
|
||||
|
10
data/web/inc/lib/vendor/composer/installed.php
vendored
10
data/web/inc/lib/vendor/composer/installed.php
vendored
@ -3,7 +3,7 @@
|
||||
'name' => '__root__',
|
||||
'pretty_version' => 'dev-master',
|
||||
'version' => 'dev-master',
|
||||
'reference' => 'ea394d702dd7fe05f9b28c818fd912c5a60e71f4',
|
||||
'reference' => '07edec4ea50b8eedae10c28eba0b4b2774df537e',
|
||||
'type' => 'library',
|
||||
'install_path' => __DIR__ . '/../../',
|
||||
'aliases' => array(),
|
||||
@ -13,7 +13,7 @@
|
||||
'__root__' => array(
|
||||
'pretty_version' => 'dev-master',
|
||||
'version' => 'dev-master',
|
||||
'reference' => 'ea394d702dd7fe05f9b28c818fd912c5a60e71f4',
|
||||
'reference' => '07edec4ea50b8eedae10c28eba0b4b2774df537e',
|
||||
'type' => 'library',
|
||||
'install_path' => __DIR__ . '/../../',
|
||||
'aliases' => array(),
|
||||
@ -98,9 +98,9 @@
|
||||
'dev_requirement' => false,
|
||||
),
|
||||
'league/oauth2-client' => array(
|
||||
'pretty_version' => '2.6.1',
|
||||
'version' => '2.6.1.0',
|
||||
'reference' => '2334c249907190c132364f5dae0287ab8666aa19',
|
||||
'pretty_version' => '2.7.0',
|
||||
'version' => '2.7.0.0',
|
||||
'reference' => '160d6274b03562ebeb55ed18399281d8118b76c8',
|
||||
'type' => 'library',
|
||||
'install_path' => __DIR__ . '/../league/oauth2-client',
|
||||
'aliases' => array(),
|
||||
|
@ -6,7 +6,7 @@ This package provides a base for integrating with [OAuth 2.0](http://oauth.net/2
|
||||
[![Source Code](https://img.shields.io/badge/source-thephpleague/oauth2--client-blue.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client)
|
||||
[![Latest Version](https://img.shields.io/github/release/thephpleague/oauth2-client.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client/releases)
|
||||
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client/blob/master/LICENSE)
|
||||
[![Build Status](https://img.shields.io/github/workflow/status/thephpleague/oauth2-client/CI?label=CI&logo=github&style=flat-square)](https://github.com/thephpleague/oauth2-client/actions?query=workflow%3ACI)
|
||||
[![Build Status](https://img.shields.io/github/actions/workflow/status/thephpleague/oauth2-client/continuous-integration.yml?label=CI&logo=github&style=flat-square)](https://github.com/thephpleague/oauth2-client/actions?query=workflow%3ACI)
|
||||
[![Codecov Code Coverage](https://img.shields.io/codecov/c/gh/thephpleague/oauth2-client?label=codecov&logo=codecov&style=flat-square)](https://codecov.io/gh/thephpleague/oauth2-client)
|
||||
[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-client.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-client)
|
||||
|
||||
|
@ -17,6 +17,7 @@ namespace League\OAuth2\Client\Provider;
|
||||
use GuzzleHttp\Client as HttpClient;
|
||||
use GuzzleHttp\ClientInterface as HttpClientInterface;
|
||||
use GuzzleHttp\Exception\BadResponseException;
|
||||
use InvalidArgumentException;
|
||||
use League\OAuth2\Client\Grant\AbstractGrant;
|
||||
use League\OAuth2\Client\Grant\GrantFactory;
|
||||
use League\OAuth2\Client\OptionProvider\OptionProviderInterface;
|
||||
@ -44,7 +45,7 @@ abstract class AbstractProvider
|
||||
use QueryBuilderTrait;
|
||||
|
||||
/**
|
||||
* @var string Key used in a token response to identify the resource owner.
|
||||
* @var string|null Key used in a token response to identify the resource owner.
|
||||
*/
|
||||
const ACCESS_TOKEN_RESOURCE_OWNER_ID = null;
|
||||
|
||||
@ -58,6 +59,19 @@ abstract class AbstractProvider
|
||||
*/
|
||||
const METHOD_POST = 'POST';
|
||||
|
||||
/**
|
||||
* @var string PKCE method used to fetch authorization token.
|
||||
* The PKCE code challenge will be hashed with sha256 (recommended).
|
||||
*/
|
||||
const PKCE_METHOD_S256 = 'S256';
|
||||
|
||||
/**
|
||||
* @var string PKCE method used to fetch authorization token.
|
||||
* The PKCE code challenge will be sent as plain text, this is NOT recommended.
|
||||
* Only use `plain` if no other option is possible.
|
||||
*/
|
||||
const PKCE_METHOD_PLAIN = 'plain';
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
@ -78,6 +92,11 @@ abstract class AbstractProvider
|
||||
*/
|
||||
protected $state;
|
||||
|
||||
/**
|
||||
* @var string|null
|
||||
*/
|
||||
protected $pkceCode = null;
|
||||
|
||||
/**
|
||||
* @var GrantFactory
|
||||
*/
|
||||
@ -264,6 +283,32 @@ abstract class AbstractProvider
|
||||
return $this->state;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of the pkceCode parameter.
|
||||
*
|
||||
* When using PKCE this should be set before requesting an access token.
|
||||
*
|
||||
* @param string $pkceCode
|
||||
* @return self
|
||||
*/
|
||||
public function setPkceCode($pkceCode)
|
||||
{
|
||||
$this->pkceCode = $pkceCode;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current value of the pkceCode parameter.
|
||||
*
|
||||
* This can be accessed by the redirect handler during authorization.
|
||||
*
|
||||
* @return string|null
|
||||
*/
|
||||
public function getPkceCode()
|
||||
{
|
||||
return $this->pkceCode;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the base URL for authorizing a client.
|
||||
*
|
||||
@ -305,6 +350,27 @@ abstract class AbstractProvider
|
||||
return bin2hex(random_bytes($length / 2));
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a new random string to use as PKCE code_verifier and
|
||||
* hashed as code_challenge parameters in an authorization flow.
|
||||
* Must be between 43 and 128 characters long.
|
||||
*
|
||||
* @param int $length Length of the random string to be generated.
|
||||
* @return string
|
||||
*/
|
||||
protected function getRandomPkceCode($length = 64)
|
||||
{
|
||||
return substr(
|
||||
strtr(
|
||||
base64_encode(random_bytes($length)),
|
||||
'+/',
|
||||
'-_'
|
||||
),
|
||||
0,
|
||||
$length
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default scopes used by this provider.
|
||||
*
|
||||
@ -326,6 +392,14 @@ abstract class AbstractProvider
|
||||
return ',';
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|null
|
||||
*/
|
||||
protected function getPkceMethod()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns authorization parameters based on provided options.
|
||||
*
|
||||
@ -355,6 +429,26 @@ abstract class AbstractProvider
|
||||
// Store the state as it may need to be accessed later on.
|
||||
$this->state = $options['state'];
|
||||
|
||||
$pkceMethod = $this->getPkceMethod();
|
||||
if (!empty($pkceMethod)) {
|
||||
$this->pkceCode = $this->getRandomPkceCode();
|
||||
if ($pkceMethod === static::PKCE_METHOD_S256) {
|
||||
$options['code_challenge'] = trim(
|
||||
strtr(
|
||||
base64_encode(hash('sha256', $this->pkceCode, true)),
|
||||
'+/',
|
||||
'-_'
|
||||
),
|
||||
'='
|
||||
);
|
||||
} elseif ($pkceMethod === static::PKCE_METHOD_PLAIN) {
|
||||
$options['code_challenge'] = $this->pkceCode;
|
||||
} else {
|
||||
throw new InvalidArgumentException('Unknown PKCE method "' . $pkceMethod . '".');
|
||||
}
|
||||
$options['code_challenge_method'] = $pkceMethod;
|
||||
}
|
||||
|
||||
// Business code layer might set a different redirect_uri parameter
|
||||
// depending on the context, leave it as-is
|
||||
if (!isset($options['redirect_uri'])) {
|
||||
@ -517,8 +611,8 @@ abstract class AbstractProvider
|
||||
/**
|
||||
* Requests an access token using a specified grant and option set.
|
||||
*
|
||||
* @param mixed $grant
|
||||
* @param array $options
|
||||
* @param mixed $grant
|
||||
* @param array<string, mixed> $options
|
||||
* @throws IdentityProviderException
|
||||
* @return AccessTokenInterface
|
||||
*/
|
||||
@ -532,6 +626,10 @@ abstract class AbstractProvider
|
||||
'redirect_uri' => $this->redirectUri,
|
||||
];
|
||||
|
||||
if (!empty($this->pkceCode)) {
|
||||
$params['code_verifier'] = $this->pkceCode;
|
||||
}
|
||||
|
||||
$params = $grant->prepareRequestParameters($params, $options);
|
||||
$request = $this->getAccessTokenRequest($params);
|
||||
$response = $this->getParsedResponse($request);
|
||||
@ -564,7 +662,7 @@ abstract class AbstractProvider
|
||||
*
|
||||
* @param string $method
|
||||
* @param string $url
|
||||
* @param AccessTokenInterface|string $token
|
||||
* @param AccessTokenInterface|string|null $token
|
||||
* @param array $options Any of "headers", "body", and "protocolVersion".
|
||||
* @return RequestInterface
|
||||
*/
|
||||
|
@ -27,7 +27,7 @@ class IdentityProviderException extends \Exception
|
||||
/**
|
||||
* @param string $message
|
||||
* @param int $code
|
||||
* @param array|string $response The response body
|
||||
* @param mixed $response The response body
|
||||
*/
|
||||
public function __construct($message, $code, $response)
|
||||
{
|
||||
@ -39,7 +39,7 @@ class IdentityProviderException extends \Exception
|
||||
/**
|
||||
* Returns the exception's response body.
|
||||
*
|
||||
* @return array|string
|
||||
* @return mixed
|
||||
*/
|
||||
public function getResponseBody()
|
||||
{
|
||||
|
@ -78,6 +78,11 @@ class GenericProvider extends AbstractProvider
|
||||
*/
|
||||
private $responseResourceOwnerId = 'id';
|
||||
|
||||
/**
|
||||
* @var string|null
|
||||
*/
|
||||
private $pkceMethod = null;
|
||||
|
||||
/**
|
||||
* @param array $options
|
||||
* @param array $collaborators
|
||||
@ -114,6 +119,7 @@ class GenericProvider extends AbstractProvider
|
||||
'responseCode',
|
||||
'responseResourceOwnerId',
|
||||
'scopes',
|
||||
'pkceMethod',
|
||||
]);
|
||||
}
|
||||
|
||||
@ -205,6 +211,14 @@ class GenericProvider extends AbstractProvider
|
||||
return $this->scopeSeparator ?: parent::getScopeSeparator();
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
protected function getPkceMethod()
|
||||
{
|
||||
return $this->pkceMethod ?: parent::getPkceMethod();
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user