Merge pull request #1375 from Sephster/php-8-1-compat

Add Types to the Library

CHANGELOG.md

@@ -6,9 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 ### Added
+- GrantTypeInterface has a new function, `revokeRefreshTokens()` for enabling or disabling refresh tokens after use (PR #1375)
 - A CryptKeyInterface to allow developers to change the CryptKey implementation with greater ease (PR #1044)
 - The authorization server can now finalize scopes when a client uses a refresh token (PR #1094)
 - An AuthorizationRequestInterface to make it easier to extend the AuthorizationRequest (PR #1110)
+- Added function `getKeyContents()` to the `CryptKeyInterface` (PR #1375)
 
 ### Fixed
 - If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042) (PR #1082)
@@ -17,6 +19,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Authorization Request objects are now created through the factory method, `createAuthorizationRequest()` (PR #1111)
 - Changed parameters for `finalizeScopes()` to allow a reference to an auth code ID (PR #1112)
 
+### Removed
+- Removed message property from OAuthException HTTP response. Now just use error_description as per the OAuth 2 spec (PR #1375)
+
 ## [8.5.4] - released 2023-08-25
 ### Added
 - Support for league/uri ^7.0 (PR #1367)

composer.json

@@ -10,15 +10,21 @@
         "league/uri": "^6.7 || ^7.0",
         "lcobucci/jwt": "^4.3 || ^5.0",
         "psr/http-message": "^1.0.1 || ^2.0",
-        "defuse/php-encryption": "^2.3",
+        "defuse/php-encryption": "^2.3.1",
         "lcobucci/clock": "^2.2 || ^3.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^9.6.6",
+        "phpunit/phpunit": "^9.6.11",
         "laminas/laminas-diactoros": "^3.0.0",
-        "phpstan/phpstan": "^0.12.57",
-        "phpstan/phpstan-phpunit": "^0.12.16",
-        "roave/security-advisories": "dev-master"
+        "phpstan/phpstan": "^1.10.26",
+        "phpstan/phpstan-phpunit": "^1.3.14",
+        "roave/security-advisories": "dev-master",
+        "phpstan/extension-installer": "^1.3",
+        "phpstan/phpstan-deprecation-rules": "^1.1",
+        "phpstan/phpstan-strict-rules": "^1.5",
+        "slevomat/coding-standard": "^8.13",
+        "php-parallel-lint/php-parallel-lint": "^1.3",
+        "squizlabs/php_codesniffer": "^3.7"
     },
     "repositories": [
         {
@@ -69,5 +75,12 @@
         "psr-4": {
             "LeagueTests\\": "tests/"
         }
+    },
+    "config": {
+        "allow-plugins": {
+            "ocramius/package-versions": true,
+            "phpstan/extension-installer": true,
+            "dealerdirect/phpcodesniffer-composer-installer": false
+        }
     }
 }

phpstan.neon.dist

@@ -0,0 +1,10 @@
+parameters:
+    level: 8
+    paths:
+        - src
+        - tests
+    ignoreErrors:
+        -
+          message: '#Call to an undefined method League\\OAuth2\\Server\\ResponseTypes\\ResponseTypeInterface::getAccessToken\(\)\.#'
+          path: tests/Grant/ClientCredentialsGrantTest.php 
+        - '#Return type \(League\\Event\\EmitterInterface\|null\) of method LeagueTests\\Stubs\\GrantType::getEmitter\(\) should be covariant with return type \(League\\Event\\EmitterInterface\) of method League\\Event\\EmitterAwareInterface::getEmitter\(\)#'

src/AuthorizationServer.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @author      Alex Bilbie <[email protected]>
  * @copyright   Copyright (c) Alex Bilbie
@@ -7,6 +8,8 @@
  * @link        https://github.com/thephpleague/oauth2-server
  */
 
+declare(strict_types=1);
+
 namespace League\OAuth2\Server;
 
 use DateInterval;
@@ -32,79 +35,36 @@ class AuthorizationServer implements EmitterAwareInterface
     /**
      * @var GrantTypeInterface[]
      */
-    protected $enabledGrantTypes = [];
+    protected array $enabledGrantTypes = [];
 
     /**
      * @var DateInterval[]
      */
-    protected $grantTypeAccessTokenTTL = [];
+    protected array $grantTypeAccessTokenTTL = [];
 
-    /**
-     * @var CryptKeyInterface
-     */
-    protected $privateKey;
+    protected CryptKeyInterface $privateKey;
 
-    /**
-     * @var CryptKeyInterface
-     */
-    protected $publicKey;
+    protected CryptKeyInterface $publicKey;
 
-    /**
-     * @var ResponseTypeInterface
-     */
-    protected $responseType;
+    protected ResponseTypeInterface $responseType;
 
-    /**
-     * @var ClientRepositoryInterface
-     */
-    private $clientRepository;
+    private string|Key $encryptionKey;
 
-    /**
-     * @var AccessTokenRepositoryInterface
-     */
-    private $accessTokenRepository;
+    private string $defaultScope = '';
 
-    /**
-     * @var ScopeRepositoryInterface
-     */
-    private $scopeRepository;
+    private bool $revokeRefreshTokens = true;
 
     /**
-     * @var string|Key
-     */
-    private $encryptionKey;
-
-    /**
-     * @var string
-     */
-    private $defaultScope = '';
-
-    /**
-     * @var bool
-     */
-    private $revokeRefreshTokens = true;
-
-    /**
-     * New server instance.
-     *
-     * @param ClientRepositoryInterface      $clientRepository
-     * @param AccessTokenRepositoryInterface $accessTokenRepository
-     * @param ScopeRepositoryInterface       $scopeRepository
-     * @param CryptKeyInterface|string       $privateKey
-     * @param string|Key                     $encryptionKey
-     * @param null|ResponseTypeInterface     $responseType
+     * New server instance
      */
     public function __construct(
-        ClientRepositoryInterface $clientRepository,
-        AccessTokenRepositoryInterface $accessTokenRepository,
-        ScopeRepositoryInterface $scopeRepository,
-        $privateKey,
-        $encryptionKey,
-        ResponseTypeInterface $responseType = null
+        private ClientRepositoryInterface $clientRepository,
+        private AccessTokenRepositoryInterface $accessTokenRepository,
+        private ScopeRepositoryInterface $scopeRepository,
+        CryptKeyInterface|string $privateKey,
+        Key|string $encryptionKey,
+        ResponseTypeInterface|null $responseType = null
     ) {
-        $this->clientRepository = $clientRepository;
-        $this->accessTokenRepository = $accessTokenRepository;
-        $this->scopeRepository = $scopeRepository;
 
         if ($privateKey instanceof CryptKeyInterface === false) {
             $privateKey = new CryptKey($privateKey);
@@ -123,12 +83,9 @@ public function __construct(
     }
 
     /**
-     * Enable a grant type on the server.
-     *
-     * @param GrantTypeInterface $grantType
-     * @param null|DateInterval  $accessTokenTTL
+     * Enable a grant type on the server
      */
-    public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null)
+    public function enableGrantType(GrantTypeInterface $grantType, DateInterval|null $accessTokenTTL = null): void
     {
         if ($accessTokenTTL === null) {
             $accessTokenTTL = new DateInterval('PT1H');
@@ -150,13 +107,9 @@ public function enableGrantType(GrantTypeInterface $grantType, DateInterval $acc
     /**
      * Validate an authorization request
      *
-     * @param ServerRequestInterface $request
-     *
      * @throws OAuthServerException
-     *
-     * @return AuthorizationRequestInterface
      */
-    public function validateAuthorizationRequest(ServerRequestInterface $request)
+    public function validateAuthorizationRequest(ServerRequestInterface $request): AuthorizationRequestInterface
     {
         foreach ($this->enabledGrantTypes as $grantType) {
             if ($grantType->canRespondToAuthorizationRequest($request)) {
@@ -169,16 +122,11 @@ public function validateAuthorizationRequest(ServerRequestInterface $request)
 
     /**
      * Complete an authorization request
-     *
-     * @param AuthorizationRequestInterface $authRequest
-     * @param ResponseInterface             $response
-     *
-     * @return ResponseInterface
      */
     public function completeAuthorizationRequest(
         AuthorizationRequestInterface $authRequest,
         ResponseInterface $response
-    ) {
+    ): ResponseInterface {
         return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
             ->completeAuthorizationRequest($authRequest)
             ->generateHttpResponse($response);
@@ -187,39 +135,31 @@ public function completeAuthorizationRequest(
     /**
      * Return an access token response.
      *
-     * @param ServerRequestInterface $request
-     * @param ResponseInterface      $response
-     *
      * @throws OAuthServerException
-     *
-     * @return ResponseInterface
      */
-    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
+    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
     {
         foreach ($this->enabledGrantTypes as $grantType) {
             if (!$grantType->canRespondToAccessTokenRequest($request)) {
                 continue;
             }
+
             $tokenResponse = $grantType->respondToAccessTokenRequest(
                 $request,
                 $this->getResponseType(),
                 $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
             );
 
-            if ($tokenResponse instanceof ResponseTypeInterface) {
-                return $tokenResponse->generateHttpResponse($response);
-            }
+            return $tokenResponse->generateHttpResponse($response);
         }
 
         throw OAuthServerException::unsupportedGrantType();
     }
 
     /**
      * Get the token type that grants will return in the HTTP response.
-     *
-     * @return ResponseTypeInterface
      */
-    protected function getResponseType()
+    protected function getResponseType(): ResponseTypeInterface
     {
         $responseType = clone $this->responseType;
 
@@ -234,18 +174,14 @@ protected function getResponseType()
 
     /**
      * Set the default scope for the authorization server.
-     *
-     * @param string $defaultScope
      */
-    public function setDefaultScope($defaultScope)
+    public function setDefaultScope(string $defaultScope): void
     {
         $this->defaultScope = $defaultScope;
     }
 
     /**
      * Sets whether to revoke refresh tokens or not (for all grant types).
-     *
-     * @param bool $revokeRefreshTokens
      */
     public function revokeRefreshTokens(bool $revokeRefreshTokens): void
     {

src/AuthorizationValidators/AuthorizationValidatorInterface.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @author      Alex Bilbie <[email protected]>
  * @copyright   Copyright (c) Alex Bilbie
@@ -7,19 +8,17 @@
  * @link        https://github.com/thephpleague/oauth2-server
  */
 
+declare(strict_types=1);
+
 namespace League\OAuth2\Server\AuthorizationValidators;
 
 use Psr\Http\Message\ServerRequestInterface;
 
 interface AuthorizationValidatorInterface
 {
     /**
-     * Determine the access token in the authorization header and append OAUth properties to the request
-     *  as attributes.
-     *
-     * @param ServerRequestInterface $request
-     *
-     * @return ServerRequestInterface
+     * Determine the access token in the authorization header and append OAUth
+     * properties to the request as attributes.
      */
-    public function validateAuthorization(ServerRequestInterface $request);
+    public function validateAuthorization(ServerRequestInterface $request): ServerRequestInterface;
 }