Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
22.22% |
8 / 36 |
|
20.00% |
1 / 5 |
CRAP | |
0.00% |
0 / 1 |
| AuthorizationCodeAuthorization | |
22.22% |
8 / 36 |
|
20.00% |
1 / 5 |
30.05 | |
0.00% |
0 / 1 |
| needsUserApproval | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| getGrant | |
87.50% |
7 / 8 |
|
0.00% |
0 / 1 |
2.01 | |||
| init | |
0.00% |
0 / 17 |
|
0.00% |
0 / 1 |
6 | |||
| authorize | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
| logAuthorizationRequest | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\Extension\OAuth\AuthorizationProvider\Grant; |
| 4 | |
| 5 | use DateInterval; |
| 6 | use Exception; |
| 7 | use League\OAuth2\Server\Exception\OAuthServerException; |
| 8 | use League\OAuth2\Server\Grant\AuthCodeGrant; |
| 9 | use League\OAuth2\Server\Grant\GrantTypeInterface; |
| 10 | use League\OAuth2\Server\RequestTypes\AuthorizationRequest; |
| 11 | use MediaWiki\Extension\OAuth\AuthorizationProvider\AuthorizationProvider; |
| 12 | use MediaWiki\Extension\OAuth\Entity\ClientEntity; |
| 13 | use MediaWiki\Extension\OAuth\Entity\UserEntity; |
| 14 | use Psr\Http\Message\ResponseInterface; |
| 15 | use Psr\Http\Message\ServerRequestInterface; |
| 16 | |
| 17 | class AuthorizationCodeAuthorization extends AuthorizationProvider { |
| 18 | |
| 19 | /** |
| 20 | * @inheritDoc |
| 21 | */ |
| 22 | public function needsUserApproval() { |
| 23 | return true; |
| 24 | } |
| 25 | |
| 26 | /** |
| 27 | * @return GrantTypeInterface |
| 28 | * @throws Exception |
| 29 | */ |
| 30 | protected function getGrant(): GrantTypeInterface { |
| 31 | $authCodeRepo = $this->getAuthCodeRepo(); |
| 32 | $refreshTokenRepo = $this->getRefreshTokenRepo(); |
| 33 | $grant = new AuthCodeGrant( |
| 34 | $authCodeRepo, $refreshTokenRepo, new DateInterval( 'PT10M' ) |
| 35 | ); |
| 36 | if ( !$this->config->get( 'OAuth2RequireCodeChallengeForPublicClients' ) ) { |
| 37 | $grant->disableRequireCodeChallengeForPublicClients(); |
| 38 | } |
| 39 | |
| 40 | return $grant; |
| 41 | } |
| 42 | |
| 43 | /** |
| 44 | * @param ServerRequestInterface $request |
| 45 | * @return AuthorizationRequest |
| 46 | * @throws OAuthServerException |
| 47 | */ |
| 48 | public function init( ServerRequestInterface $request ): AuthorizationRequest { |
| 49 | $authRequest = $this->server->validateAuthorizationRequest( $request ); |
| 50 | /** @var ClientEntity $client */ |
| 51 | $client = $authRequest->getClient(); |
| 52 | '@phan-var ClientEntity $client'; |
| 53 | |
| 54 | if ( !$client->isUsableBy( $this->user ) ) { |
| 55 | throw OAuthServerException::accessDenied( |
| 56 | 'Client ' . $client->getIdentifier() . |
| 57 | ' is not usable by user with ID ' . $this->user->getId() |
| 58 | ); |
| 59 | } |
| 60 | $userEntity = UserEntity::newFromMWUser( $this->user ); |
| 61 | $authRequest->setUser( $userEntity ); |
| 62 | $this->logAuthorizationRequest( __METHOD__, $authRequest ); |
| 63 | |
| 64 | $this->logger->info( |
| 65 | "OAuth2: Starting authorization request for client {client} and user (id) {user} ", [ |
| 66 | 'client' => $authRequest->getClient()->getIdentifier(), |
| 67 | 'user' => $authRequest->getUser()->getIdentifier() |
| 68 | ] |
| 69 | ); |
| 70 | |
| 71 | return $authRequest; |
| 72 | } |
| 73 | |
| 74 | /** |
| 75 | * @param AuthorizationRequest $authRequest |
| 76 | * @param ResponseInterface $response |
| 77 | * @return ResponseInterface |
| 78 | */ |
| 79 | public function authorize( |
| 80 | AuthorizationRequest $authRequest, ResponseInterface $response |
| 81 | ): ResponseInterface { |
| 82 | $this->logAuthorizationRequest( __METHOD__, $authRequest ); |
| 83 | return $this->server->completeAuthorizationRequest( $authRequest, $response ); |
| 84 | } |
| 85 | |
| 86 | /** |
| 87 | * @param string $method |
| 88 | * @param AuthorizationRequest $authRequest |
| 89 | */ |
| 90 | protected function logAuthorizationRequest( $method, AuthorizationRequest $authRequest ) { |
| 91 | $this->logger->info( |
| 92 | "OAuth2: Authorization request, func {func}, for client {client} " . |
| 93 | "and user (id) {user} using grant \"{grant}\"", [ |
| 94 | 'func' => $method, |
| 95 | 'client' => $authRequest->getClient()->getIdentifier(), |
| 96 | 'user' => $authRequest->getUser()->getIdentifier(), |
| 97 | 'grant' => $authRequest->getGrantTypeId() |
| 98 | ] ); |
| 99 | } |
| 100 | } |