Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
22.22% |
8 / 36 |
|
20.00% |
1 / 5 |
CRAP | |
0.00% |
0 / 1 |
AuthorizationCodeAuthorization | |
22.22% |
8 / 36 |
|
20.00% |
1 / 5 |
30.05 | |
0.00% |
0 / 1 |
needsUserApproval | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getGrant | |
87.50% |
7 / 8 |
|
0.00% |
0 / 1 |
2.01 | |||
init | |
0.00% |
0 / 17 |
|
0.00% |
0 / 1 |
6 | |||
authorize | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
logAuthorizationRequest | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | |
3 | namespace MediaWiki\Extension\OAuth\AuthorizationProvider\Grant; |
4 | |
5 | use DateInterval; |
6 | use Exception; |
7 | use League\OAuth2\Server\Exception\OAuthServerException; |
8 | use League\OAuth2\Server\Grant\AuthCodeGrant; |
9 | use League\OAuth2\Server\Grant\GrantTypeInterface; |
10 | use League\OAuth2\Server\RequestTypes\AuthorizationRequest; |
11 | use MediaWiki\Extension\OAuth\AuthorizationProvider\AuthorizationProvider; |
12 | use MediaWiki\Extension\OAuth\Entity\ClientEntity; |
13 | use MediaWiki\Extension\OAuth\Entity\UserEntity; |
14 | use Psr\Http\Message\ResponseInterface; |
15 | use Psr\Http\Message\ServerRequestInterface; |
16 | |
17 | class AuthorizationCodeAuthorization extends AuthorizationProvider { |
18 | |
19 | /** |
20 | * @inheritDoc |
21 | */ |
22 | public function needsUserApproval() { |
23 | return true; |
24 | } |
25 | |
26 | /** |
27 | * @return GrantTypeInterface |
28 | * @throws Exception |
29 | */ |
30 | protected function getGrant(): GrantTypeInterface { |
31 | $authCodeRepo = $this->getAuthCodeRepo(); |
32 | $refreshTokenRepo = $this->getRefreshTokenRepo(); |
33 | $grant = new AuthCodeGrant( |
34 | $authCodeRepo, $refreshTokenRepo, new DateInterval( 'PT10M' ) |
35 | ); |
36 | if ( !$this->config->get( 'OAuth2RequireCodeChallengeForPublicClients' ) ) { |
37 | $grant->disableRequireCodeChallengeForPublicClients(); |
38 | } |
39 | |
40 | return $grant; |
41 | } |
42 | |
43 | /** |
44 | * @param ServerRequestInterface $request |
45 | * @return AuthorizationRequest |
46 | * @throws OAuthServerException |
47 | */ |
48 | public function init( ServerRequestInterface $request ): AuthorizationRequest { |
49 | $authRequest = $this->server->validateAuthorizationRequest( $request ); |
50 | /** @var ClientEntity $client */ |
51 | $client = $authRequest->getClient(); |
52 | '@phan-var ClientEntity $client'; |
53 | |
54 | if ( !$client->isUsableBy( $this->user ) ) { |
55 | throw OAuthServerException::accessDenied( |
56 | 'Client ' . $client->getIdentifier() . |
57 | ' is not usable by user with ID ' . $this->user->getId() |
58 | ); |
59 | } |
60 | $userEntity = UserEntity::newFromMWUser( $this->user ); |
61 | $authRequest->setUser( $userEntity ); |
62 | $this->logAuthorizationRequest( __METHOD__, $authRequest ); |
63 | |
64 | $this->logger->info( |
65 | "OAuth2: Starting authorization request for client {client} and user (id) {user} ", [ |
66 | 'client' => $authRequest->getClient()->getIdentifier(), |
67 | 'user' => $authRequest->getUser()->getIdentifier() |
68 | ] |
69 | ); |
70 | |
71 | return $authRequest; |
72 | } |
73 | |
74 | /** |
75 | * @param AuthorizationRequest $authRequest |
76 | * @param ResponseInterface $response |
77 | * @return ResponseInterface |
78 | */ |
79 | public function authorize( |
80 | AuthorizationRequest $authRequest, ResponseInterface $response |
81 | ): ResponseInterface { |
82 | $this->logAuthorizationRequest( __METHOD__, $authRequest ); |
83 | return $this->server->completeAuthorizationRequest( $authRequest, $response ); |
84 | } |
85 | |
86 | /** |
87 | * @param string $method |
88 | * @param AuthorizationRequest $authRequest |
89 | */ |
90 | protected function logAuthorizationRequest( $method, AuthorizationRequest $authRequest ) { |
91 | $this->logger->info( |
92 | "OAuth2: Authorization request, func {func}, for client {client} " . |
93 | "and user (id) {user} using grant \"{grant}\"", [ |
94 | 'func' => $method, |
95 | 'client' => $authRequest->getClient()->getIdentifier(), |
96 | 'user' => $authRequest->getUser()->getIdentifier(), |
97 | 'grant' => $authRequest->getGrantTypeId() |
98 | ] ); |
99 | } |
100 | } |