nucleardog
/
authkit2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Move session/cache stuff into core class so we can replace with laravel 

implementation
master
Adam Pippin 3 years ago
parent
0fc70dbdb9
commit
8f5206dd11
4 changed files with 26 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      src/Authkit2.php
  2. 7
      src/Oidc/Client.php
  3. 31
      src/Oidc/Flows/UserFlow.php
  4. 12
      src/Oidc/Token.php

7
src/Authkit2.php
View File

@ -46,7 +46,7 @@ class Authkit2
$this->callbacks[$name] = $value;
}
public function __callStatic(string $name, array $arguments)
public static function __callStatic(string $name, array $arguments)
{
$authkit2 = static::get();
if (!isset($authkit2->callbacks[$name]))
@ -66,6 +66,7 @@ class Authkit2
$value = $generator();
static::cache_set($key, $value);
}
return $value;
}
protected function initializeNative()
@ -87,13 +88,13 @@ class Authkit2
protected function native_session_get($key)
{
$this->native_session_check();
return $_SESSION[static::LIB_PREFIX.$key];
return $_SESSION[static::LIB_PREFIX.$key] ?? null;
}
protected function native_session_set($key, $value)
{
$this->native_session_check();
$_SESSION[static::LIB_PREFIX.$key];
$_SESSION[static::LIB_PREFIX.$key] = $value;
}
protected function native_session_check()

7
src/Oidc/Client.php
View File

@ -1,6 +1,7 @@
<?php
namespace authkit2\Oidc;
use authkit2\Authkit2;
/**
* OpenId Connect HTTP Client Library
@ -108,8 +109,10 @@ class Client
{
if (!isset(static::$oidc_config))
{
$response = (new \GuzzleHttp\Client())->get(static::$oidc_url.'/.well-known/openid-configuration');
static::$oidc_config = json_decode($response->getBody(), true);
static::$oidc_config = Authkit2::cache('oidc.config', function() {
$response = (new \GuzzleHttp\Client())->get(static::$oidc_url.'/.well-known/openid-configuration');
return json_decode($response->getBody(), true);
});
}
return static::$oidc_config;

31
src/Oidc/Flows/UserFlow.php
View File

@ -1,6 +1,7 @@
<?php
namespace authkit2\Oidc\Flows;
use authkit2\Authkit2;
use authkit2\Oidc\Client;
use authkit2\Oidc\Authentication\ClientAuthentication;
use authkit2\Oidc\Token;
@ -52,9 +53,10 @@ class UserFlow
// We use 30 because that should generate an even number of base64 characters
// and not require padding. (6 bits / char)
$state = base64_encode(random_bytes(30));
$this->prepareSession();
// Keep a list of all valid states we've generated
array_push($_SESSION['authkit2.state'], $state);
$states = Authkit2::session_get('userflow.state') ?? [];
array_push($states, $state);
Authkit2::session_set('userflow.state', $states);
return $this->client->getEndpointUrl('authorization').'?'.http_build_query([
'client_id' => $this->client_id,
@ -73,12 +75,13 @@ class UserFlow
*/
public function validateState(string $state): void
{
$this->prepareSession();
for ($i=0; $i<sizeof($_SESSION['authkit2.state']); $i++)
$states = Authkit2::session_get('userflow.state') ?? [];
for ($i=0; $i<sizeof($states); $i++)
{
if ($_SESSION['authkit2.state'][$i] == $state)
if ($states[$i] == $state)
{
$_SESSION['authkit2.state'] = array_splice($_SESSION['authkit2.state'], $i, 1);
$states = array_splice($states, $i, 1);
Authkit2::session_set('userflow.state', $states);
return;
}
}
@ -104,21 +107,5 @@ class UserFlow
return Token::fromResponse($response);
}
/**
* Ensure that a PHP session exists for storing the state information in
*
* @return void
*/
protected function prepareSession(): void
{
// If a session doesn't exist, start one
// TODO: PHP_SESSION_DISABLED shouldn't happen in any sane universe, but
// throw an exception if that's the case
if (session_status() == \PHP_SESSION_NONE)
session_start();
if (!isset($_SESSION['authkit2.state']))
$_SESSION['authkit2.state'] = [];
}
}

12
src/Oidc/Token.php
View File

@ -1,7 +1,8 @@
<?php
namespace authkit2\Oidc;
use \authkit2\Oidc\Client;
use authkit2\Authkit2;
use authkit2\Oidc\Client;
use Firebase\JWT\JWT;
use Firebase\JWT\JWK;
@ -115,9 +116,12 @@ class Token
*/
protected function decode(): object
{
$jwks_response = $this->getClient()->get(Client::getOidcConfig()['jwks_uri']);
$jwks_response = json_decode(json_encode($jwks_response), true);
return JWT::decode($this->access_token, JWK::parseKeySet($jwks_response), Client::getOidcConfig()['id_token_signing_alg_values_supported']);
$client = $this->getClient();
$jwks = Authkit2::cache('oidc.jwks', function() use ($client) {
$response = $client->get(Client::getOidcConfig()['jwks_uri']);
return json_decode(json_encode($response), true);
});
return JWT::decode($this->access_token, JWK::parseKeySet($jwks), Client::getOidcConfig()['id_token_signing_alg_values_supported']);
}
/**

Write Preview
Loading…
Cancel
Save