From 1d5c509c246c31680baa38319485adcf0aab8b83 Mon Sep 17 00:00:00 2001 From: Dzianis Kotau Date: Thu, 12 Dec 2019 19:54:13 +0300 Subject: [PATCH] Got rid of Symfony dependencies --- docs/FrameworkIntegration/Symfony/README.md | 35 +++---- docs/examples/authorization.php | 12 +-- docs/examples/index.php | 6 +- phpunit.xml.dist | 2 +- src/Provider/AppIdProvider.php | 106 ++------------------ tests/src/Provider/AppIdProviderTest.php | 41 +------- 6 files changed, 40 insertions(+), 162 deletions(-) diff --git a/docs/FrameworkIntegration/Symfony/README.md b/docs/FrameworkIntegration/Symfony/README.md index 80bf71a..d206404 100644 --- a/docs/FrameworkIntegration/Symfony/README.md +++ b/docs/FrameworkIntegration/Symfony/README.md @@ -1,5 +1,7 @@ # Symfony Framework Integration +**TODO: review this documentation for v2 version.** + Full documentation for adding providers is available at [KnpUOAuth2ClientBundle](https://github.com/knpuniversity/oauth2-client-bundle). This example is based on [Symfony v4.3](https://symfony.com). @@ -27,33 +29,32 @@ security: # config/packages/knpu_oauth2_client.yaml knpu_oauth2_client: clients: - appid_main: + appid: type: generic provider_class: Jampire\OAuth2\Client\Provider\AppIdProvider # optional: a class that extends OAuth2Client client_class: App\Security\AppIdClient - provider_options: {base_auth_uri: '%env(appid_base_auth_uri)%', - tenant_id: '%env(appid_tenant_id)%', - redirect_route: '%env(appid_redirect_route)%', - idp: '%env(appid_idp)%'} + provider_options: {baseAuthUri: '%env(OAUTH_APPID_BASE_AUTH_URI)%', + tenantId: '%env(OAUTH_APPID_TENANT_ID)%', + idp: '%env(OAUTH_APPID_IDP)%'} # now, all the normal options! - client_id: '%env(appid_client_id)%' - client_secret: '%env(appid_client_secret)%' - redirect_route: '%env(appid_redirect_route)%' + client_id: '%env(OAUTH_APPID_CLIENT_ID)%' + client_secret: '%env(OAUTH_APPID_CLIENT_SECRET)%' + redirect_route: '%env(OAUTH_APPID_REDIRECT_ROUTE)%' redirect_params: {} ``` Add your credentials in env ```dotenv -appid_base_auth_uri=https://xxx.appid.cloud.ibm.com/oauth/v4 -appid_redirect_route=connect_check_appid -appid_idp=saml -appid_tenant_id=xxxxxxxxxxxxxxxxxxxxxxxxxx -appid_client_id=xxxxxxxxxxxxxxxxxxxxxxxxxx -appid_client_secret=xxxxxxxxxxxxxxxxxxxxxx +OAUTH_APPID_BASE_AUTH_URI=https://xxx.appid.cloud.ibm.com/oauth/v4 +OAUTH_APPID_REDIRECT_ROUTE=connect_appid_check +OAUTH_APPID_IDP=saml +OAUTH_APPID_TENANT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxx +OAUTH_APPID_CLIENT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxx +OAUTH_APPID_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxx ``` ### Step 2 - Add the client controller @@ -92,11 +93,11 @@ class AppIdController extends AbstractController */ public function connect(ClientRegistry $clientRegistry): RedirectResponse { - return $clientRegistry->getClient('appid_main')->redirect(); + return $clientRegistry->getClient('appid')->redirect(); } /** - * @Route("/connect/check", name="connect_check_appid") + * @Route("/connect/check", name="connect_appid_check") * * Callback route * @@ -218,7 +219,7 @@ class AppIdAuthenticator extends SocialAuthenticator */ private function getClient(): OAuth2ClientInterface { - return $this->clientRegistry->getClient('appid_main'); + return $this->clientRegistry->getClient('appid'); } /** diff --git a/docs/examples/authorization.php b/docs/examples/authorization.php index fc3342e..04569a1 100644 --- a/docs/examples/authorization.php +++ b/docs/examples/authorization.php @@ -1,6 +1,6 @@ '', - 'tenant_id' => '', + 'baseAuthUri' => '', + 'tenantId' => '', 'clientId' => '', 'clientSecret' => '', 'redirectUri' => '', @@ -53,9 +53,9 @@ // We have an access token, which we may use in authenticated // requests against the service provider's API. echo 'Access Token: ', $accessToken->getToken(), '
'; - echo 'Refresh Token: ' , $accessToken->getRefreshToken(), '
'; - echo 'Expired in: ' , $accessToken->getExpires(), '
'; - echo 'Already expired? ' , ($accessToken->hasExpired() ? 'expired' : 'not expired'), '
'; + echo 'Refresh Token: ', $accessToken->getRefreshToken(), '
'; + echo 'Expired in: ', $accessToken->getExpires(), '
'; + echo 'Already expired? ', ($accessToken->hasExpired() ? 'expired' : 'not expired'), '
'; // Using the access token, we may look up details about the // resource owner. diff --git a/docs/examples/index.php b/docs/examples/index.php index 8ab33fc..dac97fb 100644 --- a/docs/examples/index.php +++ b/docs/examples/index.php @@ -1,6 +1,6 @@ '', - 'tenant_id' => '', + 'baseAuthUri' => '', + 'tenantId' => '', 'clientId' => '', 'clientSecret' => '', 'redirectUri' => '', diff --git a/phpunit.xml.dist b/phpunit.xml.dist index f7aef77..9e40893 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -27,7 +27,7 @@ + highLowerBound="80"/> diff --git a/src/Provider/AppIdProvider.php b/src/Provider/AppIdProvider.php index 5443cad..d9f0be6 100644 --- a/src/Provider/AppIdProvider.php +++ b/src/Provider/AppIdProvider.php @@ -22,21 +22,15 @@ class AppIdProvider extends AbstractProvider use BearerAuthorizationTrait; public const IDP_SAML = 'saml'; - public const IDP_ANON = 'appid_anon'; - public const IDP_FACEBOOK = 'facebook'; - public const IDP_GOOGLE = 'google'; /** @var string */ - private $baseAuthUri; + protected $baseAuthUri; /** @var string */ - private $tenantId; + protected $tenantId; /** @var string */ - private $redirectRouteName; - - /** @var string */ - private $idp; + protected $idp; /** * AppIdProvider constructor. @@ -48,22 +42,14 @@ class AppIdProvider extends AbstractProvider */ public function __construct(array $options = [], array $collaborators = []) { - if (empty($options['base_auth_uri']) || empty($options['tenant_id'])) { - throw new AppIdException('Required fields (base_auth_uri or tenant_id) are missing.'); + if (empty($options['baseAuthUri']) || empty($options['tenantId'])) { + throw new AppIdException('Required fields ("baseAuthUri" or "tenantId") are missing.'); } - $this->setBaseAuthUri($options['base_auth_uri']); - $this->setTenantId($options['tenant_id']); - - if (!empty($options['redirect_route'])) { - $this->setRedirectRouteName($options['redirect_route']); + if (empty($options['idp'])) { + $options['idp'] = self::IDP_SAML; } - $idp = empty($options['idp']) ? self::IDP_SAML : $options['idp']; - $this->setIdp($idp); - - unset($options['base_auth_uri'], $options['tenant_id'], $options['redirect_route'], $options['idp'], $idp); - $collaborators['optionProvider'] = new HttpBasicAuthOptionProvider(); parent::__construct($options, $collaborators); @@ -179,15 +165,6 @@ public function getTenantId(): string return $this->tenantId; } - /** - * @author Dzianis Kotau - * @return string - */ - public function getRedirectRouteName(): string - { - return $this->redirectRouteName; - } - /** * @author Dzianis Kotau * @return string @@ -303,78 +280,13 @@ protected function fetchRevoke(AccessToken $token): string /** * @inheritDoc * @author Dzianis Kotau - * @throws AppIdException */ protected function getAuthorizationParameters(array $options): array { - if (!empty($options['idp'])) { - $this->setIdp($options['idp']); + if (empty($options['idp'])) { + $options['idp'] = $this->idp = self::IDP_SAML; } - $options['idp'] = $this->getIdp(); - return parent::getAuthorizationParameters($options); } - - /** - * @param string $baseUri - * - * @author Dzianis Kotau - * @return self - */ - private function setBaseAuthUri(string $baseUri): self - { - $this->baseAuthUri = $baseUri; - - return $this; - } - - /** - * @param string $tenantId - * - * @author Dzianis Kotau - * @return self - */ - private function setTenantId(string $tenantId): self - { - $this->tenantId = $tenantId; - - return $this; - } - - /** - * @param string $redirectRouteName - * - * @author Dzianis Kotau - * @return self - */ - private function setRedirectRouteName(string $redirectRouteName): self - { - $this->redirectRouteName = $redirectRouteName; - - return $this; - } - - /** - * @author Dzianis Kotau - * @param string $idp - * - * @throws AppIdException - * @return self - */ - private function setIdp(string $idp): self - { - if (!in_array($idp, [ - self::IDP_SAML, - self::IDP_ANON, - self::IDP_FACEBOOK, - self::IDP_GOOGLE, - ], true)) { - throw new AppIdException('IDP "' . $idp . '" is not supported.'); - } - - $this->idp = $idp; - - return $this; - } } diff --git a/tests/src/Provider/AppIdProviderTest.php b/tests/src/Provider/AppIdProviderTest.php index e604e7e..2b9e2be 100644 --- a/tests/src/Provider/AppIdProviderTest.php +++ b/tests/src/Provider/AppIdProviderTest.php @@ -28,9 +28,6 @@ class AppIdProviderTest extends MockeryTestCase /** @var string */ protected $tenantId = 'mock_tenant_id'; - /** @var string */ - protected $redirectRoute = 'mock_redirect_route'; - /** @var string */ protected $clientId = 'mock_client_id'; @@ -46,9 +43,8 @@ class AppIdProviderTest extends MockeryTestCase public function setUp(): void { $this->provider = new AppIdProvider([ - 'base_auth_uri' => $this->baseAuthUri, - 'tenant_id' => $this->tenantId, - 'redirect_route' => $this->redirectRoute, + 'baseAuthUri' => $this->baseAuthUri, + 'tenantId' => $this->tenantId, 'clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUri, @@ -165,14 +161,6 @@ public function testGetRevokeUrl(): void $this->assertEquals($this->baseAuthUri . '/' . $this->tenantId . '/revoke', $uri['path']); } - /** - * @author Dzianis Kotau - */ - public function testGetRedirectRouteName(): void - { - $this->assertEquals($this->redirectRoute, $this->provider->getRedirectRouteName()); - } - /** * @author Dzianis Kotau */ @@ -612,37 +600,14 @@ public function testDefaultIdp(): void $this->assertEquals(AppIdProvider::IDP_SAML, $query['idp']); } - /** - * @author Dzianis Kotau - */ - public function testAllowedIdp(): void - { - $url = $this->provider->getAuthorizationUrl(['idp' => AppIdProvider::IDP_GOOGLE]); - $uri = parse_url($url); - parse_str($uri['query'], $query); - - $this->assertEquals(AppIdProvider::IDP_GOOGLE, $query['idp']); - } - - /** - * @author Dzianis Kotau - */ - public function testDisallowedIdp(): void - { - $this->expectException(AppIdException::class); - $this->expectExceptionMessage('IDP "not_allowed" is not supported.'); - $this->provider->getAuthorizationUrl(['idp' => 'not_allowed']); - } - /** * @author Dzianis Kotau */ public function testErrorInitialization(): void { $this->expectException(AppIdException::class); - $this->expectExceptionMessage('Required fields (base_auth_uri or tenant_id) are missing.'); + $this->expectExceptionMessage('Required fields ("baseAuthUri" or "tenantId") are missing.'); $provider = new AppIdProvider([ - 'redirect_route' => $this->redirectRoute, 'clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUri,