diff --git a/1 b/1 new file mode 100644 index 00000000..4207eff2 --- /dev/null +++ b/1 @@ -0,0 +1,113 @@ +# This is a combination of 2 commits. +# This is the 1st commit message: + +Replace use-statements with fqdn phpdocs (src) + +# This is the commit message #2: + +#eplace use-statements with fqdn phpdocs + +# Please enter the commit message for your changes. Lines starting +# with '#' will be ignored, and an empty message aborts the commit. +# +# Date: Mon May 27 23:07:53 2024 +0200 +# +# interactive rebase in progress; onto 0ffb51f +# Last commands done (2 commands done): +# reword 6db30c7 Replace use-statements with fqdn phpdocs +# squash 24e0ad6 Replace use-statements with fqdn phpdocs +# No commands remaining. +# You are currently rebasing branch 'style/phpdoc-fqdn' on '0ffb51f'. +# +# Changes to be committed: +# modified: hooks/hook_cron.php +# modified: hooks/hook_federationpage.php +# modified: hooks/hook_frontpage.php +# modified: phpcs.xml +# modified: src/Bridges/SspBridge/Module.php +# modified: src/Controller/AccessTokenController.php +# modified: src/Controller/AuthorizationController.php +# modified: src/Controller/Client/CreateController.php +# modified: src/Controller/Client/DeleteController.php +# modified: src/Controller/Client/EditController.php +# modified: src/Controller/Client/IndexController.php +# modified: src/Controller/Client/ResetSecretController.php +# modified: src/Controller/Client/ShowController.php +# modified: src/Controller/Federation/EntityStatementController.php +# modified: src/Controller/InstallerController.php +# modified: src/Controller/LogoutController.php +# modified: src/Controller/Traits/AuthenticatedGetClientFromRequestTrait.php +# modified: src/Controller/Traits/GetClientFromRequestTrait.php +# modified: src/Controller/Traits/RequestTrait.php +# modified: src/Controller/UserInfoController.php +# modified: src/Entities/AccessTokenEntity.php +# modified: src/Entities/AuthCodeEntity.php +# modified: src/Entities/ClientEntity.php +# modified: src/Entities/RefreshTokenEntity.php +# modified: src/Entities/UserEntity.php +# modified: src/Factories/AuthSimpleFactory.php +# modified: src/Factories/AuthorizationServerFactory.php +# modified: src/Factories/ClaimTranslatorExtractorFactory.php +# modified: src/Factories/FormFactory.php +# modified: src/Factories/ResourceServerFactory.php +# modified: src/Factories/TemplateFactory.php +# modified: src/Forms/ClientForm.php +# modified: src/Forms/Controls/CsrfProtection.php +# modified: src/ModuleConfig.php +# modified: src/Repositories/AbstractDatabaseRepository.php +# modified: src/Repositories/AccessTokenRepository.php +# modified: src/Repositories/AuthCodeRepository.php +# modified: src/Repositories/ClientRepository.php +# modified: src/Repositories/CodeChallengeVerifiersRepository.php +# modified: src/Repositories/Interfaces/AccessTokenRepositoryInterface.php +# modified: src/Repositories/RefreshTokenRepository.php +# modified: src/Repositories/ScopeRepository.php +# modified: src/Repositories/UserRepository.php +# modified: src/Server/AuthorizationServer.php +# modified: src/Server/Exceptions/OidcServerException.php +# modified: src/Server/Grants/AuthCodeGrant.php +# modified: src/Server/Grants/ImplicitGrant.php +# modified: src/Server/Grants/OAuth2ImplicitGrant.php +# modified: src/Server/Grants/RefreshTokenGrant.php +# modified: src/Server/Grants/Traits/IssueAccessTokenTrait.php +# modified: src/Server/LogoutHandlers/BackChannelLogoutHandler.php +# modified: src/Server/ResponseTypes/IdTokenResponse.php +# modified: src/Server/Validators/BearerTokenValidator.php +# modified: src/Services/AuthContextService.php +# modified: src/Services/AuthProcService.php +# modified: src/Services/AuthenticationService.php +# modified: src/Services/DatabaseLegacyOAuth2Import.php +# modified: src/Services/IdTokenBuilder.php +# modified: src/Services/JsonWebKeySetService.php +# modified: src/Services/JsonWebTokenBuilderService.php +# modified: src/Services/LogoutTokenBuilder.php +# modified: src/Services/OpMetadataService.php +# modified: src/Services/RoutingService.php +# modified: src/Services/SessionMessagesService.php +# modified: src/Services/SessionService.php +# modified: src/Stores/Session/LogoutTicketStoreDb.php +# modified: src/Utils/Checker/Interfaces/RequestRuleInterface.php +# modified: src/Utils/Checker/Interfaces/ResultBagInterface.php +# modified: src/Utils/Checker/RequestRulesManager.php +# modified: src/Utils/Checker/ResultBag.php +# modified: src/Utils/Checker/Rules/AcrValuesRule.php +# modified: src/Utils/Checker/Rules/AddClaimsToIdTokenRule.php +# modified: src/Utils/Checker/Rules/CodeChallengeMethodRule.php +# modified: src/Utils/Checker/Rules/CodeChallengeRule.php +# modified: src/Utils/Checker/Rules/IdTokenHintRule.php +# modified: src/Utils/Checker/Rules/MaxAgeRule.php +# modified: src/Utils/Checker/Rules/PostLogoutRedirectUriRule.php +# modified: src/Utils/Checker/Rules/PromptRule.php +# modified: src/Utils/Checker/Rules/RedirectUriRule.php +# modified: src/Utils/Checker/Rules/RequestParameterRule.php +# modified: src/Utils/Checker/Rules/RequestedClaimsRule.php +# modified: src/Utils/Checker/Rules/RequiredNonceRule.php +# modified: src/Utils/Checker/Rules/RequiredOpenIdScopeRule.php +# modified: src/Utils/Checker/Rules/ScopeOfflineAccessRule.php +# modified: src/Utils/Checker/Rules/ScopeRule.php +# modified: src/Utils/ClaimTranslatorExtractor.php +# modified: src/Utils/FingerprintGenerator.php +# modified: src/Utils/ScopeHelper.php +# modified: src/Utils/TimestampGenerator.php +# modified: src/Utils/UniqueIdentifierGenerator.php +# diff --git a/hooks/hook_cron.php b/hooks/hook_cron.php index 1ea969ae..cb57e66d 100644 --- a/hooks/hook_cron.php +++ b/hooks/hook_cron.php @@ -14,8 +14,6 @@ * file that was distributed with this source code. */ -use Psr\Container\ContainerExceptionInterface; -use Psr\Container\NotFoundExceptionInterface; use SimpleSAML\Logger; use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Repositories\AccessTokenRepository; @@ -25,11 +23,10 @@ use SimpleSAML\Module\oidc\Services\Container; /** - * @param array $croninfo - * @throws OidcServerException - * @throws ContainerExceptionInterface - * @throws NotFoundExceptionInterface - * @throws Exception + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Psr\Container\ContainerExceptionInterface + * @throws \Psr\Container\NotFoundExceptionInterface + * @throws \Exception */ function oidc_hook_cron(array &$croninfo): void { @@ -55,15 +52,15 @@ function oidc_hook_cron(array &$croninfo): void $container = new Container(); try { - /** @var AccessTokenRepository $accessTokenRepository */ + /** @var \SimpleSAML\Module\oidc\Repositories\AccessTokenRepository $accessTokenRepository */ $accessTokenRepository = $container->get(AccessTokenRepository::class); $accessTokenRepository->removeExpired(); - /** @var AuthCodeRepository $authTokenRepository */ + /** @var \SimpleSAML\Module\oidc\Repositories\AuthCodeRepository $authTokenRepository */ $authTokenRepository = $container->get(AuthCodeRepository::class); $authTokenRepository->removeExpired(); - /** @var RefreshTokenRepository $refreshTokenRepository */ + /** @var \SimpleSAML\Module\oidc\Repositories\RefreshTokenRepository $refreshTokenRepository */ $refreshTokenRepository = $container->get(RefreshTokenRepository::class); $refreshTokenRepository->removeExpired(); diff --git a/hooks/hook_federationpage.php b/hooks/hook_federationpage.php index dca1cca7..6c0ae6d0 100644 --- a/hooks/hook_federationpage.php +++ b/hooks/hook_federationpage.php @@ -14,11 +14,14 @@ * file that was distributed with this source code. */ +use SimpleSAML\Locale\Translate; use SimpleSAML\Module; use SimpleSAML\Module\oidc\Services\DatabaseMigration; use SimpleSAML\XHTML\Template; -use SimpleSAML\Locale\Translate; +/** + * @param \SimpleSAML\XHTML\Template $template + */ function oidc_hook_federationpage(Template $template): void { $href = Module::getModuleURL('oidc/admin-clients/index.php'); diff --git a/hooks/hook_frontpage.php b/hooks/hook_frontpage.php index 7b642389..9bedae85 100644 --- a/hooks/hook_frontpage.php +++ b/hooks/hook_frontpage.php @@ -17,6 +17,8 @@ use SimpleSAML\Module; use SimpleSAML\Module\oidc\Services\DatabaseMigration; +/** + */ function oidc_hook_frontpage(array &$links): void { if (!is_array($links['federation'])) { diff --git a/phpcs.xml b/phpcs.xml index 6c188982..99a9ef64 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -22,7 +22,7 @@ - + diff --git a/src/Bridges/SspBridge/Module.php b/src/Bridges/SspBridge/Module.php index b9e9916b..b423fac0 100644 --- a/src/Bridges/SspBridge/Module.php +++ b/src/Bridges/SspBridge/Module.php @@ -4,10 +4,12 @@ namespace SimpleSAML\Module\oidc\Bridges\SspBridge; +use SimpleSAML\Module as SspModule; + class Module { public function getModuleUrl(string $resource, array $parameters = []): string { - return \SimpleSAML\Module::getModuleURL($resource, $parameters); + return SspModule::getModuleURL($resource, $parameters); } } diff --git a/src/Controller/AccessTokenController.php b/src/Controller/AccessTokenController.php index cc83c404..2e9fbe5c 100644 --- a/src/Controller/AccessTokenController.php +++ b/src/Controller/AccessTokenController.php @@ -17,7 +17,6 @@ use Laminas\Diactoros\Response; use Laminas\Diactoros\ServerRequest; -use League\OAuth2\Server\Exception\OAuthServerException; use Psr\Http\Message\ResponseInterface; use SimpleSAML\Module\oidc\Controller\Traits\RequestTrait; use SimpleSAML\Module\oidc\Repositories\AllowedOriginRepository; @@ -34,7 +33,7 @@ public function __construct( } /** - * @throws OAuthServerException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function __invoke(ServerRequest $request): ResponseInterface { diff --git a/src/Controller/AuthorizationController.php b/src/Controller/AuthorizationController.php index f6592b6a..20988720 100644 --- a/src/Controller/AuthorizationController.php +++ b/src/Controller/AuthorizationController.php @@ -16,19 +16,15 @@ namespace SimpleSAML\Module\oidc\Controller; -use Exception; use Laminas\Diactoros\Response; use Laminas\Diactoros\ServerRequest; -use League\OAuth2\Server\Exception\OAuthServerException; use Psr\Http\Message\ResponseInterface; -use SimpleSAML\Error; use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Server\AuthorizationServer; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Server\RequestTypes\AuthorizationRequest; use SimpleSAML\Module\oidc\Services\AuthenticationService; use SimpleSAML\Module\oidc\Services\LoggerService; -use Throwable; class AuthorizationController { @@ -41,12 +37,13 @@ public function __construct( } /** - * @throws Error\AuthSource - * @throws Error\BadRequest - * @throws Error\NotFound - * @throws Error\Exception - * @throws OAuthServerException - * @throws Exception|Throwable + * @throws \Exception + * @throws \SimpleSAML\Error\AuthSource + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Error\Exception + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \Throwable */ public function __invoke(ServerRequest $request): ResponseInterface { @@ -71,7 +68,8 @@ public function __invoke(ServerRequest $request): ResponseInterface /** * Validate authorization request after the authn has been performed. For example, check if the * ACR claim has been requested and that authn performed satisfies it. - * @throws Exception + * + * @throws \Exception */ protected function validatePostAuthnAuthorizationRequest(AuthorizationRequest $authorizationRequest): void { @@ -79,7 +77,7 @@ protected function validatePostAuthnAuthorizationRequest(AuthorizationRequest $a } /** - * @throws Exception + * @throws \Exception */ protected function validateAcr(AuthorizationRequest $authorizationRequest): void { diff --git a/src/Controller/Client/CreateController.php b/src/Controller/Client/CreateController.php index 852227a3..5e7ae30b 100644 --- a/src/Controller/Client/CreateController.php +++ b/src/Controller/Client/CreateController.php @@ -17,7 +17,6 @@ namespace SimpleSAML\Module\oidc\Controller\Client; use Laminas\Diactoros\Response\RedirectResponse; -use SimpleSAML\Error\Exception; use SimpleSAML\Module\oidc\Entities\ClientEntity; use SimpleSAML\Module\oidc\Factories\FormFactory; use SimpleSAML\Module\oidc\Factories\TemplateFactory; @@ -44,8 +43,9 @@ public function __construct( } /** - * @return RedirectResponse|Template - * @throws Exception + * @return \Laminas\Diactoros\Response\RedirectResponse|\SimpleSAML\XHTML\Template + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException * @throws \Exception */ public function __invoke(): Template|RedirectResponse diff --git a/src/Controller/Client/DeleteController.php b/src/Controller/Client/DeleteController.php index b656af73..bf8bb575 100644 --- a/src/Controller/Client/DeleteController.php +++ b/src/Controller/Client/DeleteController.php @@ -16,17 +16,12 @@ namespace SimpleSAML\Module\oidc\Controller\Client; -use JsonException; use Laminas\Diactoros\Response\RedirectResponse; use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\ConfigurationError; -use SimpleSAML\Error\Exception; -use SimpleSAML\Error\NotFound; +use SimpleSAML\Error; use SimpleSAML\Module\oidc\Controller\Traits\AuthenticatedGetClientFromRequestTrait; use SimpleSAML\Module\oidc\Factories\TemplateFactory; use SimpleSAML\Module\oidc\Repositories\ClientRepository; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\AuthContextService; use SimpleSAML\Module\oidc\Services\SessionMessagesService; use SimpleSAML\Utils\HTTP; @@ -47,8 +42,13 @@ public function __construct( } /** - * @throws ConfigurationError|BadRequest|NotFound|Exception|OidcServerException|JsonException * @throws \Exception + * @throws \JsonException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\ConfigurationError + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function __invoke(ServerRequest $request): Template|RedirectResponse { @@ -58,11 +58,11 @@ public function __invoke(ServerRequest $request): Template|RedirectResponse $authedUser = $this->authContextService->isSspAdmin() ? null : $this->authContextService->getAuthUserId(); if ('POST' === mb_strtoupper($request->getMethod())) { if (!$clientSecret) { - throw new BadRequest('Client secret is missing.'); + throw new Error\BadRequest('Client secret is missing.'); } if ($clientSecret !== $client->getSecret()) { - throw new BadRequest('Client secret is invalid.'); + throw new Error\BadRequest('Client secret is invalid.'); } $this->clientRepository->delete($client, $authedUser); diff --git a/src/Controller/Client/EditController.php b/src/Controller/Client/EditController.php index da10c1b5..3602659c 100644 --- a/src/Controller/Client/EditController.php +++ b/src/Controller/Client/EditController.php @@ -18,9 +18,6 @@ use Laminas\Diactoros\Response\RedirectResponse; use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\Exception; -use SimpleSAML\Error\NotFound; use SimpleSAML\Module\oidc\Controller\Traits\AuthenticatedGetClientFromRequestTrait; use SimpleSAML\Module\oidc\Entities\ClientEntity; use SimpleSAML\Module\oidc\Factories\FormFactory; @@ -51,7 +48,10 @@ public function __construct( } /** - * @throws BadRequest|Exception|NotFound|\Exception + * @throws \Exception + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound */ public function __invoke(ServerRequest $request): Template|RedirectResponse { diff --git a/src/Controller/Client/IndexController.php b/src/Controller/Client/IndexController.php index 8bed980a..c912ab29 100644 --- a/src/Controller/Client/IndexController.php +++ b/src/Controller/Client/IndexController.php @@ -17,7 +17,6 @@ namespace SimpleSAML\Module\oidc\Controller\Client; use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Error\Exception; use SimpleSAML\Module\oidc\Factories\TemplateFactory; use SimpleSAML\Module\oidc\Repositories\ClientRepository; use SimpleSAML\Module\oidc\Services\AuthContextService; @@ -33,8 +32,8 @@ public function __construct( } /** - * @throws Exception * @throws \Exception + * @throws \SimpleSAML\Error\Exception */ public function __invoke(ServerRequest $request): Template { diff --git a/src/Controller/Client/ResetSecretController.php b/src/Controller/Client/ResetSecretController.php index 3c6c5a9b..803d3702 100644 --- a/src/Controller/Client/ResetSecretController.php +++ b/src/Controller/Client/ResetSecretController.php @@ -18,9 +18,7 @@ use Laminas\Diactoros\Response\RedirectResponse; use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\Exception; -use SimpleSAML\Error\NotFound; +use SimpleSAML\Error; use SimpleSAML\Module\oidc\Controller\Traits\AuthenticatedGetClientFromRequestTrait; use SimpleSAML\Module\oidc\Repositories\ClientRepository; use SimpleSAML\Module\oidc\Services\AuthContextService; @@ -42,10 +40,10 @@ public function __construct( } /** - * @throws BadRequest - * @throws NotFound - * @throws Exception * @throws \Exception + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\NotFound */ public function __invoke(ServerRequest $request): RedirectResponse { @@ -55,11 +53,11 @@ public function __invoke(ServerRequest $request): RedirectResponse if ('POST' === mb_strtoupper($request->getMethod())) { if (!$clientSecret) { - throw new BadRequest('Client secret is missing.'); + throw new Error\BadRequest('Client secret is missing.'); } if ($clientSecret !== $client->getSecret()) { - throw new BadRequest('Client secret is invalid.'); + throw new Error\BadRequest('Client secret is invalid.'); } $client->restoreSecret((new Random())->generateID()); diff --git a/src/Controller/Client/ShowController.php b/src/Controller/Client/ShowController.php index 3a6b743b..b1872279 100644 --- a/src/Controller/Client/ShowController.php +++ b/src/Controller/Client/ShowController.php @@ -15,16 +15,11 @@ */ namespace SimpleSAML\Module\oidc\Controller\Client; -use JsonException; use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\Exception; -use SimpleSAML\Error\NotFound; use SimpleSAML\Module\oidc\Controller\Traits\AuthenticatedGetClientFromRequestTrait; use SimpleSAML\Module\oidc\Factories\TemplateFactory; use SimpleSAML\Module\oidc\Repositories\AllowedOriginRepository; use SimpleSAML\Module\oidc\Repositories\ClientRepository; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\AuthContextService; use SimpleSAML\XHTML\Template; @@ -43,7 +38,11 @@ public function __construct( } /** - * @throws BadRequest|Exception|NotFound|OidcServerException|JsonException + * @throws \JsonException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Module\oidc\Exceptions\OidcServerException */ public function __invoke(ServerRequest $request): Template { diff --git a/src/Controller/Federation/EntityStatementController.php b/src/Controller/Federation/EntityStatementController.php index 634dda33..1d96d00b 100644 --- a/src/Controller/Federation/EntityStatementController.php +++ b/src/Controller/Federation/EntityStatementController.php @@ -8,7 +8,6 @@ use SimpleSAML\Module\oidc\Codebooks\ClaimValues\TypeEnum; use SimpleSAML\Module\oidc\Codebooks\EntityTypeEnum; use SimpleSAML\Module\oidc\ModuleConfig; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\JsonWebKeySetService; use SimpleSAML\Module\oidc\Services\JsonWebTokenBuilderService; use SimpleSAML\Module\oidc\Services\OpMetadataService; @@ -27,8 +26,8 @@ public function __construct( /** * Return the JWS with the OP configuration statement. - * @return Response - * @throws OidcServerException + * @return \Symfony\Component\HttpFoundation\Response + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function configuration(): Response { diff --git a/src/Controller/InstallerController.php b/src/Controller/InstallerController.php index 5ae32b20..01800768 100644 --- a/src/Controller/InstallerController.php +++ b/src/Controller/InstallerController.php @@ -15,15 +15,13 @@ */ namespace SimpleSAML\Module\oidc\Controller; -use Exception; -use SimpleSAML\XHTML\Template; use SimpleSAML\Module; use SimpleSAML\Module\oidc\Factories\TemplateFactory; use SimpleSAML\Module\oidc\Services\DatabaseLegacyOAuth2Import; use SimpleSAML\Module\oidc\Services\DatabaseMigration; use SimpleSAML\Module\oidc\Services\SessionMessagesService; use SimpleSAML\Utils\HTTP; -use Laminas\Diactoros\Response\RedirectResponse; +use SimpleSAML\XHTML\Template; use Laminas\Diactoros\ServerRequest; use function in_array; @@ -39,7 +37,7 @@ public function __construct( } /** - * @throws Exception + * @throws \Exception */ public function __invoke(ServerRequest $request): Template|RedirectResponse { diff --git a/src/Controller/JwksController.php b/src/Controller/JwksController.php index c3a44a14..6a2bc93f 100644 --- a/src/Controller/JwksController.php +++ b/src/Controller/JwksController.php @@ -16,8 +16,8 @@ namespace SimpleSAML\Module\oidc\Controller; -use SimpleSAML\Module\oidc\Services\JsonWebKeySetService; use Laminas\Diactoros\Response\JsonResponse; +use SimpleSAML\Module\oidc\Services\JsonWebKeySetService; class JwksController { diff --git a/src/Controller/LogoutController.php b/src/Controller/LogoutController.php index 87040110..0502ec2c 100644 --- a/src/Controller/LogoutController.php +++ b/src/Controller/LogoutController.php @@ -4,13 +4,9 @@ namespace SimpleSAML\Module\oidc\Controller; -use Exception; use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\ConfigurationError; use SimpleSAML\Module\oidc\Factories\TemplateFactory; use SimpleSAML\Module\oidc\Server\AuthorizationServer; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Server\LogoutHandlers\BackChannelLogoutHandler; use SimpleSAML\Module\oidc\Server\RequestTypes\LogoutRequest; use SimpleSAML\Module\oidc\Services\LoggerService; @@ -33,9 +29,9 @@ public function __construct( } /** - * @throws BadRequest - * @throws OidcServerException - * @throws Throwable + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function __invoke(ServerRequest $request): Response { @@ -93,7 +89,7 @@ public function __invoke(ServerRequest $request): Response } $currentSessionValidAuthorities = $this->sessionService->getCurrentSession()->getAuthorities(); - if (! empty($currentSessionValidAuthorities)) { + if (!empty($currentSessionValidAuthorities)) { $wasLogoutActionCalled = true; // Initiate logout for every valid auth source for the current session. foreach ($this->sessionService->getCurrentSession()->getAuthorities() as $authSourceId) { @@ -110,7 +106,7 @@ public function __invoke(ServerRequest $request): Response /** * Logout handler function registered using Session::registerLogoutHandler() during authn. - * @throws Exception + * @throws \Exception */ public static function logoutHandler(): void { @@ -119,7 +115,7 @@ public static function logoutHandler(): void // Only run this handler if logout was initiated using OIDC protocol. This is important since this // logout handler will (currently) also be called in re-authentication cases. // https://groups.google.com/g/simplesamlphp/c/-uhiVE8TaF4 - if (! SessionService::getIsOidcInitiatedLogoutForSession($session)) { + if (!SessionService::getIsOidcInitiatedLogoutForSession($session)) { return; } @@ -169,7 +165,7 @@ public static function logoutHandler(): void } /** - * @throws ConfigurationError + * @throws \SimpleSAML\Error\ConfigurationError */ protected function resolveResponse(LogoutRequest $logoutRequest, bool $wasLogoutActionCalled): Response { diff --git a/src/Controller/Traits/AuthenticatedGetClientFromRequestTrait.php b/src/Controller/Traits/AuthenticatedGetClientFromRequestTrait.php index 792c6e22..5385f732 100644 --- a/src/Controller/Traits/AuthenticatedGetClientFromRequestTrait.php +++ b/src/Controller/Traits/AuthenticatedGetClientFromRequestTrait.php @@ -16,11 +16,8 @@ namespace SimpleSAML\Module\oidc\Controller\Traits; -use JsonException; -use SimpleSAML\Error\Exception; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\NotFound; +use SimpleSAML\Error; use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Repositories\ClientRepository; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; @@ -33,7 +30,11 @@ trait AuthenticatedGetClientFromRequestTrait private AuthContextService $authContextService; /** - * @throws BadRequest|NotFound|Exception|OidcServerException|JsonException + * @throws \JsonException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Module\oidc\Exceptions\OidcServerException */ protected function getClientFromRequest(ServerRequestInterface $request): ClientEntityInterface { @@ -41,7 +42,7 @@ protected function getClientFromRequest(ServerRequestInterface $request): Client $clientId = empty($params['client_id']) ? null : (string)$params['client_id']; if (!is_string($clientId)) { - throw new BadRequest('Client id is missing.'); + throw new Error\BadRequest('Client id is missing.'); } $authedUser = null; if (!$this->authContextService->isSspAdmin()) { diff --git a/src/Controller/Traits/GetClientFromRequestTrait.php b/src/Controller/Traits/GetClientFromRequestTrait.php index f375cc36..01070d53 100644 --- a/src/Controller/Traits/GetClientFromRequestTrait.php +++ b/src/Controller/Traits/GetClientFromRequestTrait.php @@ -16,20 +16,20 @@ namespace SimpleSAML\Module\oidc\Controller\Traits; -use JsonException; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\NotFound; +use SimpleSAML\Error; use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Repositories\ClientRepository; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; trait GetClientFromRequestTrait { protected ClientRepository $clientRepository; /** - * @throws BadRequest|NotFound|OidcServerException|JsonException + * @throws \JsonException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ protected function getClientFromRequest(ServerRequestInterface $request): ClientEntityInterface { @@ -37,12 +37,12 @@ protected function getClientFromRequest(ServerRequestInterface $request): Client $clientId = empty($params['client_id']) ? null : (string)$params['client_id']; if (!is_string($clientId)) { - throw new BadRequest('Client id is missing.'); + throw new Error\BadRequest('Client id is missing.'); } $client = $this->clientRepository->findById($clientId); if (!$client) { - throw new NotFound('Client not found.'); + throw new Error\NotFound('Client not found.'); } return $client; diff --git a/src/Controller/Traits/RequestTrait.php b/src/Controller/Traits/RequestTrait.php index 5c12ae4b..aae26eef 100644 --- a/src/Controller/Traits/RequestTrait.php +++ b/src/Controller/Traits/RequestTrait.php @@ -25,7 +25,8 @@ trait RequestTrait /** * Handle CORS 'preflight' requests by checking if 'origin' is registered as allowed to make HTTP CORS requests, * typically initiated in browser by JavaScript clients. - * @throws OidcServerException + * + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ protected function handleCors(ServerRequest $request): Response { diff --git a/src/Controller/UserInfoController.php b/src/Controller/UserInfoController.php index c9de92ca..f264041c 100644 --- a/src/Controller/UserInfoController.php +++ b/src/Controller/UserInfoController.php @@ -19,16 +19,14 @@ use Laminas\Diactoros\Response; use Laminas\Diactoros\Response\JsonResponse; use Laminas\Diactoros\ServerRequest; -use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\ResourceServer; -use SimpleSAML\Error\UserNotFound; +use SimpleSAML\Error; use SimpleSAML\Module\oidc\Controller\Traits\RequestTrait; use SimpleSAML\Module\oidc\Entities\AccessTokenEntity; use SimpleSAML\Module\oidc\Entities\UserEntity; use SimpleSAML\Module\oidc\Repositories\AccessTokenRepository; use SimpleSAML\Module\oidc\Repositories\AllowedOriginRepository; use SimpleSAML\Module\oidc\Repositories\UserRepository; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor; class UserInfoController @@ -45,9 +43,9 @@ public function __construct( } /** - * @throws UserNotFound - * @throws OidcServerException - * @throws OAuthServerException + * @throws \SimpleSAML\Error\UserNotFound + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function __invoke(ServerRequest $request): Response { @@ -65,7 +63,7 @@ public function __invoke(ServerRequest $request): Response $accessToken = $this->accessTokenRepository->findById($tokenId); if (!$accessToken instanceof AccessTokenEntity) { - throw new UserNotFound('Access token not found'); + throw new Error\UserNotFound('Access token not found'); } $user = $this->getUser($accessToken); @@ -81,15 +79,15 @@ public function __invoke(ServerRequest $request): Response } /** - * @throws OidcServerException - * @throws UserNotFound + * @throws \SimpleSAML\Module\oidc\Exceptions\OidcServerException + * @throws \SimpleSAML\Error\UserNotFound */ private function getUser(AccessTokenEntity $accessToken): UserEntity { $userIdentifier = (string) $accessToken->getUserIdentifier(); $user = $this->userRepository->getUserEntityByIdentifier($userIdentifier); if (!$user instanceof UserEntity) { - throw new UserNotFound("User $userIdentifier not found"); + throw new Error\UserNotFound("User $userIdentifier not found"); } return $user; diff --git a/src/Entities/AccessTokenEntity.php b/src/Entities/AccessTokenEntity.php index fb8755ea..cf86ed60 100644 --- a/src/Entities/AccessTokenEntity.php +++ b/src/Entities/AccessTokenEntity.php @@ -16,17 +16,12 @@ namespace SimpleSAML\Module\oidc\Entities; -use Exception; -use JsonException; -use Stringable; use DateTimeImmutable; use Lcobucci\JWT\Token; use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\Entities\Traits\AccessTokenTrait; use League\OAuth2\Server\Entities\Traits\EntityTrait; use League\OAuth2\Server\Entities\Traits\TokenEntityTrait; -use League\OAuth2\Server\Exception\OAuthServerException; use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface; use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Entities\Interfaces\EntityStringRepresentationInterface; @@ -35,6 +30,7 @@ use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\JsonWebTokenBuilderService; use SimpleSAML\Module\oidc\Utils\TimestampGenerator; +use Stringable; /** * @psalm-suppress PropertyNotSetInConstructor @@ -69,7 +65,7 @@ private function __construct() /** * Create new Access Token from data. * - * @param ScopeEntityInterface[] $scopes + * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes */ public static function fromData( OAuth2ClientEntityInterface $clientEntity, @@ -92,7 +88,9 @@ public static function fromData( } /** - * @throws OidcServerException|JsonException|Exception + * @throws \Exception + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public static function fromState(array $state): self { @@ -155,8 +153,7 @@ public function setRequestedClaims(array $requestedClaims): void /** * {@inheritdoc} - * @throws JsonException - * @throws JsonException + * @throws \JsonException */ public function getState(): array { @@ -175,7 +172,7 @@ public function getState(): array /** * Generate string representation, save it in a field, and return it. * @return string - * @throws OAuthServerException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function __toString(): string { @@ -195,9 +192,9 @@ public function toString(): ?string * Implemented instead of original AccessTokenTrait::convertToJWT() method in order to remove microseconds from * timestamps and to add claims like iss, etc., by using our own JWT builder service. * - * @return Token - * @throws OAuthServerException - * @throws Exception + * @return \Lcobucci\JWT\Token + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \Exception */ protected function convertToJWT(): Token { diff --git a/src/Entities/AuthCodeEntity.php b/src/Entities/AuthCodeEntity.php index 9cca532a..b99c2e1a 100644 --- a/src/Entities/AuthCodeEntity.php +++ b/src/Entities/AuthCodeEntity.php @@ -16,8 +16,6 @@ namespace SimpleSAML\Module\oidc\Entities; use DateTimeImmutable; -use Exception; -use JsonException; use League\OAuth2\Server\Entities\Traits\EntityTrait; use League\OAuth2\Server\Entities\Traits\TokenEntityTrait; use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; @@ -26,7 +24,6 @@ use SimpleSAML\Module\oidc\Entities\Traits\RevokeTokenTrait; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Utils\TimestampGenerator; -use SimpleSAML\Module\oidc\Entities\Interfaces\AuthCodeEntityInterface; class AuthCodeEntity implements AuthCodeEntityInterface, MementoInterface { @@ -36,8 +33,9 @@ class AuthCodeEntity implements AuthCodeEntityInterface, MementoInterface use RevokeTokenTrait; /** - * @throws OidcServerException|JsonException - * @throws Exception + * @throws \Exception + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public static function fromState(array $state): self { @@ -81,7 +79,7 @@ public static function fromState(array $state): self } /** - * @throws JsonException + * @throws \JsonException */ public function getState(): array { diff --git a/src/Entities/ClientEntity.php b/src/Entities/ClientEntity.php index 3838a9af..81bf55e5 100644 --- a/src/Entities/ClientEntity.php +++ b/src/Entities/ClientEntity.php @@ -16,10 +16,9 @@ namespace SimpleSAML\Module\oidc\Entities; -use JsonException; -use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use League\OAuth2\Server\Entities\Traits\ClientTrait; use League\OAuth2\Server\Entities\Traits\EntityTrait; +use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; /** @@ -72,7 +71,7 @@ private function __construct() * @param string|null $owner * @param string[] $postLogoutRedirectUri * @param string|null $backChannelLogoutUri - * @return ClientEntityInterface + * @return \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface */ public static function fromData( string $id, @@ -107,8 +106,8 @@ public static function fromData( } /** - * @throws JsonException - * @throws OidcServerException + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public static function fromState(array $state): self { @@ -161,9 +160,7 @@ public static function fromState(array $state): self /** * {@inheritdoc} - * @throws JsonException - * @throws JsonException - * @throws JsonException + * @throws \JsonException */ public function getState(): array { diff --git a/src/Entities/RefreshTokenEntity.php b/src/Entities/RefreshTokenEntity.php index ca111f2e..d75ddf32 100644 --- a/src/Entities/RefreshTokenEntity.php +++ b/src/Entities/RefreshTokenEntity.php @@ -17,7 +17,6 @@ namespace SimpleSAML\Module\oidc\Entities; use DateTimeImmutable; -use Exception; use League\OAuth2\Server\Entities\Traits\EntityTrait; use League\OAuth2\Server\Entities\Traits\RefreshTokenTrait; use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface; @@ -35,8 +34,8 @@ class RefreshTokenEntity implements RefreshTokenEntityInterface use AssociateWithAuthCodeTrait; /** - * @throws OidcServerException - * @throws Exception + * @throws \Exception + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public static function fromState(array $state): RefreshTokenEntityInterface { diff --git a/src/Entities/UserEntity.php b/src/Entities/UserEntity.php index c5ce1135..40e3fbac 100644 --- a/src/Entities/UserEntity.php +++ b/src/Entities/UserEntity.php @@ -17,7 +17,6 @@ namespace SimpleSAML\Module\oidc\Entities; use DateTime; -use Exception; use League\OAuth2\Server\Entities\UserEntityInterface; use SimpleSAML\Module\oidc\Entities\Interfaces\ClaimSetInterface; use SimpleSAML\Module\oidc\Entities\Interfaces\MementoInterface; @@ -54,7 +53,7 @@ private function __construct() } /** - * @throws Exception + * @throws \Exception */ public static function fromData(string $identifier, array $claims = []): self { @@ -69,9 +68,8 @@ public static function fromData(string $identifier, array $claims = []): self } /** - * @throws OidcServerException - * @throws Exception - * @throws Exception + * @throws \Exception + * @throws \SimpleSAML\Module\oidc\Exceptions\OidcServerException */ public static function fromState(array $state): self { diff --git a/src/Factories/AuthSimpleFactory.php b/src/Factories/AuthSimpleFactory.php index 5b339e19..70c91d9f 100644 --- a/src/Factories/AuthSimpleFactory.php +++ b/src/Factories/AuthSimpleFactory.php @@ -13,13 +13,13 @@ * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ + namespace SimpleSAML\Module\oidc\Factories; -use Exception; use SimpleSAML\Auth\Simple; -use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Controller\Traits\GetClientFromRequestTrait; use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; +use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Repositories\ClientRepository; class AuthSimpleFactory @@ -35,7 +35,7 @@ public function __construct( /** * @codeCoverageIgnore - * @throws Exception + * @throws \Exception */ public function build(ClientEntityInterface $clientEntity): Simple { @@ -46,7 +46,7 @@ public function build(ClientEntityInterface $clientEntity): Simple /** * @return Simple The default authsource - * @throws Exception + * @throws \Exception */ public function getDefaultAuthSource(): Simple { @@ -56,7 +56,7 @@ public function getDefaultAuthSource(): Simple /** * Get auth source defined on the client. If not set on the client, get the default auth source defined in config. * - * @throws Exception + * @throws \Exception */ public function resolveAuthSourceId(ClientEntityInterface $client): string { @@ -64,7 +64,7 @@ public function resolveAuthSourceId(ClientEntityInterface $client): string } /** - * @throws Exception + * @throws \Exception */ public function getDefaultAuthSourceId(): string { diff --git a/src/Factories/AuthorizationServerFactory.php b/src/Factories/AuthorizationServerFactory.php index 4f4762e2..8ac37507 100644 --- a/src/Factories/AuthorizationServerFactory.php +++ b/src/Factories/AuthorizationServerFactory.php @@ -13,15 +13,14 @@ * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ + namespace SimpleSAML\Module\oidc\Factories; use DateInterval; use SimpleSAML\Module\oidc\Server\AuthorizationServer; -use League\OAuth2\Server\CryptKey; use SimpleSAML\Module\oidc\Server\Grants\AuthCodeGrant; use SimpleSAML\Module\oidc\Server\Grants\ImplicitGrant; use SimpleSAML\Module\oidc\Server\Grants\OAuth2ImplicitGrant; -use League\OAuth2\Server\Grant\RefreshTokenGrant; use SimpleSAML\Module\oidc\Repositories\AccessTokenRepository; use SimpleSAML\Module\oidc\Repositories\ClientRepository; use SimpleSAML\Module\oidc\Repositories\ScopeRepository; diff --git a/src/Factories/ClaimTranslatorExtractorFactory.php b/src/Factories/ClaimTranslatorExtractorFactory.php index 762bf29f..b137eb66 100644 --- a/src/Factories/ClaimTranslatorExtractorFactory.php +++ b/src/Factories/ClaimTranslatorExtractorFactory.php @@ -16,9 +16,8 @@ namespace SimpleSAML\Module\oidc\Factories; -use Exception; -use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Entities\ClaimSetEntity; +use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor; class ClaimTranslatorExtractorFactory @@ -32,7 +31,7 @@ public function __construct(private readonly ModuleConfig $moduleConfig) } /** - * @throws Exception + * @throws \Exception */ public function build(): ClaimTranslatorExtractor { diff --git a/src/Factories/FormFactory.php b/src/Factories/FormFactory.php index caaf84dc..ebd4713b 100644 --- a/src/Factories/FormFactory.php +++ b/src/Factories/FormFactory.php @@ -13,13 +13,13 @@ * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ + namespace SimpleSAML\Module\oidc\Factories; use Nette\Forms\Form; use SimpleSAML\Error\Exception; -use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Forms\Controls\CsrfProtection; -use SimpleSAML\Session; +use SimpleSAML\Module\oidc\ModuleConfig; class FormFactory { @@ -30,7 +30,7 @@ public function __construct(private readonly ModuleConfig $moduleConfig, protect /** * @param class-string $classname Form classname * - * @throws \Exception + * @throws \SimpleSAML\Error\Exception * * @return mixed */ diff --git a/src/Factories/Grant/AuthCodeGrantFactory.php b/src/Factories/Grant/AuthCodeGrantFactory.php index ccb0d087..e786bf67 100644 --- a/src/Factories/Grant/AuthCodeGrantFactory.php +++ b/src/Factories/Grant/AuthCodeGrantFactory.php @@ -17,7 +17,6 @@ namespace SimpleSAML\Module\oidc\Factories\Grant; use DateInterval; -use Exception; use SimpleSAML\Module\oidc\Repositories\AccessTokenRepository; use SimpleSAML\Module\oidc\Repositories\AuthCodeRepository; use SimpleSAML\Module\oidc\Repositories\RefreshTokenRepository; diff --git a/src/Factories/ResourceServerFactory.php b/src/Factories/ResourceServerFactory.php index 9798b570..12245c9d 100644 --- a/src/Factories/ResourceServerFactory.php +++ b/src/Factories/ResourceServerFactory.php @@ -13,6 +13,7 @@ * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ + namespace SimpleSAML\Module\oidc\Factories; use League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface; diff --git a/src/Factories/TemplateFactory.php b/src/Factories/TemplateFactory.php index 7f756d47..0fdc5bc3 100644 --- a/src/Factories/TemplateFactory.php +++ b/src/Factories/TemplateFactory.php @@ -13,10 +13,10 @@ * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ + namespace SimpleSAML\Module\oidc\Factories; use SimpleSAML\Configuration; -use SimpleSAML\Error\ConfigurationError; use SimpleSAML\XHTML\Template; class TemplateFactory @@ -29,7 +29,7 @@ public function __construct(Configuration $configuration) } /** - * @throws ConfigurationError + * @throws \SimpleSAML\Error\ConfigurationError */ public function render(string $templateName, array $data = []): Template { diff --git a/src/Forms/ClientForm.php b/src/Forms/ClientForm.php index 82c6c0fa..60e448d6 100644 --- a/src/Forms/ClientForm.php +++ b/src/Forms/ClientForm.php @@ -16,7 +16,6 @@ namespace SimpleSAML\Module\oidc\Forms; -use Exception; use Nette\Forms\Form; use SimpleSAML\Auth\Source; use SimpleSAML\Module\oidc\Forms\Controls\CsrfProtection; @@ -50,7 +49,7 @@ class ClientForm extends Form final public const REGEX_HTTP_URI = '/^http(s?):\/\/[^\s\/$.?#][^\s#]*$/i'; /** - * @throws Exception + * @throws \Exception */ public function __construct(private readonly ModuleConfig $moduleConfig, protected CsrfProtection $csrfProtection) { @@ -159,11 +158,11 @@ public function getValues(string|object|bool|null $returnType = null, ?array $co } /** - * @throws Exception + * @throws \Exception */ public function setDefaults(object|array $data, bool $erase = false): static { - if (! is_array($data)) { + if (!is_array($data)) { if ($data instanceof Traversable) { $data = iterator_to_array($data); } else { @@ -176,7 +175,7 @@ public function setDefaults(object|array $data, bool $erase = false): static $data['redirect_uri'] = implode("\n", $redirectUris); // Allowed origins are only available for public clients (not for confidential clients). - if (! $data['is_confidential'] && isset($data['allowed_origin'])) { + if (!$data['is_confidential'] && isset($data['allowed_origin'])) { /** @var string[] $allowedOrigins */ $allowedOrigins = is_array($data['allowed_origin']) ? $data['allowed_origin'] : []; $data['allowed_origin'] = implode("\n", $allowedOrigins); @@ -197,7 +196,7 @@ public function setDefaults(object|array $data, bool $erase = false): static } /** - * @throws Exception + * @throws \Exception */ protected function buildForm(): void { @@ -244,7 +243,7 @@ protected function buildForm(): void } /** - * @throws Exception + * @throws \Exception */ protected function getScopes(): array { diff --git a/src/Forms/Controls/CsrfProtection.php b/src/Forms/Controls/CsrfProtection.php index a6decde5..0b93b51c 100644 --- a/src/Forms/Controls/CsrfProtection.php +++ b/src/Forms/Controls/CsrfProtection.php @@ -16,7 +16,6 @@ namespace SimpleSAML\Module\oidc\Forms\Controls; -use Exception; use Nette\Forms\Controls\CsrfProtection as BaseCsrfProtection; use Nette\InvalidStateException; use Nette\Utils\Random; @@ -29,7 +28,8 @@ class CsrfProtection extends BaseCsrfProtection /** @noinspection PhpMissingParentConstructorInspection */ /** - * @throws Exception + * @throws \Exception + * @throws \Nette\InvalidStateException */ public function __construct(string|Stringable|null $errorMessage, protected Session $sspSession) { @@ -37,7 +37,7 @@ public function __construct(string|Stringable|null $errorMessage, protected Sess // its constructor. This is to avoid setting a Nette session in CsrfProtection parent, and use the SSP one. $hiddentFieldParent = get_parent_class(get_parent_class($this)); - if (! is_string($hiddentFieldParent)) { + if (!is_string($hiddentFieldParent)) { throw new InvalidStateException('CsrfProtection initialization error'); } @@ -53,7 +53,7 @@ public function __construct(string|Stringable|null $errorMessage, protected Sess } /** - * @throws Exception + * @throws \Exception */ public function getToken(): string { diff --git a/src/ModuleConfig.php b/src/ModuleConfig.php index e6d1e44b..28a2c5b1 100644 --- a/src/ModuleConfig.php +++ b/src/ModuleConfig.php @@ -17,14 +17,12 @@ namespace SimpleSAML\Module\oidc; use DateInterval; -use Exception; use Lcobucci\JWT\Signer; use Lcobucci\JWT\Signer\Rsa\Sha256; use ReflectionClass; -use ReflectionException; -use SimpleSAML\Module\oidc\Bridges\SspBridge; use SimpleSAML\Configuration; use SimpleSAML\Error\ConfigurationError; +use SimpleSAML\Module\oidc\Bridges\SspBridge; use SimpleSAML\Module\oidc\Codebooks\ScopesEnum; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; @@ -104,7 +102,7 @@ class ModuleConfig private readonly Configuration $sspConfig; /** - * @throws Exception + * @throws \Exception */ public function __construct( string $fileName = self::DEFAULT_FILE_NAME, // Primarily used for easy (unit) testing overrides. @@ -138,7 +136,7 @@ public function config(): Configuration } /** - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException * @return non-empty-string */ public function getIssuer(): string @@ -164,7 +162,7 @@ public function getModuleUrl(string $path = null): string } /** - * @throws Exception + * @throws \Exception */ public function getOpenIDScopes(): array { @@ -172,7 +170,7 @@ public function getOpenIDScopes(): array } /** - * @throws Exception + * @throws \Exception */ public function getOpenIDPrivateScopes(): array { @@ -181,9 +179,9 @@ public function getOpenIDPrivateScopes(): array /** * @return void - * @throws Exception + * @throws \Exception * - * @throws ConfigurationError + * @throws \SimpleSAML\Error\ConfigurationError */ private function validate(): void { @@ -191,7 +189,7 @@ private function validate(): void array_walk( $privateScopes, /** - * @throws ConfigurationError + * @throws \SimpleSAML\Error\ConfigurationError */ function (array $scope, string $name): void { if (in_array($name, array_keys(self::$standardScopes), true)) { @@ -255,8 +253,8 @@ function (array $scope, string $name): void { /** * Get signer for OIDC protocol. * - * @throws ReflectionException - * @throws Exception + * @throws \ReflectionException + * @throws \Exception */ public function getProtocolSigner(): Signer { @@ -272,7 +270,7 @@ public function getProtocolSigner(): Signer /** * @param class-string $className * @throws \SimpleSAML\Error\ConfigurationError - * @throws ReflectionException + * @throws \ReflectionException */ protected function instantiateSigner(string $className): Signer { @@ -289,7 +287,7 @@ protected function instantiateSigner(string $className): Signer /** * Get the path to the public certificate used in OIDC protocol. * @return string The file system path - * @throws Exception + * @throws \Exception */ public function getProtocolCertPath(): string { @@ -302,7 +300,7 @@ public function getProtocolCertPath(): string /** * Get the path to the private key used in OIDC protocol. - * @throws Exception + * @throws \Exception */ public function getProtocolPrivateKeyPath(): string { @@ -316,7 +314,7 @@ public function getProtocolPrivateKeyPath(): string /** * Get the OIDC protocol private key passphrase. * @return ?string - * @throws Exception + * @throws \Exception */ public function getProtocolPrivateKeyPassPhrase(): ?string { @@ -327,7 +325,7 @@ public function getProtocolPrivateKeyPassPhrase(): ?string * Get autproc filters defined in the OIDC configuration. * * @return array - * @throws Exception + * @throws \Exception */ public function getAuthProcFilters(): array { @@ -338,7 +336,7 @@ public function getAuthProcFilters(): array * Get supported Authentication Context Class References (ACRs). * * @return array - * @throws Exception + * @throws \Exception */ public function getAcrValuesSupported(): array { @@ -349,7 +347,7 @@ public function getAcrValuesSupported(): array * Get a map of auth sources and their supported ACRs * * @return array - * @throws Exception + * @throws \Exception */ public function getAuthSourcesToAcrValuesMap(): array { @@ -358,7 +356,7 @@ public function getAuthSourcesToAcrValuesMap(): array /** * @return null|string - * @throws Exception + * @throws \Exception */ public function getForcedAcrValueForCookieAuthentication(): ?string { @@ -374,7 +372,7 @@ public function getForcedAcrValueForCookieAuthentication(): ?string } /** - * @throws Exception + * @throws \Exception */ public function getUserIdentifierAttribute(): string { @@ -411,7 +409,7 @@ public function getFederationPrivateKeyPassPhrase(): ?string /** * Return the path to the federation public certificate * @return ?string The file system path or null if not set. - * @throws Exception + * @throws \Exception */ public function getFederationCertPath(): ?string { @@ -424,7 +422,7 @@ public function getFederationCertPath(): ?string } /** - * @throws Exception + * @throws \Exception */ public function getFederationEntityStatementDuration(): DateInterval { diff --git a/src/Repositories/AbstractDatabaseRepository.php b/src/Repositories/AbstractDatabaseRepository.php index 1c62ad82..aff63ba6 100644 --- a/src/Repositories/AbstractDatabaseRepository.php +++ b/src/Repositories/AbstractDatabaseRepository.php @@ -15,7 +15,6 @@ */ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; use SimpleSAML\Configuration; use SimpleSAML\Database; use SimpleSAML\Module\oidc\ModuleConfig; @@ -28,7 +27,7 @@ abstract class AbstractDatabaseRepository /** * ClientRepository constructor. - * @throws Exception + * @throws \Exception */ public function __construct(protected ModuleConfig $moduleConfig) { diff --git a/src/Repositories/AccessTokenRepository.php b/src/Repositories/AccessTokenRepository.php index 7070d585..d21057d9 100644 --- a/src/Repositories/AccessTokenRepository.php +++ b/src/Repositories/AccessTokenRepository.php @@ -16,8 +16,6 @@ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; -use JsonException; use League\OAuth2\Server\Entities\AccessTokenEntityInterface as OAuth2AccessTokenEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface; use RuntimeException; @@ -26,7 +24,6 @@ use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface; use SimpleSAML\Module\oidc\Repositories\Interfaces\AccessTokenRepositoryInterface; use SimpleSAML\Module\oidc\Repositories\Traits\RevokeTokenByAuthCodeIdTrait; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Utils\TimestampGenerator; class AccessTokenRepository extends AbstractDatabaseRepository implements AccessTokenRepositoryInterface @@ -61,8 +58,8 @@ public function getNewToken( /** * {@inheritdoc} - * @throws Error - * @throws JsonException + * @throws \JsonException + * @throws \SimpleSAML\Error\Error */ public function persistNewAccessToken(OAuth2AccessTokenEntityInterface $accessTokenEntity): void { @@ -84,8 +81,8 @@ public function persistNewAccessToken(OAuth2AccessTokenEntityInterface $accessTo /** * Find Access Token by id. - * @throws Exception - * @throws OidcServerException + * @throws \Exception + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function findById(string $tokenId): ?AccessTokenEntity { @@ -110,8 +107,8 @@ public function findById(string $tokenId): ?AccessTokenEntity /** * {@inheritdoc} - * @throws JsonException - * @throws OidcServerException + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function revokeAccessToken($tokenId): void { @@ -127,7 +124,7 @@ public function revokeAccessToken($tokenId): void /** * {@inheritdoc} - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function isAccessTokenRevoked($tokenId): bool { @@ -142,7 +139,7 @@ public function isAccessTokenRevoked($tokenId): bool /** * Removes expired access tokens. - * @throws Exception + * @throws \Exception */ public function removeExpired(): void { @@ -163,7 +160,7 @@ public function removeExpired(): void } /** - * @throws JsonException + * @throws \JsonException */ private function update(AccessTokenEntity $accessTokenEntity): void { diff --git a/src/Repositories/AuthCodeRepository.php b/src/Repositories/AuthCodeRepository.php index 7e286db6..6e7706d3 100644 --- a/src/Repositories/AuthCodeRepository.php +++ b/src/Repositories/AuthCodeRepository.php @@ -16,8 +16,6 @@ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; -use JsonException; use League\OAuth2\Server\Entities\AuthCodeEntityInterface as OAuth2AuthCodeEntityInterface; use RuntimeException; use SimpleSAML\Error\Error; @@ -36,7 +34,7 @@ public function getTableName(): string } /** - * @return AuthCodeEntityInterface + * @return \League\OAuth2\Server\Entities\AuthCodeEntityInterface */ public function getNewAuthCode(): AuthCodeEntityInterface { @@ -45,7 +43,8 @@ public function getNewAuthCode(): AuthCodeEntityInterface /** * {@inheritdoc} - * @throws Error|JsonException + * @throws \JsonException + * @throws \SimpleSAML\Error\Error */ public function persistNewAuthCode(OAuth2AuthCodeEntityInterface $authCodeEntity): void { @@ -67,7 +66,7 @@ public function persistNewAuthCode(OAuth2AuthCodeEntityInterface $authCodeEntity /** * Find Auth Code by id. - * @throws Exception + * @throws \Exception */ public function findById(string $codeId): ?AuthCodeEntityInterface { @@ -92,8 +91,8 @@ public function findById(string $codeId): ?AuthCodeEntityInterface /** * {@inheritdoc} - * @throws JsonException - * @throws Exception + * @throws \Exception + * @throws \JsonException */ public function revokeAuthCode($codeId): void { @@ -109,7 +108,7 @@ public function revokeAuthCode($codeId): void /** * {@inheritdoc} - * @throws Exception + * @throws \Exception */ public function isAuthCodeRevoked($codeId): bool { @@ -124,7 +123,7 @@ public function isAuthCodeRevoked($codeId): bool /** * Removes expired auth codes. - * @throws Exception + * @throws \Exception */ public function removeExpired(): void { @@ -137,7 +136,7 @@ public function removeExpired(): void } /** - * @throws JsonException + * @throws \JsonException */ private function update(AuthCodeEntity $authCodeEntity): void { diff --git a/src/Repositories/ClientRepository.php b/src/Repositories/ClientRepository.php index d76ae5ef..838b1a18 100644 --- a/src/Repositories/ClientRepository.php +++ b/src/Repositories/ClientRepository.php @@ -15,14 +15,11 @@ */ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; -use JsonException; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use SimpleSAML\Module\oidc\Entities\ClientEntity; use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\ModuleConfig; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; class ClientRepository extends AbstractDatabaseRepository implements ClientRepositoryInterface { @@ -35,8 +32,8 @@ public function getTableName(): string /** * {@inheritdoc} - * @throws OAuthServerException - * @throws JsonException + * @throws \JsonException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function getClientEntity($clientIdentifier) { @@ -55,8 +52,8 @@ public function getClientEntity($clientIdentifier) /** * @inheritDoc - * @throws OAuthServerException - * @throws JsonException + * @throws \JsonException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function validateClient($clientIdentifier, $clientSecret, $grantType): bool { @@ -74,8 +71,8 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType): bo } /** - * @throws OidcServerException - * @throws JsonException + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function findById(string $clientIdentifier, ?string $owner = null): ?ClientEntityInterface { @@ -120,8 +117,9 @@ private function addOwnerWhereClause(string $query, array $params, ?string $owne } /** - * @return ClientEntityInterface[] - * @throws OidcServerException|JsonException + * @return \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface[] + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function findAll(?string $owner = null): array { @@ -150,8 +148,12 @@ public function findAll(?string $owner = null): array } /** - * @return array{numPages: int, currentPage: int, items: ClientEntityInterface[]} - * @throws Exception + * @return array{ + * numPages: int, + * currentPage: int, + * items: \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface[] + * } + * @throws \Exception */ public function findPaginated(int $page = 1, string $query = '', ?string $owner = null): array { @@ -301,7 +303,7 @@ private function count(string $query, ?string $owner): int } /** - * @throws Exception + * @throws \Exception */ private function getItemsPerPage(): int { diff --git a/src/Repositories/CodeChallengeVerifiersRepository.php b/src/Repositories/CodeChallengeVerifiersRepository.php index 2f65be3d..ac0c700e 100644 --- a/src/Repositories/CodeChallengeVerifiersRepository.php +++ b/src/Repositories/CodeChallengeVerifiersRepository.php @@ -14,7 +14,7 @@ class CodeChallengeVerifiersRepository { /** - * @var CodeChallengeVerifierInterface[] + * @var \League\OAuth2\Server\CodeChallengeVerifiers\CodeChallengeVerifierInterface[] */ protected array $codeChallengeVerifiers = []; @@ -30,7 +30,7 @@ public function __construct() } /** - * @return CodeChallengeVerifierInterface[] + * @return \League\OAuth2\Server\CodeChallengeVerifiers\CodeChallengeVerifierInterface[] */ public function getAll(): array { @@ -38,7 +38,8 @@ public function getAll(): array } /** - * @return CodeChallengeVerifierInterface|null Verifier for the method or null if not supported. + * @return \League\OAuth2\Server\CodeChallengeVerifiers\CodeChallengeVerifierInterface|null + * Verifier for the method or null if not supported. */ public function get(string $method): ?CodeChallengeVerifierInterface { diff --git a/src/Repositories/Interfaces/AccessTokenRepositoryInterface.php b/src/Repositories/Interfaces/AccessTokenRepositoryInterface.php index d51f145e..dae29026 100644 --- a/src/Repositories/Interfaces/AccessTokenRepositoryInterface.php +++ b/src/Repositories/Interfaces/AccessTokenRepositoryInterface.php @@ -5,7 +5,6 @@ namespace SimpleSAML\Module\oidc\Repositories\Interfaces; use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface; -use League\OAuth2\Server\Entities\ScopeEntityInterface as OAuth2ScopeEntityInterface; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface as OAuth2AccessTokenRepositoryInterface; use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface; @@ -19,12 +18,12 @@ public function revokeByAuthCodeId(string $authCodeId): void; /** * Create a new access token * - * @param OAuth2ClientEntityInterface $clientEntity - * @param OAuth2ScopeEntityInterface[] $scopes + * @param \League\OAuth2\Server\Entities\ClientEntityInterface $clientEntity + * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes * @param mixed $userIdentifier * @param string|null $authCodeId * @param array|null $requestedClaims Any requested claims - * @return AccessTokenEntityInterface + * @return \SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface */ public function getNewToken( OAuth2ClientEntityInterface $clientEntity, diff --git a/src/Repositories/RefreshTokenRepository.php b/src/Repositories/RefreshTokenRepository.php index 3a7adde4..8cbe30c9 100644 --- a/src/Repositories/RefreshTokenRepository.php +++ b/src/Repositories/RefreshTokenRepository.php @@ -16,7 +16,6 @@ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; use League\OAuth2\Server\Entities\RefreshTokenEntityInterface as OAuth2RefreshTokenEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use RuntimeException; @@ -24,7 +23,6 @@ use SimpleSAML\Module\oidc\Entities\RefreshTokenEntity; use SimpleSAML\Module\oidc\Repositories\Interfaces\RefreshTokenRepositoryInterface; use SimpleSAML\Module\oidc\Repositories\Traits\RevokeTokenByAuthCodeIdTrait; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Utils\TimestampGenerator; class RefreshTokenRepository extends AbstractDatabaseRepository implements RefreshTokenRepositoryInterface @@ -51,7 +49,7 @@ public function getNewRefreshToken(): RefreshTokenEntityInterface /** * {@inheritdoc} - * @throws OAuthServerException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function persistNewRefreshToken(OAuth2RefreshTokenEntityInterface $refreshTokenEntity): void { @@ -73,8 +71,8 @@ public function persistNewRefreshToken(OAuth2RefreshTokenEntityInterface $refres /** * Find Refresh Token by id. - * @throws OidcServerException - * @throws Exception + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Exception */ public function findById(string $tokenId): ?RefreshTokenEntityInterface { @@ -99,7 +97,7 @@ public function findById(string $tokenId): ?RefreshTokenEntityInterface /** * {@inheritdoc} - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function revokeRefreshToken($tokenId): void { @@ -115,7 +113,7 @@ public function revokeRefreshToken($tokenId): void /** * {@inheritdoc} - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function isRefreshTokenRevoked($tokenId): bool { @@ -130,7 +128,7 @@ public function isRefreshTokenRevoked($tokenId): bool /** * Removes expired refresh tokens. - * @throws Exception + * @throws \Exception */ public function removeExpired(): void { diff --git a/src/Repositories/ScopeRepository.php b/src/Repositories/ScopeRepository.php index 8c71f5a3..5bb57aab 100644 --- a/src/Repositories/ScopeRepository.php +++ b/src/Repositories/ScopeRepository.php @@ -15,7 +15,6 @@ */ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface; use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; @@ -34,7 +33,7 @@ public function getTableName(): ?string /** * {@inheritdoc} - * @throws Exception + * @throws \Exception */ public function getScopeEntityByIdentifier($identifier): ScopeEntity|ScopeEntityInterface|null { diff --git a/src/Repositories/UserRepository.php b/src/Repositories/UserRepository.php index f90b68b6..b146e606 100644 --- a/src/Repositories/UserRepository.php +++ b/src/Repositories/UserRepository.php @@ -16,13 +16,11 @@ namespace SimpleSAML\Module\oidc\Repositories; -use Exception; use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface; use League\OAuth2\Server\Entities\UserEntityInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface; -use SimpleSAML\Module\oidc\Repositories\Interfaces\IdentityProviderInterface; use SimpleSAML\Module\oidc\Entities\UserEntity; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; +use SimpleSAML\Module\oidc\Repositories\Interfaces\IdentityProviderInterface; class UserRepository extends AbstractDatabaseRepository implements UserRepositoryInterface, IdentityProviderInterface { @@ -36,8 +34,8 @@ public function getTableName(): string /** * @param string $identifier * - * @return UserEntity|null - * @throws OidcServerException + * @return \SimpleSAML\Module\oidc\Entities\UserEntity|null + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function getUserEntityByIdentifier(string $identifier): ?UserEntity { @@ -63,7 +61,7 @@ public function getUserEntityByIdentifier(string $identifier): ?UserEntity /** * {@inheritdoc} - * @throws Exception + * @throws \Exception */ public function getUserEntityByUserCredentials( $username, diff --git a/src/Server/AuthorizationServer.php b/src/Server/AuthorizationServer.php index 448ee6c2..35af240c 100644 --- a/src/Server/AuthorizationServer.php +++ b/src/Server/AuthorizationServer.php @@ -5,17 +5,16 @@ namespace SimpleSAML\Module\oidc\Server; use Defuse\Crypto\Key; -use Lcobucci\JWT\UnencryptedToken; use League\OAuth2\Server\AuthorizationServer as OAuth2AuthorizationServer; use League\OAuth2\Server\CryptKey; use LogicException; -use SimpleSAML\Error\BadRequest; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\RequestTypes\AuthorizationRequest as OAuth2AuthorizationRequest; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use Psr\Http\Message\ServerRequestInterface; +use SimpleSAML\Error\BadRequest; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Server\RequestTypes\LogoutRequest; use SimpleSAML\Module\oidc\Server\Grants\Interfaces\AuthorizationValidatableWithCheckerResultBagInterface; @@ -26,7 +25,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Rules\RedirectUriRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\StateRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\UiLocalesRule; -use Throwable; class AuthorizationServer extends OAuth2AuthorizationServer { @@ -34,8 +32,9 @@ class AuthorizationServer extends OAuth2AuthorizationServer protected ClientRepositoryInterface $clientRepository; protected RequestRulesManager $requestRulesManager; + /** - * @var CryptKey + * @var \League\OAuth2\Server\CryptKey * @psalm-suppress PropertyNotSetInConstructor */ protected $publicKey; @@ -71,7 +70,9 @@ public function __construct( /** * @inheritDoc - * @throws BadRequest|Throwable + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function validateAuthorizationRequest(ServerRequestInterface $request): OAuth2AuthorizationRequest { @@ -109,8 +110,8 @@ public function validateAuthorizationRequest(ServerRequestInterface $request): O } /** - * @throws Throwable - * @throws BadRequest + * @throws \Throwable + * @throws \SimpleSAML\Error\BadRequest */ public function validateLogoutRequest(ServerRequestInterface $request): LogoutRequest { @@ -128,7 +129,7 @@ public function validateLogoutRequest(ServerRequestInterface $request): LogoutRe throw new BadRequest($reason); } - /** @var UnencryptedToken|null $idTokenHint */ + /** @var \Lcobucci\JWT\UnencryptedToken|null $idTokenHint */ $idTokenHint = $resultBag->getOrFail(IdTokenHintRule::class)->getValue(); /** @var string|null $postLogoutRedirectUri */ $postLogoutRedirectUri = $resultBag->getOrFail(PostLogoutRedirectUriRule::class)->getValue(); diff --git a/src/Server/Exceptions/OidcServerException.php b/src/Server/Exceptions/OidcServerException.php index 90f5e53b..cc37db01 100644 --- a/src/Server/Exceptions/OidcServerException.php +++ b/src/Server/Exceptions/OidcServerException.php @@ -49,7 +49,7 @@ class OidcServerException extends OAuthServerException * @param int $httpStatusCode HTTP status code to send (default = 400) * @param null|string $hint A helper hint * @param null|string $redirectUri An HTTP URI to redirect the user back to - * @param Throwable|null $previous Previous exception + * @param \Throwable|null $previous Previous exception * @param string|null $state */ public function __construct( @@ -133,7 +133,7 @@ public static function invalidScope( * * @param string $parameter * @param string|null $hint - * @param Throwable|null $previous + * @param \Throwable|null $previous * @param string|null $redirectUri * @param string|null $state * @param bool $useFragment Use URI fragment to return error parameters @@ -159,7 +159,7 @@ public static function invalidRequest( /** * @param string|null $hint * @param string|null $redirectUri - * @param Throwable|null $previous + * @param \Throwable|null $previous * @param string|null $state * @param bool $useFragment Use URI fragment to return error parameters * @return static @@ -183,7 +183,7 @@ public static function accessDenied( * * @param string|null $hint * @param string|null $redirectUri - * @param Throwable|null $previous + * @param \Throwable|null $previous * @param string|null $state * @param bool $useFragment Use URI fragment to return error parameters * @@ -209,7 +209,7 @@ public static function loginRequired( * * @param string|null $hint * @param string|null $redirectUri - * @param Throwable|null $previous + * @param \Throwable|null $previous * @param string|null $state * @param bool $useFragment Use URI fragment to return error parameters * @@ -234,7 +234,7 @@ public static function requestNotSupported( * Invalid refresh token. * * @param string|null $hint - * @param Throwable|null $previous + * @param \Throwable|null $previous * * @return self * @psalm-suppress LessSpecificImplementedReturnType @@ -313,12 +313,12 @@ public function setState(string $state = null): void /** * Generate an HTTP response. * - * @param ResponseInterface $response + * @param \Psr\Http\Message\ResponseInterface $response * @param bool $useFragment True if errors should be in the URI fragment instead of query string. Note - * that this can also be set using useFragmentInHttpResponses(). + * that this can also be set using useFragmentInHttpResponses(). * @param int $jsonOptions options passed to json_encode * - * @return ResponseInterface + * @return \Psr\Http\Message\ResponseInterface */ public function generateHttpResponse( ResponseInterface $response, diff --git a/src/Server/Grants/AuthCodeGrant.php b/src/Server/Grants/AuthCodeGrant.php index b76791f9..f6f02367 100644 --- a/src/Server/Grants/AuthCodeGrant.php +++ b/src/Server/Grants/AuthCodeGrant.php @@ -4,14 +4,10 @@ namespace SimpleSAML\Module\oidc\Server\Grants; -use Exception; use DateInterval; use DateTimeImmutable; -use JsonException; -use League\OAuth2\Server\CodeChallengeVerifiers\CodeChallengeVerifierInterface; use League\OAuth2\Server\CodeChallengeVerifiers\PlainVerifier; use League\OAuth2\Server\CodeChallengeVerifiers\S256Verifier; -use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\AccessTokenEntityInterface as OAuth2AccessTokenEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface; use League\OAuth2\Server\Entities\ScopeEntityInterface; @@ -19,9 +15,6 @@ use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException; use League\OAuth2\Server\Grant\AuthCodeGrant as OAuth2AuthCodeGrant; use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface as OAuth2AuthCodeRepositoryInterface; -use League\OAuth2\Server\Repositories\ClientRepositoryInterface; -use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; -use League\OAuth2\Server\Repositories\UserRepositoryInterface; use League\OAuth2\Server\RequestEvent; use League\OAuth2\Server\RequestTypes\AuthorizationRequest as OAuth2AuthorizationRequest; use League\OAuth2\Server\ResponseTypes\RedirectResponse; @@ -61,7 +54,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Rules\ScopeRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\StateRule; use SimpleSAML\Module\oidc\Utils\ScopeHelper; -use Throwable; class AuthCodeGrant extends OAuth2AuthCodeGrant implements // phpcs:ignore @@ -75,22 +67,23 @@ class AuthCodeGrant extends OAuth2AuthCodeGrant implements protected DateInterval $authCodeTTL; - /** - * @var CodeChallengeVerifierInterface[] - */ + /** @var \League\OAuth2\Server\CodeChallengeVerifiers\CodeChallengeVerifierInterface[] */ protected array $codeChallengeVerifiers = []; /** + * @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $authCodeRepository; /** + * @var \SimpleSAML\Module\oidc\Repositories\Interfaces\AccessTokenRepositoryInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $accessTokenRepository; /** + * @var \SimpleSAML\Module\oidc\Repositories\Interfaces\RefreshTokenRepositoryInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $refreshTokenRepository; @@ -100,7 +93,7 @@ class AuthCodeGrant extends OAuth2AuthCodeGrant implements /** * @var bool * @psalm-suppress PropertyNotSetInConstructor - */ + */ protected $revokeRefreshTokens; /** @@ -110,25 +103,25 @@ class AuthCodeGrant extends OAuth2AuthCodeGrant implements protected $defaultScope; /** - * @var UserRepositoryInterface + * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $userRepository; /** - * @var ScopeRepositoryInterface + * @var \League\OAuth2\Server\Repositories\ScopeRepositoryInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $scopeRepository; /** - * @var ClientRepositoryInterface + * @var \League\OAuth2\Server\Repositories\ClientRepositoryInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $clientRepository; /** - * @var CryptKey + * @var \League\OAuth2\Server\CryptKey * @psalm-suppress PropertyNotSetInConstructor */ protected $privateKey; @@ -145,7 +138,7 @@ class AuthCodeGrant extends OAuth2AuthCodeGrant implements * acr?: null|string, * session_id?: null|string * } - * @throws Exception + * @throws \Exception */ public function __construct( OAuth2AuthCodeRepositoryInterface $authCodeRepository, @@ -191,8 +184,8 @@ public function isOidcCandidate( /** * @inheritDoc - * @throws OAuthServerException - * @throws JsonException + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \JsonException */ public function completeAuthorizationRequest( OAuth2AuthorizationRequest $authorizationRequest, @@ -207,9 +200,9 @@ public function completeAuthorizationRequest( /** * This is reimplementation of OAuth2 completeAuthorizationRequest method with addition of nonce handling. * - * @throws OAuthServerException - * @throws UniqueTokenIdentifierConstraintViolationException - * @throws JsonException + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException + * @throws \JsonException */ public function completeOidcAuthorizationRequest( AuthorizationRequest $authorizationRequest, @@ -276,9 +269,9 @@ public function completeOidcAuthorizationRequest( } /** - * @param ScopeEntityInterface[] $scopes - * @throws OAuthServerException - * @throws UniqueTokenIdentifierConstraintViolationException + * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException */ protected function issueOidcAuthCode( DateInterval $authCodeTTL, @@ -290,13 +283,13 @@ protected function issueOidcAuthCode( ): AuthCodeEntityInterface { $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS; - if (! is_a($this->authCodeRepository, AuthCodeRepositoryInterface::class)) { + if (!is_a($this->authCodeRepository, AuthCodeRepositoryInterface::class)) { throw OidcServerException::serverError('Unexpected auth code repository entity type.'); } $authCode = $this->authCodeRepository->getNewAuthCode(); - if (! is_a($authCode, AuthCodeEntityInterface::class)) { + if (!is_a($authCode, AuthCodeEntityInterface::class)) { throw OidcServerException::serverError('Unexpected auth code entity type.'); } @@ -331,7 +324,7 @@ protected function issueOidcAuthCode( /** * Get the client redirect URI if not set in the request. * - * @param OAuth2AuthorizationRequest $authorizationRequest + * @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authorizationRequest * * @return string */ @@ -349,17 +342,15 @@ protected function getClientRedirectUri(OAuth2AuthorizationRequest $authorizatio /** * Reimplementation respondToAccessTokenRequest because of nonce feature. * - * @param ServerRequestInterface $request - * @param ResponseTypeInterface $responseType - * @param DateInterval $accessTokenTTL + * @param \Psr\Http\Message\ServerRequestInterface $request + * @param \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType + * @param \DateInterval $accessTokenTTL * - * @return ResponseTypeInterface + * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface * * TODO refactor to request checkers - * @throws OAuthServerException - * @throws JsonException - * @throws JsonException - * @throws JsonException + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \JsonException * */ public function respondToAccessTokenRequest( @@ -523,10 +514,10 @@ public function respondToAccessTokenRequest( * Reimplementation because of private parent access * * @param object $authCodePayload - * @param OAuth2ClientEntityInterface $client - * @param ServerRequestInterface $request - * @throws OAuthServerException - * @throws OidcServerException + * @param \League\OAuth2\Server\Entities\OAuth2ClientEntityInterface $client + * @param \Psr\Http\Message\ServerRequestInterface $request + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ protected function validateAuthorizationCode( object $authCodePayload, @@ -585,7 +576,7 @@ protected function validateAuthorizationCode( /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function validateAuthorizationRequestWithCheckerResultBag( ServerRequestInterface $request, @@ -608,7 +599,7 @@ public function validateAuthorizationRequestWithCheckerResultBag( $redirectUri = $resultBag->getOrFail(RedirectUriRule::class)->getValue(); /** @var string|null $state */ $state = $resultBag->getOrFail(StateRule::class)->getValue(); - /** @var ClientEntityInterface $client */ + /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */ $client = $resultBag->getOrFail(ClientIdRule::class)->getValue(); // Some rules have to have certain things available in order to work properly... @@ -623,7 +614,7 @@ public function validateAuthorizationRequestWithCheckerResultBag( $resultBag = $this->requestRulesManager->check($request, $rulesToExecute); - /** @var ScopeEntityInterface[] $scopes */ + /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes */ $scopes = $resultBag->getOrFail(ScopeRule::class)->getValue(); $oAuth2AuthorizationRequest = new OAuth2AuthorizationRequest(); @@ -681,11 +672,11 @@ public function validateAuthorizationRequestWithCheckerResultBag( } /** - * @param OAuth2AccessTokenEntityInterface $accessToken + * @param \League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken * @param string|null $authCodeId - * @return RefreshTokenEntityInterface|null - * @throws OAuthServerException - * @throws UniqueTokenIdentifierConstraintViolationException + * @return \SimpleSAML\Module\oidc\Entities\Interfaces\RefreshTokenEntityInterface|null + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException */ protected function issueRefreshToken( OAuth2AccessTokenEntityInterface $accessToken, diff --git a/src/Server/Grants/ImplicitGrant.php b/src/Server/Grants/ImplicitGrant.php index e773a7e6..5f20af17 100644 --- a/src/Server/Grants/ImplicitGrant.php +++ b/src/Server/Grants/ImplicitGrant.php @@ -5,10 +5,7 @@ namespace SimpleSAML\Module\oidc\Server\Grants; use DateInterval; -use Exception; use League\OAuth2\Server\CryptKey; -use League\OAuth2\Server\Exception\OAuthServerException; -use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException; use League\OAuth2\Server\RequestTypes\AuthorizationRequest as OAuth2AuthorizationRequest; use League\OAuth2\Server\ResponseTypes\RedirectResponse; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; @@ -34,17 +31,15 @@ use SimpleSAML\Module\oidc\Utils\Checker\Rules\RequiredNonceRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\RequiredOpenIdScopeRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\ResponseTypeRule; -use Throwable; class ImplicitGrant extends OAuth2ImplicitGrant { use IssueAccessTokenTrait; /** - * @var CryptKey * @psalm-suppress PropertyNotSetInConstructor */ - protected $privateKey; + protected CryptKey $privateKey; public function __construct( protected IdTokenBuilder $idTokenBuilder, @@ -79,11 +74,11 @@ public function canRespondToAuthorizationRequest(ServerRequestInterface $request /** * {@inheritdoc} - * @param OAuth2AuthorizationRequest $authorizationRequest - * @return ResponseTypeInterface - * @throws OidcServerException - * @throws OAuthServerException - * @throws UniqueTokenIdentifierConstraintViolationException + * @param \League\OAuth2\Server\RequestTypes\OAuth2AuthorizationRequest $authorizationRequest + * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function completeAuthorizationRequest( OAuth2AuthorizationRequest $authorizationRequest, @@ -96,8 +91,8 @@ public function completeAuthorizationRequest( } /** - * @throws Throwable - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function validateAuthorizationRequestWithCheckerResultBag( ServerRequestInterface $request, @@ -156,10 +151,10 @@ public function validateAuthorizationRequestWithCheckerResultBag( } /** - * @throws UniqueTokenIdentifierConstraintViolationException - * @throws OAuthServerException - * @throws OidcServerException - * @throws Exception + * @throws \Exception + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ private function completeOidcAuthorizationRequest(AuthorizationRequest $authorizationRequest): ResponseTypeInterface { diff --git a/src/Server/Grants/OAuth2ImplicitGrant.php b/src/Server/Grants/OAuth2ImplicitGrant.php index 5e040ade..6006ec15 100644 --- a/src/Server/Grants/OAuth2ImplicitGrant.php +++ b/src/Server/Grants/OAuth2ImplicitGrant.php @@ -6,7 +6,6 @@ use DateInterval; use League\OAuth2\Server\CryptKey; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\Grant\ImplicitGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; @@ -17,8 +16,6 @@ use League\OAuth2\Server\RequestTypes\AuthorizationRequest as OAuth2AuthorizationRequest; use LogicException; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Server\Grants\Interfaces\AuthorizationValidatableWithCheckerResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\RequestRulesManager; @@ -26,7 +23,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Rules\RedirectUriRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\ScopeRule; use SimpleSAML\Module\oidc\Utils\Checker\Rules\StateRule; -use Throwable; class OAuth2ImplicitGrant extends ImplicitGrant implements AuthorizationValidatableWithCheckerResultBagInterface { @@ -35,57 +31,36 @@ class OAuth2ImplicitGrant extends ImplicitGrant implements AuthorizationValidata protected string $queryDelimiter; protected RequestRulesManager $requestRulesManager; - /** - * @var bool - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $revokeRefreshTokens; - /** - * @var string - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $defaultScope; - /** - * @var CryptKey - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $privateKey; - /** - * @var DateInterval - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $refreshTokenTTL; - /** - * @var UserRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $userRepository; - /** - * @var RefreshTokenRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $refreshTokenRepository; - /** - * @var AuthCodeRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $authCodeRepository; - /** - * @var ScopeRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $scopeRepository; - /** - * @var AccessTokenRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $accessTokenRepository; - /** - * @var ClientRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $clientRepository; + /** @psalm-suppress PropertyNotSetInConstructor */ + protected bool $revokeRefreshTokens; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected string $defaultScope; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected CryptKey $privateKey; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected DateInterval $refreshTokenTTL; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected UserRepositoryInterface $userRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected RefreshTokenRepositoryInterface $refreshTokenRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected AuthCodeRepositoryInterface $authCodeRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected ScopeRepositoryInterface $scopeRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected AccessTokenRepositoryInterface $accessTokenRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected ClientRepositoryInterface $clientRepository; /** @@ -108,8 +83,8 @@ public function __construct( } /** - * @throws Throwable - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function validateAuthorizationRequestWithCheckerResultBag( ServerRequestInterface $request, @@ -126,7 +101,7 @@ public function validateAuthorizationRequestWithCheckerResultBag( $redirectUri = $resultBag->getOrFail(RedirectUriRule::class)->getValue(); /** @var string|null $state */ $state = $resultBag->getOrFail(StateRule::class)->getValue(); - /** @var ClientEntityInterface $client */ + /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */ $client = $resultBag->getOrFail(ClientIdRule::class)->getValue(); // Some rules have to have certain things available in order to work properly... @@ -135,7 +110,7 @@ public function validateAuthorizationRequestWithCheckerResultBag( $resultBag = $this->requestRulesManager->check($request, $rulesToExecute); - /** @var ScopeEntityInterface[] $scopes */ + /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes */ $scopes = $resultBag->getOrFail(ScopeRule::class)->getValue(); $oAuth2AuthorizationRequest = new OAuth2AuthorizationRequest(); diff --git a/src/Server/Grants/RefreshTokenGrant.php b/src/Server/Grants/RefreshTokenGrant.php index 3f2dc717..d121d72a 100644 --- a/src/Server/Grants/RefreshTokenGrant.php +++ b/src/Server/Grants/RefreshTokenGrant.php @@ -5,7 +5,6 @@ namespace SimpleSAML\Module\oidc\Server\Grants; use Exception; -use JsonException; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Grant\RefreshTokenGrant as OAuth2RefreshTokenGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; @@ -23,50 +22,33 @@ class RefreshTokenGrant extends OAuth2RefreshTokenGrant { - /** - * @var bool - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $revokeRefreshTokens; - /** - * @var string - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $defaultScope; - /** - * @var CryptKey - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $privateKey; - /** - * @var UserRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $userRepository; - /** - * @var AuthCodeRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $authCodeRepository; - /** - * @var ScopeRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $scopeRepository; - /** - * @var AccessTokenRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $accessTokenRepository; - /** - * @var ClientRepositoryInterface - * @psalm-suppress PropertyNotSetInConstructor - */ - protected $clientRepository; + /** @psalm-suppress PropertyNotSetInConstructor */ + protected bool $revokeRefreshTokens; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected string $defaultScope; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected CryptKey $privateKey; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected UserRepositoryInterface $userRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected AuthCodeRepositoryInterface $authCodeRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected ScopeRepositoryInterface $scopeRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected AccessTokenRepositoryInterface $accessTokenRepository; + + /** @psalm-suppress PropertyNotSetInConstructor */ + protected ClientRepositoryInterface $clientRepository; /** - * @throws OidcServerException - * @throws JsonException + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId): array { diff --git a/src/Server/Grants/Traits/IssueAccessTokenTrait.php b/src/Server/Grants/Traits/IssueAccessTokenTrait.php index 9abfaaf5..c94ee4e8 100644 --- a/src/Server/Grants/Traits/IssueAccessTokenTrait.php +++ b/src/Server/Grants/Traits/IssueAccessTokenTrait.php @@ -6,10 +6,7 @@ use DateInterval; use DateTimeImmutable; -use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\ClientEntityInterface; -use League\OAuth2\Server\Entities\ScopeEntityInterface; -use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException; use League\OAuth2\Server\Grant\AbstractGrant; use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface; @@ -25,12 +22,13 @@ trait IssueAccessTokenTrait { /** + * @var \SimpleSAML\Module\oidc\Repositories\Interfaces\AccessTokenRepositoryInterface * @psalm-suppress MissingPropertyType */ protected $accessTokenRepository; /** - * @var CryptKey + * @var \League\OAuth2\Server\CryptKey */ protected $privateKey; @@ -40,8 +38,8 @@ trait IssueAccessTokenTrait * @param string|null $userIdentifier * @param ScopeEntityInterface[] $scopes * @param array|null $requestedClaims Any requested claims - * @throws OAuthServerException - * @throws UniqueTokenIdentifierConstraintViolationException + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException */ protected function issueAccessToken( DateInterval $accessTokenTTL, @@ -89,7 +87,7 @@ protected function issueAccessToken( * Generate a new unique identifier. * * @param int $length - * @throws OAuthServerException + * @throws \League\OAuth2\Server\Exception\OAuthServerException * * @return string */ diff --git a/src/Server/LogoutHandlers/BackChannelLogoutHandler.php b/src/Server/LogoutHandlers/BackChannelLogoutHandler.php index d119740b..0920e9fa 100644 --- a/src/Server/LogoutHandlers/BackChannelLogoutHandler.php +++ b/src/Server/LogoutHandlers/BackChannelLogoutHandler.php @@ -11,8 +11,6 @@ use GuzzleHttp\Pool; use GuzzleHttp\Psr7\Request; use GuzzleHttp\Psr7\Response; -use League\OAuth2\Server\Exception\OAuthServerException; -use SimpleSAML\Module\oidc\Server\Associations\Interfaces\RelyingPartyAssociationInterface; use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Services\LogoutTokenBuilder; use Throwable; @@ -26,9 +24,9 @@ public function __construct( } /** - * @param array $relyingPartyAssociations - * @param HandlerStack|null $handlerStack For easier testing - * @throws OAuthServerException + * @param \SimpleSAML\Module\oidc\Server\Associations\Interfaces\RelyingPartyAssociationInterface[] $relyingPartyAssociations + * @param \GuzzleHttp\HandlerStack|null $handlerStack For easier testing + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ public function handle(array $relyingPartyAssociations, HandlerStack $handlerStack = null): void { @@ -60,9 +58,9 @@ public function handle(array $relyingPartyAssociations, HandlerStack $handlerSta } /** - * @param array $relyingPartyAssociations - * @return Generator - * @throws OAuthServerException + * @param \SimpleSAML\Module\oidc\Server\Associations\Interfaces\RelyingPartyAssociationInterface[] $relyingPartyAssociations + * @return \Generator + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ protected function logoutRequestsGenerator(array $relyingPartyAssociations): Generator { diff --git a/src/Server/ResponseTypes/IdTokenResponse.php b/src/Server/ResponseTypes/IdTokenResponse.php index 022e703b..7c212e92 100644 --- a/src/Server/ResponseTypes/IdTokenResponse.php +++ b/src/Server/ResponseTypes/IdTokenResponse.php @@ -16,15 +16,12 @@ namespace SimpleSAML\Module\oidc\Server\ResponseTypes; -use Exception; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\AccessTokenEntityInterface; -use League\OAuth2\Server\Entities\RefreshTokenEntityInterface; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; -use SimpleSAML\Module\oidc\Repositories\Interfaces\IdentityProviderInterface; use RuntimeException; use SimpleSAML\Module\oidc\Entities\AccessTokenEntity; +use SimpleSAML\Module\oidc\Repositories\Interfaces\IdentityProviderInterface; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Server\ResponseTypes\Interfaces\AcrResponseTypeInterface; use SimpleSAML\Module\oidc\Server\ResponseTypes\Interfaces\AuthTimeResponseTypeInterface; @@ -59,13 +56,13 @@ class IdTokenResponse extends BearerTokenResponse implements protected ?string $sessionId = null; /** - * @var AccessTokenEntityInterface + * @var \League\OAuth2\Server\Entities\AccessTokenEntityInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $accessToken; /** - * @var RefreshTokenEntityInterface + * @var \League\OAuth2\Server\Entities\RefreshTokenEntityInterface * @psalm-suppress PropertyNotSetInConstructor */ protected $refreshToken; @@ -79,9 +76,9 @@ public function __construct( } /** - * @param AccessTokenEntityInterface $accessToken + * @param \League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken * @return array - * @throws Exception + * @throws \Exception */ protected function getExtraParams(AccessTokenEntityInterface $accessToken): array { @@ -122,7 +119,7 @@ protected function getExtraParams(AccessTokenEntityInterface $accessToken): arra } /** - * @param ScopeEntityInterface[] $scopes + * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes * * @return bool */ diff --git a/src/Server/Validators/BearerTokenValidator.php b/src/Server/Validators/BearerTokenValidator.php index bf28acc8..4b2541c7 100644 --- a/src/Server/Validators/BearerTokenValidator.php +++ b/src/Server/Validators/BearerTokenValidator.php @@ -6,12 +6,10 @@ use DateInterval; use DateTimeZone; -use Exception; use Lcobucci\Clock\SystemClock; use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Rsa\Sha256; -use Lcobucci\JWT\Token\Plain; use Lcobucci\JWT\Validation\Constraint\SignedWith; use Lcobucci\JWT\Validation\Constraint\StrictValidAt; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -30,26 +28,20 @@ class BearerTokenValidator extends OAuth2BearerTokenValidator { - /** - * @var Configuration - */ + /** @var \SimpleSAML\Configuration */ protected Configuration $jwtConfiguration; - /** - * @var OAuth2AccessTokenRepositoryInterface - */ + /** @var \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface */ protected OAuth2AccessTokenRepositoryInterface $accessTokenRepository; - /** - * @var CryptKey - */ + /** @var \League\OAuth2\Server\CryptKey */ protected $publicKey; /** - * @param AccessTokenRepositoryInterface $accessTokenRepository - * @param CryptKey $publicKey - * @param DateInterval|null $jwtValidAtDateLeeway - * @throws Exception + * @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository + * @param \League\OAuth2\Server\CryptKey $publicKey + * @param \DateInterval|null $jwtValidAtDateLeeway + * @throws \Exception */ public function __construct( AccessTokenRepositoryInterface $accessTokenRepository, @@ -64,8 +56,8 @@ public function __construct( /** * Set the public key * - * @param CryptKey $key - * @throws Exception + * @param \League\OAuth2\Server\CryptKey $key + * @throws \Exception */ public function setPublicKey(CryptKey $key): void { @@ -76,7 +68,7 @@ public function setPublicKey(CryptKey $key): void /** * Initialise the JWT configuration. - * @throws Exception + * @throws \Exception */ protected function initJwtConfiguration(): void { @@ -97,7 +89,7 @@ protected function initJwtConfiguration(): void /** * {@inheritdoc} - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function validateAuthorization(ServerRequestInterface $request): ServerRequestInterface { @@ -121,7 +113,7 @@ public function validateAuthorization(ServerRequestInterface $request): ServerRe try { // Attempt to parse the JWT - /** @var Plain $token */ + /** @var \Lcobucci\JWT\Token\Plain $token */ $token = $this->jwtConfiguration->parser()->parse($jwt); } catch (\Lcobucci\JWT\Exception $exception) { throw OidcServerException::accessDenied($exception->getMessage(), null, $exception); @@ -160,7 +152,7 @@ public function validateAuthorization(ServerRequestInterface $request): ServerRe * @param mixed $aud * * @return array|string - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ protected function convertSingleRecordAudToString(mixed $aud): array|string { diff --git a/src/Services/AuthContextService.php b/src/Services/AuthContextService.php index cf3a75db..7099addd 100644 --- a/src/Services/AuthContextService.php +++ b/src/Services/AuthContextService.php @@ -6,9 +6,8 @@ use RuntimeException; use SimpleSAML\Auth\Simple; -use SimpleSAML\Error\Exception; -use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Factories\AuthSimpleFactory; +use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Utils\Attributes; use SimpleSAML\Utils\Auth; @@ -39,7 +38,7 @@ public function isSspAdmin(): bool } /** - * @throws Exception + * @throws \SimpleSAML\Error\Exception * @throws \Exception */ public function getAuthUserId(): string diff --git a/src/Services/AuthProcService.php b/src/Services/AuthProcService.php index b3cd8e17..26896e30 100644 --- a/src/Services/AuthProcService.php +++ b/src/Services/AuthProcService.php @@ -4,7 +4,6 @@ namespace SimpleSAML\Module\oidc\Services; -use Exception; use SimpleSAML\Auth\ProcessingFilter; use SimpleSAML\Module; use SimpleSAML\Module\oidc\ModuleConfig; @@ -19,7 +18,7 @@ class AuthProcService /** * AuthProcService constructor. * - * @throws Exception + * @throws \Exception * @see \SimpleSAML\Auth\ProcessingChain for original implementation */ public function __construct( @@ -30,7 +29,7 @@ public function __construct( /** * Load filters defined in configuration. - * @throws Exception + * @throws \Exception */ private function loadFilters(): void { @@ -43,8 +42,8 @@ private function loadFilters(): void * @see \SimpleSAML\Auth\ProcessingChain::parseFilterList for original implementation * * @param array $filterSrc Array with filter configuration. - * @return array Array of ProcessingFilter objects. - * @throws Exception + * @return \SimpleSAML\Auth\ProcessingFilter[] Array of ProcessingFilter objects. + * @throws \Exception */ private function parseFilterList(array $filterSrc): array { diff --git a/src/Services/AuthenticationService.php b/src/Services/AuthenticationService.php index 5e579117..1669092a 100644 --- a/src/Services/AuthenticationService.php +++ b/src/Services/AuthenticationService.php @@ -16,7 +16,6 @@ namespace SimpleSAML\Module\oidc\Services; -use Exception; use Psr\Http\Message\ServerRequestInterface; use SimpleSAML\Auth\Simple; use SimpleSAML\Auth\State; @@ -43,7 +42,7 @@ class AuthenticationService private string $userIdAttr; /** - * @throws Exception + * @throws \Exception */ public function __construct( private readonly UserRepository $userRepository, @@ -60,11 +59,11 @@ public function __construct( } /** - * @throws Error\Exception - * @throws Error\AuthSource - * @throws Error\BadRequest - * @throws Error\NotFound - * @throws Exception + * @throws \Exception + * @throws \SimpleSAML\Error\AuthSource + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound */ public function getAuthenticateUser( ServerRequestInterface $request, @@ -175,7 +174,7 @@ public function getSessionId(): ?string /** * Store Relying Party Association to the current session. - * @throws Exception + * @throws \Exception */ protected function addRelyingPartyAssociation(ClientEntityInterface $oidcClient, UserEntity $user): void { diff --git a/src/Services/DatabaseLegacyOAuth2Import.php b/src/Services/DatabaseLegacyOAuth2Import.php index 3501f590..4d342a29 100644 --- a/src/Services/DatabaseLegacyOAuth2Import.php +++ b/src/Services/DatabaseLegacyOAuth2Import.php @@ -16,10 +16,8 @@ namespace SimpleSAML\Module\oidc\Services; -use JsonException; use SimpleSAML\Module\oidc\Entities\ClientEntity; use SimpleSAML\Module\oidc\Repositories\ClientRepository; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; /** * Class DatabaseLegacyOAuth2Import. @@ -32,15 +30,16 @@ public function __construct(private readonly ClientRepository $clientRepository) /** * @psalm-suppress UndefinedClass, MixedAssignment, MixedArrayAccess, MixedArgument - * @throws OidcServerException|JsonException + * @throws \JsonException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function import(): void { - if (!class_exists('\SimpleSAML\Modules\OAuth2\Repositories\ClientRepository')) { + if (!class_exists(ClientRepository::class)) { return; } - $oauth2ClientRepository = new \SimpleSAML\Modules\OAuth2\Repositories\ClientRepository(); + $oauth2ClientRepository = new ClientRepository(); $clients = $oauth2ClientRepository->findAll(); foreach ($clients as $client) { diff --git a/src/Services/IdTokenBuilder.php b/src/Services/IdTokenBuilder.php index 3c26a64c..ac5f7c7c 100644 --- a/src/Services/IdTokenBuilder.php +++ b/src/Services/IdTokenBuilder.php @@ -6,13 +6,11 @@ use Base64Url\Base64Url; use DateTimeImmutable; -use Exception; use Lcobucci\JWT\Builder; use Lcobucci\JWT\Token\RegisteredClaims; use Lcobucci\JWT\UnencryptedToken; use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\UserEntityInterface; -use League\OAuth2\Server\Exception\OAuthServerException; use RuntimeException; use SimpleSAML\Module\oidc\Entities\AccessTokenEntity; use SimpleSAML\Module\oidc\Entities\Interfaces\ClaimSetInterface; @@ -28,7 +26,7 @@ public function __construct( } /** - * @throws Exception + * @throws \Exception * @psalm-suppress ArgumentTypeCoercion */ public function build( @@ -131,7 +129,7 @@ public function build( } /** - * @throws OAuthServerException + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ protected function getBuilder( AccessTokenEntityInterface $accessToken, diff --git a/src/Services/JsonWebKeySetService.php b/src/Services/JsonWebKeySetService.php index 0a485399..5c13793e 100644 --- a/src/Services/JsonWebKeySetService.php +++ b/src/Services/JsonWebKeySetService.php @@ -15,10 +15,9 @@ */ namespace SimpleSAML\Module\oidc\Services; -use Jose\Component\Core\JWK; use Jose\Component\Core\JWKSet; use Jose\Component\KeyManagement\JWKFactory; -use SimpleSAML\Error\Exception; +use SimpleSAML\Error; use SimpleSAML\Module\oidc\Codebooks\ClaimNamesEnum; use SimpleSAML\Module\oidc\Codebooks\ClaimValues\PublicKeyUseEnum; use SimpleSAML\Module\oidc\ModuleConfig; @@ -33,14 +32,14 @@ class JsonWebKeySetService private ?JWKSet $federationJwkSet = null; /** - * @throws Exception + * @throws \SimpleSAML\Error\Exception * @throws \Exception */ public function __construct(ModuleConfig $moduleConfig) { $publicKeyPath = $moduleConfig->getProtocolCertPath(); if (!file_exists($publicKeyPath)) { - throw new Exception("OIDC protocol public key file does not exists: $publicKeyPath."); + throw new Error\Exception("OIDC protocol public key file does not exists: $publicKeyPath."); } $jwk = JWKFactory::createFromKeyFile($publicKeyPath, null, [ @@ -67,7 +66,7 @@ public function __construct(ModuleConfig $moduleConfig) } /** - * @return JWK[] + * @return \Jose\Component\Core\JWK[] */ public function protocolKeys(): array { @@ -75,7 +74,7 @@ public function protocolKeys(): array } /** - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function federationKeys(): array { diff --git a/src/Services/JsonWebTokenBuilderService.php b/src/Services/JsonWebTokenBuilderService.php index 4230fb63..f01c5b0c 100644 --- a/src/Services/JsonWebTokenBuilderService.php +++ b/src/Services/JsonWebTokenBuilderService.php @@ -5,14 +5,12 @@ namespace SimpleSAML\Module\oidc\Services; use DateTimeImmutable; -use Exception; use Lcobucci\JWT\Builder; use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Encoding\ChainedFormatter; use Lcobucci\JWT\Signer; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\UnencryptedToken; -use ReflectionException; use SimpleSAML\Module\oidc\Codebooks\ClaimNamesEnum; use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; @@ -22,18 +20,18 @@ class JsonWebTokenBuilderService { /** - * @var Configuration Token configuration related to OIDC protocol. + * @var \SimpleSAML\Configuration Token configuration related to OIDC protocol. */ protected Configuration $protocolJwtConfig; /** - * @var ?Configuration Token configuration related to OpenID Federation. + * @var \SimpleSAML\Configuration|null Token configuration related to OpenID Federation. */ protected ?Configuration $federationJwtConfig = null; /** - * @throws ReflectionException - * @throws Exception + * @throws \ReflectionException + * @throws \Exception * * @psalm-suppress ArgumentTypeCoercion */ @@ -70,7 +68,7 @@ public function __construct( /** * Get JWT Builder which uses OIDC protocol related signing configuration. * - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function getProtocolJwtBuilder(): Builder { @@ -80,7 +78,7 @@ public function getProtocolJwtBuilder(): Builder /** * Get JWT Builder which uses OpenID Federation related signing configuration. * - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function getFederationJwtBuilder(): Builder { @@ -109,7 +107,7 @@ public function getDefaultJwtBuilder(Configuration $configuration): Builder /** * Get signed JWT using the OIDC protocol JWT signing configuration. * - * @throws Exception + * @throws \Exception */ public function getSignedProtocolJwt(Builder $builder): UnencryptedToken { @@ -123,7 +121,7 @@ public function getSignedProtocolJwt(Builder $builder): UnencryptedToken /** * Get signed JWT using the OpenID Federation JWT signing configuration. * - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function getSignedFederationJwt(Builder $builder): UnencryptedToken { @@ -159,7 +157,7 @@ public function getSignedJwt( } /** - * @throws ReflectionException + * @throws \ReflectionException */ public function getProtocolSigner(): Signer { diff --git a/src/Services/LogoutTokenBuilder.php b/src/Services/LogoutTokenBuilder.php index fc761f0b..d561dfc5 100644 --- a/src/Services/LogoutTokenBuilder.php +++ b/src/Services/LogoutTokenBuilder.php @@ -4,8 +4,6 @@ namespace SimpleSAML\Module\oidc\Services; -use Exception; -use League\OAuth2\Server\Exception\OAuthServerException; use SimpleSAML\Module\oidc\Server\Associations\Interfaces\RelyingPartyAssociationInterface; use stdClass; @@ -17,7 +15,8 @@ public function __construct( } /** - * @throws OAuthServerException|Exception + * @throws \Exception + * @throws \League\OAuth2\Server\Exception\OAuthServerException * @psalm-suppress ArgumentTypeCoercion */ public function forRelyingPartyAssociation(RelyingPartyAssociationInterface $relyingPartyAssociation): string diff --git a/src/Services/OpMetadataService.php b/src/Services/OpMetadataService.php index ea408a0e..04cfcd28 100644 --- a/src/Services/OpMetadataService.php +++ b/src/Services/OpMetadataService.php @@ -4,7 +4,6 @@ namespace SimpleSAML\Module\oidc\Services; -use Exception; use SimpleSAML\Module\oidc\ModuleConfig; /** @@ -18,7 +17,7 @@ class OpMetadataService private array $metadata; /** - * @throws Exception + * @throws \Exception */ public function __construct( private readonly ModuleConfig $moduleConfig, @@ -28,7 +27,7 @@ public function __construct( /** * Initialize metadata array. - * @throws Exception + * @throws \Exception */ private function initMetadata(): void { diff --git a/src/Services/RoutingService.php b/src/Services/RoutingService.php index b3e73412..8e4d0aa0 100644 --- a/src/Services/RoutingService.php +++ b/src/Services/RoutingService.php @@ -16,33 +16,28 @@ namespace SimpleSAML\Module\oidc\Services; -use Laminas\Diactoros\Response; use Laminas\Diactoros\Response\JsonResponse; -use Laminas\Diactoros\ServerRequestFactory; +use Laminas\Diactoros\Response; use Laminas\HttpHandlerRunner\Emitter\SapiEmitter; use League\OAuth2\Server\Exception\OAuthServerException; -use Psr\Container\ContainerExceptionInterface; use Psr\Container\ContainerInterface; -use Psr\Container\NotFoundExceptionInterface; use Psr\Http\Message\ResponseInterface; use ReflectionClass; -use ReflectionException; use RuntimeException; -use SimpleSAML\Error\BadRequest; -use SimpleSAML\Error\Error; -use SimpleSAML\Error\Exception; +use SimpleSAML\Error; use SimpleSAML\Utils\Auth; use SimpleSAML\XHTML\Template; +use Symfony\Component\HttpFoundation\Response; use Throwable; class RoutingService { /** - * @throws BadRequest - * @throws ContainerExceptionInterface - * @throws Exception - * @throws NotFoundExceptionInterface - * @throws ReflectionException + * @throws \Psr\Container\ContainerExceptionInterface + * @throws \Psr\Container\NotFoundExceptionInterface + * @throws \ReflectionException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception */ public static function call( string $controllerClassname, @@ -60,12 +55,12 @@ public static function call( } /** - * @throws BadRequest - * @throws ContainerExceptionInterface - * @throws Exception - * @throws NotFoundExceptionInterface - * @throws ReflectionException * @throws \Exception + * @throws \Psr\Container\ContainerExceptionInterface + * @throws \Psr\Container\NotFoundExceptionInterface + * @throws \ReflectionException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception */ public static function callWithPermission(string $controllerClassname, string $permission): void { @@ -77,12 +72,12 @@ public static function callWithPermission(string $controllerClassname, string $p } /** - * @throws BadRequest - * @throws Exception - * @throws ReflectionException - * @throws ContainerExceptionInterface - * @throws NotFoundExceptionInterface * @throws \Exception + * @throws \Psr\Container\ContainerExceptionInterface + * @throws \Psr\Container\NotFoundExceptionInterface + * @throws \ReflectionException + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception * @psalm-suppress MixedMethodCall, MixedAssignment */ private static function callController(ContainerInterface $container, string $controllerClassname): void @@ -93,7 +88,7 @@ private static function callController(ContainerInterface $container, string $co $response = $controller($serverRequest); # TODO sspv2 return Symfony\Component\HttpFoundation\Response (Template instance) in SSP v2 - if ($response instanceof \Symfony\Component\HttpFoundation\Response) { + if ($response instanceof Response) { if ($response instanceof Template) { $response->data['messages'] = $container->get(SessionMessagesService::class)->getMessages(); } @@ -126,16 +121,16 @@ private static function callController(ContainerInterface $container, string $co } /** - * @throws BadRequest - * @throws ContainerExceptionInterface - * @throws NotFoundExceptionInterface - * @throws ReflectionException + * @throws \Psr\Container\ContainerExceptionInterface + * @throws \Psr\Container\NotFoundExceptionInterface + * @throws \ReflectionException + * @throws \SimpleSAML\Error\BadRequest * @psalm-suppress MixedAssignment */ protected static function getController(string $controllerClassname, ContainerInterface $container): object { if (!class_exists($controllerClassname)) { - throw new BadRequest("Controller does not exist: $controllerClassname"); + throw new Error\BadRequest("Controller does not exist: $controllerClassname"); } $controllerReflectionClass = new ReflectionClass($controllerClassname); diff --git a/src/Services/SessionMessagesService.php b/src/Services/SessionMessagesService.php index 799825a8..2e6a0267 100644 --- a/src/Services/SessionMessagesService.php +++ b/src/Services/SessionMessagesService.php @@ -16,7 +16,6 @@ namespace SimpleSAML\Module\oidc\Services; -use Exception; use SimpleSAML\Session; class SessionMessagesService @@ -26,7 +25,7 @@ public function __construct(private readonly Session $session) } /** - * @throws Exception + * @throws \Exception */ public function addMessage(string $value): void { diff --git a/src/Services/SessionService.php b/src/Services/SessionService.php index 00204021..aaeccd3c 100644 --- a/src/Services/SessionService.php +++ b/src/Services/SessionService.php @@ -4,7 +4,6 @@ namespace SimpleSAML\Module\oidc\Services; -use Exception; use SimpleSAML\Module\oidc\Server\Associations\Interfaces\RelyingPartyAssociationInterface; use SimpleSAML\Session; @@ -36,7 +35,7 @@ public function getSessionById(string $id): ?Session } /** - * @throws Exception + * @throws \Exception */ public function setIsCookieBasedAuthn(bool $isCookieBasedAuthn): void { @@ -64,7 +63,7 @@ public function getIsCookieBasedAuthn(): ?bool } /** - * @throws Exception + * @throws \Exception */ public function addRelyingPartyAssociation(RelyingPartyAssociationInterface $association): void { @@ -94,7 +93,7 @@ public function getRelyingPartyAssociations(): array } /** - * @return array + * @return \SimpleSAML\Module\oidc\Server\Associations\Interfaces\RelyingPartyAssociationInterface[] */ public static function getRelyingPartyAssociationsForSession(Session $session): array { @@ -112,7 +111,7 @@ public static function getRelyingPartyAssociationsForSession(Session $session): } /** - * @throws Exception + * @throws \Exception */ public function clearRelyingPartyAssociations(): void { @@ -120,7 +119,7 @@ public function clearRelyingPartyAssociations(): void } /** - * @throws Exception + * @throws \Exception */ public static function clearRelyingPartyAssociationsForSession(Session $session): void { @@ -133,7 +132,7 @@ public static function clearRelyingPartyAssociationsForSession(Session $session) } /** - * @throws Exception + * @throws \Exception */ public function setIsAuthnPerformedInPreviousRequest(bool $isAuthnPerformedInPreviousRequest): void { @@ -154,7 +153,7 @@ public function getIsAuthnPerformedInPreviousRequest(): bool } /** - * @throws Exception + * @throws \Exception */ public function registerLogoutHandler(string $authSourceId, string $className, string $functionName): void { @@ -163,7 +162,7 @@ public function registerLogoutHandler(string $authSourceId, string $className, s /** * Set indication if logout was initiated using OIDC protocol. - * @throws Exception + * @throws \Exception */ public function setIsOidcInitiatedLogout(bool $isOidcInitiatedLogout): void { diff --git a/src/Stores/Session/LogoutTicketStoreDb.php b/src/Stores/Session/LogoutTicketStoreDb.php index f0b39a2d..5c3887f5 100644 --- a/src/Stores/Session/LogoutTicketStoreDb.php +++ b/src/Stores/Session/LogoutTicketStoreDb.php @@ -5,7 +5,6 @@ namespace SimpleSAML\Module\oidc\Stores\Session; use DateInterval; -use Exception; use PDO; use SimpleSAML\Database; use SimpleSAML\Module\oidc\Utils\TimestampGenerator; @@ -41,7 +40,7 @@ public function add(string $sid): void } /** - * @throws Exception + * @throws \Exception */ public function delete(string $sid): void { @@ -55,7 +54,7 @@ public function delete(string $sid): void /** * @inheritDoc - * @throws Exception + * @throws \Exception */ public function deleteMultiple(array $sids): void { @@ -82,7 +81,7 @@ public function deleteMultiple(array $sids): void } /** - * @throws Exception + * @throws \Exception */ public function getAll(): array { @@ -91,7 +90,7 @@ public function getAll(): array } /** - * @throws Exception + * @throws \Exception */ protected function deleteExpired(): void { diff --git a/src/Utils/Checker/Interfaces/RequestRuleInterface.php b/src/Utils/Checker/Interfaces/RequestRuleInterface.php index fb33abfc..5903ce22 100644 --- a/src/Utils/Checker/Interfaces/RequestRuleInterface.php +++ b/src/Utils/Checker/Interfaces/RequestRuleInterface.php @@ -5,7 +5,6 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Interfaces; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\LoggerService; interface RequestRuleInterface @@ -18,13 +17,14 @@ public function getKey(): string; /** * Check specific rule. - * @param ResultBagInterface $currentResultBag ResultBag with all results of the checks performed to current check + * @param \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface $currentResultBag + * ResultBag with all results of the checks performed to current check * @param array $data Data which will be available during check. * @param bool $useFragmentInHttpErrorResponses Indicate that in case of HTTP error responses, params should be - * returned in URI fragment instead of query. + * returned in URI fragment instead of query. * @param string[] $allowedServerRequestMethods Indicate allowed HTTP methods used for request - * @return ResultInterface|null Result of the specific check - * @throws OidcServerException If check fails + * @return \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface|null Result of the specific check + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException If check fails */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Interfaces/ResultBagInterface.php b/src/Utils/Checker/Interfaces/ResultBagInterface.php index 122ebe60..c63cadcf 100644 --- a/src/Utils/Checker/Interfaces/ResultBagInterface.php +++ b/src/Utils/Checker/Interfaces/ResultBagInterface.php @@ -4,8 +4,6 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Interfaces; -use Throwable; - interface ResultBagInterface { /** @@ -20,13 +18,13 @@ public function get(string $key): ?ResultInterface; /** * Get specific result or fail if it doesn't exits. - * @throws Throwable If result with specific key is not present. + * @throws \Throwable If result with specific key is not present. */ public function getOrFail(string $key): ResultInterface; /** * Get all results. - * @return ResultInterface[] + * @return \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface[] */ public function getAll(): array; diff --git a/src/Utils/Checker/RequestRulesManager.php b/src/Utils/Checker/RequestRulesManager.php index c57ca15a..6e78cc17 100644 --- a/src/Utils/Checker/RequestRulesManager.php +++ b/src/Utils/Checker/RequestRulesManager.php @@ -6,7 +6,6 @@ use LogicException; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\RequestRuleInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; @@ -16,14 +15,10 @@ class RequestRulesManager { - /** - * @var RequestRuleInterface[] $rules - */ + /** @var \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\RequestRuleInterface[] $rules */ private array $rules = []; - /** - * @var ResultBagInterface $resultBag - */ + /** @var \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface $resultBag */ protected ResultBagInterface $resultBag; /** @var array $data Which will be available during each check */ @@ -31,7 +26,7 @@ class RequestRulesManager /** * RequestRulesManager constructor. - * @param RequestRuleInterface[] $rules + * @param \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\RequestRuleInterface[] $rules */ public function __construct(array $rules = [], protected LoggerService $loggerService = new LoggerService()) { @@ -52,7 +47,7 @@ public function add(RequestRuleInterface $rule): void * @param bool $useFragmentInHttpErrorResponses Indicate that in case of HTTP error responses, params should be * returned in URI fragment instead of query. * @param string[] $allowedServerRequestMethods Indicate allowed HTTP methods used for request - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function check( ServerRequestInterface $request, diff --git a/src/Utils/Checker/ResultBag.php b/src/Utils/Checker/ResultBag.php index 6d506cf9..8fd453fa 100644 --- a/src/Utils/Checker/ResultBag.php +++ b/src/Utils/Checker/ResultBag.php @@ -13,12 +13,12 @@ class ResultBag implements ResultBagInterface { /** - * @var ResultInterface[] $results + * @var \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface[] $results */ protected array $results = []; /** - * @param ResultInterface $result + * @param \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface $result */ public function add(ResultInterface $result): void { @@ -27,7 +27,7 @@ public function add(ResultInterface $result): void /** * @param string $key - * @return ResultInterface|null + * @return \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface|null */ public function get(string $key): ?ResultInterface { @@ -36,7 +36,7 @@ public function get(string $key): ?ResultInterface /** * @param string $key - * @return ResultInterface + * @return \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface */ public function getOrFail(string $key): ResultInterface { @@ -50,7 +50,7 @@ public function getOrFail(string $key): ResultInterface } /** - * @return ResultInterface[] + * @return \SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface[] */ public function getAll(): array { diff --git a/src/Utils/Checker/Rules/AcrValuesRule.php b/src/Utils/Checker/Rules/AcrValuesRule.php index b70823f6..7cf7c7b1 100644 --- a/src/Utils/Checker/Rules/AcrValuesRule.php +++ b/src/Utils/Checker/Rules/AcrValuesRule.php @@ -29,7 +29,7 @@ public function checkRule( ]; // Check if RequestedClaims rule contains acr - /** @var Result $requestedClaimsResult */ + /** @var \SimpleSAML\Module\oidc\Utils\Checker\Result $requestedClaimsResult */ if (($requestedClaimsResult = $currentResultBag->get(RequestedClaimsRule::class)) !== null) { // Format: https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests /** diff --git a/src/Utils/Checker/Rules/AddClaimsToIdTokenRule.php b/src/Utils/Checker/Rules/AddClaimsToIdTokenRule.php index c6e01cf5..b7d7baab 100644 --- a/src/Utils/Checker/Rules/AddClaimsToIdTokenRule.php +++ b/src/Utils/Checker/Rules/AddClaimsToIdTokenRule.php @@ -9,13 +9,12 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class AddClaimsToIdTokenRule extends AbstractRule { /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/CodeChallengeMethodRule.php b/src/Utils/Checker/Rules/CodeChallengeMethodRule.php index 04528d6c..c4122bad 100644 --- a/src/Utils/Checker/Rules/CodeChallengeMethodRule.php +++ b/src/Utils/Checker/Rules/CodeChallengeMethodRule.php @@ -11,7 +11,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class CodeChallengeMethodRule extends AbstractRule { @@ -20,8 +19,8 @@ public function __construct(protected CodeChallengeVerifiersRepository $codeChal } /** - * @throws Throwable - * @throws OidcServerException + * @throws \Throwable + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/CodeChallengeRule.php b/src/Utils/Checker/Rules/CodeChallengeRule.php index 1c6bb8e2..69ad37fb 100644 --- a/src/Utils/Checker/Rules/CodeChallengeRule.php +++ b/src/Utils/Checker/Rules/CodeChallengeRule.php @@ -10,13 +10,12 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class CodeChallengeRule extends AbstractRule { /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/IdTokenHintRule.php b/src/Utils/Checker/Rules/IdTokenHintRule.php index b4069b88..a928c0c8 100644 --- a/src/Utils/Checker/Rules/IdTokenHintRule.php +++ b/src/Utils/Checker/Rules/IdTokenHintRule.php @@ -6,12 +6,11 @@ use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Key\InMemory; -use Lcobucci\JWT\UnencryptedToken; use Lcobucci\JWT\Validation\Constraint\IssuedBy; use Lcobucci\JWT\Validation\Constraint\SignedWith; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Factories\CryptKeyFactory; +use SimpleSAML\Module\oidc\ModuleConfig; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; @@ -29,7 +28,7 @@ public function __construct( /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -73,7 +72,7 @@ public function checkRule( } try { - /** @var UnencryptedToken $idTokenHint */ + /** @var \Lcobucci\JWT\UnencryptedToken $idTokenHint */ $idTokenHint = $jwtConfig->parser()->parse($idTokenHintParam); /** @psalm-suppress ArgumentTypeCoercion */ diff --git a/src/Utils/Checker/Rules/MaxAgeRule.php b/src/Utils/Checker/Rules/MaxAgeRule.php index 8461fb91..7a53f258 100644 --- a/src/Utils/Checker/Rules/MaxAgeRule.php +++ b/src/Utils/Checker/Rules/MaxAgeRule.php @@ -5,7 +5,6 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Rules; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Factories\AuthSimpleFactory; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\AuthenticationService; @@ -14,8 +13,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; use SimpleSAML\Utils\HTTP; -use SimpleSAML\Error; -use Throwable; class MaxAgeRule extends AbstractRule { @@ -26,12 +23,12 @@ public function __construct( } /** - * @throws Error\AuthSource - * @throws Throwable - * @throws Error\BadRequest - * @throws OidcServerException - * @throws Error\NotFound - * @throws Error\Exception + * @throws \SimpleSAML\Error\AuthSource + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/PostLogoutRedirectUriRule.php b/src/Utils/Checker/Rules/PostLogoutRedirectUriRule.php index 0f55d7c7..85c73ac2 100644 --- a/src/Utils/Checker/Rules/PostLogoutRedirectUriRule.php +++ b/src/Utils/Checker/Rules/PostLogoutRedirectUriRule.php @@ -4,7 +4,6 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Rules; -use Lcobucci\JWT\UnencryptedToken; use Psr\Http\Message\ServerRequestInterface; use SimpleSAML\Module\oidc\Repositories\ClientRepository; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; @@ -12,7 +11,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class PostLogoutRedirectUriRule extends AbstractRule { @@ -22,7 +20,7 @@ public function __construct(protected ClientRepository $clientRepository) /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -35,7 +33,7 @@ public function checkRule( /** @var string|null $state */ $state = $currentResultBag->getOrFail(StateRule::class)->getValue(); - /** @var UnencryptedToken|null $idTokenHint */ + /** @var \Lcobucci\JWT\UnencryptedToken|null $idTokenHint */ $idTokenHint = $currentResultBag->getOrFail(IdTokenHintRule::class)->getValue(); $postLogoutRedirectUri = $this->getParamFromRequestBasedOnAllowedMethods( diff --git a/src/Utils/Checker/Rules/PromptRule.php b/src/Utils/Checker/Rules/PromptRule.php index fae74633..93e232fa 100644 --- a/src/Utils/Checker/Rules/PromptRule.php +++ b/src/Utils/Checker/Rules/PromptRule.php @@ -6,7 +6,6 @@ use League\OAuth2\Server\Exception\OAuthServerException; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Factories\AuthSimpleFactory; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\AuthenticationService; @@ -14,8 +13,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Utils\HTTP; -use SimpleSAML\Error; -use Throwable; class PromptRule extends AbstractRule { @@ -26,13 +23,13 @@ public function __construct( } /** - * @throws Error\AuthSource - * @throws Error\BadRequest - * @throws Error\Exception - * @throws OAuthServerException - * @throws Throwable - * @throws OidcServerException - * @throws Error\NotFound + * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @throws \SimpleSAML\Error\AuthSource + * @throws \SimpleSAML\Error\BadRequest + * @throws \SimpleSAML\Error\Exception + * @throws \SimpleSAML\Error\NotFound + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -42,7 +39,7 @@ public function checkRule( bool $useFragmentInHttpErrorResponses = false, array $allowedServerRequestMethods = ['GET'], ): ?ResultInterface { - /** @var ClientEntityInterface $client */ + /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */ $client = $currentResultBag->getOrFail(ClientIdRule::class)->getValue(); $authSimple = $this->authSimpleFactory->build($client); diff --git a/src/Utils/Checker/Rules/RedirectUriRule.php b/src/Utils/Checker/Rules/RedirectUriRule.php index 2d1ba31d..8cc2ab98 100644 --- a/src/Utils/Checker/Rules/RedirectUriRule.php +++ b/src/Utils/Checker/Rules/RedirectUriRule.php @@ -12,13 +12,12 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class RedirectUriRule extends AbstractRule { /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/RequestParameterRule.php b/src/Utils/Checker/Rules/RequestParameterRule.php index 4bd25160..89d98f14 100644 --- a/src/Utils/Checker/Rules/RequestParameterRule.php +++ b/src/Utils/Checker/Rules/RequestParameterRule.php @@ -9,13 +9,12 @@ use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; -use Throwable; class RequestParameterRule extends AbstractRule { /** - * @throws Throwable - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/RequestedClaimsRule.php b/src/Utils/Checker/Rules/RequestedClaimsRule.php index 59dded79..c635fe2f 100644 --- a/src/Utils/Checker/Rules/RequestedClaimsRule.php +++ b/src/Utils/Checker/Rules/RequestedClaimsRule.php @@ -5,13 +5,11 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Rules; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; use SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor; -use Throwable; class RequestedClaimsRule extends AbstractRule { @@ -21,7 +19,7 @@ public function __construct(private readonly ClaimTranslatorExtractor $claimExtr /** - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -41,7 +39,7 @@ public function checkRule( if (is_null($claims)) { return null; } - /** @var ClientEntityInterface $client */ + /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */ $client = $currentResultBag->getOrFail(ClientIdRule::class)->getValue(); $authorizedClaims = []; diff --git a/src/Utils/Checker/Rules/RequiredNonceRule.php b/src/Utils/Checker/Rules/RequiredNonceRule.php index 70b0d1d6..8108ca8b 100644 --- a/src/Utils/Checker/Rules/RequiredNonceRule.php +++ b/src/Utils/Checker/Rules/RequiredNonceRule.php @@ -10,13 +10,12 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class RequiredNonceRule extends AbstractRule { /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, diff --git a/src/Utils/Checker/Rules/RequiredOpenIdScopeRule.php b/src/Utils/Checker/Rules/RequiredOpenIdScopeRule.php index 2bde9ada..bdd527ec 100644 --- a/src/Utils/Checker/Rules/RequiredOpenIdScopeRule.php +++ b/src/Utils/Checker/Rules/RequiredOpenIdScopeRule.php @@ -4,20 +4,18 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Rules; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use Psr\Http\Message\ServerRequestInterface; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class RequiredOpenIdScopeRule extends AbstractRule { /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -31,7 +29,7 @@ public function checkRule( $redirectUri = $currentResultBag->getOrFail(RedirectUriRule::class)->getValue(); /** @var string|null $state */ $state = $currentResultBag->getOrFail(StateRule::class)->getValue(); - /** @var ScopeEntityInterface[] $validScopes */ + /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $validScopes */ $validScopes = $currentResultBag->getOrFail(ScopeRule::class)->getValue(); $isOpenIdScopePresent = (bool) array_filter( diff --git a/src/Utils/Checker/Rules/ScopeOfflineAccessRule.php b/src/Utils/Checker/Rules/ScopeOfflineAccessRule.php index 8ca17c33..c2c61542 100644 --- a/src/Utils/Checker/Rules/ScopeOfflineAccessRule.php +++ b/src/Utils/Checker/Rules/ScopeOfflineAccessRule.php @@ -4,22 +4,19 @@ namespace SimpleSAML\Module\oidc\Utils\Checker\Rules; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use Psr\Http\Message\ServerRequestInterface; -use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface; use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException; use SimpleSAML\Module\oidc\Services\LoggerService; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; use SimpleSAML\Module\oidc\Utils\ScopeHelper; -use Throwable; class ScopeOfflineAccessRule extends AbstractRule { /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -33,9 +30,9 @@ public function checkRule( $redirectUri = $currentResultBag->getOrFail(RedirectUriRule::class)->getValue(); /** @var string|null $state */ $state = $currentResultBag->getOrFail(StateRule::class)->getValue(); - /** @var ClientEntityInterface $client */ + /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */ $client = $currentResultBag->getOrFail(ClientIdRule::class)->getValue(); - /** @var ScopeEntityInterface[] $validScopes */ + /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $validScopes */ $validScopes = $currentResultBag->getOrFail(ScopeRule::class)->getValue(); // Check if offline_access scope is used. If not, we don't have to check anything else. diff --git a/src/Utils/Checker/Rules/ScopeRule.php b/src/Utils/Checker/Rules/ScopeRule.php index 42321499..1c47ba04 100644 --- a/src/Utils/Checker/Rules/ScopeRule.php +++ b/src/Utils/Checker/Rules/ScopeRule.php @@ -12,7 +12,6 @@ use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultBagInterface; use SimpleSAML\Module\oidc\Utils\Checker\Interfaces\ResultInterface; use SimpleSAML\Module\oidc\Utils\Checker\Result; -use Throwable; class ScopeRule extends AbstractRule { @@ -22,7 +21,7 @@ public function __construct(protected ScopeRepositoryInterface $scopeRepository) /** * @inheritDoc - * @throws Throwable + * @throws \Throwable */ public function checkRule( ServerRequestInterface $request, @@ -65,7 +64,7 @@ public function checkRule( * Converts a scopes query string to an array to easily iterate for validation. * * @return string[] - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ protected function convertScopesQueryStringToArray(string $scopes, string $scopeDelimiterString): array { diff --git a/src/Utils/ClaimTranslatorExtractor.php b/src/Utils/ClaimTranslatorExtractor.php index 3ff32978..0a9c31df 100644 --- a/src/Utils/ClaimTranslatorExtractor.php +++ b/src/Utils/ClaimTranslatorExtractor.php @@ -129,7 +129,7 @@ class ClaimTranslatorExtractor * ClaimTranslatorExtractor constructor. * * @param ClaimSetEntity[] $claimSets - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function __construct( string $userIdAttr, @@ -191,7 +191,7 @@ public function __construct( } /** - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public function addClaimSet(ClaimSetEntityInterface $claimSet): self { @@ -284,7 +284,7 @@ private function convertType(string $type, mixed $attributes): mixed } /** - * @param array $scopes + * @param array $scopes */ public function extract(array $scopes, array $claims): array { diff --git a/src/Utils/FingerprintGenerator.php b/src/Utils/FingerprintGenerator.php index a69093ac..a7cdc965 100644 --- a/src/Utils/FingerprintGenerator.php +++ b/src/Utils/FingerprintGenerator.php @@ -22,8 +22,9 @@ public static function forFile(string $path, string $algo = 'md5'): string $fingerprint = hash_file($algo, $path); if (false === (bool) $fingerprint) { - throw new InvalidArgumentException('Could not create a fingerprint for provided file using' . - ' provided algorithm.'); + throw new InvalidArgumentException( + 'Could not create a fingerprint for provided file using provided algorithm.', + ); } return $fingerprint; @@ -36,15 +37,16 @@ public static function forFile(string $path, string $algo = 'md5'): string * @param string $algo One of the supported algorithms (see hash_algos() function) * @return string * - * @throws InvalidArgumentException + * @throws \InvalidArgumentException */ public static function forString(string $content, string $algo = 'md5'): string { $fingerprint = hash($algo, $content); if (false === (bool) $fingerprint) { - throw new InvalidArgumentException('Could not create a fingerprint for provided content using' . - ' provided algorithm.'); + throw new InvalidArgumentException( + 'Could not create a fingerprint for provided content using provided algorithm.', + ); } return $fingerprint; diff --git a/src/Utils/ScopeHelper.php b/src/Utils/ScopeHelper.php index 5a74dee6..339b6ffb 100644 --- a/src/Utils/ScopeHelper.php +++ b/src/Utils/ScopeHelper.php @@ -10,8 +10,8 @@ class ScopeHelper { /** - * @param ScopeEntityInterface[] $scopes - * @throws OidcServerException + * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public static function scopeExists(array $scopes, string $scopeIdentifier): bool { diff --git a/src/Utils/TimestampGenerator.php b/src/Utils/TimestampGenerator.php index ced00daf..d855af4d 100644 --- a/src/Utils/TimestampGenerator.php +++ b/src/Utils/TimestampGenerator.php @@ -18,12 +18,11 @@ use DateTime; use DateTimeImmutable; use DateTimeZone; -use Exception; class TimestampGenerator { /** - * @throws Exception + * @throws \Exception */ public static function utc(string $time = 'now'): DateTime { @@ -31,7 +30,7 @@ public static function utc(string $time = 'now'): DateTime } /** - * @throws Exception + * @throws \Exception */ public static function utcImmutable(string $time = 'now'): DateTimeImmutable { diff --git a/src/Utils/UniqueIdentifierGenerator.php b/src/Utils/UniqueIdentifierGenerator.php index ed548817..5c82c49a 100644 --- a/src/Utils/UniqueIdentifierGenerator.php +++ b/src/Utils/UniqueIdentifierGenerator.php @@ -12,7 +12,7 @@ class UniqueIdentifierGenerator /** * Generate a new unique identifier. * - * @throws OidcServerException + * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException */ public static function hitMe(int $length = 40): string { diff --git a/tests/src/Controller/JwksControllerTest.php b/tests/src/Controller/JwksControllerTest.php index 66d09549..363427a2 100644 --- a/tests/src/Controller/JwksControllerTest.php +++ b/tests/src/Controller/JwksControllerTest.php @@ -4,11 +4,11 @@ namespace SimpleSAML\Test\Module\oidc\Controller; +use Laminas\Diactoros\ServerRequest; use PHPUnit\Framework\MockObject\Exception; use PHPUnit\Framework\MockObject\MockObject; -use Laminas\Diactoros\ServerRequest; -use SimpleSAML\Module\oidc\Controller\JwksController; use PHPUnit\Framework\TestCase; +use SimpleSAML\Module\oidc\Controller\JwksController; use SimpleSAML\Module\oidc\Services\JsonWebKeySetService; /**