Project-Pro/drmaterac.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2025-10-20 14:10:54 +02:00
parent 75ca8fd840
commit d2c1970ef8
732 changed files with 101915 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
modules/pshowsso/vendor/patrickbussmann/oauth2-apple/src/Provider/Apple.php vendored Normal file
View File

@@ -0,0 +1,254 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider;
use Exception;
use Pshowsso\Scope68f5e85e9608b\Firebase\JWT\JWK;
use InvalidArgumentException;
use Pshowsso\Scope68f5e85e9608b\Lcobucci\JWT\Configuration;
use Pshowsso\Scope68f5e85e9608b\Lcobucci\JWT\Signer\Key\InMemory;
use Pshowsso\Scope68f5e85e9608b\Lcobucci\JWT\Signer;
use Pshowsso\Scope68f5e85e9608b\Lcobucci\JWT\Signer\Key;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Grant\AbstractGrant;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\Exception\AppleAccessDeniedException;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token\AccessToken;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token\AccessTokenInterface;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token\AppleAccessToken;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface;
class Apple extends AbstractProvider
{
use BearerAuthorizationTrait;
/**
* Default scopes
*
* @var array
*/
public $defaultScopes = ['name', 'email'];
/**
* @var string the team id
*/
protected $teamId;
/**
* @var string the key file id
*/
protected $keyFileId;
/**
* @var string the key file path
*/
protected $keyFilePath;
/**
* Constructs Apple's OAuth 2.0 service provider.
*
* @param array $options
* @param array $collaborators
*/
public function __construct(array $options = [], array $collaborators = [])
{
if (empty($options['teamId'])) {
throw new InvalidArgumentException('Required option not passed: "teamId"');
}
if (empty($options['keyFileId'])) {
throw new InvalidArgumentException('Required option not passed: "keyFileId"');
}
if (empty($options['keyFilePath'])) {
throw new InvalidArgumentException('Required option not passed: "keyFilePath"');
}
parent::__construct($options, $collaborators);
}
/**
* Creates an access token from a response.
*
* The grant that was used to fetch the response can be used to provide
* additional context.
*
* @param array $response
* @param AbstractGrant $grant
* @return AccessTokenInterface
*/
protected function createAccessToken(array $response, AbstractGrant $grant)
{
return new AppleAccessToken($this->getAppleKeys(), $response);
}
/**
* @return string[] Apple's JSON Web Keys
*/
private function getAppleKeys()
{
$response = $this->httpClient->request('GET', 'https://appleid.apple.com/auth/keys');
if ($response && $response->getStatusCode() === 200) {
return JWK::parseKeySet(json_decode($response->getBody()->__toString(), \true));
}
return [];
}
/**
* Get the string used to separate scopes.
*
* @return string
*/
protected function getScopeSeparator()
{
return ' ';
}
/**
* Change response mode when scope requires it
*
* @param array $options
*
* @return array
*/
protected function getAuthorizationParameters(array $options)
{
$options = parent::getAuthorizationParameters($options);
if (strpos($options['scope'], 'name') !== \false || strpos($options['scope'], 'email') !== \false) {
$options['response_mode'] = 'form_post';
}
return $options;
}
/**
* @param AccessToken $token
*
* @return mixed
*/
protected function fetchResourceOwnerDetails(AccessToken $token)
{
return json_decode(array_key_exists('user', $_GET) ? $_GET['user'] : (array_key_exists('user', $_POST) ? $_POST['user'] : '[]'), \true) ?: [];
}
/**
* Get authorization url to begin OAuth flow
*
* @return string
*/
public function getBaseAuthorizationUrl()
{
return 'https://appleid.apple.com/auth/authorize';
}
/**
* Get access token url to retrieve token
*
* @return string
*/
public function getBaseAccessTokenUrl(array $params)
{
return 'https://appleid.apple.com/auth/token';
}
/**
* Get revoke token url to revoke token
*
* @return string
*/
public function getBaseRevokeTokenUrl(array $params)
{
return 'https://appleid.apple.com/auth/revoke';
}
/**
* Get provider url to fetch user details
*
* @param AccessToken $token
*
* @return string
* @throws Exception
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
throw new Exception('No Apple ID REST API available yet!');
}
/**
* Get the default scopes used by this provider.
*
* This should not be a complete list of all scopes, but the minimum
* required for the provider user interface!
*
* @return array
*/
protected function getDefaultScopes()
{
return $this->defaultScopes;
}
/**
* Check a provider response for errors.
*
* @param ResponseInterface $response
* @param array $data Parsed response data
* @return void
* @throws AppleAccessDeniedException
*/
protected function checkResponse(ResponseInterface $response, $data)
{
if ($response->getStatusCode() >= 400) {
throw new AppleAccessDeniedException(array_key_exists('error', $data) ? $data['error'] : $response->getReasonPhrase(), array_key_exists('code', $data) ? $data['code'] : $response->getStatusCode(), $response);
}
}
/**
* Generate a user object from a successful user details request.
*
* @param array $response
* @param AccessToken $token
* @return AppleResourceOwner
*/
protected function createResourceOwner(array $response, AccessToken $token)
{
return new AppleResourceOwner(array_merge(['sub' => $token->getResourceOwnerId()], $response, ['email' => isset($token->getValues()['email']) ? $token->getValues()['email'] : (isset($response['email']) ? $response['email'] : null), 'isPrivateEmail' => $token instanceof AppleAccessToken ? $token->isPrivateEmail() : null]), $token->getResourceOwnerId());
}
/**
* {@inheritDoc}
*/
public function getAccessToken($grant, array $options = [])
{
$configuration = $this->getConfiguration();
$time = new \DateTimeImmutable();
$time = $time->setTime($time->format('H'), $time->format('i'), $time->format('s'));
$expiresAt = $time->modify('+1 Hour');
$expiresAt = $expiresAt->setTime($expiresAt->format('H'), $expiresAt->format('i'), $expiresAt->format('s'));
$token = $configuration->builder()->issuedBy($this->teamId)->permittedFor('https://appleid.apple.com')->issuedAt($time)->expiresAt($expiresAt)->relatedTo($this->clientId)->withHeader('alg', 'ES256')->withHeader('kid', $this->keyFileId)->getToken($configuration->signer(), $configuration->signingKey());
$options += ['client_secret' => $token->toString()];
return parent::getAccessToken($grant, $options);
}
/**
* Revokes an access or refresh token using a specified token.
*
* @param string $token
* @param string|null $tokenTypeHint
* @return \Psr\Http\Message\RequestInterface
*/
public function revokeAccessToken($token, $tokenTypeHint = null)
{
$configuration = $this->getConfiguration();
$time = new \DateTimeImmutable();
$time = $time->setTime($time->format('H'), $time->format('i'), $time->format('s'));
$expiresAt = $time->modify('+1 Hour');
$expiresAt = $expiresAt->setTime($expiresAt->format('H'), $expiresAt->format('i'), $expiresAt->format('s'));
$clientSecret = $configuration->builder()->issuedBy($this->teamId)->permittedFor('https://appleid.apple.com')->issuedAt($time)->expiresAt($expiresAt)->relatedTo($this->clientId)->withHeader('alg', 'ES256')->withHeader('kid', $this->keyFileId)->getToken($configuration->signer(), $configuration->signingKey());
$params = ['client_id' => $this->clientId, 'client_secret' => $clientSecret->toString(), 'token' => $token];
if ($tokenTypeHint !== null) {
$params += ['token_type_hint' => $tokenTypeHint];
}
$method = $this->getAccessTokenMethod();
$url = $this->getBaseRevokeTokenUrl($params);
if (property_exists($this, 'optionProvider')) {
$options = $this->optionProvider->getAccessTokenOptions(self::METHOD_POST, $params);
} else {
$options = $this->getAccessTokenOptions($params);
}
$request = $this->getRequest($method, $url, $options);
return $this->getParsedResponse($request);
}
/**
* @return Configuration
*/
public function getConfiguration()
{
if (method_exists(Signer\Ecdsa\Sha256::class, 'create')) {
return Configuration::forSymmetricSigner(Signer\Ecdsa\Sha256::create(), $this->getLocalKey());
} else {
return Configuration::forSymmetricSigner(new Signer\Ecdsa\Sha256(), $this->getLocalKey());
}
}
/**
* @return Key
*/
public function getLocalKey()
{
return InMemory::file($this->keyFilePath);
}
}

98
modules/pshowsso/vendor/patrickbussmann/oauth2-apple/src/Provider/AppleResourceOwner.php vendored Normal file
View File

@@ -0,0 +1,98 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Tool\ArrayAccessorTrait;
/**
* @property array $response
* @property string $uid
*/
class AppleResourceOwner extends GenericResourceOwner
{
use ArrayAccessorTrait;
/**
* Raw response
*
* @var array
*/
protected $response = [];
/**
* @var string|null
*/
private $email;
/**
* @var boolean true when its private relay from apple else the user mail address
*/
private $isPrivateEmail;
/**
* Gets resource owner attribute by key. The key supports dot notation.
*
* @param string $key
*
* @return mixed
*/
public function getAttribute($key)
{
return $this->getValueByKey($this->response, (string) $key);
}
/**
* Get user first name
*
* @return string|null
*/
public function getFirstName()
{
$name = $this->getAttribute('name');
if (isset($name)) {
return $name['firstName'];
}
return null;
}
/**
* Get user user id
*
* @return string|null
*/
public function getId()
{
return $this->resourceOwnerId;
}
/**
* Get user last name
*
* @return string|null
*/
public function getLastName()
{
$name = $this->getAttribute('name');
if (isset($name)) {
return $name['lastName'];
}
return null;
}
/**
* Get user email, if available
*
* @return string|null
*/
public function getEmail()
{
return $this->getAttribute('email');
}
/**
* @return bool
*/
public function isPrivateEmail()
{
return (bool) $this->getAttribute('isPrivateEmail');
}
/**
* Return all of the owner details available as an array.
*
* @return array
*/
public function toArray()
{
return $this->response;
}
}

7
modules/pshowsso/vendor/patrickbussmann/oauth2-apple/src/Provider/Exception/AppleAccessDeniedException.php vendored Normal file
View File

@@ -0,0 +1,7 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\Exception;
class AppleAccessDeniedException extends IdentityProviderException
{
}

103
modules/pshowsso/vendor/patrickbussmann/oauth2-apple/src/Token/AppleAccessToken.php vendored Normal file
View File

@@ -0,0 +1,103 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token;
use Pshowsso\Scope68f5e85e9608b\Firebase\JWT\JWT;
use Pshowsso\Scope68f5e85e9608b\Firebase\JWT\Key;
use InvalidArgumentException;
class AppleAccessToken extends AccessToken
{
/**
* @var string
*/
protected $idToken;
/**
* @var string
*/
protected $email;
/**
* @var boolean
*/
protected $isPrivateEmail;
/**
* Constructs an access token.
*
* @param Key[] $keys Valid Apple JWT keys
* @param array $options An array of options returned by the service provider
* in the access token request. The `access_token` option is required.
* @throws InvalidArgumentException if `access_token` is not provided in `$options`.
*
* @throws \Exception
*/
public function __construct(array $keys, array $options = [])
{
if (array_key_exists('refresh_token', $options)) {
if (empty($options['id_token'])) {
throw new InvalidArgumentException('Required option not passed: "id_token"');
}
$decoded = null;
$last = end($keys);
foreach ($keys as $key) {
try {
try {
$decoded = JWT::decode($options['id_token'], $key);
} catch (\UnexpectedValueException $e) {
$decodeMethodReflection = new \ReflectionMethod(JWT::class, 'decode');
$decodeMethodParameters = $decodeMethodReflection->getParameters();
// Backwards compatibility for firebase/php-jwt >=5.2.0 <=5.5.1 supported by PHP 5.6
if (array_key_exists(2, $decodeMethodParameters) && 'allowed_algs' === $decodeMethodParameters[2]->getName()) {
$decoded = JWT::decode($options['id_token'], $key, ['RS256']);
} else {
$headers = (object) ['alg' => 'RS256'];
$decoded = JWT::decode($options['id_token'], $key, $headers);
}
}
break;
} catch (\Exception $exception) {
if ($last === $key) {
throw $exception;
}
}
}
if (null === $decoded) {
throw new \Exception('Got no data within "id_token"!');
}
$payload = json_decode(json_encode($decoded), \true);
$options['resource_owner_id'] = $payload['sub'];
if (isset($payload['email_verified']) && $payload['email_verified']) {
$options['email'] = $payload['email'];
}
if (isset($payload['is_private_email'])) {
$this->isPrivateEmail = $payload['is_private_email'];
}
}
parent::__construct($options);
if (isset($options['id_token'])) {
$this->idToken = $options['id_token'];
}
if (isset($options['email'])) {
$this->email = $options['email'];
}
}
/**
* @return string
*/
public function getIdToken()
{
return $this->idToken;
}
/**
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* @return boolean
*/
public function isPrivateEmail()
{
return $this->isPrivateEmail;
}
}