Project-Pro/drmaterac.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2025-10-20 14:10:54 +02:00
parent 75ca8fd840
commit d2c1970ef8
732 changed files with 101915 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
/build
/vendor
composer.phar
composer.lock

35
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/.scrutinizer.yml vendored Normal file
View File

@@ -0,0 +1,35 @@
filter:
excluded_paths: [test/*]
checks:
php:
code_rating: true
remove_extra_empty_lines: true
remove_php_closing_tag: true
remove_trailing_whitespace: true
fix_use_statements:
remove_unused: true
preserve_multiple: false
preserve_blanklines: true
order_alphabetically: true
fix_php_opening_tag: true
fix_linefeed: true
fix_line_ending: true
fix_identation_4spaces: true
fix_doc_comments: true
tools:
external_code_coverage:
timeout: 600
runs: 2
php_analyzer: true
php_code_coverage: false
php_code_sniffer:
config:
standard: PSR2
filter:
paths: ['src']
php_loc:
enabled: true
excluded_dirs: [examples, vendor, test]
php_cpd:
enabled: true
excluded_dirs: [examples, vendor, test]

29
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/.travis.yml vendored Normal file
View File

@@ -0,0 +1,29 @@
language: php
sudo: false
php:
- 7.2
- 7.3
- 7.4
- 8.0
- 8.1
- 8.2
matrix:
include:
- php: 5.6
env: 'COMPOSER_FLAGS="--prefer-stable --prefer-lowest"'
before_script:
- travis_retry composer self-update
- travis_retry composer install --no-interaction --prefer-source --dev
- travis_retry phpenv rehash
script:
- ./vendor/bin/phpcs --standard=psr2 src/
- ./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover
after_script:
- wget https://scrutinizer-ci.com/ocular.phar
- php ocular.phar code-coverage:upload --format=php-clover coverage.clover

74
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/CHANGELOG.md vendored Normal file
View File

@@ -0,0 +1,74 @@
# Changelog
All Notable changes to `oauth2-keycloak` will be documented in this file
## 2.1.0 - 2018-03-12
### Added
- Introduce `getLogoutUrl` method on provider to build and return and authorized logout url - thanks @FlxPeters
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Nothing
### Security
- Nothing
## 2.0.0 - 2017-01-25
### Added
- PHP 7.1 Support
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- PHP 5.5 Support
### Security
- Nothing
## 1.0.0 - 2017-01-25
Bump for base package parity
## 0.2.0 - 2016-12-07
### Added
- JSON Web Token decryption support
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Nothing
### Security
- Nothing
## 0.1.0 - 2015-08-31
### Added
- Initial release!
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Nothing
### Security
- Nothing

42
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/CONTRIBUTING.md vendored Normal file
View File

@@ -0,0 +1,42 @@
# Contributing
Contributions are **welcome** and will be fully **credited**.
We accept contributions via Pull Requests on [Github](https://github.com/stevenmaguire/oauth2-keycloak).
## Pull Requests
- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer).
- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
- **Document any change in behaviour** - Make sure the README and any other relevant documentation are kept up-to-date.
- **Consider our release cycle** - We try to follow SemVer. Randomly breaking public APIs is not an option.
- **Create topic branches** - Don't ask us to pull from your master branch.
- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please squash them before submitting.
- **Ensure tests pass!** - Please run the tests (see below) before submitting your pull request, and make sure they pass. We won't accept a patch until all tests pass.
- **Ensure no coding standards violations** - Please run PHP Code Sniffer using the PSR-2 standard (see below) before submitting your pull request. A violation will cause the build to fail, so please make sure there are no violations. We can't accept a patch if the build fails.
## Running Tests
``` bash
$ ./vendor/bin/phpunit
```
## Running PHP Code Sniffer
``` bash
$ ./vendor/bin/phpcs src --standard=psr2 -sp
```
**Happy coding**!

21
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/LICENSE vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2015 Steven Maguire
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

176
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/README.md vendored Normal file
View File

@@ -0,0 +1,176 @@
# Keycloak Provider for OAuth 2.0 Client
[![Latest Version](https://img.shields.io/github/release/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://github.com/stevenmaguire/oauth2-keycloak/releases)
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
[![Build Status](https://img.shields.io/travis/stevenmaguire/oauth2-keycloak/master.svg?style=flat-square)](https://travis-ci.org/stevenmaguire/oauth2-keycloak)
[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://scrutinizer-ci.com/g/stevenmaguire/oauth2-keycloak/code-structure)
[![Quality Score](https://img.shields.io/scrutinizer/g/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://scrutinizer-ci.com/g/stevenmaguire/oauth2-keycloak)
[![Total Downloads](https://img.shields.io/packagist/dt/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://packagist.org/packages/stevenmaguire/oauth2-keycloak)
This package provides Keycloak OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).
## Installation
To install, use composer:
```
composer require stevenmaguire/oauth2-keycloak
```
## Usage
Usage is the same as The League's OAuth client, using `\Stevenmaguire\OAuth2\Client\Provider\Keycloak` as the provider.
Use `authServerUrl` to specify the Keycloak server URL. You can lookup the correct value from the Keycloak client installer JSON under `auth-server-url`, eg. `http://localhost:8080/auth`.
Use `realm` to specify the Keycloak realm name. You can lookup the correct value from the Keycloak client installer JSON under `resource`, eg. `master`.
### Authorization Code Flow
```php
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
'authServerUrl' => '{keycloak-server-url}',
'realm' => '{keycloak-realm}',
'clientId' => '{keycloak-client-id}',
'clientSecret' => '{keycloak-client-secret}',
'redirectUri' => 'https://example.com/callback-url',
'encryptionAlgorithm' => 'RS256', // optional
'encryptionKeyPath' => '../key.pem' // optional
'encryptionKey' => 'contents_of_key_or_certificate' // optional
'version' => '20.0.1', // optional
]);
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: '.$authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state, make sure HTTP sessions are enabled.');
} else {
// Try to get an access token (using the authorization coe grant)
try {
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
} catch (Exception $e) {
exit('Failed to get access token: '.$e->getMessage());
}
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// Use these details to create a new profile
printf('Hello %s!', $user->getName());
} catch (Exception $e) {
exit('Failed to get resource owner: '.$e->getMessage());
}
// Use this to interact with an API on the users behalf
echo $token->getToken();
}
```
### Refreshing a Token
```php
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
'authServerUrl' => '{keycloak-server-url}',
'realm' => '{keycloak-realm}',
'clientId' => '{keycloak-client-id}',
'clientSecret' => '{keycloak-client-secret}',
'redirectUri' => 'https://example.com/callback-url',
]);
$token = $provider->getAccessToken('refresh_token', ['refresh_token' => $token->getRefreshToken()]);
```
### Handling encryption
If you've configured your Keycloak instance to use encryption, there are some advanced options available to you.
#### Configure the provider to use the same encryption algorithm
```php
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
// ...
'encryptionAlgorithm' => 'RS256',
]);
```
or
```php
$provider->setEncryptionAlgorithm('RS256');
```
#### Configure the provider to use the expected decryption public key or certificate
##### By key value
```php
$key = "-----BEGIN PUBLIC KEY-----\n....\n-----END PUBLIC KEY-----";
// or
// $key = "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----";
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
// ...
'encryptionKey' => $key,
]);
```
or
```php
$provider->setEncryptionKey($key);
```
##### By key path
```php
$keyPath = '../key.pem';
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
// ...
'encryptionKeyPath' => $keyPath,
]);
```
or
```php
$provider->setEncryptionKeyPath($keyPath);
```
## Testing
``` bash
$ ./vendor/bin/phpunit
```
## Contributing
Please see [CONTRIBUTING](https://github.com/stevenmaguire/oauth2-keycloak/blob/master/CONTRIBUTING.md) for details.
## Credits
- [Steven Maguire](https://github.com/stevenmaguire)
- [Martin Stefan](https://github.com/mstefan21)
- [All Contributors](https://github.com/stevenmaguire/oauth2-keycloak/contributors)
## License
The MIT License (MIT). Please see [License File](https://github.com/stevenmaguire/oauth2-keycloak/blob/master/LICENSE) for more information.

51
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/composer.json vendored Normal file
View File

@@ -0,0 +1,51 @@
{
"name": "stevenmaguire\/oauth2-keycloak",
"description": "Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client",
"license": "MIT",
"authors": [
{
"name": "Steven Maguire",
"email": "stevenmaguire@gmail.com",
"homepage": "https:\/\/github.com\/stevenmaguire"
}
],
"keywords": [
"oauth",
"oauth2",
"client",
"authorization",
"authorisation",
"keycloak"
],
"require": {
"php": "~7.2 || ~8.0",
"league\/oauth2-client": "^2.0",
"firebase\/php-jwt": "^6.0"
},
"require-dev": {
"phpunit\/phpunit": "~9.6.4",
"mockery\/mockery": "~1.5.0",
"squizlabs\/php_codesniffer": "~3.7.0"
},
"autoload": {
"psr-4": {
"Pshowsso\\Scope68f5e85e9608b\\Stevenmaguire\\OAuth2\\Client\\": "src\/"
}
},
"autoload-dev": {
"psr-4": {
"Pshowsso\\Scope68f5e85e9608b\\Stevenmaguire\\OAuth2\\Client\\Test\\": "test\/src\/"
}
},
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"scripts": {
"test": [
"@putenv XDEBUG_MODE=coverage",
"phpunit --colors=always"
]
}
}

35
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/examples/index.php vendored Normal file
View File

@@ -0,0 +1,35 @@
<?php
require 'vendor/autoload.php';
\session_start();
$provider = new \Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider\Keycloak(['authServerUrl' => '', 'realm' => '', 'clientId' => '', 'clientSecret' => '', 'redirectUri' => '', 'encryptionAlgorithm' => null, 'encryptionKey' => null, 'encryptionKeyPath' => null]);
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
\header('Location: ' . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
unset($_SESSION['oauth2state']);
exit('Invalid state, make sure HTTP sessions are enabled.');
} else {
// Try to get an access token (using the authorization coe grant)
try {
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
} catch (\Exception $e) {
exit('Failed to get access token: ' . $e->getMessage());
}
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// Use these details to create a new profile
\printf('Hello %s!\n<br>', $user->getName());
} catch (\Exception $e) {
exit('Failed to get resource owner: ' . $e->getMessage());
}
// Use this to interact with an API on the users behalf
echo $token->getToken();
}

33
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist vendored Normal file
View File

@@ -0,0 +1,33 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
bootstrap="vendor/autoload.php"
colors="true"
processIsolation="false"
stopOnFailure="false"
failOnRisky="true"
failOnWarning="true"
>
<coverage includeUncoveredFiles="true"
pathCoverage="false"
ignoreDeprecatedCodeUnits="true"
disableCodeCoverageIgnore="true">
<include>
<directory suffix=".php">src</directory>
</include>
<exclude>
<directory suffix=".php">vendor</directory>
<file>src/autoload.php</file>
</exclude>
<report>
<html outputDirectory="./build/coverage/html"
lowUpperBound="35"
highLowerBound="70"/>
<clover outputFile="./build/coverage/log/coverage.xml"/>
</report>
</coverage>
<testsuites>
<testsuite name="Package Test Suite">
<directory suffix=".php">./test/</directory>
</testsuite>
</testsuites>
</phpunit>

17
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Exception/EncryptionConfigurationException.php vendored Normal file
View File

@@ -0,0 +1,17 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider\Exception;
use Exception;
class EncryptionConfigurationException extends Exception
{
/**
* Returns properly formatted exception when response decryption fails.
*
* @return \Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException
*/
public static function undeterminedEncryption()
{
return new static('The given response may be encrypted and sufficient ' . 'encryption configuration has not been provided.', 400);
}
}

333
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Keycloak.php vendored Normal file
View File

@@ -0,0 +1,333 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider;
use Exception;
use Pshowsso\Scope68f5e85e9608b\Firebase\JWT\JWT;
use Pshowsso\Scope68f5e85e9608b\Firebase\JWT\Key;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\AbstractProvider;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token\AccessToken;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface;
use Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException;
use UnexpectedValueException;
class Keycloak extends AbstractProvider
{
use BearerAuthorizationTrait;
/**
* Keycloak URL, eg. http://localhost:8080/auth.
*
* @var string
*/
public $authServerUrl = null;
/**
* Realm name, eg. demo.
*
* @var string
*/
public $realm = null;
/**
* Encryption algorithm.
*
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
*
* @var string
*/
public $encryptionAlgorithm = null;
/**
* Encryption key.
*
* @var string
*/
public $encryptionKey = null;
/**
* Keycloak version.
*
* @var string
*/
public $version = null;
/**
* Constructs an OAuth 2.0 service provider.
*
* @param array $options An array of options to set on this provider.
* Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
* Individual providers may introduce more options, as needed.
* @param array $collaborators An array of collaborators that may be used to
* override this provider's default behavior. Collaborators include
* `grantFactory`, `requestFactory`, `httpClient`, and `randomFactory`.
* Individual providers may introduce more collaborators, as needed.
*/
public function __construct(array $options = [], array $collaborators = [])
{
if (isset($options['encryptionKeyPath'])) {
$this->setEncryptionKeyPath($options['encryptionKeyPath']);
unset($options['encryptionKeyPath']);
}
if (isset($options['version'])) {
$this->setVersion($options['version']);
}
parent::__construct($options, $collaborators);
}
/**
* Attempts to decrypt the given response.
*
* @param string|array|null $response
*
* @return string|array|null
* @throws EncryptionConfigurationException
*/
public function decryptResponse($response)
{
if (!is_string($response)) {
return $response;
}
if ($this->usesEncryption()) {
return json_decode(json_encode(JWT::decode($response, new Key($this->encryptionKey, $this->encryptionAlgorithm))), \true);
}
throw EncryptionConfigurationException::undeterminedEncryption();
}
/**
* Get authorization url to begin OAuth flow
*
* @return string
*/
public function getBaseAuthorizationUrl()
{
return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/auth';
}
/**
* Get access token url to retrieve token
*
* @param array $params
*
* @return string
*/
public function getBaseAccessTokenUrl(array $params)
{
return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/token';
}
/**
* Get provider url to fetch user details
*
* @param AccessToken $token
*
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/userinfo';
}
/**
* Builds the logout URL.
*
* @param array $options
* @return string Authorization URL
*/
public function getLogoutUrl(array $options = [])
{
$base = $this->getBaseLogoutUrl();
$params = $this->getAuthorizationParameters($options);
// Starting with keycloak 18.0.0, the parameter redirect_uri is no longer supported on logout.
// As of this version the parameter is called post_logout_redirect_uri. In addition to this
// a parameter id_token_hint has to be provided.
if ($this->validateGteVersion('18.0.0')) {
if (isset($options['access_token']) === \true) {
$accessToken = $options['access_token'];
$params['id_token_hint'] = $accessToken->getValues()['id_token'];
$params['post_logout_redirect_uri'] = $params['redirect_uri'];
}
unset($params['redirect_uri']);
}
$query = $this->getAuthorizationQuery($params);
return $this->appendQuery($base, $query);
}
/**
* Get logout url to logout of session token
*
* @return string
*/
private function getBaseLogoutUrl()
{
return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/logout';
}
/**
* Creates base url from provider configuration.
*
* @return string
*/
protected function getBaseUrlWithRealm()
{
return $this->authServerUrl . '/realms/' . $this->realm;
}
/**
* Get the default scopes used by this provider.
*
* This should not be a complete list of all scopes, but the minimum
* required for the provider user interface!
*
* @return string[]
*/
protected function getDefaultScopes()
{
$scopes = ['profile', 'email'];
if ($this->validateGteVersion('20.0.0')) {
$scopes[] = 'openid';
}
return $scopes;
}
/**
* Returns the string that should be used to separate scopes when building
* the URL for requesting an access token.
*
* @return string Scope separator, defaults to ','
*/
protected function getScopeSeparator()
{
return ' ';
}
/**
* Check a provider response for errors.
*
* @throws IdentityProviderException
* @param ResponseInterface $response
* @param string $data Parsed response data
* @return void
*/
protected function checkResponse(ResponseInterface $response, $data)
{
if (!empty($data['error'])) {
$error = $data['error'];
if (isset($data['error_description'])) {
$error .= ': ' . $data['error_description'];
}
throw new IdentityProviderException($error, $response->getStatusCode(), $data);
}
}
/**
* Generate a user object from a successful user details request.
*
* @param array $response
* @param AccessToken $token
* @return KeycloakResourceOwner
*/
protected function createResourceOwner(array $response, AccessToken $token)
{
return new KeycloakResourceOwner($response);
}
/**
* Requests and returns the resource owner of given access token.
*
* @param AccessToken $token
* @return KeycloakResourceOwner
* @throws EncryptionConfigurationException
*/
public function getResourceOwner(AccessToken $token)
{
$response = $this->fetchResourceOwnerDetails($token);
// We are always getting an array. We have to check if it is
// the array we created
if (array_key_exists('jwt', $response)) {
$response = $response['jwt'];
}
$response = $this->decryptResponse($response);
return $this->createResourceOwner($response, $token);
}
/**
* Updates expected encryption algorithm of Keycloak instance.
*
* @param string $encryptionAlgorithm
*
* @return Keycloak
*/
public function setEncryptionAlgorithm($encryptionAlgorithm)
{
$this->encryptionAlgorithm = $encryptionAlgorithm;
return $this;
}
/**
* Updates expected encryption key of Keycloak instance.
*
* @param string $encryptionKey
*
* @return Keycloak
*/
public function setEncryptionKey($encryptionKey)
{
$this->encryptionKey = $encryptionKey;
return $this;
}
/**
* Updates expected encryption key of Keycloak instance to content of given
* file path.
*
* @param string $encryptionKeyPath
*
* @return Keycloak
*/
public function setEncryptionKeyPath($encryptionKeyPath)
{
try {
$this->encryptionKey = file_get_contents($encryptionKeyPath);
} catch (Exception $e) {
// Not sure how to handle this yet.
}
return $this;
}
/**
* Updates the keycloak version.
*
* @param string $version
*
* @return Keycloak
*/
public function setVersion($version)
{
$this->version = $version;
return $this;
}
/**
* Checks if provider is configured to use encryption.
*
* @return bool
*/
public function usesEncryption()
{
return (bool) $this->encryptionAlgorithm && $this->encryptionKey;
}
/**
* Parses the response according to its content-type header.
*
* @throws UnexpectedValueException
* @param ResponseInterface $response
* @return array
*/
protected function parseResponse(ResponseInterface $response)
{
// We have a problem with keycloak when the userinfo responses
// with a jwt token
// Because it just return a jwt as string with the header
// application/jwt
// This can't be parsed to a array
// Dont know why this function only allow an array as return value...
$content = (string) $response->getBody();
$type = $this->getContentType($response);
if (strpos($type, 'jwt') !== \false) {
// Here we make the temporary array
return ['jwt' => $content];
}
return parent::parseResponse($response);
}
/**
* Validate if version is greater or equal
*
* @param string $version
* @return bool
*/
private function validateGteVersion($version)
{
return isset($this->version) && version_compare($this->version, $version, '>=');
}
}

86
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/src/Provider/KeycloakResourceOwner.php vendored Normal file
View File

@@ -0,0 +1,86 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\ResourceOwnerInterface;
class KeycloakResourceOwner implements ResourceOwnerInterface
{
/**
* Raw response
*
* @var array
*/
protected $response;
/**
* Creates new resource owner.
*
* @param array $response
*/
public function __construct(array $response = array())
{
$this->response = $response;
}
/**
* Get resource owner id
*
* @return string|null
*/
public function getId()
{
return \array_key_exists('sub', $this->response) ? $this->response['sub'] : null;
}
/**
* Get resource owner email
*
* @return string|null
*/
public function getEmail()
{
return \array_key_exists('email', $this->response) ? $this->response['email'] : null;
}
/**
* Get resource owner name
*
* @return string|null
*/
public function getName()
{
return \array_key_exists('name', $this->response) ? $this->response['name'] : null;
}
/**
* Get resource owner username
*
* @return string|null
*/
public function getUsername()
{
return \array_key_exists('preferred_username', $this->response) ? $this->response['preferred_username'] : null;
}
/**
* Get resource owner first name
*
* @return string|null
*/
public function getFirstName()
{
return \array_key_exists('given_name', $this->response) ? $this->response['given_name'] : null;
}
/**
* Get resource owner last name
*
* @return string|null
*/
public function getLastName()
{
return \array_key_exists('family_name', $this->response) ? $this->response['family_name'] : null;
}
/**
* Return all of the owner details available as an array.
*
* @return array
*/
public function toArray()
{
return $this->response;
}
}

564
modules/pshowsso/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php vendored Normal file
View File

@@ -0,0 +1,564 @@
<?php
namespace
{
$mockFileGetContents = null;
}
namespace Stevenmaguire\OAuth2\Client\Provider
{
function file_get_contents()
{
global $mockFileGetContents;
if (isset($mockFileGetContents) && ! is_null($mockFileGetContents)) {
if (is_a($mockFileGetContents, 'Exception')) {
throw $mockFileGetContents;
}
return $mockFileGetContents;
} else {
return call_user_func_array('\file_get_contents', func_get_args());
}
}
}
namespace Stevenmaguire\OAuth2\Client\Test\Provider
{
use DateInterval;
use DateTimeImmutable;
use Firebase\JWT\JWT;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Token\AccessToken;
use League\OAuth2\Client\Tool\QueryBuilderTrait;
use Mockery as m;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\StreamInterface;
use Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException;
use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
class KeycloakTest extends TestCase
{
use QueryBuilderTrait;
public const ENCRYPTION_KEY = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
ehde/zUxo6UvS7UrBQIDAQAB
-----END PUBLIC KEY-----
EOD;
public const ENCRYPTION_ALGORITHM = 'HS256';
private $jwtTemplate = <<<EOF
{
"exp": "%s",
"iat": "%s",
"jti": "e11a85c8-aa91-4f75-9088-57db4586f8b9",
"iss": "https://example.org/auth/realms/test-realm",
"aud": "account",
"nbf": "%s",
"sub": "4332085e-b944-4acc-9eb1-27d8f5405f3e",
"typ": "Bearer",
"azp": "test-app",
"session_state": "c90c8e0d-aabb-4c71-b8a8-e88792cacd96",
"acr": "1",
"realm_access": {
"roles": [
"default-roles-test-realm",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "openid email profile",
"sid": "c90c8e0d-aabb-4c71-b8a8-e88792cacd96",
"address": {},
"email_verified": true,
"name": "Test User",
"preferred_username": "test-user",
"given_name": "Test",
"family_name": "User",
"email": "test-user@example.org"
}
EOF;
protected $provider;
protected function setUp(): void
{
$this->provider = new Keycloak([
'authServerUrl' => 'http://mock.url/auth',
'realm' => 'mock_realm',
'clientId' => 'mock_client_id',
'clientSecret' => 'mock_secret',
'redirectUri' => 'none',
]);
}
public function tearDown(): void
{
m::close();
parent::tearDown();
}
public function testAuthorizationUrl()
{
$url = $this->provider->getAuthorizationUrl();
$uri = parse_url($url);
parse_str($uri['query'], $query);
$this->assertArrayHasKey('client_id', $query);
$this->assertArrayHasKey('redirect_uri', $query);
$this->assertArrayHasKey('state', $query);
$this->assertArrayHasKey('scope', $query);
$this->assertArrayHasKey('response_type', $query);
$this->assertArrayHasKey('approval_prompt', $query);
$this->assertNotNull($this->provider->getState());
}
public function testEncryptionAlgorithm()
{
$algorithm = uniqid();
$provider = new Keycloak([
'encryptionAlgorithm' => $algorithm,
]);
$this->assertEquals($algorithm, $provider->encryptionAlgorithm);
$algorithm = uniqid();
$provider->setEncryptionAlgorithm($algorithm);
$this->assertEquals($algorithm, $provider->encryptionAlgorithm);
}
public function testEncryptionKey()
{
$key = uniqid();
$provider = new Keycloak([
'encryptionKey' => $key,
]);
$this->assertEquals($key, $provider->encryptionKey);
$key = uniqid();
$provider->setEncryptionKey($key);
$this->assertEquals($key, $provider->encryptionKey);
}
public function testEncryptionKeyPath()
{
global $mockFileGetContents;
$path = uniqid();
$key = uniqid();
$mockFileGetContents = $key;
$provider = new Keycloak([
'encryptionKeyPath' => $path,
]);
$this->assertEquals($key, $provider->encryptionKey);
$path = uniqid();
$key = uniqid();
$mockFileGetContents = $key;
$provider->setEncryptionKeyPath($path);
$this->assertEquals($key, $provider->encryptionKey);
}
public function testEncryptionKeyPathFails()
{
$this->markTestIncomplete('Need to assess the test to see what is required to be checked.');
global $mockFileGetContents;
$path = uniqid();
$key = uniqid();
$mockFileGetContents = new \Exception();
$provider = new Keycloak([
'encryptionKeyPath' => $path,
]);
$provider->setEncryptionKeyPath($path);
}
public function testScopes()
{
$scopeSeparator = ' ';
$options = ['scope' => [uniqid(), uniqid()]];
$query = ['scope' => implode($scopeSeparator, $options['scope'])];
$url = $this->provider->getAuthorizationUrl($options);
$encodedScope = $this->buildQueryString($query);
$this->assertStringContainsString($encodedScope, $url);
}
public function testGetAuthorizationUrl()
{
$url = $this->provider->getAuthorizationUrl();
$uri = parse_url($url);
$this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/auth', $uri['path']);
}
public function testGetLogoutUrl()
{
$url = $this->provider->getLogoutUrl();
$uri = parse_url($url);
$this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/logout', $uri['path']);
}
public function testGetLogoutUrlWithIdTokenHint()
{
$this->provider->setVersion('18.0.0');
$options = [
'access_token' => new AccessToken(
[
'id_token' => 'the_id_token',
'access_token' => 'the_access_token',
]
),
];
$url = $this->provider->getLogoutUrl($options);
$uri = parse_url($url);
$this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/logout', $uri['path']);
$this->assertStringContainsString('id_token_hint=the_id_token', $uri['query']);
}
public function testGetBaseAccessTokenUrl()
{
$params = [];
$url = $this->provider->getBaseAccessTokenUrl($params);
$uri = parse_url($url);
$this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/token', $uri['path']);
}
public function testGetAccessToken()
{
$stream = $this->createMock(StreamInterface::class);
$stream
->method('__toString')
->willReturn('{"access_token":"mock_access_token","scope":"email","token_type":"bearer"}');
$response = m::mock('Psr\Http\Message\ResponseInterface');
$response
->shouldReceive('getBody')
->andReturn($stream);
$response
->shouldReceive('getHeader')
->andReturn(['content-type' => 'json']);
$client = m::mock('GuzzleHttp\ClientInterface');
$client->shouldReceive('send')
->times(1)
->andReturn($response);
$this->provider->setHttpClient($client);
$token = $this
->provider
->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
$this->assertEquals('mock_access_token', $token->getToken());
$this->assertNull($token->getExpires());
$this->assertNull($token->getRefreshToken());
$this->assertNull($token->getResourceOwnerId());
}
public function testUserData()
{
$userId = rand(1000, 9999);
$name = uniqid();
$email = uniqid();
$username = uniqid();
$firstName = uniqid();
$lastName = uniqid();
$getAccessTokenResponseStream = $this->createMock(StreamInterface::class);
$getAccessTokenResponseStream
->method('__toString')
->willReturn(
'{"access_token":"mock_access_token","expires":"3600","refresh_token":"mock_refresh_token","otherKey":[1234]}'
);
$postResponse = m::mock('Psr\Http\Message\ResponseInterface');
$postResponse
->shouldReceive('getBody')
->andReturn($getAccessTokenResponseStream);
$postResponse
->shouldReceive('getHeader')
->andReturn(['content-type' => 'json']);
$getResourceOwnerResponseStream = $this->createMock(StreamInterface::class);
$getResourceOwnerResponseStream
->method('__toString')
->willReturn(
sprintf(
'{"sub": "%s", "name": "%s", "email": "%s", "preferred_username": "%s", "given_name": "%s", "family_name": "%s"}',
$userId,
$name,
$email,
$username,
$firstName,
$lastName
)
);
$userResponse = m::mock('Psr\Http\Message\ResponseInterface');
$userResponse
->shouldReceive('getBody')
->andReturn($getResourceOwnerResponseStream);
$userResponse
->shouldReceive('getHeader')
->andReturn(['content-type' => 'json']);
$client = m::mock('GuzzleHttp\ClientInterface');
$client
->shouldReceive('send')
->andReturn($postResponse, $userResponse);
$this->provider->setHttpClient($client);
$token = $this->provider->getAccessToken(
'authorization_code',
[
'code' => 'mock_authorization_code',
'access_token' => 'mock_access_token',
]
);
$user = $this->provider->getResourceOwner($token);
$this->assertEquals($userId, $user->getId());
$this->assertEquals($userId, $user->toArray()['sub']);
$this->assertEquals($name, $user->getName());
$this->assertEquals($name, $user->toArray()['name']);
$this->assertEquals($email, $user->getEmail());
$this->assertEquals($email, $user->toArray()['email']);
$this->assertEquals($username, $user->getUsername());
$this->assertEquals($username, $user->toArray()['preferred_username']);
$this->assertEquals($firstName, $user->getFirstName());
$this->assertEquals($firstName, $user->toArray()['given_name']);
$this->assertEquals($lastName, $user->getLastName());
$this->assertEquals($lastName, $user->toArray()['family_name']);
}
public function testUserDataWithEncryption()
{
$jwt = JWT::encode(
json_decode(
sprintf(
$this->jwtTemplate,
(new DateTimeImmutable())->add(new DateInterval('PT1H'))->getTimestamp(),
(new DateTimeImmutable())->sub(new DateInterval('P1D'))->getTimestamp(),
(new DateTimeImmutable())->sub(new DateInterval('P1D'))->getTimestamp()
),
true
),
self::ENCRYPTION_KEY,
self::ENCRYPTION_ALGORITHM
);
$getAccessTokenResponseStream = $this->createMock(StreamInterface::class);
$getAccessTokenResponseStream
->method('__toString')
->willReturn(
sprintf(
'{"access_token":"%s","expires":"3600","refresh_token":"mock_refresh_token","otherKey":[1234]}',
$jwt
)
);
$accessTokenResponse = m::mock('Psr\Http\Message\ResponseInterface');
$accessTokenResponse
->shouldReceive('getBody')
->andReturn($getAccessTokenResponseStream);
$accessTokenResponse
->shouldReceive('getHeader')
->andReturn(['content-type' => 'json']);
$accessTokenResponse
->shouldReceive('getStatusCode')
->andReturn(200);
$getResourceOwnerResponseStream = $this->createMock(StreamInterface::class);
$getResourceOwnerResponseStream
->method('__toString')
->willReturn($jwt);
$resourceOwnerResponse = m::mock('Psr\Http\Message\ResponseInterface');
$resourceOwnerResponse
->shouldReceive('getBody')
->andReturn($getResourceOwnerResponseStream);
$resourceOwnerResponse
->shouldReceive('getHeader')
->andReturn(['content-type' => 'application/jwt']);
$resourceOwnerResponse
->shouldReceive('getStatusCode')
->andReturn(200);
$client = m::mock('GuzzleHttp\ClientInterface');
$client
->shouldReceive('send')
->times(2)
->andReturn($accessTokenResponse, $resourceOwnerResponse);
$this->provider->setHttpClient($client);
$token = $this
->provider
->setEncryptionAlgorithm(self::ENCRYPTION_ALGORITHM)
->setEncryptionKey(self::ENCRYPTION_KEY)
->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
$user = $this->provider->getResourceOwner($token);
$email = "test-user@example.org";
$name = "Test User";
$userId = "4332085e-b944-4acc-9eb1-27d8f5405f3e";
$username = "test-user";
$firstName = "Test";
$lastName = "User";
$this->assertEquals($userId, $user->getId());
$this->assertEquals($userId, $user->toArray()['sub']);
$this->assertEquals($name, $user->getName());
$this->assertEquals($name, $user->toArray()['name']);
$this->assertEquals($email, $user->getEmail());
$this->assertEquals($email, $user->toArray()['email']);
$this->assertEquals($username, $user->getUsername());
$this->assertEquals($username, $user->toArray()['preferred_username']);
$this->assertEquals($firstName, $user->getFirstName());
$this->assertEquals($firstName, $user->toArray()['given_name']);
$this->assertEquals($lastName, $user->getLastName());
$this->assertEquals($lastName, $user->toArray()['family_name']);
}
public function testUserDataFailsWhenEncryptionEncounteredAndNotConfigured()
{
$this->expectException(EncryptionConfigurationException::class);
$accessTokenResponseStream = $this->createMock(StreamInterface::class);
$accessTokenResponseStream
->method('__toString')
->willReturn(
'{"access_token":"mock_access_token","expires":"3600","refresh_token":"mock_refresh_token","otherKey":[1234]}'
);
$getAccessTokenResponse = m::mock('Psr\Http\Message\ResponseInterface');
$getAccessTokenResponse
->shouldReceive('getBody')
->andReturn($accessTokenResponseStream);
$getAccessTokenResponse
->shouldReceive('getHeader')
->andReturn(['content-type' => 'json']);
$getAccessTokenResponse
->shouldReceive('getStatusCode')
->andReturn(200);
$resourceOwnerResponseStream = $this->createMock(StreamInterface::class);
$resourceOwnerResponseStream
->method('__toString')
->willReturn(uniqid());
$getResourceOwnerResponse = m::mock('Psr\Http\Message\ResponseInterface');
$getResourceOwnerResponse
->shouldReceive('getBody')
->andReturn($resourceOwnerResponseStream);
$getResourceOwnerResponse
->shouldReceive('getHeader')
->andReturn(['content-type' => 'application/jwt']);
$getResourceOwnerResponse
->shouldReceive('getStatusCode')
->andReturn(200);
$client = m::mock('GuzzleHttp\ClientInterface');
$client
->shouldReceive('send')
->times(2)
->andReturn($getAccessTokenResponse, $getResourceOwnerResponse);
$this->provider->setHttpClient($client);
$token = $this->provider->getAccessToken(
'authorization_code', #
['code' => 'mock_authorization_code']
);
$user = $this->provider->getResourceOwner($token);
}
public function testErrorResponse()
{
$this->expectException(IdentityProviderException::class);
$accessTokenResponseStream = $this->createMock(StreamInterface::class);
$accessTokenResponseStream
->method('__toString')
->willReturn(
'{"error": "invalid_grant", "error_description": "Code not found"}'
);
$response = m::mock('Psr\Http\Message\ResponseInterface');
$response
->shouldReceive('getBody')
->andReturn($accessTokenResponseStream);
$response
->shouldReceive('getHeader')
$response
->shouldReceive('getStatusCode')
->andReturn(401);
$client = m::mock('GuzzleHttp\ClientInterface');
$client
->shouldReceive('send')
->times(1)
->andReturn($response);
$this->provider->setHttpClient($client);
$token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
}
public function testCanDecryptResponseThrowsExceptionIfResponseIsNotAStringAndEncryptionIsNotUsed()
{
$this->expectException(EncryptionConfigurationException::class);
$this->provider->decryptResponse('');
$this->assertFalse($this->provider->usesEncryption());
}
public function testCanDecryptResponseReturnsResponseWhenEncryptionIsUsed()
{
$jwtPayload = json_decode(
sprintf(
$this->jwtTemplate,
(new DateTimeImmutable())->add(new DateInterval('PT1H'))->getTimestamp(),
(new DateTimeImmutable())->sub(new DateInterval('P1D'))->getTimestamp(),
(new DateTimeImmutable())->sub(new DateInterval('P1D'))->getTimestamp()
),
true
);
$jwt = JWT::encode(
$jwtPayload,
self::ENCRYPTION_KEY,
self::ENCRYPTION_ALGORITHM
);
$this->provider
->setEncryptionAlgorithm(self::ENCRYPTION_ALGORITHM)
->setEncryptionKey(self::ENCRYPTION_KEY);
$response = $this->provider->decryptResponse($jwt);
$this->assertSame($jwtPayload, $response);
}
}
}

5
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
/build
/vendor
composer.phar
composer.lock
.DS_Store

35
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/.scrutinizer.yml vendored Normal file
View File

@@ -0,0 +1,35 @@
filter:
excluded_paths: [tests/*]
checks:
php:
code_rating: true
remove_extra_empty_lines: true
remove_php_closing_tag: true
remove_trailing_whitespace: true
fix_use_statements:
remove_unused: true
preserve_multiple: false
preserve_blanklines: true
order_alphabetically: true
fix_php_opening_tag: true
fix_linefeed: true
fix_line_ending: true
fix_identation_4spaces: true
fix_doc_comments: true
tools:
external_code_coverage:
timeout: 600
runs: 3
php_analyzer: true
php_code_coverage: false
php_code_sniffer:
config:
standard: PSR2
filter:
paths: ['src']
php_loc:
enabled: true
excluded_dirs: [vendor, tests]
php_cpd:
enabled: true
excluded_dirs: [vendor, tests]

45
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/.travis.yml vendored Normal file
View File

@@ -0,0 +1,45 @@
language: php
matrix:
include:
- php: 5.6
- php: 7.0
- php: 7.1
- php: nightly
- php: hhvm-3.6
sudo: required
dist: trusty
group: edge
- php: hhvm-3.9
sudo: required
dist: trusty
group: edge
- php: hhvm-3.12
sudo: required
dist: trusty
group: edge
- php: hhvm-3.15
sudo: required
dist: trusty
group: edge
- php: hhvm-nightly
sudo: required
dist: trusty
group: edge
fast_finish: true
allow_failures:
- php: nightly
- php: hhvm-nightly
before_script:
- travis_retry composer self-update
- travis_retry composer install --no-interaction --prefer-source --dev
- travis_retry phpenv rehash
script:
- ./vendor/bin/phpcs --standard=psr2 src/
- ./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover
after_script:
- wget https://scrutinizer-ci.com/ocular.phar
- php ocular.phar code-coverage:upload --format=php-clover coverage.clover

108
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/CHANGELOG.md vendored Normal file
View File

@@ -0,0 +1,108 @@
# Changelog
All Notable changes to `oauth2-microsoft` will be documented in this file
## 2.2.0 - 2017-06-07
### Added
- Nothing
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Support for retrieving image urls.
### Security
- Nothing
## 2.1.0 - 2017-06-04
### Added
- Support for custom authorization urls, previous URLs serve as default values.
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Nothing
### Security
- Nothing
## 2.0.0 - 2017-01-25
### Added
- PHP 7.1 Support
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- PHP 5.5 Support
### Security
- Nothing
## 1.0.0 - 2017-01-25
Bump for base package parity
## 0.2.1 - 2015-11-12
### Added
- Nothing
### Deprecated
- Nothing
### Fixed
- Improved null checks in checkResponse method
### Removed
- Nothing
### Security
- Nothing
## 0.2.0 - 2015-08-20
### Added
- Upgrade to support version 1.0 release of core client
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Nothing
### Security
- Nothing
## 0.1.0 - 2015-03-21
### Added
- Initial release!
### Deprecated
- Nothing
### Fixed
- Nothing
### Removed
- Nothing
### Security
- Nothing

42
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/CONTRIBUTING.md vendored Normal file
View File

@@ -0,0 +1,42 @@
# Contributing
Contributions are **welcome** and will be fully **credited**.
We accept contributions via Pull Requests on [Github](https://github.com/stevenmaguire/oauth2-microsoft).
## Pull Requests
- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer).
- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
- **Document any change in behaviour** - Make sure the README and any other relevant documentation are kept up-to-date.
- **Consider our release cycle** - We try to follow SemVer. Randomly breaking public APIs is not an option.
- **Create topic branches** - Don't ask us to pull from your master branch.
- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please squash them before submitting.
- **Ensure tests pass!** - Please run the tests (see below) before submitting your pull request, and make sure they pass. We won't accept a patch until all tests pass.
- **Ensure no coding standards violations** - Please run PHP Code Sniffer using the PSR-2 standard (see below) before submitting your pull request. A violation will cause the build to fail, so please make sure there are no violations. We can't accept a patch if the build fails.
## Running Tests
``` bash
$ ./vendor/bin/phpunit
```
## Running PHP Code Sniffer
``` bash
$ ./vendor/bin/phpcs src --standard=psr2 -sp
```
**Happy coding**!

21
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/LICENSE vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2015 Steven Maguire
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

140
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/README.md vendored Normal file
View File

@@ -0,0 +1,140 @@
# Microsoft Provider for OAuth 2.0 Client
[![Latest Version](https://img.shields.io/github/release/stevenmaguire/oauth2-microsoft.svg?style=flat-square)](https://github.com/stevenmaguire/oauth2-microsoft/releases)
[![Build Status](https://img.shields.io/travis/stevenmaguire/oauth2-microsoft/master.svg?style=flat-square)](https://travis-ci.org/stevenmaguire/oauth2-microsoft)
[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/stevenmaguire/oauth2-microsoft.svg?style=flat-square)](https://scrutinizer-ci.com/g/stevenmaguire/oauth2-microsoft/code-structure)
[![Quality Score](https://img.shields.io/scrutinizer/g/stevenmaguire/oauth2-microsoft.svg?style=flat-square)](https://scrutinizer-ci.com/g/stevenmaguire/oauth2-microsoft)
[![Total Downloads](https://img.shields.io/packagist/dt/stevenmaguire/oauth2-microsoft.svg?style=flat-square)](https://packagist.org/packages/stevenmaguire/oauth2-microsoft)
[![Software License](https://img.shields.io/packagist/l/stevenmaguire/oauth2-microsoft.svg?style=flat-square)](LICENSE.md)
This package provides Microsoft OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).
## Installation
To install, use composer:
```
composer require stevenmaguire/oauth2-microsoft
```
## Usage
Usage is the same as The League's OAuth client, using `\Stevenmaguire\OAuth2\Client\Provider\Microsoft` as the provider.
### Authorization Code Flow
```php
$provider = new Stevenmaguire\OAuth2\Client\Provider\Microsoft([
// Required
'clientId' => '{microsoft-client-id}',
'clientSecret' => '{microsoft-client-secret}',
'redirectUri' => 'https://example.com/callback-url',
// Optional
'urlAuthorize' => 'https://login.windows.net/common/oauth2/authorize',
'urlAccessToken' => 'https://login.windows.net/common/oauth2/token',
'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v1.0/me'
]);
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: '.$authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// Use these details to create a new profile
printf('Hello %s!', $user->getFirstname());
} catch (Exception $e) {
// Failed to get user details
exit('Oh dear...');
}
// Use this to interact with an API on the users behalf
echo $token->getToken();
}
```
#### Managing Scopes and State
When creating your Microsoft authorization URL, you can specify the state and scopes your application may authorize.
```php
$options = [
'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE',
'scope' => ['wl.basic', 'wl.signin'] // array or string
];
$authorizationUrl = $provider->getAuthorizationUrl($options);
```
If neither are defined, the provider will utilize internal defaults.
At the time of authoring this documentation, the following scopes are available.
##### Core
- wl.basic
- wl.offline_access
- wl.signin
##### Extended
- wl.birthday
- wl.calendars
- wl.calendars_update
- wl.contacts_birthday
- wl.contacts_create
- wl.contacts_calendars
- wl.contacts_photos
- wl.contacts_skydrive
- wl.emails
- wl.events_create
- wl.imap
- wl.phone_numbers
- wl.photos
- wl.postal_addresses
- wl.skydrive
- wl.skydrive_update
- wl.work_profile
- office.onenote_create
## Testing
``` bash
$ ./vendor/bin/phpunit
```
## Contributing
Please see [CONTRIBUTING](https://github.com/stevenmaguire/oauth2-microsoft/blob/master/CONTRIBUTING.md) for details.
## Credits
- [Steven Maguire](https://github.com/stevenmaguire)
- [All Contributors](https://github.com/stevenmaguire/oauth2-microsoft/contributors)
## License
The MIT License (MIT). Please see [License File](https://github.com/stevenmaguire/oauth2-microsoft/blob/master/LICENSE) for more information.

38
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/composer.json vendored Normal file
View File

@@ -0,0 +1,38 @@
{
"name": "stevenmaguire\/oauth2-microsoft",
"description": "Microsoft OAuth 2.0 Client Provider for The PHP League OAuth2-Client",
"license": "MIT",
"authors": [
{
"name": "Steven Maguire",
"email": "stevenmaguire@gmail.com",
"homepage": "https:\/\/github.com\/stevenmaguire"
}
],
"keywords": [
"oauth",
"oauth2",
"client",
"authorization",
"authorisation",
"microsoft"
],
"require": {
"league\/oauth2-client": "^2.0"
},
"require-dev": {
"phpunit\/phpunit": "~4.0",
"mockery\/mockery": "~0.9",
"squizlabs\/php_codesniffer": "~2.0"
},
"autoload": {
"psr-4": {
"Pshowsso\\Scope68f5e85e9608b\\Stevenmaguire\\OAuth2\\Client\\": "src\/"
}
},
"autoload-dev": {
"psr-4": {
"Pshowsso\\Scope68f5e85e9608b\\Stevenmaguire\\OAuth2\\Client\\Test\\": "tests\/src\/"
}
}
}

37
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/phpunit.xml vendored Normal file
View File

@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
backupStaticAttributes="false"
bootstrap="vendor/autoload.php"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
syntaxCheck="false"
>
<logging>
<log type="coverage-html"
target="./build/coverage/html"
charset="UTF-8"
highlight="false"
lowUpperBound="35"
highLowerBound="70"/>
<log type="coverage-clover"
target="./build/coverage/log/coverage.xml"/>
</logging>
<testsuites>
<testsuite name="Package Test Suite">
<directory suffix=".php">./tests/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist>
<directory suffix=".php">./</directory>
<exclude>
<directory suffix=".php">./vendor</directory>
<directory suffix=".php">./tests</directory>
</exclude>
</whitelist>
</filter>
</phpunit>

99
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/src/Provider/Microsoft.php vendored Normal file
View File

@@ -0,0 +1,99 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider;
use Pshowsso\Scope68f5e85e9608b\GuzzleHttp\Psr7\Uri;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\AbstractProvider;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token\AccessToken;
use Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface;
class Microsoft extends AbstractProvider
{
/**
* Default scopes
*
* @var array
*/
public $defaultScopes = ['wl.basic', 'wl.emails'];
/**
* Base url for authorization.
*
* @var string
*/
protected $urlAuthorize = 'https://login.live.com/oauth20_authorize.srf';
/**
* Base url for access token.
*
* @var string
*/
protected $urlAccessToken = 'https://login.live.com/oauth20_token.srf';
/**
* Base url for resource owner.
*
* @var string
*/
protected $urlResourceOwnerDetails = 'https://apis.live.net/v5.0/me';
/**
* Get authorization url to begin OAuth flow
*
* @return string
*/
public function getBaseAuthorizationUrl()
{
return $this->urlAuthorize;
}
/**
* Get access token url to retrieve token
*
* @return string
*/
public function getBaseAccessTokenUrl(array $params)
{
return $this->urlAccessToken;
}
/**
* Get default scopes
*
* @return array
*/
protected function getDefaultScopes()
{
return $this->defaultScopes;
}
/**
* Check a provider response for errors.
*
* @throws IdentityProviderException
* @param ResponseInterface $response
* @return void
*/
protected function checkResponse(ResponseInterface $response, $data)
{
if (isset($data['error'])) {
throw new IdentityProviderException(isset($data['error']['message']) ? $data['error']['message'] : $response->getReasonPhrase(), $response->getStatusCode(), $response);
}
}
/**
* Generate a user object from a successful user details request.
*
* @param array $response
* @param AccessToken $token
* @return MicrosoftResourceOwner
*/
protected function createResourceOwner(array $response, AccessToken $token)
{
return new MicrosoftResourceOwner($response);
}
/**
* Get provider url to fetch user details
*
* @param AccessToken $token
*
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
$uri = new Uri($this->urlResourceOwnerDetails);
return (string) Uri::withQueryValue($uri, 'access_token', (string) $token);
}
}

86
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/src/Provider/MicrosoftResourceOwner.php vendored Normal file
View File

@@ -0,0 +1,86 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Provider\ResourceOwnerInterface;
class MicrosoftResourceOwner implements ResourceOwnerInterface
{
/**
* Raw response
*
* @var array
*/
protected $response;
/**
* Creates new resource owner.
*
* @param array $response
*/
public function __construct(array $response = array())
{
$this->response = $response;
}
/**
* Get user id
*
* @return string|null
*/
public function getId()
{
return $this->response['id'] ?: null;
}
/**
* Get user email
*
* @return string|null
*/
public function getEmail()
{
return $this->response['emails']['preferred'] ?: null;
}
/**
* Get user firstname
*
* @return string|null
*/
public function getFirstname()
{
return $this->response['first_name'] ?: null;
}
/**
* Get user lastname
*
* @return string|null
*/
public function getLastname()
{
return $this->response['last_name'] ?: null;
}
/**
* Get user name
*
* @return string|null
*/
public function getName()
{
return $this->response['name'] ?: null;
}
/**
* Get user urls
*
* @return string|null
*/
public function getUrls()
{
return isset($this->response['link']) ? $this->response['link'] . '/cid-' . $this->getId() : null;
}
/**
* Return all of the owner details available as an array.
*
* @return array
*/
public function toArray()
{
return $this->response;
}
}

131
modules/pshowsso/vendor/stevenmaguire/oauth2-microsoft/tests/src/Provider/MicrosoftTest.php vendored Normal file
View File

@@ -0,0 +1,131 @@
<?php
namespace Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Test\Provider;
use Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Tool\QueryBuilderTrait;
use Mockery as m;
class MicrosoftTest extends \PHPUnit_Framework_TestCase
{
use QueryBuilderTrait;
protected $provider;
protected function setUp()
{
$this->provider = new \Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider\Microsoft(['clientId' => 'mock_client_id', 'clientSecret' => 'mock_secret', 'redirectUri' => 'none']);
}
public function tearDown()
{
m::close();
parent::tearDown();
}
public function testAuthorizationUrl()
{
$url = $this->provider->getAuthorizationUrl();
$uri = parse_url($url);
parse_str($uri['query'], $query);
$this->assertArrayHasKey('client_id', $query);
$this->assertArrayHasKey('redirect_uri', $query);
$this->assertArrayHasKey('state', $query);
$this->assertArrayHasKey('scope', $query);
$this->assertArrayHasKey('response_type', $query);
$this->assertArrayHasKey('approval_prompt', $query);
$this->assertNotNull($this->provider->getState());
}
public function testScopes()
{
$scopeSeparator = ',';
$options = ['scope' => [uniqid(), uniqid()]];
$query = ['scope' => implode($scopeSeparator, $options['scope'])];
$url = $this->provider->getAuthorizationUrl($options);
$encodedScope = $this->buildQueryString($query);
$this->assertContains($encodedScope, $url);
}
public function testGetAuthorizationUrl()
{
$url = $this->provider->getAuthorizationUrl();
$uri = parse_url($url);
$this->assertEquals('/oauth20_authorize.srf', $uri['path']);
}
public function testGetBaseAccessTokenUrl()
{
$params = [];
$url = $this->provider->getBaseAccessTokenUrl($params);
$uri = parse_url($url);
$this->assertEquals('/oauth20_token.srf', $uri['path']);
}
public function testSettingAuthEndpoints()
{
$customAuthUrl = uniqid();
$customTokenUrl = uniqid();
$customResourceOwnerUrl = uniqid();
$token = m::mock('Pshowsso\Scope68f5e85e9608b\League\OAuth2\Client\Token\AccessToken');
$this->provider = new \Pshowsso\Scope68f5e85e9608b\Stevenmaguire\OAuth2\Client\Provider\Microsoft(['clientId' => 'mock_client_id', 'clientSecret' => 'mock_secret', 'redirectUri' => 'none', 'urlAuthorize' => $customAuthUrl, 'urlAccessToken' => $customTokenUrl, 'urlResourceOwnerDetails' => $customResourceOwnerUrl]);
$authUrl = $this->provider->getAuthorizationUrl();
$this->assertContains($customAuthUrl, $authUrl);
$tokenUrl = $this->provider->getBaseAccessTokenUrl([]);
$this->assertContains($customTokenUrl, $tokenUrl);
$resourceOwnerUrl = $this->provider->getResourceOwnerDetailsUrl($token);
$this->assertContains($customResourceOwnerUrl, $resourceOwnerUrl);
}
public function testGetAccessToken()
{
$response = m::mock('Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface');
$response->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token","authentication_token":"","code":"","expires_in":3600,"refresh_token":"mock_refresh_token","scope":"","state":"","token_type":""}');
$response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
$client = m::mock('Pshowsso\Scope68f5e85e9608b\GuzzleHttp\ClientInterface');
$client->shouldReceive('send')->times(1)->andReturn($response);
$this->provider->setHttpClient($client);
$token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
$this->assertEquals('mock_access_token', $token->getToken());
$this->assertLessThanOrEqual(time() + 3600, $token->getExpires());
$this->assertGreaterThanOrEqual(time(), $token->getExpires());
$this->assertEquals('mock_refresh_token', $token->getRefreshToken());
$this->assertNull($token->getResourceOwnerId());
}
public function testUserData()
{
$email = uniqid();
$firstname = uniqid();
$lastname = uniqid();
$name = uniqid();
$userId = rand(1000, 9999);
$urls = uniqid();
$postResponse = m::mock('Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface');
$postResponse->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token","authentication_token":"","code":"","expires_in":3600,"refresh_token":"mock_refresh_token","scope":"","state":"","token_type":""}');
$postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
$userResponse = m::mock('Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface');
$userResponse->shouldReceive('getBody')->andReturn('{"id": ' . $userId . ', "name": "' . $name . '", "first_name": "' . $firstname . '", "last_name": "' . $lastname . '", "emails": {"preferred": "' . $email . '"}, "link": "' . $urls . '"}');
$userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
$client = m::mock('Pshowsso\Scope68f5e85e9608b\GuzzleHttp\ClientInterface');
$client->shouldReceive('send')->times(2)->andReturn($postResponse, $userResponse);
$this->provider->setHttpClient($client);
$token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
$user = $this->provider->getResourceOwner($token);
$this->assertEquals($email, $user->getEmail());
$this->assertEquals($email, $user->toArray()['emails']['preferred']);
$this->assertEquals($firstname, $user->getFirstname());
$this->assertEquals($firstname, $user->toArray()['first_name']);
$this->assertEquals($lastname, $user->getLastname());
$this->assertEquals($lastname, $user->toArray()['last_name']);
$this->assertEquals($name, $user->getName());
$this->assertEquals($name, $user->toArray()['name']);
$this->assertEquals($userId, $user->getId());
$this->assertEquals($userId, $user->toArray()['id']);
$this->assertEquals($urls . '/cid-' . $userId, $user->getUrls());
$this->assertEquals($urls . '/cid-' . $userId, $user->toArray()['link'] . '/cid-' . $user->toArray()['id']);
}
/**
* @expectedException League\OAuth2\Client\Provider\Exception\IdentityProviderException
**/
public function testExceptionThrownWhenErrorObjectReceived()
{
$message = uniqid();
$postResponse = m::mock('Pshowsso\Scope68f5e85e9608b\Psr\Http\Message\ResponseInterface');
$postResponse->shouldReceive('getBody')->andReturn('{"error": {"code": "request_token_expired", "message": "' . $message . '"}}');
$postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
$postResponse->shouldReceive('getStatusCode')->andReturn(500);
$client = m::mock('Pshowsso\Scope68f5e85e9608b\GuzzleHttp\ClientInterface');
$client->shouldReceive('send')->times(1)->andReturn($postResponse);
$this->provider->setHttpClient($client);
$token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
}
}