Changeset 3218440
- Timestamp:
- 01/07/2025 04:00:33 PM (14 months ago)
- Location:
- openid-connect-server
- Files:
-
- 16 edited
- 1 copied
-
tags/2.0.0 (copied) (copied from openid-connect-server/trunk)
-
tags/2.0.0/README.md (modified) (2 diffs)
-
tags/2.0.0/openid-connect-server.php (modified) (1 diff)
-
tags/2.0.0/src/Http/Handlers/AuthenticateHandler.php (modified) (4 diffs)
-
tags/2.0.0/src/Http/Handlers/AuthorizeHandler.php (modified) (3 diffs)
-
tags/2.0.0/src/OpenIDConnectServer.php (modified) (5 diffs)
-
tags/2.0.0/src/Storage/ClientCredentialsStorage.php (modified) (1 diff)
-
tags/2.0.0/vendor/composer/InstalledVersions.php (modified) (3 diffs)
-
tags/2.0.0/vendor/composer/installed.php (modified) (2 diffs)
-
trunk/README.md (modified) (2 diffs)
-
trunk/openid-connect-server.php (modified) (1 diff)
-
trunk/src/Http/Handlers/AuthenticateHandler.php (modified) (4 diffs)
-
trunk/src/Http/Handlers/AuthorizeHandler.php (modified) (3 diffs)
-
trunk/src/OpenIDConnectServer.php (modified) (5 diffs)
-
trunk/src/Storage/ClientCredentialsStorage.php (modified) (1 diff)
-
trunk/vendor/composer/InstalledVersions.php (modified) (3 diffs)
-
trunk/vendor/composer/installed.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
openid-connect-server/tags/2.0.0/README.md
r3107953 r3218440 7 7 - Requires PHP: 7.4 8 8 - License: [GPLv2](http://www.gnu.org/licenses/gpl-2.0.html) 9 - Stable tag: 1.3.49 - Stable tag: 2.0.0 10 10 - GitHub Plugin URI: https://github.com/Automattic/wp-openid-connect-server 11 11 … … 76 76 ## Changelog 77 77 78 ### 2.0.0 79 80 - [Breaking] Add a configuration option to support clients that don't require consent [#118](https://github.com/Automattic/wp-openid-connect-server/pull/118) props @lart2150 81 - Make client_id and client_secret optional for the token endpoint [#116](https://github.com/Automattic/wp-openid-connect-server/pull/116) props @lart2150 82 - Update expected args specs for token endpoint as per OIDC spec [#117](https://github.com/Automattic/wp-openid-connect-server/pull/117) 83 78 84 ### 1.3.4 85 79 86 - Add the autoloader to the uninstall script [#111](https://github.com/Automattic/wp-openid-connect-server/pull/111) props @MariaMozgunova 80 87 -
openid-connect-server/tags/2.0.0/openid-connect-server.php
r3107953 r3218440 4 4 * Plugin URI: https://github.com/Automattic/wp-openid-connect-server 5 5 * Description: Use OpenID Connect to log in to other webservices using your own WordPress. 6 * Version: 1.3.46 * Version: 2.0.0 7 7 * Requires at least: 6.0 8 8 * Requires PHP: 7.4 -
openid-connect-server/tags/2.0.0/src/Http/Handlers/AuthenticateHandler.php
r2919178 r3218440 7 7 use OpenIDConnectServer\Http\RequestHandler; 8 8 use OpenIDConnectServer\Http\Router; 9 use OpenIDConnectServer\Storage\ClientCredentialsStorage; 9 10 use OpenIDConnectServer\Storage\ConsentStorage; 10 11 11 12 class AuthenticateHandler extends RequestHandler { 12 13 private ConsentStorage $consent_storage; 13 private array$clients;14 private ClientCredentialsStorage $clients; 14 15 15 public function __construct( ConsentStorage $consent_storage, array$clients ) {16 public function __construct( ConsentStorage $consent_storage, ClientCredentialsStorage $clients ) { 16 17 $this->consent_storage = $consent_storage; 17 18 $this->clients = $clients; … … 23 24 } 24 25 25 $client_name = $this->get_client_name( $request ); 26 $client_id = $request->query( 'client_id' ); 27 28 $client_name = $this->clients->getClientName( $client_id ); 26 29 if ( empty( $client_name ) ) { 27 30 $response->setStatusCode( 404 ); … … 30 33 } 31 34 32 $client_id = $request->query( 'client_id' ); 33 if ( ! $this->consent_storage->needs_consent( get_current_user_id(), $client_id ) ) { 35 if ( 36 ! $this->clients->clientRequiresConsent( $client_id ) 37 || ! $this->consent_storage->needs_consent( get_current_user_id(), $client_id ) 38 ) { 34 39 $this->redirect( $request ); 35 40 // TODO: return response instead of exiting. … … 156 161 } 157 162 158 /**159 * TODO: Remove this function in favour of ClientCredentialsStorage?160 */161 private function get_client_name( Request $request ): string {162 $client_id = $request->query( 'client_id' );163 164 if ( ! isset( $this->clients[ $client_id ] ) ) {165 return '';166 }167 168 $client = $this->clients[ $client_id ];169 170 if ( empty( $client['name'] ) ) {171 return '';172 }173 174 return $client['name'];175 }176 177 163 private function get_cancel_url( Request $request ) { 178 164 return add_query_arg( -
openid-connect-server/tags/2.0.0/src/Http/Handlers/AuthorizeHandler.php
r3007179 r3218440 9 9 use OAuth2\Server as OAuth2Server; 10 10 use OpenIDConnectServer\Http\RequestHandler; 11 use OpenIDConnectServer\Storage\ClientCredentialsStorage; 11 12 use OpenIDConnectServer\Storage\ConsentStorage; 12 13 … … 16 17 private OAuth2Server $server; 17 18 private ConsentStorage $consent_storage; 19 private ClientCredentialsStorage $clients; 18 20 19 public function __construct( OAuth2Server $server, ConsentStorage $consent_storage ) {21 public function __construct( OAuth2Server $server, ConsentStorage $consent_storage, ClientCredentialsStorage $clients ) { 20 22 $this->server = $server; 21 23 $this->consent_storage = $consent_storage; 24 $this->clients = $clients; 22 25 } 23 26 … … 45 48 46 49 $client_id = $request->query( 'client_id', $request->request( 'client_id' ) ); 47 if ( $this->consent_storage->needs_consent( $user->ID, $client_id ) ) { 50 if ( 51 $this->clients->clientRequiresConsent( $client_id ) 52 && $this->consent_storage->needs_consent( $user->ID, $client_id ) 53 ) { 48 54 if ( ! isset( $_POST['authorize'] ) || __( 'Authorize', 'openid-connect-server' ) !== $_POST['authorize'] ) { 49 55 $response->setError( 403, 'user_authorization_required', 'This application requires your consent.' ); -
openid-connect-server/tags/2.0.0/src/OpenIDConnectServer.php
r2910089 r3218440 21 21 class OpenIDConnectServer { 22 22 private string $public_key; 23 private array$clients;23 private ClientCredentialsStorage $clients; 24 24 private Router $router; 25 25 private ConsentStorage $consent_storage; … … 27 27 public function __construct( string $public_key, string $private_key, array $clients ) { 28 28 $this->public_key = $public_key; 29 $this->clients = $clients;29 $this->clients = new ClientCredentialsStorage( $clients ); 30 30 $this->router = new Router(); 31 31 $this->consent_storage = new ConsentStorage(); … … 39 39 $server = new Server( new AuthorizationCodeStorage(), $config ); 40 40 $server->addStorage( new PublicKeyStorage( $public_key, $private_key ), 'public_key' ); 41 $server->addStorage( new ClientCredentialsStorage( $clients ), 'client_credentials' );41 $server->addStorage( $this->clients, 'client_credentials' ); 42 42 $server->addStorage( new UserClaimsStorage(), 'user_claims' ); 43 43 … … 51 51 $this->router->add_rest_route( 52 52 'authorize', 53 new AuthorizeHandler( $server, $this->consent_storage ),53 new AuthorizeHandler( $server, $this->consent_storage, $this->clients ), 54 54 array( 'GET', 'POST' ), 55 55 $this->expected_arguments_specification( 'authorize' ), … … 101 101 case 'token': 102 102 return array( 103 'grant_type' => array(103 'grant_type' => array( 104 104 'type' => 'string', 105 105 'required' => true, 106 106 ), 107 'client_id' => array( 107 'client_id' => array( 108 'type' => 'string', 109 'required' => false, 110 ), 111 'client_secret' => array( 112 'type' => 'string', 113 'required' => false, 114 ), 115 'client_assertion' => array( 116 'type' => 'string', 117 'required' => false, 118 ), 119 'client_assertion_type' => array( 120 'type' => 'string', 121 'required' => false, 122 ), 123 'redirect_uri' => array( 108 124 'type' => 'string', 109 125 'required' => true, 110 126 ), 111 'client_secret' => array( 112 'type' => 'string', 113 'required' => true, 114 ), 115 'redirect_uri' => array( 116 'type' => 'string', 117 'required' => true, 118 ), 119 'code' => array( 127 'code' => array( 120 128 'type' => 'string', 121 129 'required' => true, -
openid-connect-server/tags/2.0.0/src/Storage/ClientCredentialsStorage.php
r2807756 r3218440 24 24 'scope' => $client['scope'], 25 25 ); 26 } 27 28 public function getClientName( $client_id ) { 29 if ( ! $this->has( $client_id ) ) { 30 return ''; 31 } 32 33 $client = $this->get( $client_id ); 34 35 if ( empty( $client['name'] ) ) { 36 return ''; 37 } 38 39 return $client['name']; 40 } 41 42 public function clientRequiresConsent( $client_id ): bool { 43 if ( ! $this->has( $client_id ) ) { 44 return true; 45 } 46 47 $client = $this->get( $client_id ); 48 49 if ( ! array_key_exists( 'requires_consent', $client ) ) { 50 return true; 51 } 52 53 return false !== $client['requires_consent']; 26 54 } 27 55 -
openid-connect-server/tags/2.0.0/vendor/composer/InstalledVersions.php
r2894121 r3218440 323 323 324 324 $installed = array(); 325 $copiedLocalDir = false; 325 326 326 327 if (self::$canGetVendors) { … … 331 332 /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ 332 333 $required = require $vendorDir.'/composer/installed.php'; 333 $installed[] = self::$installedByVendor[$vendorDir] = $required; 334 if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { 335 self::$installed = $installed[count($installed) - 1]; 334 self::$installedByVendor[$vendorDir] = $required; 335 $installed[] = $required; 336 if (strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { 337 self::$installed = $required; 338 $copiedLocalDir = true; 336 339 } 337 340 } … … 351 354 } 352 355 353 if (self::$installed !== array() ) {356 if (self::$installed !== array() && !$copiedLocalDir) { 354 357 $installed[] = self::$installed; 355 358 } -
openid-connect-server/tags/2.0.0/vendor/composer/installed.php
r3107953 r3218440 2 2 'root' => array( 3 3 'name' => '__root__', 4 'pretty_version' => ' 1.3.4',5 'version' => ' 1.3.4.0',4 'pretty_version' => '2.0.0', 5 'version' => '2.0.0.0', 6 6 'reference' => null, 7 7 'type' => 'library', … … 12 12 'versions' => array( 13 13 '__root__' => array( 14 'pretty_version' => ' 1.3.4',15 'version' => ' 1.3.4.0',14 'pretty_version' => '2.0.0', 15 'version' => '2.0.0.0', 16 16 'reference' => null, 17 17 'type' => 'library', -
openid-connect-server/trunk/README.md
r3107953 r3218440 7 7 - Requires PHP: 7.4 8 8 - License: [GPLv2](http://www.gnu.org/licenses/gpl-2.0.html) 9 - Stable tag: 1.3.49 - Stable tag: 2.0.0 10 10 - GitHub Plugin URI: https://github.com/Automattic/wp-openid-connect-server 11 11 … … 76 76 ## Changelog 77 77 78 ### 2.0.0 79 80 - [Breaking] Add a configuration option to support clients that don't require consent [#118](https://github.com/Automattic/wp-openid-connect-server/pull/118) props @lart2150 81 - Make client_id and client_secret optional for the token endpoint [#116](https://github.com/Automattic/wp-openid-connect-server/pull/116) props @lart2150 82 - Update expected args specs for token endpoint as per OIDC spec [#117](https://github.com/Automattic/wp-openid-connect-server/pull/117) 83 78 84 ### 1.3.4 85 79 86 - Add the autoloader to the uninstall script [#111](https://github.com/Automattic/wp-openid-connect-server/pull/111) props @MariaMozgunova 80 87 -
openid-connect-server/trunk/openid-connect-server.php
r3107953 r3218440 4 4 * Plugin URI: https://github.com/Automattic/wp-openid-connect-server 5 5 * Description: Use OpenID Connect to log in to other webservices using your own WordPress. 6 * Version: 1.3.46 * Version: 2.0.0 7 7 * Requires at least: 6.0 8 8 * Requires PHP: 7.4 -
openid-connect-server/trunk/src/Http/Handlers/AuthenticateHandler.php
r2919178 r3218440 7 7 use OpenIDConnectServer\Http\RequestHandler; 8 8 use OpenIDConnectServer\Http\Router; 9 use OpenIDConnectServer\Storage\ClientCredentialsStorage; 9 10 use OpenIDConnectServer\Storage\ConsentStorage; 10 11 11 12 class AuthenticateHandler extends RequestHandler { 12 13 private ConsentStorage $consent_storage; 13 private array$clients;14 private ClientCredentialsStorage $clients; 14 15 15 public function __construct( ConsentStorage $consent_storage, array$clients ) {16 public function __construct( ConsentStorage $consent_storage, ClientCredentialsStorage $clients ) { 16 17 $this->consent_storage = $consent_storage; 17 18 $this->clients = $clients; … … 23 24 } 24 25 25 $client_name = $this->get_client_name( $request ); 26 $client_id = $request->query( 'client_id' ); 27 28 $client_name = $this->clients->getClientName( $client_id ); 26 29 if ( empty( $client_name ) ) { 27 30 $response->setStatusCode( 404 ); … … 30 33 } 31 34 32 $client_id = $request->query( 'client_id' ); 33 if ( ! $this->consent_storage->needs_consent( get_current_user_id(), $client_id ) ) { 35 if ( 36 ! $this->clients->clientRequiresConsent( $client_id ) 37 || ! $this->consent_storage->needs_consent( get_current_user_id(), $client_id ) 38 ) { 34 39 $this->redirect( $request ); 35 40 // TODO: return response instead of exiting. … … 156 161 } 157 162 158 /**159 * TODO: Remove this function in favour of ClientCredentialsStorage?160 */161 private function get_client_name( Request $request ): string {162 $client_id = $request->query( 'client_id' );163 164 if ( ! isset( $this->clients[ $client_id ] ) ) {165 return '';166 }167 168 $client = $this->clients[ $client_id ];169 170 if ( empty( $client['name'] ) ) {171 return '';172 }173 174 return $client['name'];175 }176 177 163 private function get_cancel_url( Request $request ) { 178 164 return add_query_arg( -
openid-connect-server/trunk/src/Http/Handlers/AuthorizeHandler.php
r3007179 r3218440 9 9 use OAuth2\Server as OAuth2Server; 10 10 use OpenIDConnectServer\Http\RequestHandler; 11 use OpenIDConnectServer\Storage\ClientCredentialsStorage; 11 12 use OpenIDConnectServer\Storage\ConsentStorage; 12 13 … … 16 17 private OAuth2Server $server; 17 18 private ConsentStorage $consent_storage; 19 private ClientCredentialsStorage $clients; 18 20 19 public function __construct( OAuth2Server $server, ConsentStorage $consent_storage ) {21 public function __construct( OAuth2Server $server, ConsentStorage $consent_storage, ClientCredentialsStorage $clients ) { 20 22 $this->server = $server; 21 23 $this->consent_storage = $consent_storage; 24 $this->clients = $clients; 22 25 } 23 26 … … 45 48 46 49 $client_id = $request->query( 'client_id', $request->request( 'client_id' ) ); 47 if ( $this->consent_storage->needs_consent( $user->ID, $client_id ) ) { 50 if ( 51 $this->clients->clientRequiresConsent( $client_id ) 52 && $this->consent_storage->needs_consent( $user->ID, $client_id ) 53 ) { 48 54 if ( ! isset( $_POST['authorize'] ) || __( 'Authorize', 'openid-connect-server' ) !== $_POST['authorize'] ) { 49 55 $response->setError( 403, 'user_authorization_required', 'This application requires your consent.' ); -
openid-connect-server/trunk/src/OpenIDConnectServer.php
r2910089 r3218440 21 21 class OpenIDConnectServer { 22 22 private string $public_key; 23 private array$clients;23 private ClientCredentialsStorage $clients; 24 24 private Router $router; 25 25 private ConsentStorage $consent_storage; … … 27 27 public function __construct( string $public_key, string $private_key, array $clients ) { 28 28 $this->public_key = $public_key; 29 $this->clients = $clients;29 $this->clients = new ClientCredentialsStorage( $clients ); 30 30 $this->router = new Router(); 31 31 $this->consent_storage = new ConsentStorage(); … … 39 39 $server = new Server( new AuthorizationCodeStorage(), $config ); 40 40 $server->addStorage( new PublicKeyStorage( $public_key, $private_key ), 'public_key' ); 41 $server->addStorage( new ClientCredentialsStorage( $clients ), 'client_credentials' );41 $server->addStorage( $this->clients, 'client_credentials' ); 42 42 $server->addStorage( new UserClaimsStorage(), 'user_claims' ); 43 43 … … 51 51 $this->router->add_rest_route( 52 52 'authorize', 53 new AuthorizeHandler( $server, $this->consent_storage ),53 new AuthorizeHandler( $server, $this->consent_storage, $this->clients ), 54 54 array( 'GET', 'POST' ), 55 55 $this->expected_arguments_specification( 'authorize' ), … … 101 101 case 'token': 102 102 return array( 103 'grant_type' => array(103 'grant_type' => array( 104 104 'type' => 'string', 105 105 'required' => true, 106 106 ), 107 'client_id' => array( 107 'client_id' => array( 108 'type' => 'string', 109 'required' => false, 110 ), 111 'client_secret' => array( 112 'type' => 'string', 113 'required' => false, 114 ), 115 'client_assertion' => array( 116 'type' => 'string', 117 'required' => false, 118 ), 119 'client_assertion_type' => array( 120 'type' => 'string', 121 'required' => false, 122 ), 123 'redirect_uri' => array( 108 124 'type' => 'string', 109 125 'required' => true, 110 126 ), 111 'client_secret' => array( 112 'type' => 'string', 113 'required' => true, 114 ), 115 'redirect_uri' => array( 116 'type' => 'string', 117 'required' => true, 118 ), 119 'code' => array( 127 'code' => array( 120 128 'type' => 'string', 121 129 'required' => true, -
openid-connect-server/trunk/src/Storage/ClientCredentialsStorage.php
r2807756 r3218440 24 24 'scope' => $client['scope'], 25 25 ); 26 } 27 28 public function getClientName( $client_id ) { 29 if ( ! $this->has( $client_id ) ) { 30 return ''; 31 } 32 33 $client = $this->get( $client_id ); 34 35 if ( empty( $client['name'] ) ) { 36 return ''; 37 } 38 39 return $client['name']; 40 } 41 42 public function clientRequiresConsent( $client_id ): bool { 43 if ( ! $this->has( $client_id ) ) { 44 return true; 45 } 46 47 $client = $this->get( $client_id ); 48 49 if ( ! array_key_exists( 'requires_consent', $client ) ) { 50 return true; 51 } 52 53 return false !== $client['requires_consent']; 26 54 } 27 55 -
openid-connect-server/trunk/vendor/composer/InstalledVersions.php
r2894121 r3218440 323 323 324 324 $installed = array(); 325 $copiedLocalDir = false; 325 326 326 327 if (self::$canGetVendors) { … … 331 332 /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ 332 333 $required = require $vendorDir.'/composer/installed.php'; 333 $installed[] = self::$installedByVendor[$vendorDir] = $required; 334 if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { 335 self::$installed = $installed[count($installed) - 1]; 334 self::$installedByVendor[$vendorDir] = $required; 335 $installed[] = $required; 336 if (strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { 337 self::$installed = $required; 338 $copiedLocalDir = true; 336 339 } 337 340 } … … 351 354 } 352 355 353 if (self::$installed !== array() ) {356 if (self::$installed !== array() && !$copiedLocalDir) { 354 357 $installed[] = self::$installed; 355 358 } -
openid-connect-server/trunk/vendor/composer/installed.php
r3107953 r3218440 2 2 'root' => array( 3 3 'name' => '__root__', 4 'pretty_version' => ' 1.3.4',5 'version' => ' 1.3.4.0',4 'pretty_version' => '2.0.0', 5 'version' => '2.0.0.0', 6 6 'reference' => null, 7 7 'type' => 'library', … … 12 12 'versions' => array( 13 13 '__root__' => array( 14 'pretty_version' => ' 1.3.4',15 'version' => ' 1.3.4.0',14 'pretty_version' => '2.0.0', 15 'version' => '2.0.0.0', 16 16 'reference' => null, 17 17 'type' => 'library',
Note: See TracChangeset
for help on using the changeset viewer.