From ab324b778ef7ee6e97c1daf5cdde5d8d40f4c2fd Mon Sep 17 00:00:00 2001 From: Jonathan Reinink Date: Wed, 4 Apr 2018 15:54:18 -0400 Subject: [PATCH 1/4] Upgrade to "league/oauth2-server" version 7. --- composer.json | 2 +- src/Bridge/ClientRepository.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index db14db93c..f11dac4cb 100644 --- a/composer.json +++ b/composer.json @@ -25,7 +25,7 @@ "illuminate/encryption": "~5.6", "illuminate/http": "~5.6", "illuminate/support": "~5.6", - "league/oauth2-server": "^6.0", + "league/oauth2-server": "^7.0", "phpseclib/phpseclib": "^2.0", "symfony/psr-http-message-bridge": "~1.0", "zendframework/zend-diactoros": "~1.0" diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php index 191428336..b82bc1f30 100644 --- a/src/Bridge/ClientRepository.php +++ b/src/Bridge/ClientRepository.php @@ -28,7 +28,7 @@ public function __construct(ClientModelRepository $clients) /** * {@inheritdoc} */ - public function getClientEntity($clientIdentifier, $grantType, + public function getClientEntity($clientIdentifier, $grantType = null, $clientSecret = null, $mustValidateSecret = true) { // First, we will verify that the client exists and is authorized to create personal From 575da3052f68dfaa9f2c1d15f01d16c68e1eab65 Mon Sep 17 00:00:00 2001 From: Jonathan Reinink Date: Wed, 4 Apr 2018 17:00:37 -0400 Subject: [PATCH 2/4] Add ability to define encryption keys in config --- src/PassportServiceProvider.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php index d1b8b8993..4da514280 100644 --- a/src/PassportServiceProvider.php +++ b/src/PassportServiceProvider.php @@ -7,6 +7,7 @@ use Illuminate\Auth\Events\Logout; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Event; +use Illuminate\Support\Facades\Config; use Illuminate\Support\Facades\Cookie; use Illuminate\Support\Facades\Request; use Illuminate\Support\ServiceProvider; @@ -200,7 +201,7 @@ public function makeAuthorizationServer() $this->app->make(Bridge\ClientRepository::class), $this->app->make(Bridge\AccessTokenRepository::class), $this->app->make(Bridge\ScopeRepository::class), - $this->makeCryptKey('oauth-private.key'), + $this->makeCryptKey('private'), app('encrypter')->getKey() ); } @@ -215,7 +216,7 @@ protected function registerResourceServer() $this->app->singleton(ResourceServer::class, function () { return new ResourceServer( $this->app->make(Bridge\AccessTokenRepository::class), - $this->makeCryptKey('oauth-public.key') + $this->makeCryptKey('public') ); }); } @@ -226,13 +227,12 @@ protected function registerResourceServer() * @param string $key * @return \League\OAuth2\Server\CryptKey */ - protected function makeCryptKey($key) + protected function makeCryptKey($type) { - return new CryptKey( - 'file://'.Passport::keyPath($key), - null, - false - ); + $key = Config::get('passport.'.$type.'_key') ?? 'file://'.Passport::keyPath('oauth-'.$type.'.key'); + $key = str_replace('\\n', "\n", $key); + + return new CryptKey($key, null, false); } /** From 01c1be34a4939c87f516d3fa39e2460945cd9b98 Mon Sep 17 00:00:00 2001 From: Jonathan Reinink Date: Wed, 4 Apr 2018 18:27:16 -0400 Subject: [PATCH 3/4] Add Passport config --- config/passport.php | 20 ++++++++++++++++++++ src/PassportServiceProvider.php | 16 ++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 config/passport.php diff --git a/config/passport.php b/config/passport.php new file mode 100644 index 000000000..974ad3c7e --- /dev/null +++ b/config/passport.php @@ -0,0 +1,20 @@ + env('PASSPORT_PRIVATE_KEY'), + + 'public_key' => env('PASSPORT_PUBLIC_KEY'), + +]; diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php index 4da514280..69e4207d6 100644 --- a/src/PassportServiceProvider.php +++ b/src/PassportServiceProvider.php @@ -83,6 +83,8 @@ public function register() $this->registerResourceServer(); $this->registerGuard(); + + $this->offerPublishing(); } /** @@ -281,4 +283,18 @@ protected function deleteCookieOnLogout() } }); } + + /** + * Setup the resource publishing groups for Passport. + * + * @return void + */ + protected function offerPublishing() + { + if ($this->app->runningInConsole()) { + $this->publishes([ + __DIR__.'/../config/passport.php' => config_path('passport.php'), + ], 'passport-config'); + } + } } From bb211a9cc83b84b6f757007efdb07f9b06fbe35d Mon Sep 17 00:00:00 2001 From: Jonathan Reinink Date: Thu, 5 Apr 2018 09:08:16 -0400 Subject: [PATCH 4/4] Add tests for making crypto keys --- src/PassportServiceProvider.php | 9 ++-- tests/PassportServiceProviderTest.php | 63 +++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 tests/PassportServiceProviderTest.php diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php index 69e4207d6..2808893b8 100644 --- a/src/PassportServiceProvider.php +++ b/src/PassportServiceProvider.php @@ -7,13 +7,13 @@ use Illuminate\Auth\Events\Logout; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Event; -use Illuminate\Support\Facades\Config; use Illuminate\Support\Facades\Cookie; use Illuminate\Support\Facades\Request; use Illuminate\Support\ServiceProvider; use Laravel\Passport\Guards\TokenGuard; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\ResourceServer; +use Illuminate\Config\Repository as Config; use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Grant\ImplicitGrant; @@ -231,8 +231,11 @@ protected function registerResourceServer() */ protected function makeCryptKey($type) { - $key = Config::get('passport.'.$type.'_key') ?? 'file://'.Passport::keyPath('oauth-'.$type.'.key'); - $key = str_replace('\\n', "\n", $key); + $key = str_replace('\\n', "\n", $this->app->make(Config::class)->get('passport.'.$type.'_key')); + + if (!$key) { + $key = 'file://'.Passport::keyPath('oauth-'.$type.'.key'); + } return new CryptKey($key, null, false); } diff --git a/tests/PassportServiceProviderTest.php b/tests/PassportServiceProviderTest.php new file mode 100644 index 000000000..8a5f4e612 --- /dev/null +++ b/tests/PassportServiceProviderTest.php @@ -0,0 +1,63 @@ +shouldReceive('get') + ->with('passport.private_key') + ->andReturn('-----BEGIN RSA PRIVATE KEY-----\nconfig\n-----END RSA PRIVATE KEY-----'); + }); + + $provider = new PassportServiceProvider( + Mockery::mock(App::class, ['make' => $config]) + ); + + // Call protected makeCryptKey method + $cryptKey = (function () { + return $this->makeCryptKey('private'); + })->call($provider); + + $this->assertSame( + "-----BEGIN RSA PRIVATE KEY-----\nconfig\n-----END RSA PRIVATE KEY-----", + file_get_contents($cryptKey->getKeyPath()) + ); + } + + public function test_can_use_crypto_keys_from_local_disk() + { + Passport::loadKeysFrom(__DIR__.'/files'); + + file_put_contents( + __DIR__.'/files/oauth-private.key', + "-----BEGIN RSA PRIVATE KEY-----\ndisk\n-----END RSA PRIVATE KEY-----" + ); + + $config = Mockery::mock(Config::class, function ($config) { + $config->shouldReceive('get')->with('passport.private_key')->andReturn(null); + }); + + $provider = new PassportServiceProvider( + Mockery::mock(App::class, ['make' => $config]) + ); + + // Call protected makeCryptKey method + $cryptKey = (function () { + return $this->makeCryptKey('private'); + })->call($provider); + + $this->assertSame( + "-----BEGIN RSA PRIVATE KEY-----\ndisk\n-----END RSA PRIVATE KEY-----", + file_get_contents($cryptKey->getKeyPath()) + ); + + @unlink(__DIR__.'/files/oauth-private.key'); + } +}