Merge pull request #3 from flownative/main

Importing fixes from base repository

Author: christoph-daehne

Classes/Authentication/OpenIdConnectProvider.php

@@ -93,7 +93,13 @@ public function authenticate(TokenInterface $authenticationToken): void
         try {
             $jwks = (new OpenIdConnectClient($this->options['serviceName']))->getJwks();
             $identityToken = $authenticationToken->extractIdentityTokenFromRequest($this->options['jwtCookieName']);
-            if (!$identityToken->hasValidSignature($jwks)) {
+
+            try {
+                $hasValidSignature = $identityToken->hasValidSignature($jwks);
+            } catch (ServiceException $exception) {
+                throw new SecurityException('Open ID Connect: ' . $exception->getMessage(), 1671105913, $exception);
+            }
+            if (!$hasValidSignature) {
                 throw new SecurityException('Open ID Connect: The identity token provided by the OIDC provider had an invalid signature', 1561479176);
             }
             $this->logger->debug(sprintf('OpenID Connect: Successfully verified signature of identity token with %s value "%s"', $this->options['accountIdentifierTokenValueName'], $identityToken->values[$this->options['accountIdentifierTokenValueName']] ?? 'unknown'), LogEnvironment::fromMethodName(__METHOD__));

Classes/Authentication/OpenIdConnectToken.php

@@ -72,7 +72,7 @@ public function updateCredentials(ActionRequest $actionRequest): void
      */
     public function extractIdentityTokenFromRequest(string $cookieName): IdentityToken
     {
-        if ($this->authorizationHeader !== null) {
+        if ($this->authorizationHeader !== null && str_contains($this->authorizationHeader, 'Bearer ')) {
             $identityToken = $this->extractIdentityTokenFromAuthorizationHeader($this->authorizationHeader);
 
         } elseif (isset($this->queryParameters[self::OIDC_PARAMETER_NAME])) {

Classes/Command/OidcCommandController.php

@@ -53,6 +53,7 @@ public function discoverCommand(string $serviceName = null): void
                 $this->outputLine('Use one of the following service names: ' . implode(', ', array_keys($this->settings['services'])));
                 exit(1);
             }
+            $serviceName = array_key_first($this->settings['services']);
         }
 
         if (!isset($this->settings['services'][$serviceName])) {

composer.json

@@ -21,7 +21,8 @@
         }
     ],
     "require": {
-        "neos/flow": "^6.0 || ^7.0 || ^8.0",
+        "php": "7.4.* || 8.0.* || 8.1.* || 8.2.*",
+        "neos/flow": "^6.0 || ^7.0 || ^8.0 || ^9.0",
         "guzzlehttp/guzzle": "^6.0 || ^7.0",
         "flownative/oauth2-client": "^4.0.0",
         "phpseclib/phpseclib": "^2.0.31",