Move to DateTime helper instead of static TimestampGenerator (#262)

* Move to DateTime helper instead of static TimestampGenerator

---------

Co-authored-by: Marko Ivančić <[email protected]>

Author: cicnavi

src/Codebooks/DateFormatsEnum.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Codebooks;
+
+enum DateFormatsEnum: string
+{
+    case DB_DATETIME = 'Y-m-d H:i:s';
+}

src/Controller/Federation/EntityStatementController.php

@@ -5,14 +5,14 @@
 namespace SimpleSAML\Module\oidc\Controller\Federation;
 
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Services\JsonWebKeySetService;
 use SimpleSAML\Module\oidc\Services\JsonWebTokenBuilderService;
 use SimpleSAML\Module\oidc\Services\OpMetadataService;
 use SimpleSAML\Module\oidc\Utils\FederationCache;
-use SimpleSAML\Module\oidc\Utils\TimestampGenerator;
 use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
 use SimpleSAML\OpenID\Codebooks\ClientRegistrationTypesEnum;
 use SimpleSAML\OpenID\Codebooks\ContentTypesEnum;
@@ -39,6 +39,7 @@ public function __construct(
         private readonly JsonWebKeySetService $jsonWebKeySetService,
         private readonly OpMetadataService $opMetadataService,
         private readonly ClientRepository $clientRepository,
+        private readonly Helpers $helpers,
         private readonly ?FederationCache $federationCache,
     ) {
         if (!$this->moduleConfig->getFederationEnabled()) {
@@ -69,7 +70,7 @@ public function configuration(): Response
             ->withHeader(ClaimsEnum::Typ->value, JwtTypesEnum::EntityStatementJwt->value)
             ->relatedTo($this->moduleConfig->getIssuer()) // This is entity configuration (statement about itself).
             ->expiresAt(
-                (TimestampGenerator::utcImmutable())->add($this->moduleConfig->getFederationEntityStatementDuration()),
+                $this->helpers->dateTime()->getUtc()->add($this->moduleConfig->getFederationEntityStatementDuration()),
             )->withClaim(
                 ClaimsEnum::Jwks->value,
                 ['keys' => array_values($this->jsonWebKeySetService->federationKeys()),],
@@ -198,7 +199,7 @@ public function fetch(Request $request): Response
             ->withHeader(ClaimsEnum::Typ->value, JwtTypesEnum::EntityStatementJwt->value)
             ->relatedTo($subject)
             ->expiresAt(
-                (TimestampGenerator::utcImmutable())->add($this->moduleConfig->getFederationEntityStatementDuration()),
+                $this->helpers->dateTime()->getUtc()->add($this->moduleConfig->getFederationEntityStatementDuration()),
             )->withClaim(
                 ClaimsEnum::Jwks->value,
                 $jwks,

src/Repositories/AccessTokenRepository.php

@@ -21,14 +21,15 @@
 use League\OAuth2\Server\Entities\ClientEntityInterface as OAuth2ClientEntityInterface;
 use RuntimeException;
 use SimpleSAML\Error\Error;
+use SimpleSAML\Module\oidc\Codebooks\DateFormatsEnum;
 use SimpleSAML\Module\oidc\Entities\AccessTokenEntity;
 use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface;
 use SimpleSAML\Module\oidc\Factories\Entities\AccessTokenEntityFactory;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\AccessTokenRepositoryInterface;
 use SimpleSAML\Module\oidc\Repositories\Traits\RevokeTokenByAuthCodeIdTrait;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
-use SimpleSAML\Module\oidc\Utils\TimestampGenerator;
 
 class AccessTokenRepository extends AbstractDatabaseRepository implements AccessTokenRepositoryInterface
 {
@@ -40,6 +41,7 @@ public function __construct(
         ModuleConfig $moduleConfig,
         protected readonly ClientRepository $clientRepository,
         protected readonly AccessTokenEntityFactory $accessTokenEntityFactory,
+        protected readonly Helpers $helpers,
     ) {
         parent::__construct($moduleConfig);
     }
@@ -182,7 +184,7 @@ public function removeExpired(): void
                     WHERE $accessTokenTableName.id = $refreshTokenTableName.access_token_id AND expires_at > :now
                 )",
             [
-                'now' => TimestampGenerator::utc()->format('Y-m-d H:i:s'),
+                'now' => $this->helpers->dateTime()->getUtc()->format(DateFormatsEnum::DB_DATETIME->value),
             ],
         );
     }

src/Repositories/AuthCodeRepository.php

@@ -19,19 +19,21 @@
 use League\OAuth2\Server\Entities\AuthCodeEntityInterface as OAuth2AuthCodeEntityInterface;
 use RuntimeException;
 use SimpleSAML\Error\Error;
+use SimpleSAML\Module\oidc\Codebooks\DateFormatsEnum;
 use SimpleSAML\Module\oidc\Entities\AuthCodeEntity;
 use SimpleSAML\Module\oidc\Entities\Interfaces\AuthCodeEntityInterface;
 use SimpleSAML\Module\oidc\Factories\Entities\AuthCodeEntityFactory;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\AuthCodeRepositoryInterface;
-use SimpleSAML\Module\oidc\Utils\TimestampGenerator;
 
 class AuthCodeRepository extends AbstractDatabaseRepository implements AuthCodeRepositoryInterface
 {
     public function __construct(
         ModuleConfig $moduleConfig,
         protected readonly ClientRepository $clientRepository,
         protected readonly AuthCodeEntityFactory $authCodeEntityFactory,
+        protected readonly Helpers $helpers,
     ) {
         parent::__construct($moduleConfig);
     }
@@ -139,7 +141,7 @@ public function removeExpired(): void
         $this->database->write(
             "DELETE FROM {$this->getTableName()} WHERE expires_at < :now",
             [
-                'now' => TimestampGenerator::utc()->format('Y-m-d H:i:s'),
+                'now' => $this->helpers->dateTime()->getUtc()->format(DateFormatsEnum::DB_DATETIME->value),
             ],
         );
     }

src/Repositories/RefreshTokenRepository.php

@@ -19,13 +19,14 @@
 use League\OAuth2\Server\Entities\RefreshTokenEntityInterface as OAuth2RefreshTokenEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use RuntimeException;
+use SimpleSAML\Module\oidc\Codebooks\DateFormatsEnum;
 use SimpleSAML\Module\oidc\Entities\Interfaces\RefreshTokenEntityInterface;
 use SimpleSAML\Module\oidc\Entities\RefreshTokenEntity;
 use SimpleSAML\Module\oidc\Factories\Entities\RefreshTokenEntityFactory;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\RefreshTokenRepositoryInterface;
 use SimpleSAML\Module\oidc\Repositories\Traits\RevokeTokenByAuthCodeIdTrait;
-use SimpleSAML\Module\oidc\Utils\TimestampGenerator;
 
 class RefreshTokenRepository extends AbstractDatabaseRepository implements RefreshTokenRepositoryInterface
 {
@@ -37,6 +38,7 @@ public function __construct(
         ModuleConfig $moduleConfig,
         protected readonly AccessTokenRepository $accessTokenRepository,
         protected readonly RefreshTokenEntityFactory $refreshTokenEntityFactory,
+        protected readonly Helpers $helpers,
     ) {
         parent::__construct($moduleConfig);
     }
@@ -144,7 +146,7 @@ public function removeExpired(): void
         $this->database->write(
             "DELETE FROM {$this->getTableName()} WHERE expires_at < :now",
             [
-                'now' => TimestampGenerator::utc()->format('Y-m-d H:i:s'),
+                'now' => $this->helpers->dateTime()->getUtc()->format(DateFormatsEnum::DB_DATETIME->value),
             ],
         );
     }

src/Services/Container.php

@@ -230,6 +230,7 @@ public function __construct()
             $moduleConfig,
             $clientRepository,
             $authCodeEntityFactory,
+            $helpers,
         );
         $this->services[AuthCodeRepository::class] = $authCodeRepository;
 
@@ -253,6 +254,7 @@ public function __construct()
             $moduleConfig,
             $clientRepository,
             $accessTokenEntityFactory,
+            $helpers,
         );
         $this->services[AccessTokenRepository::class] = $accessTokenRepository;
 
@@ -263,6 +265,7 @@ public function __construct()
             $moduleConfig,
             $accessTokenRepository,
             $refreshTokenEntityFactory,
+            $helpers,
         );
         $this->services[RefreshTokenRepository::class] = $refreshTokenRepository;
 

src/Stores/Session/LogoutTicketStoreDb.php

@@ -7,7 +7,8 @@
 use DateInterval;
 use PDO;
 use SimpleSAML\Database;
-use SimpleSAML\Module\oidc\Utils\TimestampGenerator;
+use SimpleSAML\Module\oidc\Codebooks\DateFormatsEnum;
+use SimpleSAML\Module\oidc\Helpers;
 
 class LogoutTicketStoreDb implements LogoutTicketStoreInterface
 {
@@ -20,8 +21,11 @@ class LogoutTicketStoreDb implements LogoutTicketStoreInterface
      */
     protected int $ttl;
 
-    public function __construct(?Database $database = null, int $ttl = 60)
-    {
+    public function __construct(
+        ?Database $database = null,
+        int $ttl = 60,
+        protected readonly Helpers $helpers = new Helpers(),
+    ) {
         $this->database = $database ?? Database::getInstance();
         $this->ttl = max($ttl, 0);
     }
@@ -97,9 +101,9 @@ protected function deleteExpired(): void
         $this->database->write(
             "DELETE FROM {$this->getTableName()} WHERE created_at <= :expiration",
             [
-                'expiration' => TimestampGenerator::utc()
+                'expiration' => $this->helpers->dateTime()->getUtc()
                     ->sub(new DateInterval('PT' . $this->ttl . 'S'))
-                    ->format('Y-m-d H:i:s'),
+                    ->format(DateFormatsEnum::DB_DATETIME->value),
             ],
         );
     }

src/Utils/TimestampGenerator.php

@@ -168,6 +168,7 @@ public function getDatabase(): Database
             $moduleConfig,
             $clientRepositoryMock,
             $this->accessTokenEntityFactory,
+            new Helpers(),
         );
 
         $client = self::clientRepositoryGetClient(self::CLIENT_ID);

tests/integration/src/Repositories/Traits/RevokeTokenByAuthCodeIdTraitTest.php

@@ -15,14 +15,17 @@
  */
 namespace SimpleSAML\Test\Module\oidc\unit\Repositories;
 
+use DateTimeImmutable;
 use Exception;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\Configuration;
+use SimpleSAML\Module\oidc\Codebooks\DateFormatsEnum;
 use SimpleSAML\Module\oidc\Entities\AccessTokenEntity;
 use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface;
 use SimpleSAML\Module\oidc\Factories\Entities\AccessTokenEntityFactory;
 use SimpleSAML\Module\oidc\Factories\Entities\ClientEntityFactory;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Repositories\AccessTokenRepository;
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
@@ -44,6 +47,8 @@ class AccessTokenRepositoryTest extends TestCase
     protected MockObject $clientEntityFactoryMock;
     protected MockObject $accessTokenEntityFactoryMock;
     protected MockObject $accessTokenEntityMock;
+    protected MockObject $helpersMock;
+    protected MockObject $dateTimeHelperMock;
 
     protected static bool $dbSeeded = false;
     protected ClientEntityInterface $clientEntity;
@@ -93,10 +98,15 @@ protected function setUp(): void
             'auth_code_id' => 'authCode123',
         ];
 
+        $this->helpersMock = $this->createMock(Helpers::class);
+        $this->dateTimeHelperMock = $this->createMock(Helpers\DateTime::class);
+        $this->helpersMock->method('dateTime')->willReturn($this->dateTimeHelperMock);
+
         $this->repository = new AccessTokenRepository(
             $this->moduleConfigMock,
             $this->clientRepositoryMock,
             $this->accessTokenEntityFactoryMock,
+            $this->helpersMock,
         );
     }
 
@@ -178,6 +188,12 @@ public function testErrorCheckIsRevokedInvalidToken(): void
      */
     public function testRemoveExpired(): void
     {
+        $dateTimeMock = $this->createMock(DateTimeImmutable::class);
+        $dateTimeMock->expects($this->once())->method('format')
+            ->willReturn(date(DateFormatsEnum::DB_DATETIME->value));
+        $this->dateTimeHelperMock->expects($this->once())->method('getUtc')
+            ->willReturn($dateTimeMock);
+
         $this->repository->removeExpired();
         $notFoundAccessToken = $this->repository->findById(self::ACCESS_TOKEN_ID);