Merge branch 'thephpleague:master' into fix/authorization-code-error-redirect

Author: TLG-Gildas

.github/workflows/unit-tests.yml

@@ -14,8 +14,8 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                php: ['8.1', '8.2', '8.3']
-                symfony: ['5.4.*', '6.4.*', '7.0.*']
+                php: ['8.1', '8.2', '8.3', '8.4']
+                symfony: ['5.4.*', '6.4.*', '7.1.*', '7.2.*']
                 doctrine-orm: ['^2.14', '^3.0']
                 composer-flags: ['--prefer-stable']
                 can-fail: [false]
@@ -27,7 +27,9 @@ jobs:
                       can-fail: false
                 exclude:
                     - php: "8.1"
-                      symfony: "7.0.*"
+                      symfony: "7.1.*"
+                    - php: "8.1"
+                      symfony: "7.2.*"
 
         name: "PHP ${{ matrix.php }} - Doctrine ${{ matrix.doctrine-orm }} - Symfony ${{ matrix.symfony }}${{ matrix.composer-flags != '' && format(' - Composer {0}', matrix.composer-flags) || '' }}"
 
@@ -39,7 +41,7 @@ jobs:
               uses: "actions/checkout@v4"
 
             - name: "build the PHP environment"
-              run: "dev/bin/docker-compose build --build-arg PHP_VERSION=${{ matrix.php }} --build-arg XDEBUG_VERSION='3.3.1' php"
+              run: "dev/bin/docker-compose build --build-arg PHP_VERSION=${{ matrix.php }} --build-arg XDEBUG_VERSION='3.4.0' php"
 
             - name: "require specific Doctrine ORM version"
               run: "dev/bin/php composer require --ansi ${{ matrix.composer-flags }} --no-install doctrine/orm:${{ matrix.doctrine-orm }}"

composer.json

@@ -20,7 +20,7 @@
         "ext-openssl": "*",
         "doctrine/doctrine-bundle": "^2.8.0",
         "doctrine/orm": "^2.14|^3.0",
-        "league/oauth2-server": "^9",
+        "league/oauth2-server": "^9.1",
         "nyholm/psr7": "^1.4",
         "psr/http-factory": "^1.0",
         "symfony/event-dispatcher": "^5.4|^6.2|^7.0",

dev/docker/Dockerfile

@@ -7,7 +7,7 @@ LABEL maintainer="Petar Obradović <[email protected]>"
 RUN mkdir -p /app/bin
 ENV PATH /app/bin:$PATH
 
-ARG XDEBUG_VERSION=3.3.1
+ARG XDEBUG_VERSION=3.4.0
 
 # Install needed core and PECL extensions
 RUN apk add --update --no-cache --virtual .build-deps \

docs/index.md

@@ -137,10 +137,13 @@ security:
         type: php
     ```
 
+## Post-installation
+
 You can verify that everything is working by issuing a `POST` request to the `/token` endpoint.
 
-**❮ NOTE ❯** It is recommended to control the access to the authorization endpoint
-so that only logged in users can approve authorization requests.
+It is required to control access to the authorization endpoint
+so that only logged-in users can approve authorization requests.
+
 You should review your `config/security.yaml` file. Here is a sample configuration:
 
 ```yaml
@@ -149,6 +152,9 @@ security:
         - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }
 ```
 
+> [!IMPORTANT]
+> The requirement for a logged-in user to approve authorization requests was introduced in version `0.9.0`. In previous versions, it was only a recommendation.
+
 ## Configuration
 
 * [Basic setup](basic-setup.md)

src/Command/ClearExpiredTokensCommand.php

@@ -35,7 +35,7 @@ final class ClearExpiredTokensCommand extends Command
     public function __construct(
         AccessTokenManagerInterface $accessTokenManager,
         RefreshTokenManagerInterface $refreshTokenManager,
-        AuthorizationCodeManagerInterface $authorizationCodeManager
+        AuthorizationCodeManagerInterface $authorizationCodeManager,
     ) {
         parent::__construct();
 

src/Command/GenerateKeyPairCommand.php

@@ -6,6 +6,7 @@
 
 use Symfony\Component\Console\Attribute\AsCommand;
 use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
@@ -43,16 +44,13 @@ final class GenerateKeyPairCommand extends Command
 
     private ?string $passphrase;
 
-    private string $algorithm;
-
-    public function __construct(Filesystem $filesystem, string $secretKey, string $publicKey, ?string $passphrase, string $algorithm)
+    public function __construct(Filesystem $filesystem, string $secretKey, string $publicKey, ?string $passphrase)
     {
         parent::__construct();
         $this->filesystem = $filesystem;
         $this->secretKey = $secretKey;
         $this->publicKey = $publicKey;
         $this->passphrase = $passphrase;
-        $this->algorithm = $algorithm;
     }
 
     protected function configure(): void
@@ -61,19 +59,20 @@ protected function configure(): void
         $this->addOption('dry-run', null, InputOption::VALUE_NONE, 'Do not update key files.');
         $this->addOption('skip-if-exists', null, InputOption::VALUE_NONE, 'Do not update key files if they already exist.');
         $this->addOption('overwrite', null, InputOption::VALUE_NONE, 'Overwrite key files if they already exist.');
+        $this->addArgument('algorithm', InputArgument::OPTIONAL, \sprintf('The algorithm code, possible values : %s', implode('', self::ACCEPTED_ALGORITHMS)), 'RS256');
     }
 
     protected function execute(InputInterface $input, OutputInterface $output): int
     {
         $io = new SymfonyStyle($input, $output);
-
-        if (!\in_array($this->algorithm, self::ACCEPTED_ALGORITHMS, true)) {
-            $io->error(\sprintf('Cannot generate key pair with the provided algorithm `%s`.', $this->algorithm));
+        $algorithm = $input->getArgument('algorithm');
+        if (!\in_array($algorithm, self::ACCEPTED_ALGORITHMS, true)) {
+            $io->error(\sprintf('Cannot generate key pair with the provided algorithm `%s`.', $algorithm));
 
             return Command::FAILURE;
         }
 
-        [$secretKey, $publicKey] = $this->generateKeyPair($this->passphrase);
+        [$secretKey, $publicKey] = $this->generateKeyPair($this->passphrase, $algorithm);
 
         if ($input->getOption('dry-run')) {
             $io->success('Your keys have been generated!');
@@ -137,9 +136,9 @@ private function handleExistingKeys(InputInterface $input): void
     /**
      * @return array{0: string, 1: string}
      */
-    private function generateKeyPair(?string $passphrase): array
+    private function generateKeyPair(?string $passphrase, string $algorithm): array
     {
-        $config = $this->buildOpenSSLConfiguration();
+        $config = $this->buildOpenSSLConfiguration($algorithm);
 
         $resource = openssl_pkey_new($config);
         if (false === $resource) {
@@ -165,7 +164,7 @@ private function generateKeyPair(?string $passphrase): array
         return [$privateKey, $publicKeyData['key']];
     }
 
-    private function buildOpenSSLConfiguration(): array
+    private function buildOpenSSLConfiguration(string $algorithm): array
     {
         $digestAlgorithms = [
             'RS256' => 'sha256',
@@ -208,13 +207,13 @@ private function buildOpenSSLConfiguration(): array
         ];
 
         $config = [
-            'digest_alg' => $digestAlgorithms[$this->algorithm],
-            'private_key_type' => $privateKeyTypes[$this->algorithm],
-            'private_key_bits' => $privateKeyBits[$this->algorithm],
+            'digest_alg' => $digestAlgorithms[$algorithm],
+            'private_key_type' => $privateKeyTypes[$algorithm],
+            'private_key_bits' => $privateKeyBits[$algorithm],
         ];
 
-        if (isset($curves[$this->algorithm])) {
-            $config['curve_name'] = $curves[$this->algorithm];
+        if (isset($curves[$algorithm])) {
+            $config['curve_name'] = $curves[$algorithm];
         }
 
         return $config;

src/Controller/AuthorizationController.php

@@ -68,7 +68,7 @@ public function __construct(
         ClientManagerInterface $clientManager,
         HttpMessageFactoryInterface $httpMessageFactory,
         HttpFoundationFactoryInterface $httpFoundationFactory,
-        ResponseFactoryInterface $responseFactory
+        ResponseFactoryInterface $responseFactory,
     ) {
         $this->server = $server;
         $this->eventDispatcher = $eventDispatcher;

src/Controller/TokenController.php

@@ -47,7 +47,7 @@ public function __construct(
         HttpMessageFactoryInterface $httpMessageFactory,
         HttpFoundationFactoryInterface $httpFoundationFactory,
         ResponseFactoryInterface $responseFactory,
-        EventDispatcherInterface $eventDispatcher
+        EventDispatcherInterface $eventDispatcher,
     ) {
         $this->server = $server;
         $this->httpMessageFactory = $httpMessageFactory;

src/Manager/Doctrine/ClientManager.php

@@ -39,7 +39,7 @@ final class ClientManager implements ClientManagerInterface
     public function __construct(
         EntityManagerInterface $entityManager,
         EventDispatcherInterface $dispatcher,
-        string $clientFqcn
+        string $clientFqcn,
     ) {
         $this->entityManager = $entityManager;
         $this->dispatcher = $dispatcher;

src/Model/AccessToken.php

@@ -48,7 +48,7 @@ public function __construct(
         \DateTimeInterface $expiry,
         ClientInterface $client,
         ?string $userIdentifier,
-        array $scopes
+        array $scopes,
     ) {
         $this->identifier = $identifier;
         $this->expiry = $expiry;