-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathOAuthOptionsTrait.php
146 lines (124 loc) · 3.61 KB
/
OAuthOptionsTrait.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<?php
/**
* Trait OAuthOptionsTrait
*
* @created 29.01.2018
* @author smiley <[email protected]>
* @copyright 2018 smiley
* @license MIT
*/
declare(strict_types=1);
namespace chillerlan\OAuth;
use chillerlan\OAuth\Storage\OAuthStorageException;
use chillerlan\Utilities\{Directory, File};
use function max, min, preg_match, sprintf, trim;
/**
* The settings for the OAuth provider
*
* @property string $key
* @property string $secret
* @property string $callbackURL
* @property bool $useStorageEncryption
* @property string $storageEncryptionKey
* @property bool $tokenAutoRefresh
* @property bool $sessionStart
* @property bool $sessionStop
* @property string $sessionStorageVar
* @property string $fileStoragePath
* @property int $pkceVerifierLength
*/
trait OAuthOptionsTrait{
/**
* The application key (or client-id) given by your provider
*/
protected string $key = '';
/**
* The application secret given by your provider
*/
protected string $secret = '';
/**
* The (main) callback URL associated with your application
*/
protected string $callbackURL = '';
/**
* Whether to use encryption for the file storage
*
* @see \chillerlan\OAuth\Storage\FileStorage
*/
protected bool $useStorageEncryption = false;
/**
* The encryption key (hexadecimal) to use
*
* @see \sodium_crypto_secretbox_keygen()
* @see \chillerlan\OAuth\Storage\FileStorage
*/
protected string $storageEncryptionKey = '';
/**
* Whether to automatically refresh access tokens (OAuth2)
*
* @see \chillerlan\OAuth\Core\TokenRefresh::refreshAccessToken()
*/
protected bool $tokenAutoRefresh = true;
/**
* Whether to start the session when session storage is used
*
* Note: this will only start a session if there is no active session present
*
* @see \session_status()
* @see \chillerlan\OAuth\Storage\SessionStorage
*/
protected bool $sessionStart = true;
/**
* Whether to end the session when session storage is used
*
* Note: this is set to `false` by default to not interfere with other session managers
*
* @see \session_status()
* @see \chillerlan\OAuth\Storage\SessionStorage
*/
protected bool $sessionStop = false;
/**
* The session key for the storage array
*
* @see \chillerlan\OAuth\Storage\SessionStorage
*/
protected string $sessionStorageVar = 'chillerlan-oauth-storage';
/**
* The file storage root path (requires permissions 0777)
*
* @see \is_writable()
* @see \chillerlan\OAuth\Storage\FileStorage
*/
protected string $fileStoragePath = '';
/**
* The length of the PKCE challenge verifier (43-128 characters)
*
* @link https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
*/
protected int $pkceVerifierLength = 128;
/**
* sets an encryption key
*/
protected function set_storageEncryptionKey(string $storageEncryptionKey):void{
if(!preg_match('/^[a-f\d]{64}$/i', $storageEncryptionKey)){
throw new OAuthStorageException('invalid encryption key');
}
$this->storageEncryptionKey = $storageEncryptionKey;
}
/**
* sets and verifies the file storage path
*/
protected function set_fileStoragePath(string $fileStoragePath):void{
$path = File::realpath(trim($fileStoragePath));
if(!Directory::isWritable($path) || !Directory::isReadable($path)){
throw new OAuthStorageException(sprintf('invalid storage path "%s"', $fileStoragePath));
}
$this->fileStoragePath = $path;
}
/**
* clamps the PKCE verifier length between 43 and 128
*/
protected function set_pkceVerifierLength(int $pkceVerifierLength):void{
$this->pkceVerifierLength = max(43, min(128, $pkceVerifierLength));
}
}