Be able to configure curl verify -host and peer

mariusjp · mariusjp · commit fe7cd9f0df99 · 2022-05-12T12:43:11.000+02:00
diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "coddin-web/oidc-client-laravel-wrapper",
     "description": "A Laravel wrapper of jumbojett's OpenID Connect Client",
     "type": "library",
-    "version": "1.0.1",
+    "version": "1.0.2",
     "minimum-stability": "stable",
     "prefer-stable": true,
     "require": {
diff --git a/config/oidc.php b/config/oidc.php
@@ -17,4 +17,8 @@
     'token_storage' => [
         'adaptor' => null,
     ],
+    'curl' => [
+        'verify_host' => env('OIDC_CURL_VERIFY_HOST', true),
+        'verify_peer' => env('OIDC_CURL_VERIFY_PEER', true),
+    ],
 ];
diff --git a/src/Builder/OpenIDConnectClientBuilder.php b/src/Builder/OpenIDConnectClientBuilder.php
@@ -34,6 +34,9 @@ public function execute(): OpenIDConnectClient
             $openIDClient->setCodeChallengeMethod('S256');
         }
 
+        $openIDClient->setVerifyHost($this->configRepository->getAsBool('oidc.curl.verify_host'));
+        $openIDClient->setVerifyPeer($this->configRepository->getAsBool('oidc.curl.verify_peer'));
+
         $openIDClient->setRedirectURL(
             url: rtrim($appUrl, '/') . $this->configRepository->getAsString('oidc.client.redirect_url'),
         );
diff --git a/tests/Unit/Builder/OpenIDConnectClientBuilderTest.php b/tests/Unit/Builder/OpenIDConnectClientBuilderTest.php
@@ -51,15 +51,19 @@ public function authorization_code_flow(): void
             );
 
         $this->configRepository
-            ->expects(self::exactly(2))
+            ->expects(self::exactly(4))
             ->method('getAsBool')
             ->withConsecutive(
                 ['oidc.client.use_pkce'],
                 ['oidc.client.use_pkce'],
+                ['oidc.curl.verify_host'],
+                ['oidc.curl.verify_peer'],
             )
             ->willReturnOnConsecutiveCalls(
                 false,
                 false,
+                true,
+                true,
             );
 
         $openIdConnectBuilder = new OpenIDConnectClientBuilder(
@@ -101,15 +105,19 @@ public function authorization_code_flow_with_PKCE(): void
             );
 
         $this->configRepository
-            ->expects(self::exactly(2))
+            ->expects(self::exactly(4))
             ->method('getAsBool')
             ->withConsecutive(
                 ['oidc.client.use_pkce'],
                 ['oidc.client.use_pkce'],
+                ['oidc.curl.verify_host'],
+                ['oidc.curl.verify_peer'],
             )
             ->willReturnOnConsecutiveCalls(
                 true,
                 true,
+                true,
+                true,
             );
 
         $openIdConnectBuilder = new OpenIDConnectClientBuilder(

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,9 @@ public function execute(): OpenIDConnectClient`
`34`	`34`	`$openIDClient->setCodeChallengeMethod('S256');`
`35`	`35`	`}`
`36`	`36`
	`37`	`+ $openIDClient->setVerifyHost($this->configRepository->getAsBool('oidc.curl.verify_host'));`
	`38`	`+ $openIDClient->setVerifyPeer($this->configRepository->getAsBool('oidc.curl.verify_peer'));`
	`39`	`+`
`37`	`40`	`$openIDClient->setRedirectURL(`
`38`	`41`	`url: rtrim($appUrl, '/') . $this->configRepository->getAsString('oidc.client.redirect_url'),`
`39`	`42`	`);`