Formatting and warning fixes (#29)

src/AdvancedResourceServer.php

@@ -8,7 +8,6 @@
 
 class AdvancedResourceServer extends ResourceServer
 {
-
     /**
      * @var null|AuthorizationValidatorInterface
      */

src/Entities/AccessTokenEntityInterface.php

@@ -16,7 +16,7 @@ public function getClaims();
 
     /**
      * Return an array of scopes associated with the token
-     * 
+     *
      * @return ScopeEntityInterface[]
      */
     public function getScopes();

src/Entities/ClaimEntityInterface.php

@@ -6,8 +6,8 @@
 
 interface ClaimEntityInterface extends JsonSerializable
 {
-    const TYPE_ID_TOKEN = 'id_token';
-    const TYPE_USERINFO = 'userinfo';
+    public const TYPE_ID_TOKEN = 'id_token';
+    public const TYPE_USERINFO = 'userinfo';
 
     /**
      * Get the scope's identifier.

src/Entities/IdToken.php

@@ -4,7 +4,6 @@
 
 use DateTimeImmutable;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
-use Lcobucci\JWT\Token\RegisteredClaims;
 use League\OAuth2\Server\CryptKey;
 use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer\Key\InMemory;
@@ -105,7 +104,7 @@ public function setAudience($audience)
     /**
      * Get the value of expiration
      */
-    public function getExpiration() : \DateTimeImmutable
+    public function getExpiration(): \DateTimeImmutable
     {
         return $this->expiration;
     }

src/Grant/AuthCodeGrant.php

@@ -89,7 +89,8 @@ public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
         $requestParameters = (array) $request->getParsedBody();
 
         // Don't try to handle code when it isn't even an authorization_code request
-        if (!array_key_exists('grant_type', $requestParameters)
+        if (
+            !array_key_exists('grant_type', $requestParameters)
             || $requestParameters['grant_type'] !== 'authorization_code'
         ) {
             return false;
@@ -114,7 +115,7 @@ public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
     public function validateAuthorizationRequest(ServerRequestInterface $request)
     {
         $result = parent::validateAuthorizationRequest($request);
-        
+
         $redirectUri = $this->getQueryStringParameter(
             'redirect_uri',
             $request

src/Grant/ImplicitGrant.php

@@ -2,7 +2,6 @@
 
 namespace Idaas\OpenID\Grant;
 
-use DateTimeImmutable;
 use Idaas\OpenID\Entities\IdToken;
 use Idaas\OpenID\IdTokenEvent;
 use Idaas\OpenID\Repositories\ClaimRepositoryInterface;
@@ -11,6 +10,7 @@
 use Idaas\OpenID\SessionInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
 use League\OAuth2\Server\ResponseTypes\RedirectResponse;
 use Psr\Http\Message\ServerRequestInterface;
@@ -35,6 +35,12 @@ class ImplicitGrant extends \League\OAuth2\Server\Grant\ImplicitGrant
      */
     protected $session;
 
+    /**
+     * Same as $accessTokenTTL, but used for the ID Token
+     * @var \DateInterval
+     */
+    protected $accessTokenTTLCopy;
+
     /**
      * @param \DateInterval $accessTokenTTL
      * @param string $queryDelimiter
@@ -53,7 +59,7 @@ public function __construct(
         $this->claimRepositoryInterface = $claimRepositoryInterface;
         $this->session = $session;
 
-        $this->accessTokenTTL = $accessTokenTTL;
+        $this->accessTokenTTLCopy = $accessTokenTTL;
         $this->idTokenTTL = $idTokenTTL;
         $this->queryDelimiter = $queryDelimiter;
     }
@@ -66,7 +72,11 @@ public function getIdentifier()
     public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
     {
         $result = (isset($request->getQueryParams()['response_type'])
-            && ($request->getQueryParams()['response_type'] === 'id_token token' || $request->getQueryParams()['response_type'] === 'id_token' || $request->getQueryParams()['response_type'] === 'token')
+            && (
+                $request->getQueryParams()['response_type'] === 'id_token token' ||
+                $request->getQueryParams()['response_type'] === 'id_token' ||
+                $request->getQueryParams()['response_type'] === 'token'
+            )
             && isset($request->getQueryParams()['client_id']));
 
         $queryParams = $request->getQueryParams();
@@ -147,7 +157,7 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
         // The user approved the client, redirect them back with an access token
         if ($authorizationRequest->isAuthorizationApproved() === true) {
             $accessToken = $this->issueAccessToken(
-                $this->accessTokenTTL,
+                $this->accessTokenTTLCopy,
                 $authorizationRequest->getClient(),
                 $authorizationRequest->getUser()->getIdentifier(),
                 $authorizationRequest->getScopes()
@@ -192,7 +202,10 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
                     $idToken->addExtra($key, $value);
                 }
             } else {
-                $this->accessTokenRepository->storeClaims($accessToken, $claimsRequested);
+                // This check is not really needed, as accessTokenRepisitory is guaranted to be of this type
+                if ($this->accessTokenRepository instanceof \Idaas\OpenID\Repositories\AccessTokenRepositoryInterface) {
+                    $this->accessTokenRepository->storeClaims($accessToken, $claimsRequested);
+                }
             }
 
             /**
@@ -210,7 +223,10 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
 
             //Only add the access token and related parameters if requested
             //TODO: Check if OpenID Connect flow is allowed if only a token is requested.
-            if ($authorizationRequest->getResponseType() == 'id_token token' || $authorizationRequest->getResponseType() == 'token') {
+            if (
+                $authorizationRequest->getResponseType() == 'id_token token' ||
+                $authorizationRequest->getResponseType() == 'token'
+            ) {
                 $accessToken->setPrivateKey($this->privateKey);
                 $parameters['access_token'] = (string) $accessToken;
                 $parameters['token_type'] = 'Bearer';
@@ -243,4 +259,13 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
             )
         );
     }
+
+    public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
+    {
+        if (!($accessTokenRepository instanceof \Idaas\OpenID\Repositories\AccessTokenRepositoryInterface)) {
+            throw new \LogicException('The access token repository must be an instance of Idaas\OpenID\Repositories\AccessTokenRepositoryInterface');
+        }
+
+        $this->accessTokenRepository = $accessTokenRepository;
+    }
 }

src/IdTokenEvent.php

@@ -8,7 +8,7 @@
 
 class IdTokenEvent extends Event
 {
-    const TOKEN_POPULATED = 'id_token.populated';
+    public const TOKEN_POPULATED = 'id_token.populated';
 
     /**
      * @var IdToken

src/ProviderController.php

@@ -1,5 +1,6 @@
 <?php
 
+// FIXME: This class used Laravel classes
 namespace Idaas\OpenID;
 
 use Illuminate\Http\Request;
@@ -52,7 +53,7 @@ public function jwks(ProviderRepository $providerRepository)
 
         $key = $crypt->x509;
         $key = str_replace(array('-----BEGIN CERTIFICATE-----','-----END CERTIFICATE-----',"\r", "\n", " "), "", $key);
-        $keyForParsing = "-----BEGIN CERTIFICATE-----\n".chunk_split($key, 64, "\n")."-----END CERTIFICATE-----\n";
+        $keyForParsing = "-----BEGIN CERTIFICATE-----\n" . chunk_split($key, 64, "\n") . "-----END CERTIFICATE-----\n";
 
         $result = openssl_pkey_get_details(openssl_pkey_get_public(openssl_x509_read($keyForParsing)));
 

src/Repositories/AccessTokenRepositoryInterface.php

@@ -8,7 +8,6 @@
 
 interface AccessTokenRepositoryInterface extends LeagueAccessTokenRepositoryInterface
 {
-
     /**
      * @param array $claims ClaimEntityInterface[]
      */

src/Repositories/ClaimRepositoryInterface.php

@@ -23,7 +23,7 @@ public function getClaimEntityByIdentifier($identifier, $type, $essential);
     /**
      * @return ClaimEntityInterface[]
      */
-    public function getClaimsByScope(ScopeEntityInterface $scope) : iterable;
+    public function getClaimsByScope(ScopeEntityInterface $scope): iterable;
 
     public function claimsRequestToEntities(array $json = null);
 }

src/ResponseHandler.php

@@ -9,7 +9,6 @@
 
 class ResponseHandler
 {
-
     protected $handlers;
 
     public function __construct()

src/ResponseHandlers/RedirectResponseHandler.php

@@ -19,7 +19,8 @@ public function generateResponse(AuthenticationRequest $authenticationRequest, $
     {
         $queryDelimiter = '?';
 
-        if ($authenticationRequest->getResponseMode() === 'fragment' ||
+        if (
+            $authenticationRequest->getResponseMode() === 'fragment' ||
             strpos($authenticationRequest->getResponseType(), 'code') === false
         ) {
             $queryDelimiter = '#';

src/SessionInformation.php

@@ -23,7 +23,7 @@ public static function fromJSON($json)
 
     public function toJSON()
     {
-        return json_encode(['acr'=>$this->acr, 'amr'=>$this->amr,'azp'=>$this->azp]);
+        return json_encode(['acr' => $this->acr, 'amr' => $this->amr,'azp' => $this->azp]);
     }
 
     public function __toString()

src/UserInfo.php

@@ -11,7 +11,6 @@
 
 class UserInfo
 {
-
     protected $userRepository;
     protected $tokenRepository;
     protected $resourceServer;