Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

namespace Yoast\WP\SEO\Config;

[2] Fix | Delete

[3] Fix | Delete

use Exception;

[4] Fix | Delete

use UnexpectedValueException;

[5] Fix | Delete

use YoastSEO_Vendor\GuzzleHttp\Exception\BadResponseException;

[6] Fix | Delete

use YoastSEO_Vendor\League\OAuth2\Client\Provider\Exception\IdentityProviderException;

[7] Fix | Delete

use YoastSEO_Vendor\League\OAuth2\Client\Provider\GenericProvider;

[8] Fix | Delete

use YoastSEO_Vendor\League\OAuth2\Client\Token\AccessToken;

[9] Fix | Delete

use YoastSEO_Vendor\League\OAuth2\Client\Token\AccessTokenInterface;

[10] Fix | Delete

use YoastSEO_Vendor\League\OAuth2\Client\Tool\BearerAuthorizationTrait;

[11] Fix | Delete

use YoastSEO_Vendor\Psr\Http\Message\RequestInterface;

[12] Fix | Delete

use YoastSEO_Vendor\Psr\Log\InvalidArgumentException;

[13] Fix | Delete

[14] Fix | Delete

/**

[15] Fix | Delete

* Class Wincher_PKCE_Provider

[16] Fix | Delete

[17] Fix | Delete

* @codeCoverageIgnore Ignoring as this class is purely a temporary wrapper until https://github.com/thephpleague/oauth2-client/pull/901 is merged.

[18] Fix | Delete

[19] Fix | Delete

* @phpcs:disable WordPress.NamingConventions.ValidVariableName.PropertyNotSnakeCase -- This class extends an external class.

[20] Fix | Delete

* @phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase -- This class extends an external class.

[21] Fix | Delete

[22] Fix | Delete

class Wincher_PKCE_Provider extends GenericProvider {

[23] Fix | Delete

[24] Fix | Delete

use BearerAuthorizationTrait;

[25] Fix | Delete

[26] Fix | Delete

/**

[27] Fix | Delete

* The method to use.

[28] Fix | Delete

[29] Fix | Delete

* @var string

[30] Fix | Delete

[31] Fix | Delete

protected $pkceMethod = null;

[32] Fix | Delete

[33] Fix | Delete

/**

[34] Fix | Delete

* The PKCE code.

[35] Fix | Delete

[36] Fix | Delete

* @var string

[37] Fix | Delete

[38] Fix | Delete

protected $pkceCode;

[39] Fix | Delete

[40] Fix | Delete

/**

[41] Fix | Delete

* Set the value of the pkceCode parameter.

[42] Fix | Delete

[43] Fix | Delete

* When using PKCE this should be set before requesting an access token.

[44] Fix | Delete

[45] Fix | Delete

* @param string $pkce_code The value for the pkceCode.

[46] Fix | Delete

* @return self

[47] Fix | Delete

[48] Fix | Delete

public function setPkceCode( $pkce_code ) {

[49] Fix | Delete

$this->pkceCode = $pkce_code;

[50] Fix | Delete

return $this;

[51] Fix | Delete

}

[52] Fix | Delete

[53] Fix | Delete

/**

[54] Fix | Delete

* Returns the current value of the pkceCode parameter.

[55] Fix | Delete

[56] Fix | Delete

* This can be accessed by the redirect handler during authorization.

[57] Fix | Delete

[58] Fix | Delete

* @return string

[59] Fix | Delete

[60] Fix | Delete

public function getPkceCode() {

[61] Fix | Delete

return $this->pkceCode;

[62] Fix | Delete

}

[63] Fix | Delete

[64] Fix | Delete

/**

[65] Fix | Delete

* Returns a new random string to use as PKCE code_verifier and

[66] Fix | Delete

* hashed as code_challenge parameters in an authorization flow.

[67] Fix | Delete

* Must be between 43 and 128 characters long.

[68] Fix | Delete

[69] Fix | Delete

* @param int $length Length of the random string to be generated.

[70] Fix | Delete

[71] Fix | Delete

* @return string

[72] Fix | Delete

[73] Fix | Delete

* @throws Exception Throws exception if an invalid value is passed to random_bytes.

[74] Fix | Delete

[75] Fix | Delete

protected function getRandomPkceCode( $length = 64 ) {

[76] Fix | Delete

return \substr(

[77] Fix | Delete

\strtr(

[78] Fix | Delete

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode

[79] Fix | Delete

\base64_encode( \random_bytes( $length ) ),

[80] Fix | Delete

'+/',

[81] Fix | Delete

'-_'

[82] Fix | Delete

[83] Fix | Delete

[84] Fix | Delete

$length

[85] Fix | Delete

);

[86] Fix | Delete

}

[87] Fix | Delete

[88] Fix | Delete

/**

[89] Fix | Delete

* Returns the current value of the pkceMethod parameter.

[90] Fix | Delete

[91] Fix | Delete

* @return string|null

[92] Fix | Delete

[93] Fix | Delete

protected function getPkceMethod() {

[94] Fix | Delete

return $this->pkceMethod;

[95] Fix | Delete

}

[96] Fix | Delete

[97] Fix | Delete

/**

[98] Fix | Delete

* Returns authorization parameters based on provided options.

[99] Fix | Delete

[100] Fix | Delete

* @param array $options The options to use in the authorization parameters.

[101] Fix | Delete

[102] Fix | Delete

* @return array The authorization parameters

[103] Fix | Delete

[104] Fix | Delete

* @throws InvalidArgumentException Throws exception if an invalid PCKE method is passed in the options.

[105] Fix | Delete

* @throws Exception When something goes wrong with generating the PKCE code.

[106] Fix | Delete

[107] Fix | Delete

protected function getAuthorizationParameters( array $options ) {

[108] Fix | Delete

if ( empty( $options['state'] ) ) {

[109] Fix | Delete

$options['state'] = $this->getRandomState();

[110] Fix | Delete

}

[111] Fix | Delete

[112] Fix | Delete

if ( empty( $options['scope'] ) ) {

[113] Fix | Delete

$options['scope'] = $this->getDefaultScopes();

[114] Fix | Delete

}

[115] Fix | Delete

[116] Fix | Delete

$options += [

[117] Fix | Delete

'response_type' => 'code',

[118] Fix | Delete

];

[119] Fix | Delete

[120] Fix | Delete

if ( \is_array( $options['scope'] ) ) {

[121] Fix | Delete

$separator = $this->getScopeSeparator();

[122] Fix | Delete

$options['scope'] = \implode( $separator, $options['scope'] );

[123] Fix | Delete

}

[124] Fix | Delete

[125] Fix | Delete

// Store the state as it may need to be accessed later on.

[126] Fix | Delete

$this->state = $options['state'];

[127] Fix | Delete

[128] Fix | Delete

$pkce_method = $this->getPkceMethod();

[129] Fix | Delete

if ( ! empty( $pkce_method ) ) {

[130] Fix | Delete

$this->pkceCode = $this->getRandomPkceCode();

[131] Fix | Delete

if ( $pkce_method === 'S256' ) {

[132] Fix | Delete

$options['code_challenge'] = \trim(

[133] Fix | Delete

\strtr(

[134] Fix | Delete

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode

[135] Fix | Delete

\base64_encode( \hash( 'sha256', $this->pkceCode, true ) ),

[136] Fix | Delete

'+/',

[137] Fix | Delete

'-_'

[138] Fix | Delete

[139] Fix | Delete

'='

[140] Fix | Delete

);

[141] Fix | Delete

}

[142] Fix | Delete

elseif ( $pkce_method === 'plain' ) {

[143] Fix | Delete

$options['code_challenge'] = $this->pkceCode;

[144] Fix | Delete

}

[145] Fix | Delete

else {

[146] Fix | Delete

throw new InvalidArgumentException( 'Unknown PKCE method "' . $pkce_method . '".' );

[147] Fix | Delete

}

[148] Fix | Delete

$options['code_challenge_method'] = $pkce_method;

[149] Fix | Delete

}

[150] Fix | Delete

[151] Fix | Delete

// Business code layer might set a different redirect_uri parameter.

[152] Fix | Delete

// Depending on the context, leave it as-is.

[153] Fix | Delete

if ( ! isset( $options['redirect_uri'] ) ) {

[154] Fix | Delete

$options['redirect_uri'] = $this->redirectUri;

[155] Fix | Delete

}

[156] Fix | Delete

[157] Fix | Delete

$options['client_id'] = $this->clientId;

[158] Fix | Delete

[159] Fix | Delete

return $options;

[160] Fix | Delete

}

[161] Fix | Delete

[162] Fix | Delete

/**

[163] Fix | Delete

* Requests an access token using a specified grant and option set.

[164] Fix | Delete

[165] Fix | Delete

* @param mixed $grant The grant to request access for.

[166] Fix | Delete

* @param array $options The options to use with the current request.

[167] Fix | Delete

[168] Fix | Delete

* @return AccessToken|AccessTokenInterface The access token.

[169] Fix | Delete

[170] Fix | Delete

* @throws UnexpectedValueException Exception thrown if the provider response contains errors.

[171] Fix | Delete

[172] Fix | Delete

public function getAccessToken( $grant, array $options = [] ) {

[173] Fix | Delete

$grant = $this->verifyGrant( $grant );

[174] Fix | Delete

[175] Fix | Delete

$params = [

[176] Fix | Delete

'client_id' => $this->clientId,

[177] Fix | Delete

'client_secret' => $this->clientSecret,

[178] Fix | Delete

'redirect_uri' => $this->redirectUri,

[179] Fix | Delete

];

[180] Fix | Delete

[181] Fix | Delete

if ( ! empty( $this->pkceCode ) ) {

[182] Fix | Delete

$params['code_verifier'] = $this->pkceCode;

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

$params = $grant->prepareRequestParameters( $params, $options );

[186] Fix | Delete

$request = $this->getAccessTokenRequest( $params );

[187] Fix | Delete

$response = $this->getParsedResponse( $request );

[188] Fix | Delete

[189] Fix | Delete

if ( \is_array( $response ) === false ) {

[190] Fix | Delete

throw new UnexpectedValueException(

[191] Fix | Delete

'Invalid response received from Authorization Server. Expected JSON.'

[192] Fix | Delete

);

[193] Fix | Delete

}

[194] Fix | Delete

[195] Fix | Delete

$prepared = $this->prepareAccessTokenResponse( $response );

[196] Fix | Delete

$token = $this->createAccessToken( $prepared, $grant );

[197] Fix | Delete

[198] Fix | Delete

return $token;

[199] Fix | Delete

}

[200] Fix | Delete

[201] Fix | Delete

/**

[202] Fix | Delete

* Returns all options that can be configured.

[203] Fix | Delete

[204] Fix | Delete

* @return array The configurable options.

[205] Fix | Delete

[206] Fix | Delete

protected function getConfigurableOptions() {

[207] Fix | Delete

return \array_merge(

[208] Fix | Delete

$this->getRequiredOptions(),

[209] Fix | Delete

[

[210] Fix | Delete

'accessTokenMethod',

[211] Fix | Delete

'accessTokenResourceOwnerId',

[212] Fix | Delete

'scopeSeparator',

[213] Fix | Delete

'responseError',

[214] Fix | Delete

'responseCode',

[215] Fix | Delete

'responseResourceOwnerId',

[216] Fix | Delete

'scopes',

[217] Fix | Delete

'pkceMethod',

[218] Fix | Delete

]

[219] Fix | Delete

);

[220] Fix | Delete

}

[221] Fix | Delete

[222] Fix | Delete

/**

[223] Fix | Delete

* Parses the request response.

[224] Fix | Delete

[225] Fix | Delete

* @param RequestInterface $request The request interface.

[226] Fix | Delete

[227] Fix | Delete

* @return array The parsed response.

[228] Fix | Delete

[229] Fix | Delete

* @throws IdentityProviderException Exception thrown if there is no proper identity provider.

[230] Fix | Delete

[231] Fix | Delete

public function getParsedResponse( RequestInterface $request ) {

[232] Fix | Delete

try {

[233] Fix | Delete

$response = $this->getResponse( $request );

[234] Fix | Delete

} catch ( BadResponseException $e ) {

[235] Fix | Delete

$response = $e->getResponse();

[236] Fix | Delete

}

[237] Fix | Delete

[238] Fix | Delete

$parsed = $this->parseResponse( $response );

[239] Fix | Delete

[240] Fix | Delete

$this->checkResponse( $response, $parsed );

[241] Fix | Delete

[242] Fix | Delete

// We always expect an array from the API except for on DELETE requests.

[243] Fix | Delete

// We convert to an array here to prevent problems with array_key_exists on PHP8.

[244] Fix | Delete

if ( ! \is_array( $parsed ) ) {

[245] Fix | Delete

$parsed = [ 'data' => [] ];

[246] Fix | Delete

}

[247] Fix | Delete

[248] Fix | Delete

// Add the response code as this is omitted from Winchers API.

[249] Fix | Delete

if ( ! \array_key_exists( 'status', $parsed ) ) {

[250] Fix | Delete

$parsed['status'] = $response->getStatusCode();

[251] Fix | Delete

}

[252] Fix | Delete

[253] Fix | Delete

return $parsed;

[254] Fix | Delete

}

[255] Fix | Delete

}

[256] Fix | Delete

[257] Fix | Delete