use more psr7, incorporated potherca's feedback.

ylebre · ylebre · commit 5df58721a379 · 2020-10-02T19:37:07.000+02:00
added (non functional) token controller
diff --git a/src/Controller/AuthorizeController.php b/src/Controller/AuthorizeController.php
@@ -21,13 +21,13 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
 		$parser = new \Lcobucci\JWT\Parser();
 
 		try {
-			$token = $parser->parse($_GET['request']);
+			$token = $parser->parse($request->getQueryParams()['request']);
 			$_SESSION["nonce"] = $token->getClaim('nonce');
 		} catch(\Exception $e) {
-			$_SESSION["nonce"] = $_GET['nonce'];
+			$_SESSION["nonce"] = $request->getQueryParams()['nonce'];
 		}
 
-		$getVars = $_GET;
+		$getVars = $request->getQueryParams();
 		if (!isset($getVars['grant_type'])) {
 			$getVars['grant_type'] = 'implicit';
 		}
@@ -58,7 +58,7 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
 		$user = new \Pdsinterop\Solid\Auth\Entity\User();
 		$user->setIdentifier($this->getProfilePage());
 
-		$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $getVars, $_POST, $_COOKIE, $_FILES);
+		$request = $request->withQueryParams($getVars); // replace the request getVars with the morphed version;
 		$response = new \Laminas\Diactoros\Response();
 		$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
 
diff --git a/src/Controller/CorsController.php b/src/Controller/CorsController.php
@@ -9,8 +9,6 @@ class CorsController extends ServerController
 {    
     final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface
     {	
-        $response = $this->getResponse();
-		$response = $response->withHeader("Access-Control-Allow-Headers", "*");
-		return $response;
+        return $this->getResponse()->withHeader("Access-Control-Allow-Headers", "*");
     }
 }
diff --git a/src/Controller/HandleApprovalController.php b/src/Controller/HandleApprovalController.php
@@ -10,8 +10,8 @@ class HandleApprovalController extends ServerController
     public function __invoke(ServerRequestInterface $request, array $args) : ResponseInterface
     {
 		$clientId = $args['clientId'];
-		$returnUrl = $_POST['returnUrl'];
-		$approval = $_POST['approval'];
+		$returnUrl = $request->getParsedBody()['returnUrl'];
+		$approval = $request->getParsedBody()['approval'];
 
 		if ($approval == "allow") {		
 			$this->config->addAllowedClient($this->userId, $clientId);
diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
@@ -15,9 +15,9 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
         // var_dump($_SESSION);
         if (isset($_SESSION['userid'])) {
           $user = $_SESSION['userid'];
-		  if ($_GET['returnUrl']) {
+		  if ($request->getQueryParams()['returnUrl']) {
 			$response = $response->withStatus(302, "Redirecting");
-			$response = $response->withHeader("Location", $_GET['returnUrl']);
+			$response = $response->withHeader("Location", $request->getQueryParams()['returnUrl']);
 			return $response;
 		  }
           $response->getBody()->write("<h1>Already logged in as $user</h1>");
@@ -27,9 +27,9 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
 		) {
           $user = $postBody['username'];
           $_SESSION['userid'] =  $user;
-		  if ($_GET['returnUrl']) {
+		  if ($request->getQueryParams()['returnUrl']) {
 			$response = $response->withStatus(302, "Redirecting");
-			$response = $response->withHeader("Location", $_GET['returnUrl']);
+			$response = $response->withHeader("Location", $request->getQueryParams()['returnUrl']);
 			return $response;
 		  }
           $response->getBody()->write("<h1>Welcome $user</h1>\n");
diff --git a/src/Controller/ServerController.php b/src/Controller/ServerController.php
@@ -25,6 +25,7 @@ public function __construct() {
     }
 
 	public function getOpenIdEndpoints() {
+		// FIXME: would be better to base this on the available routes if possible.
 		$this->baseUrl = "https://localhost/"; // FIXME: generate proper urls
 		return [
 			'issuer' => $this->baseUrl,
@@ -51,7 +52,7 @@ public function getKeys() {
 	}
 
 	public function createAuthServerConfig() {
-		$clientId = $_GET['client_id'];
+		$clientId = $_GET['client_id']; // FIXME: No request object here to get the client Id from.
 		$client = $this->getClient($clientId);
 		$keys = $this->getKeys();
 		try {
@@ -113,7 +114,7 @@ public function checkApproval($clientId) {
 	}
 	
 	public function getProfilePage() {
-		return "https://localhost/profile/card#me";
+		return $this->baseUrl . "profile/card#me"; // FIXME: would be better to base this on the available routes if possible.
 	}
 	
 	public function getResponseType() {
diff --git a/src/Controller/TokenController.php b/src/Controller/TokenController.php
@@ -0,0 +1,40 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Controller;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Laminas\Diactoros\Response\JsonResponse as JsonResponse;
+
+class TokenController extends ServerController
+{    
+    final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface
+    {	
+		$code = $_POST['code'];
+		$clientId = $_POST['client_id'];
+		$DPoP = $_SERVER['HTTP_DPOP'];
+		
+		$parser = new \Lcobucci\JWT\Parser();
+		try {
+			$token = $parser->parse($DPoP);
+//			var_dump($token);
+		} catch(\Exception $e) {
+			return $this->getResponse()->withStatus(409, "Invalid token");
+		}
+		
+		$registration = $this->config->getClientRegistration($clientId);
+		$approval = $this->checkApproval($clientId);
+		
+		if ($approval) {
+			$response = new \Laminas\Diactoros\Response();
+			$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
+			$response = $server->respondToAccessTokenRequest($request);
+
+//			$response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $this->getProfilePage(), $_SESSION['nonce'], $this->config->getPrivateKey());
+			return $response;
+//			$idToken = $this->tokenGenerator->generateIdToken($code, $clientId, $this->getProfilePage(), $_SESSION['nonce'], $this->config->getPrivateKey());
+	//		return new JsonResponse(array("token_type" => "DPoP", "id_token" => $idToken));
+		}
+		return new JsonResponse(array());
+    }
+}
diff --git a/web/index.php b/web/index.php
@@ -16,20 +16,22 @@
 use League\Route\Http\Exception\NotFoundException;
 use League\Route\Router;
 use League\Route\Strategy\ApplicationStrategy;
-use Pdsinterop\Solid\Controller\LoginController;
-use Pdsinterop\Solid\Controller\LoginPageController;
+
 use Pdsinterop\Solid\Controller\AddSlashToPathController;
+use Pdsinterop\Solid\Controller\AuthorizeController;
+use Pdsinterop\Solid\Controller\ApprovalController;
+use Pdsinterop\Solid\Controller\CorsController;
+use Pdsinterop\Solid\Controller\HandleApprovalController;
 use Pdsinterop\Solid\Controller\HelloWorldController;
 use Pdsinterop\Solid\Controller\HttpToHttpsController;
+use Pdsinterop\Solid\Controller\JwksController;
+use Pdsinterop\Solid\Controller\LoginController;
+use Pdsinterop\Solid\Controller\LoginPageController;
+use Pdsinterop\Solid\Controller\OpenidController;
 use Pdsinterop\Solid\Controller\Profile\CardController;
 use Pdsinterop\Solid\Controller\Profile\ProfileController;
-use Pdsinterop\Solid\Controller\OpenidController;
-use Pdsinterop\Solid\Controller\JwksController;
-use Pdsinterop\Solid\Controller\CorsController;
 use Pdsinterop\Solid\Controller\RegisterController;
-use Pdsinterop\Solid\Controller\AuthorizeController;
-use Pdsinterop\Solid\Controller\ApprovalController;
-use Pdsinterop\Solid\Controller\HandleApprovalController;
+use Pdsinterop\Solid\Controller\TokenController;
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -79,20 +81,21 @@
 });
 
 $controllers = [
-    LoginController::class,
-    LoginPageController::class,
     AddSlashToPathController::class,
+	ApprovalController::class,
+    AuthorizeController::class,
     CardController::class,
+    CorsController::class,
+	HandleApprovalController::class,
     HelloWorldController::class,
     HttpToHttpsController::class,
-    ProfileController::class,
-    OpenidController::class,
     JwksController::class,
-    CorsController::class,
+    LoginController::class,
+    LoginPageController::class,
+    OpenidController::class,
+    ProfileController::class,
     RegisterController::class,
-    AuthorizeController::class,
-	ApprovalController::class,
-	HandleApprovalController::class,
+	TokenController::class,
 ];
 
 $traits = [
@@ -129,14 +132,12 @@
 
 $router->map('GET', '/', HelloWorldController::class)->setScheme($scheme);
 
-$OpenidController = new OpenidController();
-
 /*/ Create URI groups /*/
 $router->map('GET', '/.well-known/openid-configuration', OpenidController::class)->setScheme($scheme);
 $router->map('GET', '/jwks', JwksController::class)->setScheme($scheme);
 $router->map('GET', '/login/', LoginPageController::class)->setScheme($scheme);
 $router->map('POST', '/login/', LoginController::class)->setScheme($scheme);
-$router->map('OPTIONS', '/register', CorsController::class)->setScheme($scheme);
+$router->map('OPTIONS', '/{path}', CorsController::class)->setScheme($scheme);
 $router->map('POST', '/register', RegisterController::class)->setScheme($scheme);
 $router->map('GET', '/profile', AddSlashToPathController::class)->setScheme($scheme);
 $router->map('GET', '/profile/', ProfileController::class)->setScheme($scheme);
@@ -145,6 +146,8 @@
 $router->map('GET', '/authorize', AuthorizeController::class)->setScheme($scheme);
 $router->map('GET', '/sharing/{clientId}/', ApprovalController::class)->setScheme($scheme);
 $router->map('POST', '/sharing/{clientId}/', HandleApprovalController::class)->setScheme($scheme);
+$router->map('POST', '/token', TokenController::class)->setScheme($scheme);
+$router->map('POST', '/token/', TokenController::class)->setScheme($scheme);
 
 try {
     $response = $router->dispatch($request);

Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,6 @@ class CorsController extends ServerController`
`9`	`9`	`{`
`10`	`10`	`final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface`
`11`	`11`	`{`
`12`		`- $response = $this->getResponse();`
`13`		`- $response = $response->withHeader("Access-Control-Allow-Headers", "*");`
`14`		`- return $response;`
	`12`	`+ return $this->getResponse()->withHeader("Access-Control-Allow-Headers", "*");`
`15`	`13`	`}`
`16`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ public function __construct() {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`public function getOpenIdEndpoints() {`
	`28`	`+ // FIXME: would be better to base this on the available routes if possible.`
`28`	`29`	`$this->baseUrl = "https://localhost/"; // FIXME: generate proper urls`
`29`	`30`	`return [`
`30`	`31`	`'issuer' => $this->baseUrl,`
`@@ -51,7 +52,7 @@ public function getKeys() {`
`51`	`52`	`}`
`52`	`53`
`53`	`54`	`public function createAuthServerConfig() {`
`54`		`- $clientId = $_GET['client_id'];`
	`55`	`+ $clientId = $_GET['client_id']; // FIXME: No request object here to get the client Id from.`
`55`	`56`	`$client = $this->getClient($clientId);`
`56`	`57`	`$keys = $this->getKeys();`
`57`	`58`	`try {`
`@@ -113,7 +114,7 @@ public function checkApproval($clientId) {`
`113`	`114`	`}`
`114`	`115`
`115`	`116`	`public function getProfilePage() {`
`116`		`- return "https://localhost/profile/card#me";`
	`117`	`+ return $this->baseUrl . "profile/card#me"; // FIXME: would be better to base this on the available routes if possible.`
`117`	`118`	`}`
`118`	`119`
`119`	`120`	`public function getResponseType() {`