🛀

Author: codemasher

src/Core/ClientCredentials.php

@@ -20,10 +20,6 @@ interface ClientCredentials{
 
 	/**
 	 * Obtains an OAuth2 client credentials token and returns an AccessToken
-	 *
-	 * @param string[]|null $scopes
-	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
 	public function getClientCredentialsToken(array|null $scopes = null):AccessToken;
 

src/Core/OAuth1Interface.php

@@ -22,17 +22,13 @@ interface OAuth1Interface extends OAuthInterface{
 	 * @see https://datatracker.ietf.org/doc/html/rfc5849#section-2.1
 	 *
 	 * @see \chillerlan\OAuth\Core\OAuth1Provider::getAuthURL()
-	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
 	public function getRequestToken():AccessToken;
 
 	/**
 	 * Obtains an OAuth1 access token with the given $token and $verifier and returns an AccessToken object.
 	 *
 	 * @see https://datatracker.ietf.org/doc/html/rfc5849#section-2.3
-	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
 	public function getAccessToken(string $token, string $verifier):AccessToken;
 

src/Core/OAuth1Provider.php

@@ -14,7 +14,7 @@
 use chillerlan\HTTP\Utils\{MessageUtil, QueryUtil};
 use chillerlan\OAuth\Providers\ProviderException;
 use Psr\Http\Message\{RequestInterface, ResponseInterface, UriInterface};
-use function array_merge, base64_encode, hash_hmac, implode, in_array, random_bytes, sodium_bin2hex, strtoupper, time;
+use function array_merge, base64_encode, hash_hmac, implode, random_bytes, sodium_bin2hex, sprintf, strtoupper, time;
 
 /**
  * Implements an abstract OAuth1 provider with all methods required by the OAuth1Interface.
@@ -61,7 +61,7 @@ public function getRequestToken():AccessToken{
 		;
 
 		foreach($this::HEADERS_AUTH as $header => $value){
-			$request = $request->withAddedHeader($header, $value);
+			$request = $request->withHeader($header, $value);
 		}
 
 		return $this->parseTokenResponse($this->http->sendRequest($request), true);
@@ -75,35 +75,31 @@ public function getRequestToken():AccessToken{
 	 *
 	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
-	protected function parseTokenResponse(ResponseInterface $response, bool $checkCallbackConfirmed):AccessToken{
+	protected function parseTokenResponse(ResponseInterface $response, bool $checkCallback):AccessToken{
 		$data = QueryUtil::parse(MessageUtil::decompress($response));
 
 		if(empty($data)){
 			throw new ProviderException('unable to parse token response');
 		}
 		elseif(isset($data['error'])){
-			throw new ProviderException('error retrieving access token: '.$data['error']);
+			throw new ProviderException(sprintf('error retrieving access token: "%s"', $data['error']));
 		}
 		elseif(!isset($data['oauth_token']) || !isset($data['oauth_token_secret'])){
 			throw new ProviderException('invalid token');
 		}
 
-		if(
-			$checkCallbackConfirmed
-			&& (!isset($data['oauth_callback_confirmed']) || $data['oauth_callback_confirmed'] !== 'true')
-		){
+		if($checkCallback && (!isset($data['oauth_callback_confirmed']) || $data['oauth_callback_confirmed'] !== 'true')){
 			throw new ProviderException('oauth callback unconfirmed');
 		}
 
-		$token = $this->createAccessToken();
-
+		$token                    = $this->createAccessToken();
 		$token->accessToken       = $data['oauth_token'];
 		$token->accessTokenSecret = $data['oauth_token_secret'];
 		$token->expires           = AccessToken::EOL_NEVER_EXPIRES;
 
 		unset($data['oauth_token'], $data['oauth_token_secret']);
 
-		$token->extraParams = $data;
+		$token->extraParams       = $data;
 
 		$this->storage->storeAccessToken($token, $this->serviceName);
 
@@ -126,20 +122,28 @@ protected function nonce():string{
 	 *
 	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
-	protected function getSignature(string $url, array $params, string $method, string|null $accessTokenSecret = null):string{
-		$parsed = $this->uriFactory->createUri($url);
+	protected function getSignature(
+		UriInterface|string $url,
+		array               $params,
+		string              $method,
+		string|null         $accessTokenSecret = null
+	):string{
+
+		if(!$url instanceof UriInterface){
+			$url = $this->uriFactory->createUri($url);
+		}
 
-		if($parsed->getHost() == '' || $parsed->getScheme() === '' || !in_array($parsed->getScheme(), ['http', 'https'])){
-			throw new ProviderException('getSignature: invalid url');
+		if($url->getHost() === '' || $url->getScheme() !== 'https'){
+			throw new ProviderException(sprintf('getSignature: invalid url: "%s"', $url));
 		}
 
-		$signatureParams = array_merge(QueryUtil::parse($parsed->getQuery()), $params);
-		$url             = (string)$parsed->withQuery('')->withFragment('');
+		$signatureParams = array_merge(QueryUtil::parse($url->getQuery()), $params);
+		$url             = $url->withQuery('')->withFragment('');
 
 		unset($signatureParams['oauth_signature']);
 
 		// https://datatracker.ietf.org/doc/html/rfc5849#section-3.4.1.1
-		$data = QueryUtil::recursiveRawurlencode([strtoupper($method), $url, QueryUtil::build($signatureParams)]);
+		$data = QueryUtil::recursiveRawurlencode([strtoupper($method), (string)$url, QueryUtil::build($signatureParams)]);
 
 		// https://datatracker.ietf.org/doc/html/rfc5849#section-3.4.2
 		$key  = QueryUtil::recursiveRawurlencode([$this->options->secret, ($accessTokenSecret ?? '')]);
@@ -170,7 +174,7 @@ public function getRequestAuthorization(RequestInterface $request, AccessToken $
 		$uri   = $request->getUri();
 		$query = QueryUtil::parse($uri->getQuery());
 
-		$parameters = [
+		$params = [
 			'oauth_consumer_key'     => $this->options->key,
 			'oauth_nonce'            => $this->nonce(),
 			'oauth_signature_method' => 'HMAC-SHA1',
@@ -179,18 +183,13 @@ public function getRequestAuthorization(RequestInterface $request, AccessToken $
 			'oauth_version'          => '1.0',
 		];
 
-		$parameters['oauth_signature'] = $this->getSignature(
-			(string)$uri->withQuery('')->withFragment(''),
-			array_merge($query, $parameters),
-			$request->getMethod(),
-			$token->accessTokenSecret
-		);
+		$params['oauth_signature'] = $this->getSignature($uri, $params, $request->getMethod(), $token->accessTokenSecret);
 
 		if(isset($query['oauth_session_handle'])){
-			$parameters['oauth_session_handle'] = $query['oauth_session_handle']; // @codeCoverageIgnore
+			$params['oauth_session_handle'] = $query['oauth_session_handle']; // @codeCoverageIgnore
 		}
 
-		return $request->withHeader('Authorization', 'OAuth '.QueryUtil::build($parameters, null, ', ', '"'));
+		return $request->withHeader('Authorization', 'OAuth '.QueryUtil::build($params, null, ', ', '"'));
 	}
 
 }

src/Core/OAuth2Interface.php

@@ -67,8 +67,6 @@ interface OAuth2Interface extends OAuthInterface{
 	 *
 	 * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
 	 * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
-	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
 	public function getAccessToken(string $code, string|null $state = null):AccessToken;
 
@@ -77,9 +75,6 @@ public function getAccessToken(string $code, string|null $state = null):AccessTo
 	 * and returns a PSR-7 UriInterface with all necessary parameters set
 	 *
 	 * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
-	 *
-	 * @param array|null    $params
-	 * @param string[]|null $scopes
 	 */
 	public function getAuthURL(array|null $params = null, array|null $scopes = null):UriInterface;
 

src/Core/OAuth2Provider.php

@@ -41,6 +41,7 @@ abstract class OAuth2Provider extends OAuthProvider implements OAuth2Interface{
 
 	/**
 	 * @inheritDoc
+	 * @param string[] $scopes
 	 */
 	public function getAuthURL(array|null $params = null, array|null $scopes = null):UriInterface{
 		$params ??= [];
@@ -84,29 +85,29 @@ protected function parseTokenResponse(ResponseInterface $response):AccessToken{
 
 		foreach(['error_description', 'error'] as $field){
 			if(isset($data[$field])){
-				throw new ProviderException('error retrieving access token: "'.$data[$field].'"');
+				throw new ProviderException(sprintf('error retrieving access token: "%s"', $data[$field]));
 			}
 		}
 
 		if(!isset($data['access_token'])){
 			throw new ProviderException('token missing');
 		}
 
-		$token = $this->createAccessToken();
+		$scopes = ($data['scope'] ?? $data['scopes'] ?? []);
 
+		if(!is_array($scopes)){
+			$scopes = explode($this::SCOPE_DELIMITER, $scopes);
+		}
+
+		$token               = $this->createAccessToken();
 		$token->accessToken  = $data['access_token'];
 		$token->expires      = ($data['expires_in'] ?? AccessToken::EOL_NEVER_EXPIRES);
 		$token->refreshToken = ($data['refresh_token'] ?? null);
+		$token->scopes       = $scopes;
 
-		if(isset($data['scope']) || isset($data['scopes'])){
-			$scope = ($data['scope'] ?? $data['scopes'] ?? []);
-
-			$token->scopes = (is_array($scope)) ? $scope : explode($this::SCOPE_DELIMITER, $scope);
-		}
+		unset($data['access_token'], $data['refresh_token'], $data['expires_in'], $data['scope'], $data['scopes']);
 
-		unset($data['expires_in'], $data['refresh_token'], $data['access_token'], $data['scope'], $data['scopes']);
-
-		$token->extraParams = $data;
+		$token->extraParams  = $data;
 
 		return $token;
 	}
@@ -164,6 +165,7 @@ public function getRequestAuthorization(RequestInterface $request, AccessToken $
 	}
 
 	/**
+	 * @param string[] $scopes
 	 * @implements \chillerlan\OAuth\Core\ClientCredentials
 	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
@@ -188,7 +190,7 @@ public function getClientCredentialsToken(array|null $scopes = null):AccessToken
 		;
 
 		foreach($this::HEADERS_AUTH as $header => $value){
-			$request = $request->withAddedHeader($header, $value);
+			$request = $request->withHeader($header, $value);
 		}
 
 		$token = $this->parseTokenResponse($this->http->sendRequest($request));
@@ -241,7 +243,7 @@ public function refreshAccessToken(AccessToken|null $token = null):AccessToken{
 		;
 
 		foreach($this::HEADERS_AUTH as $header => $value){
-			$request = $request->withAddedHeader($header, $value);
+			$request = $request->withHeader($header, $value);
 		}
 
 		$newToken = $this->parseTokenResponse($this->http->sendRequest($request));
@@ -267,13 +269,13 @@ public function checkState(string|null $state = null):void{
 		}
 
 		if(empty($state) || !$this->storage->hasCSRFState($this->serviceName)){
-			throw new ProviderException('invalid state for '.$this->serviceName);
+			throw new ProviderException(sprintf('invalid state for "%s"', $this->serviceName));
 		}
 
 		$knownState = $this->storage->getCSRFState($this->serviceName);
 
 		if(!hash_equals($knownState, $state)){
-			throw new ProviderException('invalid CSRF state: '.$this->serviceName.' '.$state);
+			throw new ProviderException(sprintf('invalid CSRF state for provider "%s": %s', $this->serviceName, $state));
 		}
 
 	}

src/Core/OAuthInterface.php

@@ -33,13 +33,17 @@ interface OAuthInterface extends ClientInterface{
 	/**
 	 * additional headers to use during authentication
 	 *
+	 * Note: must not contain: Accept-Encoding, Authorization, Content-Length, Content-Type
+	 *
 	 * @var array
 	 */
 	public const HEADERS_AUTH = [];
 
 	/**
 	 * additional headers to use during API access
 	 *
+	 * Note: must not contain: Authorization
+	 *
 	 * @var array
 	 */
 	public const HEADERS_API = [];
@@ -56,16 +60,13 @@ public function getAuthURL(array|null $params = null):UriInterface;
 	 * Authorizes the $request with the credentials from the given $token
 	 * and returns a PSR-7 RequestInterface with all necessary headers and/or parameters set
 	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 * @internal
 	 */
 	public function getRequestAuthorization(RequestInterface $request, AccessToken $token):RequestInterface;
 
 	/**
 	 * Prepares an API request to $path with the given parameters, gets authorization, fires the request
 	 * and returns a PSR-7 ResponseInterface with the corresponding API response
-	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
 	public function request(
 		string                            $path,
@@ -119,8 +120,6 @@ public function setUriFactory(UriFactoryInterface $uriFactory):static;
 	/**
 	 * Returns information about the currently authenticated user (usually a /me or /user endpoint).
 	 * Throws a ProviderException if no such information is available or if the method cannot be implemented.
-	 *
-	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
 	public function me():ResponseInterface;
 

src/Providers/BattleNet.php

@@ -91,7 +91,7 @@ public function me():ResponseInterface{
 		try{
 			$json = MessageUtil::decodeJSON($response);
 		}
-		catch(Throwable $e){
+		catch(Throwable){
 		}
 
 		if(isset($json->error, $json->error_description)){

src/Providers/LastFM.php

@@ -108,7 +108,7 @@ protected function parseTokenResponse(ResponseInterface $response):AccessToken{
 				trigger_error('');
 			}
 		}
-		catch(Throwable $e){
+		catch(Throwable){
 			throw new ProviderException('unable to parse token response');
 		}
 

tests/Providers/OAuth1ProviderTestAbstract.php

@@ -57,19 +57,29 @@ public function testGetAuthURL():void{
 	}
 
 	public function testGetSignature():void{
+		$expected = 'fvkt6r6LhR0TgMvDOGsSlzB7IR4=';
+
+		$signature = $this->invokeReflectionMethod(
+			'getSignature',
+			['https://localhost/api/whatever', ['foo' => 'bar', 'oauth_signature' => 'should not see me!'], 'GET'],
+		);
+
+		$this::assertSame($expected, $signature);
+
+		// the "oauth_signature" parameter should be unset if present
 		$signature = $this->invokeReflectionMethod(
 			'getSignature',
-			['http://localhost/api/whatever', ['foo' => 'bar', 'oauth_signature' => 'should not see me!'], 'GET'],
+			['https://localhost/api/whatever', ['foo' => 'bar'], 'GET'],
 		);
 
-		$this::assertSame('ygg22quLhpyegiyr7yl4hLAP9S8=', $signature);
+		$this::assertSame($expected, $signature);
 	}
 
 	public function testGetSignatureInvalidURLException():void{
 		$this->expectException(ProviderException::class);
 		$this->expectExceptionMessage('getSignature: invalid url');
 
-		$this->invokeReflectionMethod('getSignature', ['whatever', [], 'GET']);
+		$this->invokeReflectionMethod('getSignature', ['http://localhost/boo', [], 'GET']);
 	}
 
 	public function testGetAccessToken():void{