composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°6017 - Update OAuth dependencies

Browse Source
This commit is contained in:
Molkobain
2023-02-23 15:57:32 +01:00
parent 18ed5ed526
commit 97965277c7
20 changed files with 1137 additions and 444 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@@ -13,6 +13,7 @@
"ext-mysqli": "*",
"ext-soap": "*",
"combodo/tcpdf": "~6.4.4",
"firebase/php-jwt": "~6.4.0",
"guzzlehttp/guzzle": "^6.5.8",
"laminas/laminas-mail": "^2.11",
"laminas/laminas-servicemanager": "^3.5",

48
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "8415e71a4288813b5a5d82ec4a00216b",
"content-hash": "e5c0746c3d1bb9df9151c910e8f50955",
"packages": [
{
"name": "combodo/tcpdf",
@@ -254,25 +254,31 @@
},
{
"name": "firebase/php-jwt",
"version": "v5.5.1",
"version": "v6.4.0",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
"reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
"reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
"reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
"php": "^7.1||^8.0"
},
"require-dev": {
"phpunit/phpunit": ">=4.8 <=9"
"guzzlehttp/guzzle": "^6.5||^7.4",
"phpspec/prophecy-phpunit": "^1.1",
"phpunit/phpunit": "^7.5||^9.5",
"psr/cache": "^1.0||^2.0",
"psr/http-client": "^1.0",
"psr/http-factory": "^1.0"
},
"suggest": {
"ext-sodium": "Support EdDSA (Ed25519) signatures",
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
},
"type": "library",
@@ -305,9 +311,9 @@
],
"support": {
"issues": "https://github.com/firebase/php-jwt/issues",
"source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
"source": "https://github.com/firebase/php-jwt/tree/v6.4.0"
},
"time": "2021-11-08T20:18:51+00:00"
"time": "2023-02-09T21:01:23+00:00"
},
{
"name": "guzzlehttp/guzzle",
@@ -4333,22 +4339,24 @@
},
{
"name": "thenetworg/oauth2-azure",
"version": "v2.0.1",
"version": "v2.1.1",
"source": {
"type": "git",
"url": "https://github.com/TheNetworg/oauth2-azure.git",
"reference": "2649422a0dc74af32d21d9d738d37abcd5b03998"
"reference": "06fb2d620fb6e6c934f632c7ec7c5ea2e978a844"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/TheNetworg/oauth2-azure/zipball/2649422a0dc74af32d21d9d738d37abcd5b03998",
"reference": "2649422a0dc74af32d21d9d738d37abcd5b03998",
"url": "https://api.github.com/repos/TheNetworg/oauth2-azure/zipball/06fb2d620fb6e6c934f632c7ec7c5ea2e978a844",
"reference": "06fb2d620fb6e6c934f632c7ec7c5ea2e978a844",
"shasum": ""
},
"require": {
"firebase/php-jwt": "~3.0||~4.0||~5.0",
"ext-json": "*",
"ext-openssl": "*",
"firebase/php-jwt": "~3.0||~4.0||~5.0||~6.0",
"league/oauth2-client": "~2.0",
"php": "^5.6|^7.0|^8.0"
"php": "^7.1|^8.0"
},
"type": "library",
"autoload": {
@@ -4382,9 +4390,9 @@
],
"support": {
"issues": "https://github.com/TheNetworg/oauth2-azure/issues",
"source": "https://github.com/TheNetworg/oauth2-azure/tree/v2.0.1"
"source": "https://github.com/TheNetworg/oauth2-azure/tree/v2.1.1"
},
"time": "2021-01-11T12:20:12+00:00"
"time": "2022-06-23T10:35:36+00:00"
},
{
"name": "true/punycode",
@@ -4736,7 +4744,7 @@
"prefer-stable": false,
"prefer-lowest": false,
"platform": {
"php": ">=7.0.8",
"php": ">=7.1.3",
"ext-ctype": "*",
"ext-dom": "*",
"ext-gd": "*",
@@ -4747,7 +4755,7 @@
},
"platform-dev": [],
"platform-overrides": {
"php": "7.0.8"
"php": "7.1.3"
},
"plugin-api-version": "2.3.0"
"plugin-api-version": "2.1.0"
}

16
lib/composer/InstalledVersions.php
View File

@@ -21,14 +21,12 @@ use Composer\Semver\VersionParser;
* See also https://getcomposer.org/doc/07-runtime.md#installed-versions
*
* To require its presence, you can require `composer-runtime-api ^2.0`
*
* @final
*/
class InstalledVersions
{
/**
* @var mixed[]|null
* @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
* @psalm-var array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}|array{}|null
*/
private static $installed;
@@ -39,7 +37,7 @@ class InstalledVersions
/**
* @var array[]
* @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
* @psalm-var array<string, array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
*/
private static $installedByVendor = array();
@@ -243,7 +241,7 @@ class InstalledVersions
/**
* @return array
* @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}
* @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}
*/
public static function getRootPackage()
{
@@ -257,7 +255,7 @@ class InstalledVersions
*
* @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect.
* @return array[]
* @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}
* @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}
*/
public static function getRawData()
{
@@ -280,7 +278,7 @@ class InstalledVersions
* Returns the raw data of all installed.php which are currently loaded for custom implementations
*
* @return array[]
* @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
* @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
*/
public static function getAllRawData()
{
@@ -303,7 +301,7 @@ class InstalledVersions
* @param array[] $data A vendor/composer/installed.php data set
* @return void
*
* @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data
* @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>} $data
*/
public static function reload($data)
{
@@ -313,7 +311,7 @@ class InstalledVersions
/**
* @return array[]
* @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
* @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
*/
private static function getInstalled()
{

2
lib/composer/autoload_classmap.php
View File

@@ -338,6 +338,7 @@ return array(
'FilterFromAttribute' => $baseDir . '/core/filterdef.class.inc.php',
'FilterPrivateKey' => $baseDir . '/core/filterdef.class.inc.php',
'Firebase\\JWT\\BeforeValidException' => $vendorDir . '/firebase/php-jwt/src/BeforeValidException.php',
'Firebase\\JWT\\CachedKeySet' => $vendorDir . '/firebase/php-jwt/src/CachedKeySet.php',
'Firebase\\JWT\\ExpiredException' => $vendorDir . '/firebase/php-jwt/src/ExpiredException.php',
'Firebase\\JWT\\JWK' => $vendorDir . '/firebase/php-jwt/src/JWK.php',
'Firebase\\JWT\\JWT' => $vendorDir . '/firebase/php-jwt/src/JWT.php',
@@ -825,6 +826,7 @@ return array(
'MySQLHasGoneAwayException' => $baseDir . '/core/cmdbsource.class.inc.php',
'MySQLNoTransactionException' => $baseDir . '/core/cmdbsource.class.inc.php',
'MySQLQueryHasNoResultException' => $baseDir . '/core/cmdbsource.class.inc.php',
'MySQLTransactionNotClosedException' => $baseDir . '/core/cmdbsource.class.inc.php',
'NestedQueryExpression' => $baseDir . '/core/oql/expression.class.inc.php',
'NestedQueryOqlExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php',
'NewObjectMenuNode' => $baseDir . '/application/menunode.class.inc.php',

2
lib/composer/autoload_static.php
View File

@@ -706,6 +706,7 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b
'FilterFromAttribute' => __DIR__ . '/../..' . '/core/filterdef.class.inc.php',
'FilterPrivateKey' => __DIR__ . '/../..' . '/core/filterdef.class.inc.php',
'Firebase\\JWT\\BeforeValidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/BeforeValidException.php',
'Firebase\\JWT\\CachedKeySet' => __DIR__ . '/..' . '/firebase/php-jwt/src/CachedKeySet.php',
'Firebase\\JWT\\ExpiredException' => __DIR__ . '/..' . '/firebase/php-jwt/src/ExpiredException.php',
'Firebase\\JWT\\JWK' => __DIR__ . '/..' . '/firebase/php-jwt/src/JWK.php',
'Firebase\\JWT\\JWT' => __DIR__ . '/..' . '/firebase/php-jwt/src/JWT.php',
@@ -1193,6 +1194,7 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b
'MySQLHasGoneAwayException' => __DIR__ . '/../..' . '/core/cmdbsource.class.inc.php',
'MySQLNoTransactionException' => __DIR__ . '/../..' . '/core/cmdbsource.class.inc.php',
'MySQLQueryHasNoResultException' => __DIR__ . '/../..' . '/core/cmdbsource.class.inc.php',
'MySQLTransactionNotClosedException' => __DIR__ . '/../..' . '/core/cmdbsource.class.inc.php',
'NestedQueryExpression' => __DIR__ . '/../..' . '/core/oql/expression.class.inc.php',
'NestedQueryOqlExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php',
'NewObjectMenuNode' => __DIR__ . '/../..' . '/application/menunode.class.inc.php',

44
lib/composer/installed.json
View File

@@ -260,29 +260,35 @@
},
{
"name": "firebase/php-jwt",
"version": "v5.5.1",
"version_normalized": "5.5.1.0",
"version": "v6.4.0",
"version_normalized": "6.4.0.0",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
"reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
"reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
"reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
"php": "^7.1||^8.0"
},
"require-dev": {
"phpunit/phpunit": ">=4.8 <=9"
"guzzlehttp/guzzle": "^6.5||^7.4",
"phpspec/prophecy-phpunit": "^1.1",
"phpunit/phpunit": "^7.5||^9.5",
"psr/cache": "^1.0||^2.0",
"psr/http-client": "^1.0",
"psr/http-factory": "^1.0"
},
"suggest": {
"ext-sodium": "Support EdDSA (Ed25519) signatures",
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
},
"time": "2021-11-08T20:18:51+00:00",
"time": "2023-02-09T21:01:23+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -314,7 +320,7 @@
],
"support": {
"issues": "https://github.com/firebase/php-jwt/issues",
"source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
"source": "https://github.com/firebase/php-jwt/tree/v6.4.0"
},
"install-path": "../firebase/php-jwt"
},
@@ -4708,25 +4714,27 @@
},
{
"name": "thenetworg/oauth2-azure",
"version": "v2.0.1",
"version_normalized": "2.0.1.0",
"version": "v2.1.1",
"version_normalized": "2.1.1.0",
"source": {
"type": "git",
"url": "https://github.com/TheNetworg/oauth2-azure.git",
"reference": "2649422a0dc74af32d21d9d738d37abcd5b03998"
"reference": "06fb2d620fb6e6c934f632c7ec7c5ea2e978a844"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/TheNetworg/oauth2-azure/zipball/2649422a0dc74af32d21d9d738d37abcd5b03998",
"reference": "2649422a0dc74af32d21d9d738d37abcd5b03998",
"url": "https://api.github.com/repos/TheNetworg/oauth2-azure/zipball/06fb2d620fb6e6c934f632c7ec7c5ea2e978a844",
"reference": "06fb2d620fb6e6c934f632c7ec7c5ea2e978a844",
"shasum": ""
},
"require": {
"firebase/php-jwt": "~3.0||~4.0||~5.0",
"ext-json": "*",
"ext-openssl": "*",
"firebase/php-jwt": "~3.0||~4.0||~5.0||~6.0",
"league/oauth2-client": "~2.0",
"php": "^5.6|^7.0|^8.0"
"php": "^7.1|^8.0"
},
"time": "2021-01-11T12:20:12+00:00",
"time": "2022-06-23T10:35:36+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -4760,7 +4768,7 @@
],
"support": {
"issues": "https://github.com/TheNetworg/oauth2-azure/issues",
"source": "https://github.com/TheNetworg/oauth2-azure/tree/v2.0.1"
"source": "https://github.com/TheNetworg/oauth2-azure/tree/v2.1.1"
},
"install-path": "../thenetworg/oauth2-azure"
},

146
lib/composer/installed.php
View File

@@ -1,40 +1,40 @@
<?php return array(
'root' => array(
'name' => 'combodo/itop',
'pretty_version' => 'dev-develop',
'version' => 'dev-develop',
'reference' => 'd388c3fd3d2a11983b61d268b2323a4ff0d0dbcb',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
'reference' => '18ed5ed526d7f980fb52e936c0d1ddb3062172fb',
'name' => 'combodo/itop',
'dev' => true,
),
'versions' => array(
'combodo/itop' => array(
'pretty_version' => 'dev-develop',
'version' => 'dev-develop',
'reference' => 'd388c3fd3d2a11983b61d268b2323a4ff0d0dbcb',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
'reference' => '18ed5ed526d7f980fb52e936c0d1ddb3062172fb',
'dev_requirement' => false,
),
'combodo/tcpdf' => array(
'pretty_version' => '6.4.4',
'version' => '6.4.4.0',
'reference' => '0e31c013ccd000aa6762e9186778aa6e259ac8e8',
'type' => 'library',
'install_path' => __DIR__ . '/../combodo/tcpdf',
'aliases' => array(),
'reference' => '0e31c013ccd000aa6762e9186778aa6e259ac8e8',
'dev_requirement' => false,
),
'container-interop/container-interop' => array(
'pretty_version' => '1.2.0',
'version' => '1.2.0.0',
'reference' => '79cbf1341c22ec75643d841642dd5d6acd83bdb8',
'type' => 'library',
'install_path' => __DIR__ . '/../container-interop/container-interop',
'aliases' => array(),
'reference' => '79cbf1341c22ec75643d841642dd5d6acd83bdb8',
'dev_requirement' => false,
),
'container-interop/container-interop-implementation' => array(
@@ -46,208 +46,208 @@
'doctrine/lexer' => array(
'pretty_version' => '1.0.2',
'version' => '1.0.2.0',
'reference' => '1febd6c3ef84253d7c815bed85fc622ad207a9f8',
'type' => 'library',
'install_path' => __DIR__ . '/../doctrine/lexer',
'aliases' => array(),
'reference' => '1febd6c3ef84253d7c815bed85fc622ad207a9f8',
'dev_requirement' => false,
),
'egulias/email-validator' => array(
'pretty_version' => '2.1.25',
'version' => '2.1.25.0',
'reference' => '0dbf5d78455d4d6a41d186da50adc1122ec066f4',
'type' => 'library',
'install_path' => __DIR__ . '/../egulias/email-validator',
'aliases' => array(),
'reference' => '0dbf5d78455d4d6a41d186da50adc1122ec066f4',
'dev_requirement' => false,
),
'firebase/php-jwt' => array(
'pretty_version' => 'v5.5.1',
'version' => '5.5.1.0',
'reference' => '83b609028194aa042ea33b5af2d41a7427de80e6',
'pretty_version' => 'v6.4.0',
'version' => '6.4.0.0',
'type' => 'library',
'install_path' => __DIR__ . '/../firebase/php-jwt',
'aliases' => array(),
'reference' => '4dd1e007f22a927ac77da5a3fbb067b42d3bc224',
'dev_requirement' => false,
),
'guzzlehttp/guzzle' => array(
'pretty_version' => '6.5.8',
'version' => '6.5.8.0',
'reference' => 'a52f0440530b54fa079ce76e8c5d196a42cad981',
'type' => 'library',
'install_path' => __DIR__ . '/../guzzlehttp/guzzle',
'aliases' => array(),
'reference' => 'a52f0440530b54fa079ce76e8c5d196a42cad981',
'dev_requirement' => false,
),
'guzzlehttp/promises' => array(
'pretty_version' => '1.5.1',
'version' => '1.5.1.0',
'reference' => 'fe752aedc9fd8fcca3fe7ad05d419d32998a06da',
'type' => 'library',
'install_path' => __DIR__ . '/../guzzlehttp/promises',
'aliases' => array(),
'reference' => 'fe752aedc9fd8fcca3fe7ad05d419d32998a06da',
'dev_requirement' => false,
),
'guzzlehttp/psr7' => array(
'pretty_version' => '1.9.0',
'version' => '1.9.0.0',
'reference' => 'e98e3e6d4f86621a9b75f623996e6bbdeb4b9318',
'type' => 'library',
'install_path' => __DIR__ . '/../guzzlehttp/psr7',
'aliases' => array(),
'reference' => 'e98e3e6d4f86621a9b75f623996e6bbdeb4b9318',
'dev_requirement' => false,
),
'laminas/laminas-loader' => array(
'pretty_version' => '2.6.1',
'version' => '2.6.1.0',
'reference' => '5d01c2c237ae9e68bec262f339947e2ea18979bc',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-loader',
'aliases' => array(),
'reference' => '5d01c2c237ae9e68bec262f339947e2ea18979bc',
'dev_requirement' => false,
),
'laminas/laminas-mail' => array(
'pretty_version' => '2.11.1',
'version' => '2.11.1.0',
'reference' => '7f674afeb38100b1869ce8e56bf2ec3cba3c679c',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-mail',
'aliases' => array(),
'reference' => '7f674afeb38100b1869ce8e56bf2ec3cba3c679c',
'dev_requirement' => false,
),
'laminas/laminas-mime' => array(
'pretty_version' => '2.7.4',
'version' => '2.7.4.0',
'reference' => 'e45a7d856bf7b4a7b5bd00d6371f9961dc233add',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-mime',
'aliases' => array(),
'reference' => 'e45a7d856bf7b4a7b5bd00d6371f9961dc233add',
'dev_requirement' => false,
),
'laminas/laminas-servicemanager' => array(
'pretty_version' => '3.5.2',
'version' => '3.5.2.0',
'reference' => '0669e1eec8d9f61e35a5bc5012796d49f418b259',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-servicemanager',
'aliases' => array(),
'reference' => '0669e1eec8d9f61e35a5bc5012796d49f418b259',
'dev_requirement' => false,
),
'laminas/laminas-stdlib' => array(
'pretty_version' => '3.2.1',
'version' => '3.2.1.0',
'reference' => '2b18347625a2f06a1a485acfbc870f699dbe51c6',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-stdlib',
'aliases' => array(),
'reference' => '2b18347625a2f06a1a485acfbc870f699dbe51c6',
'dev_requirement' => false,
),
'laminas/laminas-validator' => array(
'pretty_version' => '2.12.2',
'version' => '2.12.2.0',
'reference' => '0813f234812d9fa9058b6da39eb13dedc90227db',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-validator',
'aliases' => array(),
'reference' => '0813f234812d9fa9058b6da39eb13dedc90227db',
'dev_requirement' => false,
),
'laminas/laminas-zendframework-bridge' => array(
'pretty_version' => '1.1.1',
'version' => '1.1.1.0',
'reference' => '6ede70583e101030bcace4dcddd648f760ddf642',
'type' => 'library',
'install_path' => __DIR__ . '/../laminas/laminas-zendframework-bridge',
'aliases' => array(),
'reference' => '6ede70583e101030bcace4dcddd648f760ddf642',
'dev_requirement' => false,
),
'league/oauth2-client' => array(
'pretty_version' => '2.6.1',
'version' => '2.6.1.0',
'reference' => '2334c249907190c132364f5dae0287ab8666aa19',
'type' => 'library',
'install_path' => __DIR__ . '/../league/oauth2-client',
'aliases' => array(),
'reference' => '2334c249907190c132364f5dae0287ab8666aa19',
'dev_requirement' => false,
),
'league/oauth2-google' => array(
'pretty_version' => '3.0.4',
'version' => '3.0.4.0',
'reference' => '6b79441f244040760bed5fdcd092a2bda7cf34c6',
'type' => 'library',
'install_path' => __DIR__ . '/../league/oauth2-google',
'aliases' => array(),
'reference' => '6b79441f244040760bed5fdcd092a2bda7cf34c6',
'dev_requirement' => false,
),
'nikic/php-parser' => array(
'pretty_version' => 'v4.13.2',
'version' => '4.13.2.0',
'reference' => '210577fe3cf7badcc5814d99455df46564f3c077',
'type' => 'library',
'install_path' => __DIR__ . '/../nikic/php-parser',
'aliases' => array(),
'reference' => '210577fe3cf7badcc5814d99455df46564f3c077',
'dev_requirement' => false,
),
'paragonie/random_compat' => array(
'pretty_version' => 'v2.0.18',
'version' => '2.0.18.0',
'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db',
'type' => 'library',
'install_path' => __DIR__ . '/../paragonie/random_compat',
'aliases' => array(),
'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db',
'dev_requirement' => false,
),
'pear/archive_tar' => array(
'pretty_version' => '1.4.14',
'version' => '1.4.14.0',
'reference' => '4d761c5334c790e45ef3245f0864b8955c562caa',
'type' => 'library',
'install_path' => __DIR__ . '/../pear/archive_tar',
'aliases' => array(),
'reference' => '4d761c5334c790e45ef3245f0864b8955c562caa',
'dev_requirement' => false,
),
'pear/console_getopt' => array(
'pretty_version' => 'v1.4.3',
'version' => '1.4.3.0',
'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0',
'type' => 'library',
'install_path' => __DIR__ . '/../pear/console_getopt',
'aliases' => array(),
'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0',
'dev_requirement' => false,
),
'pear/pear-core-minimal' => array(
'pretty_version' => 'v1.10.10',
'version' => '1.10.10.0',
'reference' => '625a3c429d9b2c1546438679074cac1b089116a7',
'type' => 'library',
'install_path' => __DIR__ . '/../pear/pear-core-minimal',
'aliases' => array(),
'reference' => '625a3c429d9b2c1546438679074cac1b089116a7',
'dev_requirement' => false,
),
'pear/pear_exception' => array(
'pretty_version' => 'v1.0.1',
'version' => '1.0.1.0',
'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7',
'type' => 'class',
'install_path' => __DIR__ . '/../pear/pear_exception',
'aliases' => array(),
'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7',
'dev_requirement' => false,
),
'pelago/emogrifier' => array(
'pretty_version' => 'v3.1.0',
'version' => '3.1.0.0',
'reference' => 'f6a5c7d44612d86c3901c93f1592f5440e6b2cd8',
'type' => 'library',
'install_path' => __DIR__ . '/../pelago/emogrifier',
'aliases' => array(),
'reference' => 'f6a5c7d44612d86c3901c93f1592f5440e6b2cd8',
'dev_requirement' => false,
),
'psr/cache' => array(
'pretty_version' => '1.0.1',
'version' => '1.0.1.0',
'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8',
'type' => 'library',
'install_path' => __DIR__ . '/../psr/cache',
'aliases' => array(),
'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8',
'dev_requirement' => false,
),
'psr/cache-implementation' => array(
@@ -259,10 +259,10 @@
'psr/container' => array(
'pretty_version' => '1.0.0',
'version' => '1.0.0.0',
'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f',
'type' => 'library',
'install_path' => __DIR__ . '/../psr/container',
'aliases' => array(),
'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f',
'dev_requirement' => false,
),
'psr/container-implementation' => array(
@@ -275,10 +275,10 @@
'psr/http-message' => array(
'pretty_version' => '1.0.1',
'version' => '1.0.1.0',
'reference' => 'f6561bf28d520154e4b0ec72be95418abe6d9363',
'type' => 'library',
'install_path' => __DIR__ . '/../psr/http-message',
'aliases' => array(),
'reference' => 'f6561bf28d520154e4b0ec72be95418abe6d9363',
'dev_requirement' => false,
),
'psr/http-message-implementation' => array(
@@ -290,10 +290,10 @@
'psr/log' => array(
'pretty_version' => '1.1.2',
'version' => '1.1.2.0',
'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801',
'type' => 'library',
'install_path' => __DIR__ . '/../psr/log',
'aliases' => array(),
'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801',
'dev_requirement' => false,
),
'psr/log-implementation' => array(
@@ -305,10 +305,10 @@
'psr/simple-cache' => array(
'pretty_version' => '1.0.1',
'version' => '1.0.1.0',
'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b',
'type' => 'library',
'install_path' => __DIR__ . '/../psr/simple-cache',
'aliases' => array(),
'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b',
'dev_requirement' => false,
),
'psr/simple-cache-implementation' => array(
@@ -320,10 +320,10 @@
'ralouphie/getallheaders' => array(
'pretty_version' => '3.0.3',
'version' => '3.0.3.0',
'reference' => '120b605dfeb996808c31b6477290a714d356e822',
'type' => 'library',
'install_path' => __DIR__ . '/../ralouphie/getallheaders',
'aliases' => array(),
'reference' => '120b605dfeb996808c31b6477290a714d356e822',
'dev_requirement' => false,
),
'rsky/pear-core-min' => array(
@@ -335,298 +335,298 @@
'scssphp/scssphp' => array(
'pretty_version' => '1.0.6',
'version' => '1.0.6.0',
'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c',
'type' => 'library',
'install_path' => __DIR__ . '/../scssphp/scssphp',
'aliases' => array(),
'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c',
'dev_requirement' => false,
),
'swiftmailer/swiftmailer' => array(
'pretty_version' => 'v6.3.0',
'version' => '6.3.0.0',
'reference' => '8a5d5072dca8f48460fce2f4131fcc495eec654c',
'type' => 'library',
'install_path' => __DIR__ . '/../swiftmailer/swiftmailer',
'aliases' => array(),
'reference' => '8a5d5072dca8f48460fce2f4131fcc495eec654c',
'dev_requirement' => false,
),
'symfony/cache' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'a7a14c4832760bd1fbd31be2859ffedc9b6ff813',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/cache',
'aliases' => array(),
'reference' => 'a7a14c4832760bd1fbd31be2859ffedc9b6ff813',
'dev_requirement' => false,
),
'symfony/class-loader' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'a22265a9f3511c0212bf79f54910ca5a77c0e92c',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/class-loader',
'aliases' => array(),
'reference' => 'a22265a9f3511c0212bf79f54910ca5a77c0e92c',
'dev_requirement' => false,
),
'symfony/config' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'bc6b3fd3930d4b53a60b42fe2ed6fc466b75f03f',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/config',
'aliases' => array(),
'reference' => 'bc6b3fd3930d4b53a60b42fe2ed6fc466b75f03f',
'dev_requirement' => false,
),
'symfony/console' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'a10b1da6fc93080c180bba7219b5ff5b7518fe81',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/console',
'aliases' => array(),
'reference' => 'a10b1da6fc93080c180bba7219b5ff5b7518fe81',
'dev_requirement' => false,
),
'symfony/css-selector' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'da3d9da2ce0026771f5fe64cb332158f1bd2bc33',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/css-selector',
'aliases' => array(),
'reference' => 'da3d9da2ce0026771f5fe64cb332158f1bd2bc33',
'dev_requirement' => false,
),
'symfony/debug' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'ab42889de57fdfcfcc0759ab102e2fd4ea72dcae',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/debug',
'aliases' => array(),
'reference' => 'ab42889de57fdfcfcc0759ab102e2fd4ea72dcae',
'dev_requirement' => false,
),
'symfony/dependency-injection' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '51d2a2708c6ceadad84393f8581df1dcf9e5e84b',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/dependency-injection',
'aliases' => array(),
'reference' => '51d2a2708c6ceadad84393f8581df1dcf9e5e84b',
'dev_requirement' => false,
),
'symfony/dotenv' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '1022723ac4f56b001d99691d96c6025dbf1404f1',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/dotenv',
'aliases' => array(),
'reference' => '1022723ac4f56b001d99691d96c6025dbf1404f1',
'dev_requirement' => false,
),
'symfony/event-dispatcher' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '31fde73757b6bad247c54597beef974919ec6860',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/event-dispatcher',
'aliases' => array(),
'reference' => '31fde73757b6bad247c54597beef974919ec6860',
'dev_requirement' => false,
),
'symfony/filesystem' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'e58d7841cddfed6e846829040dca2cca0ebbbbb3',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/filesystem',
'aliases' => array(),
'reference' => 'e58d7841cddfed6e846829040dca2cca0ebbbbb3',
'dev_requirement' => false,
),
'symfony/finder' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'b6b6ad3db3edb1b4b1c1896b1975fb684994de6e',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/finder',
'aliases' => array(),
'reference' => 'b6b6ad3db3edb1b4b1c1896b1975fb684994de6e',
'dev_requirement' => false,
),
'symfony/framework-bundle' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '6c95e747b75ddd2af61152ce93bf87299d15710e',
'type' => 'symfony-bundle',
'install_path' => __DIR__ . '/../symfony/framework-bundle',
'aliases' => array(),
'reference' => '6c95e747b75ddd2af61152ce93bf87299d15710e',
'dev_requirement' => false,
),
'symfony/http-foundation' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'b9885fcce6fe494201da4f70a9309770e9d13dc8',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/http-foundation',
'aliases' => array(),
'reference' => 'b9885fcce6fe494201da4f70a9309770e9d13dc8',
'dev_requirement' => false,
),
'symfony/http-kernel' => array(
'pretty_version' => 'v3.4.49',
'version' => '3.4.49.0',
'reference' => '5aa72405f5bd5583c36ed6e756acb17d3f98ac40',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/http-kernel',
'aliases' => array(),
'reference' => '5aa72405f5bd5583c36ed6e756acb17d3f98ac40',
'dev_requirement' => false,
),
'symfony/polyfill-apcu' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => 'b44b51e7814c23bfbd793a16ead5d7ce43ed23c5',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-apcu',
'aliases' => array(),
'reference' => 'b44b51e7814c23bfbd793a16ead5d7ce43ed23c5',
'dev_requirement' => false,
),
'symfony/polyfill-ctype' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => 'aed596913b70fae57be53d86faa2e9ef85a2297b',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-ctype',
'aliases' => array(),
'reference' => 'aed596913b70fae57be53d86faa2e9ef85a2297b',
'dev_requirement' => false,
),
'symfony/polyfill-iconv' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => '085241787d52fa6f7a774fd034135fef0cfd5496',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-iconv',
'aliases' => array(),
'reference' => '085241787d52fa6f7a774fd034135fef0cfd5496',
'dev_requirement' => false,
),
'symfony/polyfill-intl-idn' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => '4ad5115c0f5d5172a9fe8147675ec6de266d8826',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-intl-idn',
'aliases' => array(),
'reference' => '4ad5115c0f5d5172a9fe8147675ec6de266d8826',
'dev_requirement' => false,
),
'symfony/polyfill-intl-normalizer' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => '8db0ae7936b42feb370840cf24de1a144fb0ef27',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-intl-normalizer',
'aliases' => array(),
'reference' => '8db0ae7936b42feb370840cf24de1a144fb0ef27',
'dev_requirement' => false,
),
'symfony/polyfill-mbstring' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => 'b5f7b932ee6fa802fc792eabd77c4c88084517ce',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-mbstring',
'aliases' => array(),
'reference' => 'b5f7b932ee6fa802fc792eabd77c4c88084517ce',
'dev_requirement' => false,
),
'symfony/polyfill-php56' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => 'ea19621731cbd973a6702cfedef3419768bf3372',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-php56',
'aliases' => array(),
'reference' => 'ea19621731cbd973a6702cfedef3419768bf3372',
'dev_requirement' => false,
),
'symfony/polyfill-php70' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => '3fe414077251a81a1b15b1c709faf5c2fbae3d4e',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-php70',
'aliases' => array(),
'reference' => '3fe414077251a81a1b15b1c709faf5c2fbae3d4e',
'dev_requirement' => false,
),
'symfony/polyfill-php72' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => 'beecef6b463b06954638f02378f52496cb84bacc',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-php72',
'aliases' => array(),
'reference' => 'beecef6b463b06954638f02378f52496cb84bacc',
'dev_requirement' => false,
),
'symfony/polyfill-util' => array(
'pretty_version' => 'v1.19.0',
'version' => '1.19.0.0',
'reference' => '8df0c3e6a4b85df9a5c6f3f2f46fba5c5c47058a',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/polyfill-util',
'aliases' => array(),
'reference' => '8df0c3e6a4b85df9a5c6f3f2f46fba5c5c47058a',
'dev_requirement' => false,
),
'symfony/routing' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '3e522ac69cadffd8131cc2b22157fa7662331a6c',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/routing',
'aliases' => array(),
'reference' => '3e522ac69cadffd8131cc2b22157fa7662331a6c',
'dev_requirement' => false,
),
'symfony/stopwatch' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '298b81faad4ce60e94466226b2abbb8c9bca7462',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/stopwatch',
'aliases' => array(),
'reference' => '298b81faad4ce60e94466226b2abbb8c9bca7462',
'dev_requirement' => true,
),
'symfony/twig-bridge' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '090d19d6f1ea5b9e1d79f372785aa5e5c9cd4042',
'type' => 'symfony-bridge',
'install_path' => __DIR__ . '/../symfony/twig-bridge',
'aliases' => array(),
'reference' => '090d19d6f1ea5b9e1d79f372785aa5e5c9cd4042',
'dev_requirement' => false,
),
'symfony/twig-bundle' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '977b3096e2df96bc8a8d2329e83466cfc30c373d',
'type' => 'symfony-bundle',
'install_path' => __DIR__ . '/../symfony/twig-bundle',
'aliases' => array(),
'reference' => '977b3096e2df96bc8a8d2329e83466cfc30c373d',
'dev_requirement' => false,
),
'symfony/var-dumper' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '0719f6cf4633a38b2c1585140998579ce23b4b7d',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/var-dumper',
'aliases' => array(),
'reference' => '0719f6cf4633a38b2c1585140998579ce23b4b7d',
'dev_requirement' => true,
),
'symfony/web-profiler-bundle' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => 'ccb83b3a508f4a683e44f571f127beebdc315ff9',
'type' => 'symfony-bundle',
'install_path' => __DIR__ . '/../symfony/web-profiler-bundle',
'aliases' => array(),
'reference' => 'ccb83b3a508f4a683e44f571f127beebdc315ff9',
'dev_requirement' => true,
),
'symfony/yaml' => array(
'pretty_version' => 'v3.4.47',
'version' => '3.4.47.0',
'reference' => '88289caa3c166321883f67fe5130188ebbb47094',
'type' => 'library',
'install_path' => __DIR__ . '/../symfony/yaml',
'aliases' => array(),
'reference' => '88289caa3c166321883f67fe5130188ebbb47094',
'dev_requirement' => false,
),
'tecnickcom/tcpdf' => array(
@@ -636,30 +636,30 @@
),
),
'thenetworg/oauth2-azure' => array(
'pretty_version' => 'v2.0.1',
'version' => '2.0.1.0',
'reference' => '2649422a0dc74af32d21d9d738d37abcd5b03998',
'pretty_version' => 'v2.1.1',
'version' => '2.1.1.0',
'type' => 'library',
'install_path' => __DIR__ . '/../thenetworg/oauth2-azure',
'aliases' => array(),
'reference' => '06fb2d620fb6e6c934f632c7ec7c5ea2e978a844',
'dev_requirement' => false,
),
'true/punycode' => array(
'pretty_version' => 'v2.1.1',
'version' => '2.1.1.0',
'reference' => 'a4d0c11a36dd7f4e7cd7096076cab6d3378a071e',
'type' => 'library',
'install_path' => __DIR__ . '/../true/punycode',
'aliases' => array(),
'reference' => 'a4d0c11a36dd7f4e7cd7096076cab6d3378a071e',
'dev_requirement' => false,
),
'twig/twig' => array(
'pretty_version' => 'v1.42.5',
'version' => '1.42.5.0',
'reference' => '87b2ea9d8f6fd014d0621ca089bb1b3769ea3f8e',
'type' => 'library',
'install_path' => __DIR__ . '/../twig/twig',
'aliases' => array(),
'reference' => '87b2ea9d8f6fd014d0621ca089bb1b3769ea3f8e',
'dev_requirement' => false,
),
'zendframework/zend-loader' => array(

4
lib/composer/platform_check.php
View File

@@ -4,8 +4,8 @@
$issues = array();
if (!(PHP_VERSION_ID >= 70008)) {
$issues[] = 'Your Composer dependencies require a PHP version ">= 7.0.8". You are running ' . PHP_VERSION . '.';
if (!(PHP_VERSION_ID >= 70103)) {
$issues[] = 'Your Composer dependencies require a PHP version ">= 7.1.3". You are running ' . PHP_VERSION . '.';
}
if ($issues) {

105
lib/firebase/php-jwt/CHANGELOG.md Normal file
View File

@@ -0,0 +1,105 @@
# Changelog
## [6.4.0](https://github.com/firebase/php-jwt/compare/v6.3.2...v6.4.0) (2023-02-08)
### Features
* add support for W3C ES256K ([#462](https://github.com/firebase/php-jwt/issues/462)) ([213924f](https://github.com/firebase/php-jwt/commit/213924f51936291fbbca99158b11bd4ae56c2c95))
* improve caching by only decoding jwks when necessary ([#486](https://github.com/firebase/php-jwt/issues/486)) ([78d3ed1](https://github.com/firebase/php-jwt/commit/78d3ed1073553f7d0bbffa6c2010009a0d483d5c))
## [6.3.2](https://github.com/firebase/php-jwt/compare/v6.3.1...v6.3.2) (2022-11-01)
### Bug Fixes
* check kid before using as array index ([bad1b04](https://github.com/firebase/php-jwt/commit/bad1b040d0c736bbf86814c6b5ae614f517cf7bd))
## [6.3.1](https://github.com/firebase/php-jwt/compare/v6.3.0...v6.3.1) (2022-11-01)
### Bug Fixes
* casing of GET for PSR compat ([#451](https://github.com/firebase/php-jwt/issues/451)) ([60b52b7](https://github.com/firebase/php-jwt/commit/60b52b71978790eafcf3b95cfbd83db0439e8d22))
* string interpolation format for php 8.2 ([#446](https://github.com/firebase/php-jwt/issues/446)) ([2e07d8a](https://github.com/firebase/php-jwt/commit/2e07d8a1524d12b69b110ad649f17461d068b8f2))
## 6.3.0 / 2022-07-15
- Added ES256 support to JWK parsing ([#399](https://github.com/firebase/php-jwt/pull/399))
- Fixed potential caching error in `CachedKeySet` by caching jwks as strings ([#435](https://github.com/firebase/php-jwt/pull/435))
## 6.2.0 / 2022-05-14
- Added `CachedKeySet` ([#397](https://github.com/firebase/php-jwt/pull/397))
- Added `$defaultAlg` parameter to `JWT::parseKey` and `JWT::parseKeySet` ([#426](https://github.com/firebase/php-jwt/pull/426)).
## 6.1.0 / 2022-03-23
- Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
- Add parameter typing and return types where possible
## 6.0.0 / 2022-01-24
- **Backwards-Compatibility Breaking Changes**: See the [Release Notes](https://github.com/firebase/php-jwt/releases/tag/v6.0.0) for more information.
- New Key object to prevent key/algorithm type confusion (#365)
- Add JWK support (#273)
- Add ES256 support (#256)
- Add ES384 support (#324)
- Add Ed25519 support (#343)
## 5.0.0 / 2017-06-26
- Support RS384 and RS512.
See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)!
- Add an example for RS256 openssl.
See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)!
- Detect invalid Base64 encoding in signature.
See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)!
- Update `JWT::verify` to handle OpenSSL errors.
See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)!
- Add `array` type hinting to `decode` method
See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)!
- Add all JSON error types.
See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
- Bugfix 'kid' not in given key list.
See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)!
- Miscellaneous cleanup, documentation and test fixes.
See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115),
[#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and
[#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman),
[@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!
## 4.0.0 / 2016-07-17
- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
## 3.0.0 / 2015-07-22
- Minimum PHP version updated from `5.2.0` to `5.3.0`.
- Add `\Firebase\JWT` namespace. See
[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
[@Dashron](https://github.com/Dashron)!
- Require a non-empty key to decode and verify a JWT. See
[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
[@sjones608](https://github.com/sjones608)!
- Cleaner documentation blocks in the code. See
[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
[@johanderuijter](https://github.com/johanderuijter)!
## 2.2.0 / 2015-06-22
- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
[@mcocaro](https://github.com/mcocaro)!
## 2.1.0 / 2015-05-20
- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
- Add support for passing an object implementing the `ArrayAccess` interface for
`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
## 2.0.0 / 2015-04-01
- **Note**: It is strongly recommended that you update to > v2.0.0 to address
known security vulnerabilities in prior versions when both symmetric and
asymmetric keys are used together.
- Update signature for `JWT::decode(...)` to require an array of supported
algorithms to use when verifying token signatures.

209
lib/firebase/php-jwt/README.md
View File

@@ -1,4 +1,4 @@
[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt)
![Build Status](https://github.com/firebase/php-jwt/actions/workflows/tests.yml/badge.svg)
[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)
[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)
[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt)
@@ -29,13 +29,13 @@ Example
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$key = "example_key";
$payload = array(
"iss" => "http://example.org",
"aud" => "http://example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
$key = 'example_key';
$payload = [
'iss' => 'http://example.org',
'aud' => 'http://example.com',
'iat' => 1356999524,
'nbf' => 1357000000
];
/**
* IMPORTANT:
@@ -98,12 +98,12 @@ ehde/zUxo6UvS7UrBQIDAQAB
-----END PUBLIC KEY-----
EOD;
$payload = array(
"iss" => "example.org",
"aud" => "example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
];
$jwt = JWT::encode($payload, $privateKey, 'RS256');
echo "Encode:\n" . print_r($jwt, true) . "\n";
@@ -139,12 +139,12 @@ $privateKey = openssl_pkey_get_private(
$passphrase
);
$payload = array(
"iss" => "example.org",
"aud" => "example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
];
$jwt = JWT::encode($payload, $privateKey, 'RS256');
echo "Encode:\n" . print_r($jwt, true) . "\n";
@@ -173,12 +173,12 @@ $privateKey = base64_encode(sodium_crypto_sign_secretkey($keyPair));
$publicKey = base64_encode(sodium_crypto_sign_publickey($keyPair));
$payload = array(
"iss" => "example.org",
"aud" => "example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
];
$jwt = JWT::encode($payload, $privateKey, 'EdDSA');
echo "Encode:\n" . print_r($jwt, true) . "\n";
@@ -198,72 +198,115 @@ use Firebase\JWT\JWT;
// this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk
$jwks = ['keys' => []];
// JWK::parseKeySet($jwks) returns an associative array of **kid** to private
// key. Pass this as the second parameter to JWT::decode.
// NOTE: The deprecated $supportedAlgorithm must be supplied when parsing from JWK.
JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm);
// JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\JWT\Key
// objects. Pass this as the second parameter to JWT::decode.
JWT::decode($payload, JWK::parseKeySet($jwks));
```
Changelog
---------
Using Cached Key Sets
---------------------
#### 5.0.0 / 2017-06-26
- Support RS384 and RS512.
See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)!
- Add an example for RS256 openssl.
See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)!
- Detect invalid Base64 encoding in signature.
See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)!
- Update `JWT::verify` to handle OpenSSL errors.
See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)!
- Add `array` type hinting to `decode` method
See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)!
- Add all JSON error types.
See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
- Bugfix 'kid' not in given key list.
See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)!
- Miscellaneous cleanup, documentation and test fixes.
See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115),
[#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and
[#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman),
[@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!
The `CachedKeySet` class can be used to fetch and cache JWKS (JSON Web Key Sets) from a public URI.
This has the following advantages:
#### 4.0.0 / 2016-07-17
- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
1. The results are cached for performance.
2. If an unrecognized key is requested, the cache is refreshed, to accomodate for key rotation.
3. If rate limiting is enabled, the JWKS URI will not make more than 10 requests a second.
#### 3.0.0 / 2015-07-22
- Minimum PHP version updated from `5.2.0` to `5.3.0`.
- Add `\Firebase\JWT` namespace. See
[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
[@Dashron](https://github.com/Dashron)!
- Require a non-empty key to decode and verify a JWT. See
[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
[@sjones608](https://github.com/sjones608)!
- Cleaner documentation blocks in the code. See
[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
[@johanderuijter](https://github.com/johanderuijter)!
```php
use Firebase\JWT\CachedKeySet;
use Firebase\JWT\JWT;
#### 2.2.0 / 2015-06-22
- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
[@mcocaro](https://github.com/mcocaro)!
// The URI for the JWKS you wish to cache the results from
$jwksUri = 'https://www.gstatic.com/iap/verify/public_key-jwk';
#### 2.1.0 / 2015-05-20
- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
- Add support for passing an object implementing the `ArrayAccess` interface for
`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
// Create an HTTP client (can be any PSR-7 compatible HTTP client)
$httpClient = new GuzzleHttp\Client();
#### 2.0.0 / 2015-04-01
- **Note**: It is strongly recommended that you update to > v2.0.0 to address
known security vulnerabilities in prior versions when both symmetric and
asymmetric keys are used together.
- Update signature for `JWT::decode(...)` to require an array of supported
algorithms to use when verifying token signatures.
// Create an HTTP request factory (can be any PSR-17 compatible HTTP request factory)
$httpFactory = new GuzzleHttp\Psr\HttpFactory();
// Create a cache item pool (can be any PSR-6 compatible cache item pool)
$cacheItemPool = Phpfastcache\CacheManager::getInstance('files');
$keySet = new CachedKeySet(
$jwksUri,
$httpClient,
$httpFactory,
$cacheItemPool,
null, // $expiresAfter int seconds to set the JWKS to expire
true // $rateLimit true to enable rate limit of 10 RPS on lookup of invalid keys
);
$jwt = 'eyJhbGci...'; // Some JWT signed by a key from the $jwkUri above
$decoded = JWT::decode($jwt, $keySet);
```
Miscellaneous
-------------
#### Exception Handling
When a call to `JWT::decode` is invalid, it will throw one of the following exceptions:
```php
use Firebase\JWT\JWT;
use Firebase\JWT\SignatureInvalidException;
use Firebase\JWT\BeforeValidException;
use Firebase\JWT\ExpiredException;
use DomainException;
use InvalidArgumentException;
use UnexpectedValueException;
try {
$decoded = JWT::decode($payload, $keys);
} catch (InvalidArgumentException $e) {
// provided key/key-array is empty or malformed.
} catch (DomainException $e) {
// provided algorithm is unsupported OR
// provided key is invalid OR
// unknown error thrown in openSSL or libsodium OR
// libsodium is required but not available.
} catch (SignatureInvalidException $e) {
// provided JWT signature verification failed.
} catch (BeforeValidException $e) {
// provided JWT is trying to be used before "nbf" claim OR
// provided JWT is trying to be used before "iat" claim.
} catch (ExpiredException $e) {
// provided JWT is trying to be used after "exp" claim.
} catch (UnexpectedValueException $e) {
// provided JWT is malformed OR
// provided JWT is missing an algorithm / using an unsupported algorithm OR
// provided JWT algorithm does not match provided key OR
// provided key ID in key/key-array is empty or invalid.
}
```
All exceptions in the `Firebase\JWT` namespace extend `UnexpectedValueException`, and can be simplified
like this:
```php
try {
$decoded = JWT::decode($payload, $keys);
} catch (LogicException $e) {
// errors having to do with environmental setup or malformed JWT Keys
} catch (UnexpectedValueException $e) {
// errors having to do with JWT signature and claims
}
```
#### Casting to array
The return value of `JWT::decode` is the generic PHP object `stdClass`. If you'd like to handle with arrays
instead, you can do the following:
```php
// return type is stdClass
$decoded = JWT::decode($payload, $keys);
// cast to array
$decoded = json_decode(json_encode($decoded), true);
```
Tests
-----

12
lib/firebase/php-jwt/composer.json
View File

@@ -20,10 +20,11 @@
],
"license": "BSD-3-Clause",
"require": {
"php": ">=5.3.0"
"php": "^7.1||^8.0"
},
"suggest": {
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present",
"ext-sodium": "Support EdDSA (Ed25519) signatures"
},
"autoload": {
"psr-4": {
@@ -31,6 +32,11 @@
}
},
"require-dev": {
"phpunit/phpunit": ">=4.8 <=9"
"guzzlehttp/guzzle": "^6.5||^7.4",
"phpspec/prophecy-phpunit": "^1.1",
"phpunit/phpunit": "^7.5||^9.5",
"psr/cache": "^1.0||^2.0",
"psr/http-client": "^1.0",
"psr/http-factory": "^1.0"
}
}

258
lib/firebase/php-jwt/src/CachedKeySet.php Normal file
View File

@@ -0,0 +1,258 @@
<?php
namespace Firebase\JWT;
use ArrayAccess;
use InvalidArgumentException;
use LogicException;
use OutOfBoundsException;
use Psr\Cache\CacheItemInterface;
use Psr\Cache\CacheItemPoolInterface;
use Psr\Http\Client\ClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use RuntimeException;
use UnexpectedValueException;
/**
* @implements ArrayAccess<string, Key>
*/
class CachedKeySet implements ArrayAccess
{
/**
* @var string
*/
private $jwksUri;
/**
* @var ClientInterface
*/
private $httpClient;
/**
* @var RequestFactoryInterface
*/
private $httpFactory;
/**
* @var CacheItemPoolInterface
*/
private $cache;
/**
* @var ?int
*/
private $expiresAfter;
/**
* @var ?CacheItemInterface
*/
private $cacheItem;
/**
* @var array<string, array<mixed>>
*/
private $keySet;
/**
* @var string
*/
private $cacheKey;
/**
* @var string
*/
private $cacheKeyPrefix = 'jwks';
/**
* @var int
*/
private $maxKeyLength = 64;
/**
* @var bool
*/
private $rateLimit;
/**
* @var string
*/
private $rateLimitCacheKey;
/**
* @var int
*/
private $maxCallsPerMinute = 10;
/**
* @var string|null
*/
private $defaultAlg;
public function __construct(
string $jwksUri,
ClientInterface $httpClient,
RequestFactoryInterface $httpFactory,
CacheItemPoolInterface $cache,
int $expiresAfter = null,
bool $rateLimit = false,
string $defaultAlg = null
) {
$this->jwksUri = $jwksUri;
$this->httpClient = $httpClient;
$this->httpFactory = $httpFactory;
$this->cache = $cache;
$this->expiresAfter = $expiresAfter;
$this->rateLimit = $rateLimit;
$this->defaultAlg = $defaultAlg;
$this->setCacheKeys();
}
/**
* @param string $keyId
* @return Key
*/
public function offsetGet($keyId): Key
{
if (!$this->keyIdExists($keyId)) {
throw new OutOfBoundsException('Key ID not found');
}
return JWK::parseKey($this->keySet[$keyId], $this->defaultAlg);
}
/**
* @param string $keyId
* @return bool
*/
public function offsetExists($keyId): bool
{
return $this->keyIdExists($keyId);
}
/**
* @param string $offset
* @param Key $value
*/
public function offsetSet($offset, $value): void
{
throw new LogicException('Method not implemented');
}
/**
* @param string $offset
*/
public function offsetUnset($offset): void
{
throw new LogicException('Method not implemented');
}
/**
* @return array<mixed>
*/
private function formatJwksForCache(string $jwks): array
{
$jwks = json_decode($jwks, true);
if (!isset($jwks['keys'])) {
throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
}
if (empty($jwks['keys'])) {
throw new InvalidArgumentException('JWK Set did not contain any keys');
}
$keys = [];
foreach ($jwks['keys'] as $k => $v) {
$kid = isset($v['kid']) ? $v['kid'] : $k;
$keys[(string) $kid] = $v;
}
return $keys;
}
private function keyIdExists(string $keyId): bool
{
if (null === $this->keySet) {
$item = $this->getCacheItem();
// Try to load keys from cache
if ($item->isHit()) {
// item found! retrieve it
$this->keySet = $item->get();
// If the cached item is a string, the JWKS response was cached (previous behavior).
// Parse this into expected format array<kid, jwk> instead.
if (\is_string($this->keySet)) {
$this->keySet = $this->formatJwksForCache($this->keySet);
}
}
}
if (!isset($this->keySet[$keyId])) {
if ($this->rateLimitExceeded()) {
return false;
}
$request = $this->httpFactory->createRequest('GET', $this->jwksUri);
$jwksResponse = $this->httpClient->sendRequest($request);
$this->keySet = $this->formatJwksForCache((string) $jwksResponse->getBody());
if (!isset($this->keySet[$keyId])) {
return false;
}
$item = $this->getCacheItem();
$item->set($this->keySet);
if ($this->expiresAfter) {
$item->expiresAfter($this->expiresAfter);
}
$this->cache->save($item);
}
return true;
}
private function rateLimitExceeded(): bool
{
if (!$this->rateLimit) {
return false;
}
$cacheItem = $this->cache->getItem($this->rateLimitCacheKey);
if (!$cacheItem->isHit()) {
$cacheItem->expiresAfter(1); // # of calls are cached each minute
}
$callsPerMinute = (int) $cacheItem->get();
if (++$callsPerMinute > $this->maxCallsPerMinute) {
return true;
}
$cacheItem->set($callsPerMinute);
$this->cache->save($cacheItem);
return false;
}
private function getCacheItem(): CacheItemInterface
{
if (\is_null($this->cacheItem)) {
$this->cacheItem = $this->cache->getItem($this->cacheKey);
}
return $this->cacheItem;
}
private function setCacheKeys(): void
{
if (empty($this->jwksUri)) {
throw new RuntimeException('JWKS URI is empty');
}
// ensure we do not have illegal characters
$key = preg_replace('|[^a-zA-Z0-9_\.!]|', '', $this->jwksUri);
// add prefix
$key = $this->cacheKeyPrefix . $key;
// Hash keys if they exceed $maxKeyLength of 64
if (\strlen($key) > $this->maxKeyLength) {
$key = substr(hash('sha256', $key), 0, $this->maxKeyLength);
}
$this->cacheKey = $key;
if ($this->rateLimit) {
// add prefix
$rateLimitKey = $this->cacheKeyPrefix . 'ratelimit' . $key;
// Hash keys if they exceed $maxKeyLength of 64
if (\strlen($rateLimitKey) > $this->maxKeyLength) {
$rateLimitKey = substr(hash('sha256', $rateLimitKey), 0, $this->maxKeyLength);
}
$this->rateLimitCacheKey = $rateLimitKey;
}
}
}

201
lib/firebase/php-jwt/src/JWK.php
View File

@@ -20,12 +20,25 @@ use UnexpectedValueException;
*/
class JWK
{
private const OID = '1.2.840.10045.2.1';
private const ASN1_OBJECT_IDENTIFIER = 0x06;
private const ASN1_SEQUENCE = 0x10; // also defined in JWT
private const ASN1_BIT_STRING = 0x03;
private const EC_CURVES = [
'P-256' => '1.2.840.10045.3.1.7', // Len: 64
'secp256k1' => '1.3.132.0.10', // Len: 64
// 'P-384' => '1.3.132.0.34', // Len: 96 (not yet supported)
// 'P-521' => '1.3.132.0.35', // Len: 132 (not supported)
];
/**
* Parse a set of JWK keys
*
* @param array $jwks The JSON Web Key Set as an associative array
* @param array<mixed> $jwks The JSON Web Key Set as an associative array
* @param string $defaultAlg The algorithm for the Key object if "alg" is not set in the
* JSON Web Key Set
*
* @return array An associative array that represents the set of keys
* @return array<string, Key> An associative array of key IDs (kid) to Key objects
*
* @throws InvalidArgumentException Provided JWK Set is empty
* @throws UnexpectedValueException Provided JWK Set was invalid
@@ -33,21 +46,22 @@ class JWK
*
* @uses parseKey
*/
public static function parseKeySet(array $jwks)
public static function parseKeySet(array $jwks, string $defaultAlg = null): array
{
$keys = array();
$keys = [];
if (!isset($jwks['keys'])) {
throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
}
if (empty($jwks['keys'])) {
throw new InvalidArgumentException('JWK Set did not contain any keys');
}
foreach ($jwks['keys'] as $k => $v) {
$kid = isset($v['kid']) ? $v['kid'] : $k;
if ($key = self::parseKey($v)) {
$keys[$kid] = $key;
if ($key = self::parseKey($v, $defaultAlg)) {
$keys[(string) $kid] = $key;
}
}
@@ -61,9 +75,11 @@ class JWK
/**
* Parse a JWK key
*
* @param array $jwk An individual JWK
* @param array<mixed> $jwk An individual JWK
* @param string $defaultAlg The algorithm for the Key object if "alg" is not set in the
* JSON Web Key Set
*
* @return resource|array An associative array that represents the key
* @return Key The key object for the JWK
*
* @throws InvalidArgumentException Provided JWK is empty
* @throws UnexpectedValueException Provided JWK was invalid
@@ -71,15 +87,27 @@ class JWK
*
* @uses createPemFromModulusAndExponent
*/
public static function parseKey(array $jwk)
public static function parseKey(array $jwk, string $defaultAlg = null): ?Key
{
if (empty($jwk)) {
throw new InvalidArgumentException('JWK must not be empty');
}
if (!isset($jwk['kty'])) {
throw new UnexpectedValueException('JWK must contain a "kty" parameter');
}
if (!isset($jwk['alg'])) {
if (\is_null($defaultAlg)) {
// The "alg" parameter is optional in a KTY, but an algorithm is required
// for parsing in this library. Use the $defaultAlg parameter when parsing the
// key set in order to prevent this error.
// @see https://datatracker.ietf.org/doc/html/rfc7517#section-4.4
throw new UnexpectedValueException('JWK must contain an "alg" parameter');
}
$jwk['alg'] = $defaultAlg;
}
switch ($jwk['kty']) {
case 'RSA':
if (!empty($jwk['d'])) {
@@ -96,11 +124,72 @@ class JWK
'OpenSSL error: ' . \openssl_error_string()
);
}
return $publicKey;
return new Key($publicKey, $jwk['alg']);
case 'EC':
if (isset($jwk['d'])) {
// The key is actually a private key
throw new UnexpectedValueException('Key data must be for a public key');
}
if (empty($jwk['crv'])) {
throw new UnexpectedValueException('crv not set');
}
if (!isset(self::EC_CURVES[$jwk['crv']])) {
throw new DomainException('Unrecognised or unsupported EC curve');
}
if (empty($jwk['x']) || empty($jwk['y'])) {
throw new UnexpectedValueException('x and y not set');
}
$publicKey = self::createPemFromCrvAndXYCoordinates($jwk['crv'], $jwk['x'], $jwk['y']);
return new Key($publicKey, $jwk['alg']);
default:
// Currently only RSA is supported
break;
}
return null;
}
/**
* Converts the EC JWK values to pem format.
*
* @param string $crv The EC curve (only P-256 is supported)
* @param string $x The EC x-coordinate
* @param string $y The EC y-coordinate
*
* @return string
*/
private static function createPemFromCrvAndXYCoordinates(string $crv, string $x, string $y): string
{
$pem =
self::encodeDER(
self::ASN1_SEQUENCE,
self::encodeDER(
self::ASN1_SEQUENCE,
self::encodeDER(
self::ASN1_OBJECT_IDENTIFIER,
self::encodeOID(self::OID)
)
. self::encodeDER(
self::ASN1_OBJECT_IDENTIFIER,
self::encodeOID(self::EC_CURVES[$crv])
)
) .
self::encodeDER(
self::ASN1_BIT_STRING,
\chr(0x00) . \chr(0x04)
. JWT::urlsafeB64Decode($x)
. JWT::urlsafeB64Decode($y)
)
);
return sprintf(
"-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n",
wordwrap(base64_encode($pem), 64, "\n", true)
);
}
/**
@@ -113,22 +202,22 @@ class JWK
*
* @uses encodeLength
*/
private static function createPemFromModulusAndExponent($n, $e)
{
$modulus = JWT::urlsafeB64Decode($n);
$publicExponent = JWT::urlsafeB64Decode($e);
private static function createPemFromModulusAndExponent(
string $n,
string $e
): string {
$mod = JWT::urlsafeB64Decode($n);
$exp = JWT::urlsafeB64Decode($e);
$components = array(
'modulus' => \pack('Ca*a*', 2, self::encodeLength(\strlen($modulus)), $modulus),
'publicExponent' => \pack('Ca*a*', 2, self::encodeLength(\strlen($publicExponent)), $publicExponent)
);
$modulus = \pack('Ca*a*', 2, self::encodeLength(\strlen($mod)), $mod);
$publicExponent = \pack('Ca*a*', 2, self::encodeLength(\strlen($exp)), $exp);
$rsaPublicKey = \pack(
'Ca*a*a*',
48,
self::encodeLength(\strlen($components['modulus']) + \strlen($components['publicExponent'])),
$components['modulus'],
$components['publicExponent']
self::encodeLength(\strlen($modulus) + \strlen($publicExponent)),
$modulus,
$publicExponent
);
// sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
@@ -143,11 +232,9 @@ class JWK
$rsaOID . $rsaPublicKey
);
$rsaPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
return "-----BEGIN PUBLIC KEY-----\r\n" .
\chunk_split(\base64_encode($rsaPublicKey), 64) .
'-----END PUBLIC KEY-----';
return $rsaPublicKey;
}
/**
@@ -159,7 +246,7 @@ class JWK
* @param int $length
* @return string
*/
private static function encodeLength($length)
private static function encodeLength(int $length): string
{
if ($length <= 0x7F) {
return \chr($length);
@@ -169,4 +256,68 @@ class JWK
return \pack('Ca*', 0x80 | \strlen($temp), $temp);
}
/**
* Encodes a value into a DER object.
* Also defined in Firebase\JWT\JWT
*
* @param int $type DER tag
* @param string $value the value to encode
* @return string the encoded object
*/
private static function encodeDER(int $type, string $value): string
{
$tag_header = 0;
if ($type === self::ASN1_SEQUENCE) {
$tag_header |= 0x20;
}
// Type
$der = \chr($tag_header | $type);
// Length
$der .= \chr(\strlen($value));
return $der . $value;
}
/**
* Encodes a string into a DER-encoded OID.
*
* @param string $oid the OID string
* @return string the binary DER-encoded OID
*/
private static function encodeOID(string $oid): string
{
$octets = explode('.', $oid);
// Get the first octet
$first = (int) array_shift($octets);
$second = (int) array_shift($octets);
$oid = \chr($first * 40 + $second);
// Iterate over subsequent octets
foreach ($octets as $octet) {
if ($octet == 0) {
$oid .= \chr(0x00);
continue;
}
$bin = '';
while ($octet) {
$bin .= \chr(0x80 | ($octet & 0x7f));
$octet >>= 7;
}
$bin[0] = $bin[0] & \chr(0x7f);
// Convert to big endian if necessary
if (pack('V', 65534) == pack('L', 65534)) {
$oid .= strrev($bin);
} else {
$oid .= $bin;
}
}
return $oid;
}
}

383
lib/firebase/php-jwt/src/JWT.php
View File

@@ -3,12 +3,14 @@
namespace Firebase\JWT;
use ArrayAccess;
use DateTime;
use DomainException;
use Exception;
use InvalidArgumentException;
use OpenSSLAsymmetricKey;
use OpenSSLCertificate;
use stdClass;
use UnexpectedValueException;
use DateTime;
/**
* JSON Web Token implementation, based on this spec:
@@ -25,52 +27,58 @@ use DateTime;
*/
class JWT
{
const ASN1_INTEGER = 0x02;
const ASN1_SEQUENCE = 0x10;
const ASN1_BIT_STRING = 0x03;
private const ASN1_INTEGER = 0x02;
private const ASN1_SEQUENCE = 0x10;
private const ASN1_BIT_STRING = 0x03;
/**
* When checking nbf, iat or expiration times,
* we want to provide some extra leeway time to
* account for clock skew.
*
* @var int
*/
public static $leeway = 0;
/**
* Allow the current timestamp to be specified.
* Useful for fixing a value within unit testing.
*
* Will default to PHP time() value if null.
*
* @var ?int
*/
public static $timestamp = null;
public static $supported_algs = array(
'ES384' => array('openssl', 'SHA384'),
'ES256' => array('openssl', 'SHA256'),
'HS256' => array('hash_hmac', 'SHA256'),
'HS384' => array('hash_hmac', 'SHA384'),
'HS512' => array('hash_hmac', 'SHA512'),
'RS256' => array('openssl', 'SHA256'),
'RS384' => array('openssl', 'SHA384'),
'RS512' => array('openssl', 'SHA512'),
'EdDSA' => array('sodium_crypto', 'EdDSA'),
);
/**
* @var array<string, string[]>
*/
public static $supported_algs = [
'ES384' => ['openssl', 'SHA384'],
'ES256' => ['openssl', 'SHA256'],
'ES256K' => ['openssl', 'SHA256'],
'HS256' => ['hash_hmac', 'SHA256'],
'HS384' => ['hash_hmac', 'SHA384'],
'HS512' => ['hash_hmac', 'SHA512'],
'RS256' => ['openssl', 'SHA256'],
'RS384' => ['openssl', 'SHA384'],
'RS512' => ['openssl', 'SHA512'],
'EdDSA' => ['sodium_crypto', 'EdDSA'],
];
/**
* Decodes a JWT string into a PHP object.
*
* @param string $jwt The JWT
* @param Key|array<Key>|mixed $keyOrKeyArray The Key or array of Key objects.
* If the algorithm used is asymmetric, this is the public key
* Each Key object contains an algorithm and matching key.
* Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
* 'HS512', 'RS256', 'RS384', and 'RS512'
* @param array $allowed_algs [DEPRECATED] List of supported verification algorithms. Only
* should be used for backwards compatibility.
* @param string $jwt The JWT
* @param Key|array<string,Key> $keyOrKeyArray The Key or associative array of key IDs (kid) to Key objects.
* If the algorithm used is asymmetric, this is the public key
* Each Key object contains an algorithm and matching key.
* Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
* 'HS512', 'RS256', 'RS384', and 'RS512'
*
* @return object The JWT's payload as a PHP object
* @return stdClass The JWT's payload as a PHP object
*
* @throws InvalidArgumentException Provided JWT was empty
* @throws InvalidArgumentException Provided key/key-array was empty or malformed
* @throws DomainException Provided JWT is malformed
* @throws UnexpectedValueException Provided JWT was invalid
* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed
* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'
@@ -80,27 +88,37 @@ class JWT
* @uses jsonDecode
* @uses urlsafeB64Decode
*/
public static function decode($jwt, $keyOrKeyArray, array $allowed_algs = array())
{
public static function decode(
string $jwt,
$keyOrKeyArray
): stdClass {
// Validate JWT
$timestamp = \is_null(static::$timestamp) ? \time() : static::$timestamp;
if (empty($keyOrKeyArray)) {
throw new InvalidArgumentException('Key may not be empty');
}
$tks = \explode('.', $jwt);
if (\count($tks) != 3) {
if (\count($tks) !== 3) {
throw new UnexpectedValueException('Wrong number of segments');
}
list($headb64, $bodyb64, $cryptob64) = $tks;
if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) {
$headerRaw = static::urlsafeB64Decode($headb64);
if (null === ($header = static::jsonDecode($headerRaw))) {
throw new UnexpectedValueException('Invalid header encoding');
}
if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) {
$payloadRaw = static::urlsafeB64Decode($bodyb64);
if (null === ($payload = static::jsonDecode($payloadRaw))) {
throw new UnexpectedValueException('Invalid claims encoding');
}
if (false === ($sig = static::urlsafeB64Decode($cryptob64))) {
throw new UnexpectedValueException('Invalid signature encoding');
if (\is_array($payload)) {
// prevent PHP Fatal Error in edge-cases when payload is empty array
$payload = (object) $payload;
}
if (!$payload instanceof stdClass) {
throw new UnexpectedValueException('Payload must be a JSON object');
}
$sig = static::urlsafeB64Decode($cryptob64);
if (empty($header->alg)) {
throw new UnexpectedValueException('Empty algorithm');
}
@@ -108,31 +126,18 @@ class JWT
throw new UnexpectedValueException('Algorithm not supported');
}
list($keyMaterial, $algorithm) = self::getKeyMaterialAndAlgorithm(
$keyOrKeyArray,
empty($header->kid) ? null : $header->kid
);
$key = self::getKey($keyOrKeyArray, property_exists($header, 'kid') ? $header->kid : null);
if (empty($algorithm)) {
// Use deprecated "allowed_algs" to determine if the algorithm is supported.
// This opens up the possibility of an attack in some implementations.
// @see https://github.com/firebase/php-jwt/issues/351
if (!\in_array($header->alg, $allowed_algs)) {
throw new UnexpectedValueException('Algorithm not allowed');
}
} else {
// Check the algorithm
if (!self::constantTimeEquals($algorithm, $header->alg)) {
// See issue #351
throw new UnexpectedValueException('Incorrect key for this algorithm');
}
// Check the algorithm
if (!self::constantTimeEquals($key->getAlgorithm(), $header->alg)) {
// See issue #351
throw new UnexpectedValueException('Incorrect key for this algorithm');
}
if ($header->alg === 'ES256' || $header->alg === 'ES384') {
// OpenSSL expects an ASN.1 DER sequence for ES256/ES384 signatures
if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384'], true)) {
// OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384 signatures
$sig = self::signatureToDER($sig);
}
if (!static::verify("$headb64.$bodyb64", $sig, $keyMaterial, $header->alg)) {
if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) {
throw new SignatureInvalidException('Signature verification failed');
}
@@ -162,34 +167,37 @@ class JWT
}
/**
* Converts and signs a PHP object or array into a JWT string.
* Converts and signs a PHP array into a JWT string.
*
* @param object|array $payload PHP object or array
* @param string|resource $key The secret key.
* If the algorithm used is asymmetric, this is the private key
* @param string $alg The signing algorithm.
* Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
* 'HS512', 'RS256', 'RS384', and 'RS512'
* @param mixed $keyId
* @param array $head An array with header elements to attach
* @param array<mixed> $payload PHP array
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
* @param string $alg Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
* 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
* @param string $keyId
* @param array<string, string> $head An array with header elements to attach
*
* @return string A signed JWT
*
* @uses jsonEncode
* @uses urlsafeB64Encode
*/
public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
{
$header = array('typ' => 'JWT', 'alg' => $alg);
public static function encode(
array $payload,
$key,
string $alg,
string $keyId = null,
array $head = null
): string {
$header = ['typ' => 'JWT', 'alg' => $alg];
if ($keyId !== null) {
$header['kid'] = $keyId;
}
if (isset($head) && \is_array($head)) {
$header = \array_merge($head, $header);
}
$segments = array();
$segments[] = static::urlsafeB64Encode(static::jsonEncode($header));
$segments[] = static::urlsafeB64Encode(static::jsonEncode($payload));
$segments = [];
$segments[] = static::urlsafeB64Encode((string) static::jsonEncode($header));
$segments[] = static::urlsafeB64Encode((string) static::jsonEncode($payload));
$signing_input = \implode('.', $segments);
$signature = static::sign($signing_input, $key, $alg);
@@ -201,67 +209,84 @@ class JWT
/**
* Sign a string with a given key and algorithm.
*
* @param string $msg The message to sign
* @param string|resource $key The secret key
* @param string $alg The signing algorithm.
* Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
* 'HS512', 'RS256', 'RS384', and 'RS512'
* @param string $msg The message to sign
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
* @param string $alg Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
* 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
*
* @return string An encrypted message
*
* @throws DomainException Unsupported algorithm or bad key was specified
*/
public static function sign($msg, $key, $alg = 'HS256')
{
public static function sign(
string $msg,
$key,
string $alg
): string {
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
list($function, $algorithm) = static::$supported_algs[$alg];
switch ($function) {
case 'hash_hmac':
if (!\is_string($key)) {
throw new InvalidArgumentException('key must be a string when using hmac');
}
return \hash_hmac($algorithm, $msg, $key, true);
case 'openssl':
$signature = '';
$success = \openssl_sign($msg, $signature, $key, $algorithm);
$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
if (!$success) {
throw new DomainException("OpenSSL unable to sign data");
throw new DomainException('OpenSSL unable to sign data');
}
if ($alg === 'ES256') {
if ($alg === 'ES256' || $alg === 'ES256K') {
$signature = self::signatureFromDER($signature, 256);
} elseif ($alg === 'ES384') {
$signature = self::signatureFromDER($signature, 384);
}
return $signature;
case 'sodium_crypto':
if (!function_exists('sodium_crypto_sign_detached')) {
if (!\function_exists('sodium_crypto_sign_detached')) {
throw new DomainException('libsodium is not available');
}
if (!\is_string($key)) {
throw new InvalidArgumentException('key must be a string when using EdDSA');
}
try {
// The last non-empty line is used as the key.
$lines = array_filter(explode("\n", $key));
$key = base64_decode(end($lines));
$key = base64_decode((string) end($lines));
if (\strlen($key) === 0) {
throw new DomainException('Key cannot be empty string');
}
return sodium_crypto_sign_detached($msg, $key);
} catch (Exception $e) {
throw new DomainException($e->getMessage(), 0, $e);
}
}
throw new DomainException('Algorithm not supported');
}
/**
* Verify a signature with the message, key and method. Not all methods
* are symmetric, so we must have a separate verify and sign method.
*
* @param string $msg The original message (header and body)
* @param string $signature The original signature
* @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key
* @param string $alg The algorithm
* @param string $msg The original message (header and body)
* @param string $signature The original signature
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial For HS*, a string key works. for RS*, must be an instance of OpenSSLAsymmetricKey
* @param string $alg The algorithm
*
* @return bool
*
* @throws DomainException Invalid Algorithm, bad key, or OpenSSL failure
*/
private static function verify($msg, $signature, $key, $alg)
{
private static function verify(
string $msg,
string $signature,
$keyMaterial,
string $alg
): bool {
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
@@ -269,10 +294,11 @@ class JWT
list($function, $algorithm) = static::$supported_algs[$alg];
switch ($function) {
case 'openssl':
$success = \openssl_verify($msg, $signature, $key, $algorithm);
$success = \openssl_verify($msg, $signature, $keyMaterial, $algorithm); // @phpstan-ignore-line
if ($success === 1) {
return true;
} elseif ($success === 0) {
}
if ($success === 0) {
return false;
}
// returns 1 on success, 0 on failure, -1 on error.
@@ -280,21 +306,33 @@ class JWT
'OpenSSL error: ' . \openssl_error_string()
);
case 'sodium_crypto':
if (!function_exists('sodium_crypto_sign_verify_detached')) {
throw new DomainException('libsodium is not available');
}
try {
// The last non-empty line is used as the key.
$lines = array_filter(explode("\n", $key));
$key = base64_decode(end($lines));
return sodium_crypto_sign_verify_detached($signature, $msg, $key);
} catch (Exception $e) {
throw new DomainException($e->getMessage(), 0, $e);
}
if (!\function_exists('sodium_crypto_sign_verify_detached')) {
throw new DomainException('libsodium is not available');
}
if (!\is_string($keyMaterial)) {
throw new InvalidArgumentException('key must be a string when using EdDSA');
}
try {
// The last non-empty line is used as the key.
$lines = array_filter(explode("\n", $keyMaterial));
$key = base64_decode((string) end($lines));
if (\strlen($key) === 0) {
throw new DomainException('Key cannot be empty string');
}
if (\strlen($signature) === 0) {
throw new DomainException('Signature cannot be empty string');
}
return sodium_crypto_sign_verify_detached($signature, $msg, $key);
} catch (Exception $e) {
throw new DomainException($e->getMessage(), 0, $e);
}
case 'hash_hmac':
default:
$hash = \hash_hmac($algorithm, $msg, $key, true);
return self::constantTimeEquals($signature, $hash);
if (!\is_string($keyMaterial)) {
throw new InvalidArgumentException('key must be a string when using hmac');
}
$hash = \hash_hmac($algorithm, $msg, $keyMaterial, true);
return self::constantTimeEquals($hash, $signature);
}
}
@@ -303,30 +341,16 @@ class JWT
*
* @param string $input JSON string
*
* @return object Object representation of JSON string
* @return mixed The decoded JSON string
*
* @throws DomainException Provided string was invalid JSON
*/
public static function jsonDecode($input)
public static function jsonDecode(string $input)
{
if (\version_compare(PHP_VERSION, '5.4.0', '>=') && !(\defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) {
/** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you
* to specify that large ints (like Steam Transaction IDs) should be treated as
* strings, rather than the PHP default behaviour of converting them to floats.
*/
$obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
} else {
/** Not all servers will support that, however, so for older versions we must
* manually detect large ints in the JSON string and quote them (thus converting
*them to strings) before decoding, hence the preg_replace() call.
*/
$max_int_length = \strlen((string) PHP_INT_MAX) - 1;
$json_without_bigints = \preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input);
$obj = \json_decode($json_without_bigints);
}
$obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
if ($errno = \json_last_error()) {
static::handleJsonError($errno);
self::handleJsonError($errno);
} elseif ($obj === null && $input !== 'null') {
throw new DomainException('Null result with non-null input');
}
@@ -334,22 +358,30 @@ class JWT
}
/**
* Encode a PHP object into a JSON string.
* Encode a PHP array into a JSON string.
*
* @param object|array $input A PHP object or array
* @param array<mixed> $input A PHP array
*
* @return string JSON representation of the PHP object or array
* @return string JSON representation of the PHP array
*
* @throws DomainException Provided object could not be encoded to valid JSON
*/
public static function jsonEncode($input)
public static function jsonEncode(array $input): string
{
$json = \json_encode($input);
if (PHP_VERSION_ID >= 50400) {
$json = \json_encode($input, \JSON_UNESCAPED_SLASHES);
} else {
// PHP 5.3 only
$json = \json_encode($input);
}
if ($errno = \json_last_error()) {
static::handleJsonError($errno);
self::handleJsonError($errno);
} elseif ($json === 'null' && $input !== null) {
throw new DomainException('Null result with non-null input');
}
if ($json === false) {
throw new DomainException('Provided object could not be encoded to valid JSON');
}
return $json;
}
@@ -359,8 +391,10 @@ class JWT
* @param string $input A Base64 encoded string
*
* @return string A decoded string
*
* @throws InvalidArgumentException invalid base64 characters
*/
public static function urlsafeB64Decode($input)
public static function urlsafeB64Decode(string $input): string
{
$remainder = \strlen($input) % 4;
if ($remainder) {
@@ -377,7 +411,7 @@ class JWT
*
* @return string The base64 encode of what you passed in
*/
public static function urlsafeB64Encode($input)
public static function urlsafeB64Encode(string $input): string
{
return \str_replace('=', '', \strtr(\base64_encode($input), '+/', '-_'));
}
@@ -386,67 +420,54 @@ class JWT
/**
* Determine if an algorithm has been provided for each Key
*
* @param Key|array<Key>|mixed $keyOrKeyArray
* @param string|null $kid
* @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray
* @param string|null $kid
*
* @throws UnexpectedValueException
*
* @return array containing the keyMaterial and algorithm
* @return Key
*/
private static function getKeyMaterialAndAlgorithm($keyOrKeyArray, $kid = null)
{
if (
is_string($keyOrKeyArray)
|| is_resource($keyOrKeyArray)
|| $keyOrKeyArray instanceof OpenSSLAsymmetricKey
) {
return array($keyOrKeyArray, null);
}
private static function getKey(
$keyOrKeyArray,
?string $kid
): Key {
if ($keyOrKeyArray instanceof Key) {
return array($keyOrKeyArray->getKeyMaterial(), $keyOrKeyArray->getAlgorithm());
return $keyOrKeyArray;
}
if (is_array($keyOrKeyArray) || $keyOrKeyArray instanceof ArrayAccess) {
if (!isset($kid)) {
throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
}
if (!isset($keyOrKeyArray[$kid])) {
throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
}
$key = $keyOrKeyArray[$kid];
if ($key instanceof Key) {
return array($key->getKeyMaterial(), $key->getAlgorithm());
}
return array($key, null);
if (empty($kid)) {
throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
}
throw new UnexpectedValueException(
'$keyOrKeyArray must be a string|resource key, an array of string|resource keys, '
. 'an instance of Firebase\JWT\Key key or an array of Firebase\JWT\Key keys'
);
if ($keyOrKeyArray instanceof CachedKeySet) {
// Skip "isset" check, as this will automatically refresh if not set
return $keyOrKeyArray[$kid];
}
if (!isset($keyOrKeyArray[$kid])) {
throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
}
return $keyOrKeyArray[$kid];
}
/**
* @param string $left
* @param string $right
* @param string $left The string of known length to compare against
* @param string $right The user-supplied string
* @return bool
*/
public static function constantTimeEquals($left, $right)
public static function constantTimeEquals(string $left, string $right): bool
{
if (\function_exists('hash_equals')) {
return \hash_equals($left, $right);
}
$len = \min(static::safeStrlen($left), static::safeStrlen($right));
$len = \min(self::safeStrlen($left), self::safeStrlen($right));
$status = 0;
for ($i = 0; $i < $len; $i++) {
$status |= (\ord($left[$i]) ^ \ord($right[$i]));
}
$status |= (static::safeStrlen($left) ^ static::safeStrlen($right));
$status |= (self::safeStrlen($left) ^ self::safeStrlen($right));
return ($status === 0);
}
@@ -456,17 +477,19 @@ class JWT
*
* @param int $errno An error number from json_last_error()
*
* @throws DomainException
*
* @return void
*/
private static function handleJsonError($errno)
private static function handleJsonError(int $errno): void
{
$messages = array(
$messages = [
JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON',
JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON',
JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3
);
];
throw new DomainException(
isset($messages[$errno])
? $messages[$errno]
@@ -481,7 +504,7 @@ class JWT
*
* @return int
*/
private static function safeStrlen($str)
private static function safeStrlen(string $str): int
{
if (\function_exists('mb_strlen')) {
return \mb_strlen($str, '8bit');
@@ -495,10 +518,11 @@ class JWT
* @param string $sig The ECDSA signature to convert
* @return string The encoded DER object
*/
private static function signatureToDER($sig)
private static function signatureToDER(string $sig): string
{
// Separate the signature into r-value and s-value
list($r, $s) = \str_split($sig, (int) (\strlen($sig) / 2));
$length = max(1, (int) (\strlen($sig) / 2));
list($r, $s) = \str_split($sig, $length);
// Trim leading zeros
$r = \ltrim($r, "\x00");
@@ -525,9 +549,10 @@ class JWT
*
* @param int $type DER tag
* @param string $value the value to encode
*
* @return string the encoded object
*/
private static function encodeDER($type, $value)
private static function encodeDER(int $type, string $value): string
{
$tag_header = 0;
if ($type === self::ASN1_SEQUENCE) {
@@ -548,9 +573,10 @@ class JWT
*
* @param string $der binary signature in DER format
* @param int $keySize the number of bits in the key
*
* @return string the signature
*/
private static function signatureFromDER($der, $keySize)
private static function signatureFromDER(string $der, int $keySize): string
{
// OpenSSL returns the ECDSA signatures as a binary ASN.1 DER SEQUENCE
list($offset, $_) = self::readDER($der);
@@ -575,9 +601,10 @@ class JWT
* @param string $der the binary data in DER format
* @param int $offset the offset of the data stream containing the object
* to decode
* @return array [$offset, $data] the new offset and the decoded object
*
* @return array{int, string|null} the new offset and the decoded object
*/
private static function readDER($der, $offset = 0)
private static function readDER(string $der, int $offset = 0): array
{
$pos = $offset;
$size = \strlen($der);
@@ -595,7 +622,7 @@ class JWT
}
// Value
if ($type == self::ASN1_BIT_STRING) {
if ($type === self::ASN1_BIT_STRING) {
$pos++; // Skip the first contents octet (padding indicator)
$data = \substr($der, $pos, $len - 1);
$pos += $len - 1;
@@ -606,6 +633,6 @@ class JWT
$data = null;
}
return array($pos, $data);
return [$pos, $data];
}
}

35
lib/firebase/php-jwt/src/Key.php
View File

@@ -4,37 +4,42 @@ namespace Firebase\JWT;
use InvalidArgumentException;
use OpenSSLAsymmetricKey;
use OpenSSLCertificate;
use TypeError;
class Key
{
/** @var string $algorithm */
/** @var string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate */
private $keyMaterial;
/** @var string */
private $algorithm;
/** @var string|resource|OpenSSLAsymmetricKey $keyMaterial */
private $keyMaterial;
/**
* @param string|resource|OpenSSLAsymmetricKey $keyMaterial
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial
* @param string $algorithm
*/
public function __construct($keyMaterial, $algorithm)
{
public function __construct(
$keyMaterial,
string $algorithm
) {
if (
!is_string($keyMaterial)
&& !is_resource($keyMaterial)
!\is_string($keyMaterial)
&& !$keyMaterial instanceof OpenSSLAsymmetricKey
&& !$keyMaterial instanceof OpenSSLCertificate
&& !\is_resource($keyMaterial)
) {
throw new InvalidArgumentException('Type error: $keyMaterial must be a string, resource, or OpenSSLAsymmetricKey');
throw new TypeError('Key material must be a string, resource, or OpenSSLAsymmetricKey');
}
if (empty($keyMaterial)) {
throw new InvalidArgumentException('Type error: $keyMaterial must not be empty');
throw new InvalidArgumentException('Key material must not be empty');
}
if (!is_string($algorithm)|| empty($keyMaterial)) {
throw new InvalidArgumentException('Type error: $algorithm must be a string');
if (empty($algorithm)) {
throw new InvalidArgumentException('Algorithm must not be empty');
}
// TODO: Remove in PHP 8.0 in favor of class constructor property promotion
$this->keyMaterial = $keyMaterial;
$this->algorithm = $algorithm;
}
@@ -44,13 +49,13 @@ class Key
*
* @return string
*/
public function getAlgorithm()
public function getAlgorithm(): string
{
return $this->algorithm;
}
/**
* @return string|resource|OpenSSLAsymmetricKey
* @return string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate
*/
public function getKeyMaterial()
{

4
lib/thenetworg/oauth2-azure/.gitignore vendored
View File

@@ -3,3 +3,7 @@
composer.phar
composer.lock
.DS_Store
# IDE
/.idea
/.vscode

2
lib/thenetworg/oauth2-azure/README.md
View File

@@ -46,7 +46,7 @@ $provider = new TheNetworg\OAuth2\Client\Provider\Azure([
'clientSecret' => '{azure-client-secret}',
'redirectUri' => 'https://example.com/callback-url',
//Optional
'scopes' => 'openid',
'scopes' => ['openid'],
//Optional
'defaultEndPointVersion' => '2.0'
]);

6
lib/thenetworg/oauth2-azure/composer.json
View File

@@ -22,9 +22,11 @@
"sso"
],
"require": {
"php": "^5.6|^7.0|^8.0",
"ext-json": "*",
"ext-openssl": "*",
"php": "^7.1|^8.0",
"league/oauth2-client": "~2.0",
"firebase/php-jwt": "~3.0||~4.0||~5.0"
"firebase/php-jwt": "~3.0||~4.0||~5.0||~6.0"
},
"autoload": {
"psr-4": {

82
lib/thenetworg/oauth2-azure/src/Provider/Azure.php
View File

@@ -3,9 +3,13 @@
namespace TheNetworg\OAuth2\Client\Provider;
use Firebase\JWT\JWT;
use Firebase\JWT\JWK;
use Firebase\JWT\Key;
use League\OAuth2\Client\Grant\AbstractGrant;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Provider\ResourceOwnerInterface;
use League\OAuth2\Client\Token\AccessTokenInterface;
use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Psr\Http\Message\ResponseInterface;
use TheNetworg\OAuth2\Client\Grant\JwtBearer;
@@ -66,7 +70,8 @@ class Azure extends AbstractProvider
}
if (!array_key_exists($version, $this->openIdConfiguration[$tenant])) {
$versionInfix = $this->getVersionUriInfix($version);
$openIdConfigurationUri = 'https://login.microsoftonline.com/' . $tenant . $versionInfix . '/.well-known/openid-configuration';
$openIdConfigurationUri = $this->urlLogin . $tenant . $versionInfix . '/.well-known/openid-configuration?appid=' . $this->clientId;
$factory = $this->getRequestFactory();
$request = $factory->getRequestWithOptions(
'get',
@@ -80,19 +85,28 @@ class Azure extends AbstractProvider
return $this->openIdConfiguration[$tenant][$version];
}
public function getBaseAuthorizationUrl()
/**
* @inheritdoc
*/
public function getBaseAuthorizationUrl(): string
{
$openIdConfiguration = $this->getOpenIdConfiguration($this->tenant, $this->defaultEndPointVersion);
return $openIdConfiguration['authorization_endpoint'];
}
public function getBaseAccessTokenUrl(array $params)
/**
* @inheritdoc
*/
public function getBaseAccessTokenUrl(array $params): string
{
$openIdConfiguration = $this->getOpenIdConfiguration($this->tenant, $this->defaultEndPointVersion);
return $openIdConfiguration['token_endpoint'];
}
public function getAccessToken($grant, array $options = [])
/**
* @inheritdoc
*/
public function getAccessToken($grant, array $options = []): AccessTokenInterface
{
if ($this->defaultEndPointVersion != self::ENDPOINT_VERSION_2_0) {
// Version 2.0 does not support the resources parameter
@@ -106,14 +120,21 @@ class Azure extends AbstractProvider
return parent::getAccessToken($grant, $options);
}
public function getResourceOwner(\League\OAuth2\Client\Token\AccessToken $token)
/**
* @inheritdoc
*/
public function getResourceOwner(\League\OAuth2\Client\Token\AccessToken $token): ResourceOwnerInterface
{
$data = $token->getIdTokenClaims();
return $this->createResourceOwner($data, $token);
}
public function getResourceOwnerDetailsUrl(\League\OAuth2\Client\Token\AccessToken $token)
/**
* @inheritdoc
*/
public function getResourceOwnerDetailsUrl(\League\OAuth2\Client\Token\AccessToken $token): string
{
return ''; // shouldn't that return such a URL?
}
public function getObjects($tenant, $ref, &$accessToken, $headers = [])
@@ -164,11 +185,11 @@ class Azure extends AbstractProvider
return 'https://' . $openIdConfiguration['msgraph_host'];
}
public function get($ref, &$accessToken, $headers = [])
public function get($ref, &$accessToken, $headers = [], $doNotWrap = false)
{
$response = $this->request('get', $ref, $accessToken, ['headers' => $headers]);
return $this->wrapResponse($response);
return $doNotWrap ? $response : $this->wrapResponse($response);
}
public function post($ref, $body, &$accessToken, $headers = [])
@@ -352,8 +373,24 @@ class Azure extends AbstractProvider
$publicKey = $pkey_array ['key'];
$keys[$keyinfo['kid']] = $publicKey;
$keys[$keyinfo['kid']] = new Key($publicKey, 'RS256');
}
} else if (isset($keyinfo['n']) && isset($keyinfo['e'])) {
$pkey_object = JWK::parseKey($keyinfo);
if ($pkey_object === false) {
throw new \RuntimeException('An attempt to read a public key from a ' . $keyinfo['n'] . ' certificate failed.');
}
$pkey_array = openssl_pkey_get_details($pkey_object);
if ($pkey_array === false) {
throw new \RuntimeException('An attempt to get a public key as an array from a ' . $keyinfo['n'] . ' certificate failed.');
}
$publicKey = $pkey_array ['key'];
$keys[$keyinfo['kid']] = new Key($publicKey, 'RS256');;
}
}
@@ -382,7 +419,10 @@ class Azure extends AbstractProvider
return $this->getOpenIdConfiguration($this->tenant, $this->defaultEndPointVersion);
}
protected function checkResponse(ResponseInterface $response, $data)
/**
* @inheritdoc
*/
protected function checkResponse(ResponseInterface $response, $data): void
{
if (isset($data['odata.error']) || isset($data['error'])) {
if (isset($data['odata.error']['message']['value'])) {
@@ -402,27 +442,39 @@ class Azure extends AbstractProvider
throw new IdentityProviderException(
$message,
$response->getStatusCode(),
$response
$response->getBody()
);
}
}
protected function getDefaultScopes()
/**
* @inheritdoc
*/
protected function getDefaultScopes(): array
{
return $this->scope;
}
protected function getScopeSeparator()
/**
* @inheritdoc
*/
protected function getScopeSeparator(): string
{
return $this->scopeSeparator;
}
protected function createAccessToken(array $response, AbstractGrant $grant)
/**
* @inheritdoc
*/
protected function createAccessToken(array $response, AbstractGrant $grant): AccessToken
{
return new AccessToken($response, $this);
}
protected function createResourceOwner(array $response, \League\OAuth2\Client\Token\AccessToken $token)
/**
* @inheritdoc
*/
protected function createResourceOwner(array $response, \League\OAuth2\Client\Token\AccessToken $token): AzureResourceOwner
{
return new AzureResourceOwner($response);
}

21
lib/thenetworg/oauth2-azure/src/Token/AccessToken.php
View File

@@ -19,6 +19,8 @@ class AccessToken extends \League\OAuth2\Client\Token\AccessToken
if (!empty($options['id_token'])) {
$this->idToken = $options['id_token'];
unset($this->values['id_token']);
$keys = $provider->getJwtVerificationKeys();
$idTokenClaims = null;
try {
@@ -45,8 +47,27 @@ class AccessToken extends \League\OAuth2\Client\Token\AccessToken
}
}
public function getIdToken()
{
return $this->idToken;
}
public function getIdTokenClaims()
{
return $this->idTokenClaims;
}
/**
* @inheritdoc
*/
public function jsonSerialize()
{
$parameters = parent::jsonSerialize();
if ($this->idToken) {
$parameters['id_token'] = $this->idToken;
}
return $parameters;
}
}