Improve passport grants

akalongman · akalongman · commit 3d77b07bb4d8 · 2025-03-20T14:33:01.000+04:00
diff --git a/src/Lodash/Auth/Passport/Grants/EmulateUserGrant.php b/src/Lodash/Auth/Passport/Grants/EmulateUserGrant.php
@@ -7,10 +7,8 @@
 use DateInterval;
 use Illuminate\Support\Arr;
 use Laravel\Passport\Bridge\AccessToken;
-use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Grant\AbstractGrant;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
@@ -20,17 +18,15 @@
 use Psr\Http\Message\ServerRequestInterface;
 
 use function event;
-use function is_null;
 
-class EmulateUserGrant extends AbstractGrant
+class EmulateUserGrant extends Grant
 {
-    protected readonly AuthServiceContract $authService;
+    public const string IDENTIFIER = 'emulate';
 
     public function __construct(
-        AuthServiceContract $authService,
+        protected readonly AuthServiceContract $authService,
         RefreshTokenRepositoryInterface $refreshTokenRepository,
     ) {
-        $this->authService = $authService;
         $this->setRefreshTokenRepository($refreshTokenRepository);
         $this->refreshTokenTTL = new DateInterval('P1M');
     }
@@ -79,31 +75,6 @@ public function getRefreshToken(AccessToken $token): void
         $this->issueRefreshToken($token);
     }
 
-    public function getIdentifier(): string
-    {
-        return 'emulate';
-    }
-
-    protected function validateClient(ServerRequestInterface $request): ClientEntityInterface
-    {
-        [$basicAuthUser,] = $this->getBasicAuthCredentials($request);
-
-        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
-
-        // Get client without validating secret
-        $client = $this->clientRepository->getClientEntity($clientId);
-
-        if (! $client instanceof ClientEntityInterface) {
-            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
-            throw OAuthServerException::invalidClient($request);
-        }
-
-        return $client;
-    }
-
     protected function validateUser(
         UserEntityInterface $user,
         ServerRequestInterface $request,
diff --git a/src/Lodash/Auth/Passport/Grants/GoogleAccessTokenGrant.php b/src/Lodash/Auth/Passport/Grants/GoogleAccessTokenGrant.php
@@ -5,10 +5,8 @@
 namespace Longman\LaravelLodash\Auth\Passport\Grants;
 
 use DateInterval;
-use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Grant\AbstractGrant;
 use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Longman\LaravelLodash\Auth\Contracts\AuthServiceContract;
@@ -18,15 +16,14 @@
 
 use function is_null;
 
-class GoogleAccessTokenGrant extends AbstractGrant
+class GoogleAccessTokenGrant extends Grant
 {
-    protected readonly AuthServiceContract $authService;
+    public const string IDENTIFIER = 'google_access_token';
 
     public function __construct(
-        AuthServiceContract $authService,
+        protected readonly AuthServiceContract $authService,
         RefreshTokenBridgeRepositoryContract $refreshTokenRepository,
     ) {
-        $this->authService = $authService;
         $this->setRefreshTokenRepository($refreshTokenRepository);
         $this->refreshTokenTTL = new DateInterval('P1M');
     }
@@ -35,7 +32,7 @@ public function respondToAccessTokenRequest(
         ServerRequestInterface $request,
         ResponseTypeInterface $responseType,
         DateInterval $accessTokenTtl,
-    ) {
+    ): ResponseTypeInterface {
         // Validate request
         $client = $this->validateClient($request);
         $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
@@ -58,31 +55,6 @@ public function respondToAccessTokenRequest(
         return $responseType;
     }
 
-    public function getIdentifier(): string
-    {
-        return 'google_access_token';
-    }
-
-    protected function validateClient(ServerRequestInterface $request): ClientEntityInterface
-    {
-        [$basicAuthUser,] = $this->getBasicAuthCredentials($request);
-
-        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
-
-        // Get client without validating secret
-        $client = $this->clientRepository->getClientEntity($clientId);
-
-        if ($client instanceof ClientEntityInterface === false) {
-            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
-            throw OAuthServerException::invalidClient($request);
-        }
-
-        return $client;
-    }
-
     protected function validateUser(ServerRequestInterface $request): UserEntityInterface
     {
         $googleToken = $this->getRequestParameter('token', $request);
diff --git a/src/Lodash/Auth/Passport/Grants/GoogleIdTokenGrant.php b/src/Lodash/Auth/Passport/Grants/GoogleIdTokenGrant.php
@@ -5,10 +5,8 @@
 namespace Longman\LaravelLodash\Auth\Passport\Grants;
 
 use DateInterval;
-use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Grant\AbstractGrant;
 use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Longman\LaravelLodash\Auth\Contracts\AuthServiceContract;
@@ -18,15 +16,14 @@
 
 use function is_null;
 
-class GoogleIdTokenGrant extends AbstractGrant
+class GoogleIdTokenGrant extends Grant
 {
-    protected readonly AuthServiceContract $authService;
+    public const string IDENTIFIER = 'google_id_token';
 
     public function __construct(
-        AuthServiceContract $authService,
+        protected readonly AuthServiceContract $authService,
         RefreshTokenBridgeRepositoryContract $refreshTokenRepository,
     ) {
-        $this->authService = $authService;
         $this->setRefreshTokenRepository($refreshTokenRepository);
         $this->refreshTokenTTL = new DateInterval('P1M');
     }
@@ -35,7 +32,7 @@ public function respondToAccessTokenRequest(
         ServerRequestInterface $request,
         ResponseTypeInterface $responseType,
         DateInterval $accessTokenTtl,
-    ) {
+    ): ResponseTypeInterface {
         // Validate request
         $client = $this->validateClient($request);
         $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
@@ -58,31 +55,6 @@ public function respondToAccessTokenRequest(
         return $responseType;
     }
 
-    public function getIdentifier(): string
-    {
-        return 'google_id_token';
-    }
-
-    protected function validateClient(ServerRequestInterface $request): ClientEntityInterface
-    {
-        [$basicAuthUser,] = $this->getBasicAuthCredentials($request);
-
-        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
-
-        // Get client without validating secret
-        $client = $this->clientRepository->getClientEntity($clientId);
-
-        if ($client instanceof ClientEntityInterface === false) {
-            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
-            throw OAuthServerException::invalidClient($request);
-        }
-
-        return $client;
-    }
-
     protected function validateUser(ServerRequestInterface $request): UserEntityInterface
     {
         $googleToken = $this->getRequestParameter('token', $request);
diff --git a/src/Lodash/Auth/Passport/Grants/Grant.php b/src/Lodash/Auth/Passport/Grants/Grant.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Longman\LaravelLodash\Auth\Passport\Grants;
+
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\Grant\AbstractGrant;
+use League\OAuth2\Server\RequestEvent;
+use Override;
+use Psr\Http\Message\ServerRequestInterface;
+
+use function is_null;
+
+abstract class Grant extends AbstractGrant
+{
+    public function getIdentifier(): string
+    {
+        return static::IDENTIFIER;
+    }
+
+    #[Override]
+    protected function validateClient(ServerRequestInterface $request): ClientEntityInterface
+    {
+        $clientId = $this->getRequestParameter('client_id', $request);
+        if (is_null($clientId)) {
+            throw OAuthServerException::invalidRequest('client_id');
+        }
+
+        // Get client without validating secret
+        $client = $this->clientRepository->getClientEntity($clientId);
+
+        if (! $client instanceof ClientEntityInterface) {
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
+            throw OAuthServerException::invalidClient($request);
+        }
+
+        return $client;
+    }
+}
diff --git a/src/Lodash/Auth/Passport/Grants/InternalGrant.php b/src/Lodash/Auth/Passport/Grants/InternalGrant.php
@@ -6,10 +6,8 @@
 
 use DateInterval;
 use Laravel\Passport\Bridge\AccessToken;
-use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Grant\AbstractGrant;
 use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Longman\LaravelLodash\Auth\Contracts\AuthServiceContract;
@@ -19,15 +17,14 @@
 
 use function is_null;
 
-class InternalGrant extends AbstractGrant
+class InternalGrant extends Grant
 {
-    protected readonly AuthServiceContract $authService;
+    public const string IDENTIFIER = 'internal';
 
     public function __construct(
-        AuthServiceContract $authService,
+        protected readonly AuthServiceContract $authService,
         RefreshTokenBridgeRepositoryContract $refreshTokenRepository,
     ) {
-        $this->authService = $authService;
         $this->setRefreshTokenRepository($refreshTokenRepository);
         $this->refreshTokenTTL = new DateInterval('P1M');
     }
@@ -64,31 +61,6 @@ public function getRefreshToken(AccessToken $token): void
         $this->issueRefreshToken($token);
     }
 
-    public function getIdentifier(): string
-    {
-        return 'internal';
-    }
-
-    protected function validateClient(ServerRequestInterface $request): ClientEntityInterface
-    {
-        [$basicAuthUser,] = $this->getBasicAuthCredentials($request);
-
-        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
-
-        // Get client without validating secret
-        $client = $this->clientRepository->getClientEntity($clientId);
-
-        if ($client instanceof ClientEntityInterface === false) {
-            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
-            throw OAuthServerException::invalidClient($request);
-        }
-
-        return $client;
-    }
-
     protected function validateUser(ServerRequestInterface $request): UserEntityInterface
     {
         $login = $this->getRequestParameter('login', $request);
diff --git a/src/Lodash/Auth/Passport/Grants/InternalRefreshTokenGrant.php b/src/Lodash/Auth/Passport/Grants/InternalRefreshTokenGrant.php
