fix: review

vincentchalamon · vincentchalamon · commit ec942aa07cdb · 2022-03-09T09:54:50.000+01:00
diff --git a/src/Core/Bridge/Symfony/Bundle/Action/SwaggerUiAction.php b/src/Core/Bridge/Symfony/Bundle/Action/SwaggerUiAction.php
@@ -56,7 +56,7 @@ final class SwaggerUiAction
     private $oauthTokenUrl;
     private $oauthAuthorizationUrl;
     private $oauthScopes;
-    private $oauthPKCE;
+    private $oauthPkce;
     private $formatsProvider;
     private $swaggerUiEnabled;
     private $reDocEnabled;
@@ -80,10 +80,9 @@ final class SwaggerUiAction
      * @param mixed      $oauthTokenUrl
      * @param mixed      $oauthAuthorizationUrl
      * @param mixed      $oauthScopes
-     * @param mixed      $oauthPKCE
      * @param mixed      $resourceMetadataFactory
      */
-    public function __construct(ResourceNameCollectionFactoryInterface $resourceNameCollectionFactory, $resourceMetadataFactory, NormalizerInterface $normalizer, ?TwigEnvironment $twig, UrlGeneratorInterface $urlGenerator, string $title = '', string $description = '', string $version = '', $formats = [], $oauthEnabled = false, $oauthClientId = '', $oauthClientSecret = '', $oauthType = '', $oauthFlow = '', $oauthTokenUrl = '', $oauthAuthorizationUrl = '', $oauthScopes = [], bool $oauthPKCE = true, bool $showWebby = true, bool $swaggerUiEnabled = false, bool $reDocEnabled = false, bool $graphqlEnabled = false, bool $graphiQlEnabled = false, bool $graphQlPlaygroundEnabled = false, array $swaggerVersions = [2, 3], OpenApiSwaggerUiAction $swaggerUiAction = null, $assetPackage = null, array $swaggerUiExtraConfiguration = [])
+    public function __construct(ResourceNameCollectionFactoryInterface $resourceNameCollectionFactory, $resourceMetadataFactory, NormalizerInterface $normalizer, ?TwigEnvironment $twig, UrlGeneratorInterface $urlGenerator, string $title = '', string $description = '', string $version = '', $formats = [], $oauthEnabled = false, $oauthClientId = '', $oauthClientSecret = '', $oauthType = '', $oauthFlow = '', $oauthTokenUrl = '', $oauthAuthorizationUrl = '', $oauthScopes = [], bool $oauthPkce = false, bool $showWebby = true, bool $swaggerUiEnabled = false, bool $reDocEnabled = false, bool $graphqlEnabled = false, bool $graphiQlEnabled = false, bool $graphQlPlaygroundEnabled = false, array $swaggerVersions = [2, 3], OpenApiSwaggerUiAction $swaggerUiAction = null, $assetPackage = null, array $swaggerUiExtraConfiguration = [])
     {
         $this->resourceNameCollectionFactory = $resourceNameCollectionFactory;
         $this->resourceMetadataFactory = $resourceMetadataFactory;
@@ -102,7 +101,7 @@ public function __construct(ResourceNameCollectionFactoryInterface $resourceName
         $this->oauthTokenUrl = $oauthTokenUrl;
         $this->oauthAuthorizationUrl = $oauthAuthorizationUrl;
         $this->oauthScopes = $oauthScopes;
-        $this->oauthPKCE = $oauthPKCE;
+        $this->oauthPkce = $oauthPkce;
         $this->swaggerUiEnabled = $swaggerUiEnabled;
         $this->reDocEnabled = $reDocEnabled;
         $this->graphqlEnabled = $graphqlEnabled;
@@ -186,7 +185,7 @@ private function getContext(Request $request, Documentation $documentation): arr
             'enabled' => $this->oauthEnabled,
             'clientId' => $this->oauthClientId,
             'clientSecret' => $this->oauthClientSecret,
-            'pkce' => $this->oauthPKCE,
+            'pkce' => $this->oauthPkce,
             'type' => $this->oauthType,
             'flow' => $this->oauthFlow,
             'tokenUrl' => $this->oauthTokenUrl,
diff --git a/src/Symfony/Bundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/DependencyInjection/Configuration.php
@@ -262,10 +262,9 @@ private function addOAuthSection(ArrayNodeDefinition $rootNode): void
                         ->scalarNode('clientId')->defaultValue('')->info('The oauth client id.')->end()
                         ->scalarNode('clientSecret')
                             ->defaultValue('')
-                            ->info('The oauth client secret.')
-                            ->setDeprecated(...$this->buildDeprecationArgs('2.7', 'The use of the `oauth.client_secret` has been deprecated in 2.7 for security reasons and will be removed in 3.0. The `oauth.pkce` option implements the OAuth2 PKCE strategy (enabled by default).'))
+                            ->info('The oauth client secret. Never use this parameter in your production environment. It exposes crucial security information. This feature is intended for dev/test environments only. Enable `oauth.pkce` instead')
                         ->end()
-                        ->booleanNode('pkce')->defaultTrue()->info('Enable the oauth PKCE.')->end()
+                        ->booleanNode('pkce')->defaultFalse()->info('Enable the oauth PKCE.')->end()
                         ->scalarNode('type')->defaultValue('oauth2')->info('The oauth type.')->end()
                         ->scalarNode('flow')->defaultValue('application')->info('The oauth flow grant type.')->end()
                         ->scalarNode('tokenUrl')->defaultValue('')->info('The oauth token url.')->end()
diff --git a/src/Symfony/Bundle/SwaggerUi/SwaggerUiAction.php b/src/Symfony/Bundle/SwaggerUi/SwaggerUiAction.php
@@ -40,9 +40,9 @@ final class SwaggerUiAction
     private $resourceMetadataFactory;
     private $oauthClientId;
     private $oauthClientSecret;
-    private $oauthPKCE;
+    private $oauthPkce;
 
-    public function __construct($resourceMetadataFactory, ?TwigEnvironment $twig, UrlGeneratorInterface $urlGenerator, NormalizerInterface $normalizer, OpenApiFactoryInterface $openApiFactory, Options $openApiOptions, SwaggerUiContext $swaggerUiContext, array $formats = [], string $oauthClientId = null, string $oauthClientSecret = null, bool $oauthPKCE = true)
+    public function __construct($resourceMetadataFactory, ?TwigEnvironment $twig, UrlGeneratorInterface $urlGenerator, NormalizerInterface $normalizer, OpenApiFactoryInterface $openApiFactory, Options $openApiOptions, SwaggerUiContext $swaggerUiContext, array $formats = [], string $oauthClientId = null, string $oauthClientSecret = null, bool $oauthPkce = false)
     {
         $this->resourceMetadataFactory = $resourceMetadataFactory;
         $this->twig = $twig;
@@ -54,7 +54,7 @@ public function __construct($resourceMetadataFactory, ?TwigEnvironment $twig, Ur
         $this->formats = $formats;
         $this->oauthClientId = $oauthClientId;
         $this->oauthClientSecret = $oauthClientSecret;
-        $this->oauthPKCE = $oauthPKCE;
+        $this->oauthPkce = $oauthPkce;
 
         if (null === $this->twig) {
             throw new \RuntimeException('The documentation cannot be displayed since the Twig bundle is not installed. Try running "composer require symfony/twig-bundle".');
@@ -91,7 +91,7 @@ public function __invoke(Request $request)
                 'scopes' => $this->openApiOptions->getOAuthScopes(),
                 'clientId' => $this->oauthClientId,
                 'clientSecret' => $this->oauthClientSecret,
-                'pkce' => $this->oauthPKCE,
+                'pkce' => $this->oauthPkce,
             ],
             'extraConfiguration' => $this->swaggerUiContext->getExtraConfiguration(),
         ];
diff --git a/tests/Symfony/Bundle/Action/SwaggerUiActionTest.php b/tests/Symfony/Bundle/Action/SwaggerUiActionTest.php
@@ -102,7 +102,7 @@ public function getInvokeParameters()
                     'tokenUrl' => '',
                     'authorizationUrl' => '',
                     'scopes' => [],
-                    'pkce' => true,
+                    'pkce' => false,
                 ],
                 'shortName' => 'F',
                 'operationId' => 'getFCollection',
@@ -138,7 +138,7 @@ public function getInvokeParameters()
                     'tokenUrl' => '',
                     'authorizationUrl' => '',
                     'scopes' => [],
-                    'pkce' => true,
+                    'pkce' => false,
                 ],
                 'shortName' => 'F',
                 'operationId' => 'getFItem',
@@ -197,7 +197,7 @@ public function testDoNotRunCurrentRequest(Request $request)
                     'tokenUrl' => '',
                     'authorizationUrl' => '',
                     'scopes' => [],
-                    'pkce' => true,
+                    'pkce' => false,
                 ],
             ],
         ])->shouldBeCalled()->willReturn('');
diff --git a/tests/Symfony/Bundle/DependencyInjection/ConfigurationTest.php b/tests/Symfony/Bundle/DependencyInjection/ConfigurationTest.php
@@ -148,7 +148,7 @@ private function runDefaultConfigTests(array $doctrineIntegrationsToLoad = ['orm
                 'authorizationUrl' => '',
                 'refreshUrl' => '',
                 'scopes' => [],
-                'pkce' => true,
+                'pkce' => false,
             ],
             'swagger' => [
                 'versions' => [2, 3],
diff --git a/tests/Symfony/Bundle/SwaggerUi/SwaggerUiActionTest.php b/tests/Symfony/Bundle/SwaggerUi/SwaggerUiActionTest.php
@@ -104,7 +104,7 @@ public function getInvokeParameters()
                     'tokenUrl' => '',
                     'authorizationUrl' => '',
                     'scopes' => [],
-                    'pkce' => true,
+                    'pkce' => false,
                 ],
                 'extraConfiguration' => [],
                 'shortName' => 'F',
@@ -140,7 +140,7 @@ public function getInvokeParameters()
                     'tokenUrl' => '',
                     'authorizationUrl' => '',
                     'scopes' => [],
-                    'pkce' => true,
+                    'pkce' => false,
                 ],
                 'extraConfiguration' => [],
                 'shortName' => 'F',
@@ -194,7 +194,7 @@ public function testDoNotRunCurrentRequest(Request $request)
                     'tokenUrl' => '',
                     'authorizationUrl' => '',
                     'scopes' => [],
-                    'pkce' => true,
+                    'pkce' => false,
                 ],
                 'extraConfiguration' => [],
             ],
