Add Helpers to Request Rules

Author: cicnavi

src/Controllers/Admin/ClientController.php

@@ -299,7 +299,7 @@ public function edit(Request $request): Response
     }
 
     /**
-     * TODO mivanci Move to ClientEntityFactory::fromRegistrationData on dynamic client registration implementation.
+     * TODO v7 mivanci Move to ClientEntityFactory::fromRegistrationData on dynamic client registration implementation.
      * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
      */
     protected function buildClientEntityFromFormData(

src/Controllers/Federation/EntityStatementController.php

@@ -95,7 +95,7 @@ public function configuration(): Response
                         )),
                         ClaimsEnum::FederationFetchEndpoint->value =>
                             $this->moduleConfig->getModuleUrl(RoutesEnum::FederationFetch->value),
-                        // TODO mivanci Add when ready. Use ClaimsEnum for keys.
+                        // TODO v7 mivanci Add when ready. Use ClaimsEnum for keys.
                         // https://openid.net/specs/openid-federation-1_0.html#name-federation-entity
                         //'federation_list_endpoint',
                         //'federation_resolve_endpoint',
@@ -149,7 +149,7 @@ public function configuration(): Response
             $builder = $builder->withClaim(ClaimsEnum::TrustMarks->value, $trustMarks);
         }
 
-        // TODO mivanci Continue
+        // TODO v7 mivanci Continue
         // Remaining claims, add if / when ready.
         // * crit
 
@@ -235,14 +235,14 @@ public function fetch(Request $request): Response
                                 ClaimsEnum::PostLogoutRedirectUris->value => $client->getPostLogoutRedirectUri(),
                             ],
                         )),
-                        // TODO mivanci Continue
+                        // TODO v7 mivanci Continue
                         // https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
                         // https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata
                     ],
                 ],
             );
 
-        // TODO mivanci Continue
+        // TODO v7 mivanci Continue
         // Note: claims which can be present in subordinate statements:
         // * metadata_policy
         // * constraints

src/Factories/RequestRulesManagerFactory.php

@@ -81,43 +81,62 @@ public function build(?array $rules = null): RequestRulesManager
     private function getDefaultRules(): array
     {
         return [
-            new StateRule($this->requestParamsResolver),
+            new StateRule($this->requestParamsResolver, $this->helpers),
             new ClientIdRule(
                 $this->requestParamsResolver,
+                $this->helpers,
                 $this->clientRepository,
                 $this->moduleConfig,
                 $this->clientEntityFactory,
                 $this->federation,
-                $this->helpers,
                 $this->jwksResolver,
                 $this->federationParticipationValidator,
                 $this->federationCache,
             ),
-            new RedirectUriRule($this->requestParamsResolver),
-            new RequestObjectRule($this->requestParamsResolver, $this->jwksResolver),
-            new PromptRule($this->requestParamsResolver, $this->authSimpleFactory, $this->authenticationService),
-            new MaxAgeRule($this->requestParamsResolver, $this->authSimpleFactory, $this->authenticationService),
-            new ScopeRule($this->requestParamsResolver, $this->scopeRepository, $this->helpers),
-            new RequiredOpenIdScopeRule($this->requestParamsResolver),
-            new CodeChallengeRule($this->requestParamsResolver),
-            new CodeChallengeMethodRule($this->requestParamsResolver, $this->codeChallengeVerifiersRepository),
-            new RequestedClaimsRule($this->requestParamsResolver, $this->claimTranslatorExtractor),
-            new AddClaimsToIdTokenRule($this->requestParamsResolver),
-            new RequiredNonceRule($this->requestParamsResolver),
-            new ResponseTypeRule($this->requestParamsResolver),
-            new IdTokenHintRule($this->requestParamsResolver, $this->moduleConfig, $this->cryptKeyFactory),
-            new PostLogoutRedirectUriRule($this->requestParamsResolver, $this->clientRepository),
-            new UiLocalesRule($this->requestParamsResolver),
-            new AcrValuesRule($this->requestParamsResolver),
-            new ScopeOfflineAccessRule($this->requestParamsResolver),
+            new RedirectUriRule($this->requestParamsResolver, $this->helpers),
+            new RequestObjectRule($this->requestParamsResolver, $this->helpers, $this->jwksResolver),
+            new PromptRule(
+                $this->requestParamsResolver,
+                $this->helpers,
+                $this->authSimpleFactory,
+                $this->authenticationService,
+            ),
+            new MaxAgeRule(
+                $this->requestParamsResolver,
+                $this->helpers,
+                $this->authSimpleFactory,
+                $this->authenticationService,
+            ),
+            new ScopeRule($this->requestParamsResolver, $this->helpers, $this->scopeRepository),
+            new RequiredOpenIdScopeRule($this->requestParamsResolver, $this->helpers),
+            new CodeChallengeRule($this->requestParamsResolver, $this->helpers),
+            new CodeChallengeMethodRule(
+                $this->requestParamsResolver,
+                $this->helpers,
+                $this->codeChallengeVerifiersRepository,
+            ),
+            new RequestedClaimsRule($this->requestParamsResolver, $this->helpers, $this->claimTranslatorExtractor),
+            new AddClaimsToIdTokenRule($this->requestParamsResolver, $this->helpers),
+            new RequiredNonceRule($this->requestParamsResolver, $this->helpers),
+            new ResponseTypeRule($this->requestParamsResolver, $this->helpers),
+            new IdTokenHintRule(
+                $this->requestParamsResolver,
+                $this->helpers,
+                $this->moduleConfig,
+                $this->cryptKeyFactory,
+            ),
+            new PostLogoutRedirectUriRule($this->requestParamsResolver, $this->helpers, $this->clientRepository),
+            new UiLocalesRule($this->requestParamsResolver, $this->helpers),
+            new AcrValuesRule($this->requestParamsResolver, $this->helpers),
+            new ScopeOfflineAccessRule($this->requestParamsResolver, $this->helpers),
             new ClientAuthenticationRule(
                 $this->requestParamsResolver,
+                $this->helpers,
                 $this->moduleConfig,
                 $this->jwksResolver,
-                $this->helpers,
                 $this->protocolCache,
             ),
-            new CodeVerifierRule($this->requestParamsResolver),
+            new CodeVerifierRule($this->requestParamsResolver, $this->helpers),
         ];
     }
 }

src/Server/RequestRules/Rules/AbstractRule.php

@@ -4,13 +4,16 @@
 
 namespace SimpleSAML\Module\oidc\Server\RequestRules\Rules;
 
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\RequestRuleInterface;
 use SimpleSAML\Module\oidc\Utils\RequestParamsResolver;
 
 abstract class AbstractRule implements RequestRuleInterface
 {
-    public function __construct(protected RequestParamsResolver $requestParamsResolver)
-    {
+    public function __construct(
+        protected RequestParamsResolver $requestParamsResolver,
+        protected Helpers $helpers,
+    ) {
     }
 
     /**

src/Server/RequestRules/Rules/ClientAuthenticationRule.php

@@ -26,12 +26,12 @@ class ClientAuthenticationRule extends AbstractRule
 
     public function __construct(
         RequestParamsResolver $requestParamsResolver,
+        Helpers $helpers,
         protected ModuleConfig $moduleConfig,
         protected JwksResolver $jwksResolver,
-        protected Helpers $helpers,
         protected ?ProtocolCache $protocolCache,
     ) {
-        parent::__construct($requestParamsResolver);
+        parent::__construct($requestParamsResolver, $helpers);
     }
 
     /**

src/Server/RequestRules/Rules/ClientIdRule.php

@@ -34,16 +34,16 @@ class ClientIdRule extends AbstractRule
 
     public function __construct(
         RequestParamsResolver $requestParamsResolver,
+        Helpers $helpers,
         protected ClientRepository $clientRepository,
         protected ModuleConfig $moduleConfig,
         protected ClientEntityFactory $clientEntityFactory,
         protected Federation $federation,
-        protected Helpers $helpers,
         protected JwksResolver $jwksResolver,
         protected FederationParticipationValidator $federationParticipationValidator,
         protected ?FederationCache $federationCache = null,
     ) {
-        parent::__construct($requestParamsResolver);
+        parent::__construct($requestParamsResolver, $helpers);
     }
 
     /**
@@ -132,8 +132,8 @@ public function checkRule(
         throw OidcServerException::invalidRequest(ParamsEnum::Request->value, 'Client ID is not valid URI.');
 
         // We are ready to resolve trust chain.
-        // TODO mivanci Request Object can contain trust_chain claim, so also implement resolving using that claim. Note
-        // that this is only possible if we have JWKS configured for common TA, so we can check TA Configuration
+        // TODO mivanci v7 Request Object can contain trust_chain claim, so also implement resolving using that claim.
+        // Note that this is only possible if we have JWKS configured for common TA, so we can check TA Configuration
         // signature.
         try {
             $trustChain = $this->federation->trustChainResolver()->for(

src/Server/RequestRules/Rules/CodeChallengeMethodRule.php

@@ -5,6 +5,7 @@
 namespace SimpleSAML\Module\oidc\Server\RequestRules\Rules;
 
 use Psr\Http\Message\ServerRequestInterface;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Repositories\CodeChallengeVerifiersRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
@@ -19,9 +20,10 @@ class CodeChallengeMethodRule extends AbstractRule
 {
     public function __construct(
         RequestParamsResolver $requestParamsResolver,
+        Helpers $helpers,
         protected CodeChallengeVerifiersRepository $codeChallengeVerifiersRepository,
     ) {
-        parent::__construct($requestParamsResolver);
+        parent::__construct($requestParamsResolver, $helpers);
     }
 
     /**

src/Server/RequestRules/Rules/IdTokenHintRule.php

@@ -10,6 +10,7 @@
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Factories\CryptKeyFactory;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
@@ -25,10 +26,11 @@ class IdTokenHintRule extends AbstractRule
 {
     public function __construct(
         RequestParamsResolver $requestParamsResolver,
+        Helpers $helpers,
         protected ModuleConfig $moduleConfig,
         protected CryptKeyFactory $cryptKeyFactory,
     ) {
-        parent::__construct($requestParamsResolver);
+        parent::__construct($requestParamsResolver, $helpers);
     }
 
     /**
@@ -56,7 +58,7 @@ public function checkRule(
             return new Result($this->getKey(), $idTokenHintParam);
         }
 
-        // TODO mivanci Fix: unmockable services... inject instead.
+        // TODO v7 mivanci Fix: unmockable services... inject instead.
         $privateKey = $this->cryptKeyFactory->buildPrivateKey();
         $publicKey = $this->cryptKeyFactory->buildPublicKey();
         /** @psalm-suppress ArgumentTypeCoercion */

src/Server/RequestRules/Rules/MaxAgeRule.php

@@ -6,6 +6,7 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Factories\AuthSimpleFactory;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
@@ -21,10 +22,11 @@ class MaxAgeRule extends AbstractRule
 {
     public function __construct(
         RequestParamsResolver $requestParamsResolver,
+        Helpers $helpers,
         private readonly AuthSimpleFactory $authSimpleFactory,
         private readonly AuthenticationService $authenticationService,
     ) {
-        parent::__construct($requestParamsResolver);
+        parent::__construct($requestParamsResolver, $helpers);
     }
 
     /**

src/Server/RequestRules/Rules/PostLogoutRedirectUriRule.php

@@ -5,6 +5,7 @@
 namespace SimpleSAML\Module\oidc\Server\RequestRules\Rules;
 
 use Psr\Http\Message\ServerRequestInterface;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
@@ -19,9 +20,10 @@ class PostLogoutRedirectUriRule extends AbstractRule
 {
     public function __construct(
         RequestParamsResolver $requestParamsResolver,
+        Helpers $helpers,
         protected ClientRepository $clientRepository,
     ) {
-        parent::__construct($requestParamsResolver);
+        parent::__construct($requestParamsResolver, $helpers);
     }
 
     /**