Move to Scope helper

Author: cicnavi

src/Controllers/EndSessionController.php

@@ -41,7 +41,7 @@ public function __construct(
      */
     public function __invoke(ServerRequestInterface $request): Response
     {
-        // TODO Back-Channel Logout: https://openid.net/specs/openid-connect-backchannel-1_0.html
+        // TODO v7 Back-Channel Logout: https://openid.net/specs/openid-connect-backchannel-1_0.html
         //      [] Refresh tokens issued without the offline_access property to a session being logged out SHOULD
         //           be revoked. Refresh tokens issued with the offline_access property normally SHOULD NOT be revoked.
         //      - offline_access scope is now handled.
@@ -147,7 +147,7 @@ public static function logoutHandler(): void
         $sessionLogoutTickets = $sessionLogoutTicketStore->getAll();
 
         if (!empty($sessionLogoutTickets)) {
-            // TODO low mivanci This could brake since interface does not mandate type. Move to strong typing.
+            // TODO v7 low mivanci This could brake since interface does not mandate type. Move to strong typing.
             /** @var array $sessionLogoutTicket */
             foreach ($sessionLogoutTickets as $sessionLogoutTicket) {
                 $sid = (string)$sessionLogoutTicket['sid'];

src/Helpers.php

@@ -9,6 +9,7 @@
 use SimpleSAML\Module\oidc\Helpers\DateTime;
 use SimpleSAML\Module\oidc\Helpers\Http;
 use SimpleSAML\Module\oidc\Helpers\Random;
+use SimpleSAML\Module\oidc\Helpers\Scope;
 use SimpleSAML\Module\oidc\Helpers\Str;
 
 class Helpers
@@ -19,6 +20,7 @@ class Helpers
     protected static ?Str $str = null;
     protected static ?Arr $arr = null;
     protected static ?Random $random = null;
+    protected static ?Scope $scope = null;
 
     public function http(): Http
     {
@@ -51,4 +53,9 @@ public function random(): Random
     {
         return static::$random ??= new Random();
     }
+
+    public function scope(): Scope
+    {
+        return static::$scope ??= new Scope();
+    }
 }

src/Utils/ScopeHelper.php renamed to src/Helpers/Scope.php

@@ -2,18 +2,18 @@
 
 declare(strict_types=1);
 
-namespace SimpleSAML\Module\oidc\Utils;
+namespace SimpleSAML\Module\oidc\Helpers;
 
 use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 
-class ScopeHelper
+class Scope
 {
     /**
      * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
      * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
      */
-    public static function scopeExists(array $scopes, string $scopeIdentifier): bool
+    public function exists(array $scopes, string $scopeIdentifier): bool
     {
         foreach ($scopes as $scope) {
             if (! $scope instanceof ScopeEntityInterface) {

src/Server/Grants/AuthCodeGrant.php

@@ -60,7 +60,6 @@
 use SimpleSAML\Module\oidc\Server\ResponseTypes\Interfaces\SessionIdResponseTypeInterface;
 use SimpleSAML\Module\oidc\Server\TokenIssuers\RefreshTokenIssuer;
 use SimpleSAML\Module\oidc\Utils\RequestParamsResolver;
-use SimpleSAML\Module\oidc\Utils\ScopeHelper;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
@@ -555,7 +554,7 @@ public function respondToAccessTokenRequest(
         }
 
         // Release refresh token if it is requested by using offline_access scope.
-        if (ScopeHelper::scopeExists($scopes, 'offline_access')) {
+        if ($this->helpers->scope()->exists($scopes, 'offline_access')) {
             // Issue and persist new refresh token if given
             $refreshToken = $this->issueRefreshToken($accessToken, $authCodePayload->auth_code_id);
 

src/Server/RequestRules/Rules/ScopeOfflineAccessRule.php

@@ -10,7 +10,6 @@
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Services\LoggerService;
-use SimpleSAML\Module\oidc\Utils\ScopeHelper;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 
 class ScopeOfflineAccessRule extends AbstractRule
@@ -37,7 +36,7 @@ public function checkRule(
         $validScopes = $currentResultBag->getOrFail(ScopeRule::class)->getValue();
 
         // Check if offline_access scope is used. If not, we don't have to check anything else.
-        if (! ScopeHelper::scopeExists($validScopes, 'offline_access')) {
+        if (! $this->helpers->scope()->exists($validScopes, 'offline_access')) {
             return new Result($this->getKey(), false);
         }
 

tests/unit/src/Helpers/ArrTest.php

@@ -22,13 +22,13 @@ public function testCanFindByCallback(): void
             'a',
             $this->sut()->findByCallback(
                 ['a', 'b', 'c'],
-                fn($item): bool => $item === 'a'
+                fn($item): bool => $item === 'a',
             ),
         );
 
         $this->assertNull($this->sut()->findByCallback(
             ['a', 'b', 'c'],
-            fn($item): bool => $item === 'd'
+            fn($item): bool => $item === 'd',
         ));
     }
 

tests/unit/src/Utils/ScopeHelperTest.php renamed to tests/unit/src/Helpers/ScopeTest.php

@@ -2,18 +2,17 @@
 
 declare(strict_types=1);
 
-namespace SimpleSAML\Test\Module\oidc\unit\Utils;
+namespace SimpleSAML\Test\Module\oidc\unit\Helpers;
 
 use League\OAuth2\Server\Entities\ScopeEntityInterface;
+use PHPUnit\Framework\Attributes\CoversClass;
 use PHPUnit\Framework\MockObject\Stub;
 use PHPUnit\Framework\TestCase;
+use SimpleSAML\Module\oidc\Helpers\Scope;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
-use SimpleSAML\Module\oidc\Utils\ScopeHelper;
 
-/**
- * @covers \SimpleSAML\Module\oidc\Utils\ScopeHelper
- */
-class ScopeHelperTest extends TestCase
+#[CoversClass(Scope::class)]
+class ScopeTest extends TestCase
 {
     protected Stub $scopeEntityOpenIdStub;
     protected Stub $scopeEntityProfileStub;
@@ -34,20 +33,25 @@ protected function setUp(): void
         ];
     }
 
+    protected function sut(): Scope
+    {
+        return new Scope();
+    }
+
     /**
      * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
      */
     public function testCanCheckScopeExistence(): void
     {
-        $this->assertTrue(ScopeHelper::scopeExists($this->scopeEntitiesArray, 'openid'));
-        $this->assertTrue(ScopeHelper::scopeExists($this->scopeEntitiesArray, 'profile'));
-        $this->assertFalse(ScopeHelper::scopeExists($this->scopeEntitiesArray, 'invalid'));
+        $this->assertTrue($this->sut()->exists($this->scopeEntitiesArray, 'openid'));
+        $this->assertTrue($this->sut()->exists($this->scopeEntitiesArray, 'profile'));
+        $this->assertFalse($this->sut()->exists($this->scopeEntitiesArray, 'invalid'));
     }
 
     public function testThrowsForInvalidScopeEntity(): void
     {
         $this->expectException(OidcServerException::class);
 
-        ScopeHelper::scopeExists(['invalid'], 'test');
+        $this->sut()->exists(['invalid'], 'test');
     }
 }

tests/unit/src/HelpersTest.php

@@ -16,6 +16,7 @@
 #[UsesClass(Helpers\Str::class)]
 #[UsesClass(Helpers\Arr::class)]
 #[UsesClass(Helpers\Random::class)]
+#[UsesClass(Helpers\Scope::class)]
 class HelpersTest extends TestCase
 {
     protected function sut(): Helpers
@@ -31,5 +32,6 @@ public function testCanBuildHelpers(): void
         $this->assertInstanceOf(Helpers\Str::class, $this->sut()->str());
         $this->assertInstanceOf(Helpers\Arr::class, $this->sut()->arr());
         $this->assertInstanceOf(Helpers\Random::class, $this->sut()->random());
+        $this->assertInstanceOf(Helpers\Scope::class, $this->sut()->scope());
     }
 }