Allow env parameter for encryption_key_type

Author: mtarld

src/DependencyInjection/CompilerPass/EncryptionKeyPass.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\DependencyInjection\CompilerPass;
+
+use Defuse\Crypto\Key;
+use League\OAuth2\Server\AuthorizationServer;
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Definition;
+use Symfony\Component\DependencyInjection\Reference;
+
+/**
+ * @author Mathias Arlaud <[email protected]>
+ */
+class EncryptionKeyPass implements CompilerPassInterface
+{
+    public function process(ContainerBuilder $container): void
+    {
+        $encryptionKey = $container->getParameter('league.oauth2_server.encryption_key');
+        $encryptionKeyType = $container->resolveEnvPlaceholders($container->getParameter('league.oauth2_server.encryption_key.type'), true);
+        $authorizationServer = $container->findDefinition(AuthorizationServer::class);
+
+        if ('plain' === $encryptionKeyType) {
+            $authorizationServer->replaceArgument(4, $encryptionKey);
+
+            return;
+        }
+
+        if ('defuse' === $encryptionKeyType) {
+            if (!class_exists(Key::class)) {
+                throw new \RuntimeException('You must install the "defuse/php-encryption" package to use "encryption_key_type: defuse".');
+            }
+
+            $keyDefinition = (new Definition(Key::class))
+                ->setFactory([Key::class, 'loadFromAsciiSafeString'])
+                ->addArgument($encryptionKey);
+
+            $container->setDefinition('league.oauth2_server.defuse_key', $keyDefinition);
+
+            $authorizationServer->replaceArgument(4, new Reference('league.oauth2_server.defuse_key'));
+
+            return;
+        }
+
+        throw new \RuntimeException(sprintf('The value "%s" is not allowed for path "league_oauth2_server.authorization_server.encryption_key_type". Permissible values: "plain", "defuse"', $encryptionKeyType));
+    }
+}

src/DependencyInjection/Configuration.php

@@ -63,9 +63,9 @@ private function createAuthorizationServerNode(): NodeDefinition
                     ->isRequired()
                     ->cannotBeEmpty()
                 ->end()
-                ->enumNode('encryption_key_type')
-                    ->info("The type of value of 'encryption_key'")
-                    ->values(['plain', 'defuse'])
+                ->scalarNode('encryption_key_type')
+                    ->info("The type of value of 'encryption_key'\nShould be either 'plain' or 'defuse'")
+                    ->cannotBeEmpty()
                     ->defaultValue('plain')
                 ->end()
                 ->scalarNode('access_token_ttl')

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -127,6 +127,9 @@ private function assertRequiredBundlesAreEnabled(ContainerBuilder $container): v
 
     private function configureAuthorizationServer(ContainerBuilder $container, array $config): void
     {
+        $container->setParameter('league.oauth2_server.encryption_key', $config['encryption_key']);
+        $container->setParameter('league.oauth2_server.encryption_key.type', $config['encryption_key_type']);
+
         $authorizationServer = $container
             ->findDefinition(AuthorizationServer::class)
             ->replaceArgument(3, new Definition(CryptKey::class, [
@@ -135,21 +138,6 @@ private function configureAuthorizationServer(ContainerBuilder $container, array
                 false,
             ]));
 
-        if ('plain' === $config['encryption_key_type']) {
-            $authorizationServer->replaceArgument(4, $config['encryption_key']);
-        } elseif ('defuse' === $config['encryption_key_type']) {
-            if (!class_exists(Key::class)) {
-                throw new \RuntimeException('You must install the "defuse/php-encryption" package to use "encryption_key_type: defuse".');
-            }
-
-            $keyDefinition = (new Definition(Key::class))
-                ->setFactory([Key::class, 'loadFromAsciiSafeString'])
-                ->addArgument($config['encryption_key']);
-            $container->setDefinition('league.oauth2_server.defuse_key', $keyDefinition);
-
-            $authorizationServer->replaceArgument(4, new Reference('league.oauth2_server.defuse_key'));
-        }
-
         if ($config['enable_client_credentials_grant']) {
             $authorizationServer->addMethodCall('enableGrantType', [
                 new Reference(ClientCredentialsGrant::class),

src/LeagueOAuth2ServerBundle.php

@@ -5,6 +5,7 @@
 namespace League\Bundle\OAuth2ServerBundle;
 
 use Doctrine\Bundle\DoctrineBundle\DependencyInjection\Compiler\DoctrineOrmMappingsPass;
+use League\Bundle\OAuth2ServerBundle\DependencyInjection\CompilerPass\EncryptionKeyPass;
 use League\Bundle\OAuth2ServerBundle\DependencyInjection\LeagueOAuth2ServerExtension;
 use League\Bundle\OAuth2ServerBundle\DependencyInjection\Security\OAuth2Factory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
@@ -60,5 +61,7 @@ private function configureDoctrineExtension(ContainerBuilder $container): void
                 ]
             )
         );
+
+        $container->addCompilerPass(new EncryptionKeyPass());
     }
 }