[13.x] Improve resolving and converting PSR responses (#1793)

* inject psr response

* update dependencies

composer.json

@@ -32,7 +32,7 @@
         "nyholm/psr7": "^1.5",
         "phpseclib/phpseclib": "^3.0",
         "symfony/console": "^7.0",
-        "symfony/psr-http-message-bridge": "^7.0"
+        "symfony/psr-http-message-bridge": "^7.1"
     },
     "require-dev": {
         "mockery/mockery": "^1.0",

src/Exceptions/OAuthServerException.php

@@ -7,7 +7,7 @@
 use Laravel\Passport\Http\Controllers\ConvertsPsrResponses;
 use League\OAuth2\Server\Exception\OAuthServerException as LeagueException;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
-use Nyholm\Psr7\Response as Psr7Response;
+use Psr\Http\Message\ResponseInterface;
 
 class OAuthServerException extends HttpResponseException
 {
@@ -18,7 +18,9 @@ class OAuthServerException extends HttpResponseException
      */
     public function __construct(LeagueException $e, bool $useFragment = false)
     {
-        parent::__construct($this->convertResponse($e->generateHttpResponse(new Psr7Response, $useFragment)), $e);
+        parent::__construct($this->convertResponse(
+            $e->generateHttpResponse(app(ResponseInterface::class), $useFragment)
+        ), $e);
     }
 
     /**

src/Guards/TokenGuard.php

@@ -21,7 +21,6 @@
 use Laravel\Passport\TransientToken;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\ResourceServer;
-use Nyholm\Psr7\Factory\Psr17Factory;
 use Psr\Http\Message\ServerRequestInterface;
 use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
 
@@ -161,13 +160,8 @@ protected function getPsrRequestViaBearerToken(): ?ServerRequestInterface
     {
         // First, we will convert the Symfony request to a PSR-7 implementation which will
         // be compatible with the base OAuth2 library. The Symfony bridge can perform a
-        // conversion for us to a new Nyholm implementation of this PSR-7 request.
-        $psr = (new PsrHttpFactory(
-            new Psr17Factory,
-            new Psr17Factory,
-            new Psr17Factory,
-            new Psr17Factory
-        ))->createRequest($this->request);
+        // conversion for us to a new PSR-7 implementation from this Symfony request.
+        $psr = (new PsrHttpFactory())->createRequest($this->request);
 
         try {
             return $this->server->validateAuthenticatedRequest($psr);

src/Http/Controllers/AccessTokenController.php

@@ -2,11 +2,11 @@
 
 namespace Laravel\Passport\Http\Controllers;
 
-use Illuminate\Http\Response;
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use Nyholm\Psr7\Response as Psr7Response;
+use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use Symfony\Component\HttpFoundation\Response;
 
 class AccessTokenController
 {
@@ -23,16 +23,16 @@ public function __construct(
     /**
      * Issue an access token.
      */
-    public function issueToken(ServerRequestInterface $request): Response
+    public function issueToken(ServerRequestInterface $psrRequest, ResponseInterface $psrResponse): Response
     {
-        return $this->withErrorHandling(function () use ($request) {
-            if (array_key_exists('grant_type', $attributes = (array) $request->getParsedBody()) &&
+        return $this->withErrorHandling(function () use ($psrRequest, $psrResponse) {
+            if (array_key_exists('grant_type', $attributes = (array) $psrRequest->getParsedBody()) &&
                 $attributes['grant_type'] === 'personal_access') {
                 throw OAuthServerException::unsupportedGrantType();
             }
 
             return $this->convertResponse(
-                $this->server->respondToAccessTokenRequest($request, new Psr7Response)
+                $this->server->respondToAccessTokenRequest($psrRequest, $psrResponse)
             );
         });
     }

src/Http/Controllers/ApproveAuthorizationController.php

@@ -3,9 +3,9 @@
 namespace Laravel\Passport\Http\Controllers;
 
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use League\OAuth2\Server\AuthorizationServer;
-use Nyholm\Psr7\Response as Psr7Response;
+use Psr\Http\Message\ResponseInterface;
+use Symfony\Component\HttpFoundation\Response;
 
 class ApproveAuthorizationController
 {
@@ -22,14 +22,14 @@ public function __construct(
     /**
      * Approve the authorization request.
      */
-    public function approve(Request $request): Response
+    public function approve(Request $request, ResponseInterface $psrResponse): Response
     {
         $authRequest = $this->getAuthRequestFromSession($request);
 
         $authRequest->setAuthorizationApproved(true);
 
         return $this->withErrorHandling(fn () => $this->convertResponse(
-            $this->server->completeAuthorizationRequest($authRequest, new Psr7Response)
+            $this->server->completeAuthorizationRequest($authRequest, $psrResponse)
         ), $authRequest->getGrantTypeId() === 'implicit');
     }
 }

src/Http/Controllers/AuthorizationController.php

@@ -5,7 +5,6 @@
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\StatefulGuard;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Date;
 use Illuminate\Support\Str;
 use Laravel\Passport\Bridge\User;
@@ -18,8 +17,9 @@
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
-use Nyholm\Psr7\Response as Psr7Response;
+use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use Symfony\Component\HttpFoundation\Response;
 
 class AuthorizationController
 {
@@ -31,16 +31,19 @@ class AuthorizationController
     public function __construct(
         protected AuthorizationServer $server,
         protected StatefulGuard $guard,
-        protected AuthorizationViewResponse $response,
         protected ClientRepository $clients
     ) {
     }
 
     /**
      * Authorize a client to access the user's account.
      */
-    public function authorize(ServerRequestInterface $psrRequest, Request $request): Response|AuthorizationViewResponse
-    {
+    public function authorize(
+        ServerRequestInterface $psrRequest,
+        Request $request,
+        ResponseInterface $psrResponse,
+        AuthorizationViewResponse $viewResponse
+    ): Response|AuthorizationViewResponse {
         $authRequest = $this->withErrorHandling(
             fn () => $this->server->validateAuthorizationRequest($psrRequest),
             ($psrRequest->getQueryParams()['response_type'] ?? null) === 'token'
@@ -71,7 +74,7 @@ public function authorize(ServerRequestInterface $psrRequest, Request $request):
 
         if ($request->get('prompt') !== 'consent' &&
             ($client->skipsAuthorization($user, $scopes) || $this->hasGrantedScopes($user, $client, $scopes))) {
-            return $this->approveRequest($authRequest);
+            return $this->approveRequest($authRequest, $psrResponse);
         }
 
         if ($request->get('prompt') === 'none') {
@@ -81,7 +84,7 @@ public function authorize(ServerRequestInterface $psrRequest, Request $request):
         $request->session()->put('authToken', $authToken = Str::random());
         $request->session()->put('authRequest', $authRequest);
 
-        return $this->response->withParameters([
+        return $viewResponse->withParameters([
             'client' => $client,
             'user' => $user,
             'scopes' => $scopes,
@@ -124,12 +127,12 @@ protected function hasGrantedScopes(Authenticatable $user, Client $client, array
     /**
      * Approve the authorization request.
      */
-    protected function approveRequest(AuthorizationRequestInterface $authRequest): Response
+    protected function approveRequest(AuthorizationRequestInterface $authRequest, ResponseInterface $psrResponse): Response
     {
         $authRequest->setAuthorizationApproved(true);
 
         return $this->withErrorHandling(fn () => $this->convertResponse(
-            $this->server->completeAuthorizationRequest($authRequest, new Psr7Response)
+            $this->server->completeAuthorizationRequest($authRequest, $psrResponse)
         ), $authRequest->getGrantTypeId() === 'implicit');
     }
 

src/Http/Controllers/ConvertsPsrResponses.php

@@ -2,8 +2,9 @@
 
 namespace Laravel\Passport\Http\Controllers;
 
-use Illuminate\Http\Response;
 use Psr\Http\Message\ResponseInterface;
+use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
+use Symfony\Component\HttpFoundation\Response;
 
 trait ConvertsPsrResponses
 {
@@ -12,10 +13,6 @@ trait ConvertsPsrResponses
      */
     public function convertResponse(ResponseInterface $psrResponse): Response
     {
-        return new Response(
-            $psrResponse->getBody(),
-            $psrResponse->getStatusCode(),
-            $psrResponse->getHeaders()
-        );
+        return (new HttpFoundationFactory())->createResponse($psrResponse);
     }
 }

src/Http/Controllers/DenyAuthorizationController.php

@@ -3,9 +3,9 @@
 namespace Laravel\Passport\Http\Controllers;
 
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use League\OAuth2\Server\AuthorizationServer;
-use Nyholm\Psr7\Response as Psr7Response;
+use Psr\Http\Message\ResponseInterface;
+use Symfony\Component\HttpFoundation\Response;
 
 class DenyAuthorizationController
 {
@@ -22,14 +22,14 @@ public function __construct(
     /**
      * Deny the authorization request.
      */
-    public function deny(Request $request): Response
+    public function deny(Request $request, ResponseInterface $psrResponse): Response
     {
         $authRequest = $this->getAuthRequestFromSession($request);
 
         $authRequest->setAuthorizationApproved(false);
 
         return $this->withErrorHandling(fn () => $this->convertResponse(
-            $this->server->completeAuthorizationRequest($authRequest, new Psr7Response)
+            $this->server->completeAuthorizationRequest($authRequest, $psrResponse)
         ), $authRequest->getGrantTypeId() === 'implicit');
     }
 }

src/Http/Middleware/ValidateToken.php

@@ -8,7 +8,6 @@
 use Laravel\Passport\Exceptions\AuthenticationException;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\ResourceServer;
-use Nyholm\Psr7\Factory\Psr17Factory;
 use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -46,12 +45,7 @@ public static function using(...$scopes): string
      */
     public function handle(Request $request, Closure $next, string ...$scopes): Response
     {
-        $psr = (new PsrHttpFactory(
-            new Psr17Factory,
-            new Psr17Factory,
-            new Psr17Factory,
-            new Psr17Factory
-        ))->createRequest($request);
+        $psr = (new PsrHttpFactory())->createRequest($request);
 
         try {
             $psr = $this->server->validateAuthenticatedRequest($psr);

src/PersonalAccessTokenFactory.php

@@ -4,9 +4,10 @@
 
 use Lcobucci\JWT\Parser as JwtParser;
 use League\OAuth2\Server\AuthorizationServer;
-use Nyholm\Psr7\Response;
-use Nyholm\Psr7\ServerRequest;
+use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
+use Symfony\Component\HttpFoundation\Request;
 
 class PersonalAccessTokenFactory
 {
@@ -48,12 +49,12 @@ public function make(string|int $userId, string $name, array $scopes, string $pr
      */
     protected function createRequest(string|int $userId, array $scopes, string $provider): ServerRequestInterface
     {
-        return (new ServerRequest('POST', 'not-important'))->withParsedBody([
+        return (new PsrHttpFactory())->createRequest(Request::create('not-important', 'POST', [
             'grant_type' => 'personal_access',
             'provider' => $provider,
             'user_id' => $userId,
             'scope' => implode(' ', $scopes),
-        ]);
+        ]));
     }
 
     /**
@@ -64,7 +65,7 @@ protected function createRequest(string|int $userId, array $scopes, string $prov
     protected function dispatchRequestToAuthorizationServer(ServerRequestInterface $request): array
     {
         return json_decode($this->server->respondToAccessTokenRequest(
-            $request, new Response
+            $request, app(ResponseInterface::class)
         )->getBody()->__toString(), true);
     }
 

tests/Unit/AccessTokenControllerTest.php

@@ -34,14 +34,16 @@ public function test_a_token_can_be_issued()
 
         $controller = new AccessTokenController($server);
 
-        $this->assertSame('{"access_token":"access-token"}', $controller->issueToken($request)->getContent());
+        $this->assertSame('{"access_token":"access-token"}', $controller->issueToken($request, $psrResponse)->getContent());
     }
 
     public function test_exceptions_are_handled()
     {
         $request = m::mock(ServerRequestInterface::class);
         $request->shouldReceive('getParsedBody')->once()->andReturn([]);
 
+        app()->instance(ResponseInterface::class, new Response);
+
         $server = m::mock(AuthorizationServer::class);
         $server->shouldReceive('respondToAccessTokenRequest')->with(
             $request, m::type(ResponseInterface::class)
@@ -51,7 +53,7 @@ public function test_exceptions_are_handled()
 
         $this->expectException(OAuthServerException::class);
 
-        $controller->issueToken($request);
+        $controller->issueToken($request, m::mock(ResponseInterface::class));
     }
 }
 

tests/Unit/ApproveAuthorizationControllerTest.php

@@ -45,7 +45,7 @@ public function test_complete_authorization_request()
             ->with($authRequest, m::type(ResponseInterface::class))
             ->andReturn($psrResponse);
 
-        $this->assertSame('response', $controller->approve($request)->getContent());
+        $this->assertSame('response', $controller->approve($request, $psrResponse)->getContent());
     }
 }