Testing complete

Author: SecondeJK

phpunit.xml.dist

@@ -26,6 +26,12 @@
     <testsuite name="client">
       <directory>test/Client</directory>
     </testsuite>
+    <testsuite name="sim_swap">
+      <directory>test/SimSwap</directory>
+    </testsuite>
+    <testsuite name="number_verification">
+      <directory>test/NumberVerification</directory>
+    </testsuite>
     <testsuite name="conversations">
       <directory>test/Conversation</directory>
     </testsuite>

src/Client.php

@@ -24,6 +24,7 @@
 use Vonage\Client\Credentials\Basic;
 use Vonage\Client\Credentials\Container;
 use Vonage\Client\Credentials\CredentialsInterface;
+use Vonage\Client\Credentials\Gnp;
 use Vonage\Client\Credentials\Handler\BasicHandler;
 use Vonage\Client\Credentials\Handler\SignatureBodyFormHandler;
 use Vonage\Client\Credentials\Handler\SignatureBodyHandler;
@@ -171,12 +172,12 @@ public function __construct(
 
         $this->setHttpClient($client);
 
-        // Make sure we know how to use the credentials
         if (
             !($credentials instanceof Container) &&
             !($credentials instanceof Basic) &&
             !($credentials instanceof SignatureSecret) &&
-            !($credentials instanceof Keypair)
+            !($credentials instanceof Keypair) &&
+            !($credentials instanceof Gnp)
         ) {
             throw new RuntimeException('unknown credentials type: ' . $credentials::class);
         }

src/Client/APIResource.php

@@ -75,6 +75,7 @@ public function addAuth(RequestInterface $request): RequestInterface
                     $request = $handler($request, $credentials);
                     break;
                 } catch (\RuntimeException $e) {
+                    die($e->getMessage());
                     continue; // We are OK if multiple are sent but only one match
                 }
                 throw new \RuntimeException(

src/Client/Credentials/Container.php

@@ -14,7 +14,8 @@ class Container extends AbstractCredentials
     protected array $types = [
         Basic::class,
         SignatureSecret::class,
-        Keypair::class
+        Keypair::class,
+        Gnp::class
     ];
 
     /**

src/Client/Credentials/Gnp.php

@@ -4,15 +4,26 @@
 
 namespace Vonage\Client\Credentials;
 
-class Gnp extends Keypair
+use Lcobucci\JWT\Encoding\JoseEncoder;
+use Lcobucci\JWT\Token;
+use Vonage\JWT\TokenGenerator;
+
+class Gnp extends AbstractCredentials
 {
     protected ?string $code = null;
     protected ?string $state = null;
     protected ?string $redirectUri = null;
 
-    public function __construct(protected string $msisdn, protected string $key, $application = null)
+    public function __construct(
+        protected string $msisdn,
+        protected string $key,
+        protected $application = null
+    ) {
+    }
+
+    public function getKeyRaw(): string
     {
-        parent::__construct($key, $application);
+        return $this->key;
     }
 
     public function getMsisdn(): string
@@ -59,4 +70,62 @@ public function setRedirectUri(?string $redirectUri): Gnp
         $this->redirectUri = $redirectUri;
         return $this;
     }
+
+    public function generateJwt(array $claims = []): Token
+    {
+        $generator = new TokenGenerator($this->application, $this->getKeyRaw());
+
+        if (isset($claims['exp'])) {
+            // This will change to an Exception in 5.0
+            trigger_error('Expiry date is automatically generated from now and TTL, so cannot be passed in
+            as an argument in claims', E_USER_WARNING);
+            unset($claims['nbf']);
+        }
+
+        if (isset($claims['ttl'])) {
+            $generator->setTTL($claims['ttl']);
+            unset($claims['ttl']);
+        }
+
+        if (isset($claims['jti'])) {
+            $generator->setJTI($claims['jti']);
+            unset($claims['jti']);
+        }
+
+        if (isset($claims['nbf'])) {
+            // Due to older versions of lcobucci/jwt, this claim has
+            // historic fraction conversation issues. For now, nbf is not supported.
+            // This will change to an Exception in 5.0
+            trigger_error('NotBefore Claim is not supported in Vonage JWT', E_USER_WARNING);
+            unset($claims['nbf']);
+        }
+
+        if (isset($claims['sub'])) {
+            $generator->setSubject($claims['sub']);
+            unset($claims['sub']);
+        }
+
+        if (!empty($claims)) {
+            foreach ($claims as $claim => $value) {
+                $generator->addClaim($claim, $value);
+            }
+        }
+
+        $jwt = $generator->generate();
+        $parser = new Token\Parser(new JoseEncoder());
+
+        // Backwards compatible for signature. In 5.0 this will return a string value
+        return $parser->parse($jwt);
+    }
+
+    public function getApplication(): ?string
+    {
+        return $this->application;
+    }
+
+    public function setApplication(mixed $application): Keypair
+    {
+        $this->application = $application;
+        return $this;
+    }
 }

src/Client/Credentials/Handler/GnpKeypairHandler.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Vonage\Client\Credentials\Handler;
+
+use Psr\Http\Message\RequestInterface;
+use Vonage\Client\Credentials\CredentialsInterface;
+use Vonage\Client\Credentials\Gnp;
+use Vonage\Client\Credentials\Keypair;
+
+class GnpKeypairHandler extends AbstractHandler
+{
+    public function __invoke(RequestInterface $request, CredentialsInterface $credentials): RequestInterface
+    {
+        /** @var Keypair $credentials  */
+        $credentials = $this->extract(Gnp::class, $credentials);
+        $token = $credentials->generateJwt();
+
+        return $request->withHeader('Authorization', 'Bearer ' . $token->toString());
+    }
+}

src/Client/Credentials/Handler/NumberVerificationGnpHandler.php

@@ -48,19 +48,19 @@ public function __invoke(RequestInterface $request, CredentialsInterface $creden
 
         // submit the code to CAMARA endpoint
         $api = new APIResource();
-        $api->setAuthHandlers(new KeypairHandler());
+        $api->setAuthHandlers(new GnpKeypairHandler());
         $api->setClient($this->getClient());
         $api->setBaseUrl('https://api-eu.vonage.com/oauth2/token');
 
-        $tokenRequest = $api->submit([
+        $tokenResponse = $api->submit([
             'grant_type' => 'authorization_code',
             'code' => $credentials->getCode(),
             'redirect_uri' => $credentials->getRedirectUri()
         ]);
 
-        $token = $tokenRequest['access_token'];
+        $payload = json_decode($tokenResponse, true);
 
         // Add CAMARA Access Token to request and return to make API call
-        return $request->withHeader('Authorization', 'Bearer ' . $token);
+        return $request->withHeader('Authorization', 'Bearer ' . $payload['access_token']);
     }
 }

src/Client/Credentials/Handler/SimSwapGnpHandler.php

@@ -41,20 +41,19 @@ public function setTokenUrl(?string $tokenUrl): SimSwapGnpHandler
         return $this;
     }
 
+    public string $token;
+
     public function __invoke(RequestInterface $request, CredentialsInterface $credentials): RequestInterface
     {
         /** @var Gnp $credentials  */
         $credentials = $this->extract(Gnp::class, $credentials);
         $msisdn = $credentials->getMsisdn();
 
-        // Request OIDC, returns Auth Request ID
-        // Reconfigure new client for GNP Auth
         $api = new APIResource();
-        $api->setAuthHandlers(new KeypairHandler());
+        $api->setAuthHandlers(new GnpKeypairHandler());
         $api->setClient($this->getClient());
         $api->setBaseUrl($this->getBaseUrl());
 
-        // This handler requires an injected client configured with a Gnp credentials object and a configured scope
         $response = $api->submit([
             'login_hint' => $msisdn,
             'scope' => $this->getScope()

src/NumberVerification/Client.php

@@ -4,10 +4,10 @@
 
 namespace Vonage\NumberVerification;
 
-use GuzzleHttp\Psr7\Request;
 use Psr\Http\Client\ClientExceptionInterface;
 use Vonage\Client\APIClient;
 use Vonage\Client\APIResource;
+use Vonage\Client\Credentials\Container;
 use Vonage\Client\Credentials\CredentialsInterface;
 use Vonage\Client\Credentials\Gnp;
 use Vonage\Client\Exception\Credentials;
@@ -34,36 +34,36 @@ public function getAPIResource(): APIResource
      * @throws ClientExceptionInterface
      * @throws Exception
      */
-    public function verifyNumber(string $phoneNumber): bool
+    public function verifyNumber(string $phoneNumber, string $code, string $state): bool
     {
-        $webhook = Factory::createFromGlobals();
-
-        if (!isset($webhook['code'])) {
-            throw new Exception('Required field code not found in webhook');
-        };
-
         /** @var Gnp $credentials */
         $credentials = $this->getAPIResource()->getClient()->getCredentials();
-        $credentials->setCode($webhook['code']);
-        $credentials->setState($webhook['state']);
+
+        if ($credentials instanceof Container) {
+            $credentials = $credentials->get(Gnp::class);
+        }
+
+        $credentials->setCode($code);
 
         $phoneNumberKey = 'phoneNumber';
 
         if ($this->isHashedPhoneNumber($phoneNumber)) {
             $phoneNumberKey = 'hashedPhoneNumber';
         }
 
-        // This request will now contain a valid CAMARA token
-        $response = $this->getAPIResource()->create([
-            $phoneNumberKey => $phoneNumber
-        ]);
+        // By the time this hits Number Verification, the handler will have
+        // completed the OAuth flow
+        $response = $this->getAPIResource()->create(
+            [$phoneNumberKey => $phoneNumber],
+            'verify'
+        );
 
         return $response['devicePhoneNumberVerified'];
     }
 
     public function isHashedPhoneNumber(string $phoneNumber): bool
     {
-        return (strlen($phoneNumber) >= 13);
+        return (strlen($phoneNumber) >= 15);
     }
 
     /**
@@ -80,6 +80,11 @@ public function buildFrontEndUrl(string $phoneNumber, string $redirectUrl, strin
     {
         /** @var Gnp $credentials */
         $credentials = $this->getAPIResource()->getClient()->getCredentials();
+
+        if ($credentials instanceof Container) {
+            $credentials = $credentials->get(Gnp::class);
+        }
+
         $this->enforceCredentials($credentials);
 
         $applicationId = $credentials->getApplication();

src/SimSwap/Client.php

@@ -19,7 +19,6 @@ public function getAPIResource(): APIResource
         return $this->api;
     }
 
-
     public function checkSimSwap(string $number, ?int $maxAge = null)
     {
         /** @var SimSwapGnpHandler $handler */
@@ -29,8 +28,6 @@ public function checkSimSwap(string $number, ?int $maxAge = null)
             throw new \RuntimeException('SimSwap Client has been misconfigured. Only a GNP Handler can be used');
         }
 
-        $handler->setScope('dpv:FraudPreventionAndDetection#check-sim-swap');
-
         $payload = [
             'phoneNumber' => $number
         ];
@@ -53,7 +50,7 @@ public function checkSimSwapDate(string $number): string
             throw new \RuntimeException('SimSwap Client has been misconfigured. Only a GNP Handler can be used');
         }
 
-        $handler->setScope('dpv:FraudPreventionAndDetection#retrieve-sim-swap');
+        $handler->setScope('dpv:FraudPreventionAndDetection#retrieve-sim-swap-date');
 
         $response = $this->getAPIResource()->create(['phoneNumber' => $number], 'retrieve-date');