mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-05 03:31:52 +05:30
Merge pull request #1035 from matt-allan/prevent-public-client-confidential-grant
Prevent public clients from using the client_credentials grant type
This commit is contained in:
commit
0b0b43d433
@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
|
|||||||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
||||||
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- Clients are now explicitly prevented from using the Client Credentials grant unless they are confidential to conform
|
||||||
|
with the OAuth2 spec (PR #1035)
|
||||||
|
|
||||||
## [8.0.0] - released 2019-07-13
|
## [8.0.0] - released 2019-07-13
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
namespace League\OAuth2\Server\Grant;
|
namespace League\OAuth2\Server\Grant;
|
||||||
|
|
||||||
use DateInterval;
|
use DateInterval;
|
||||||
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
use League\OAuth2\Server\RequestEvent;
|
use League\OAuth2\Server\RequestEvent;
|
||||||
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
@ -29,8 +30,19 @@ class ClientCredentialsGrant extends AbstractGrant
|
|||||||
ResponseTypeInterface $responseType,
|
ResponseTypeInterface $responseType,
|
||||||
DateInterval $accessTokenTTL
|
DateInterval $accessTokenTTL
|
||||||
) {
|
) {
|
||||||
|
list($clientId) = $this->getClientCredentials($request);
|
||||||
|
|
||||||
|
$client = $this->getClientEntityOrFail($clientId, $request);
|
||||||
|
|
||||||
|
if (!$client->isConfidential()) {
|
||||||
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||||
|
|
||||||
|
throw OAuthServerException::invalidClient($request);
|
||||||
|
}
|
||||||
|
|
||||||
// Validate request
|
// Validate request
|
||||||
$client = $this->validateClient($request);
|
$this->validateClient($request);
|
||||||
|
|
||||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
|
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
|
||||||
|
|
||||||
// Finalize the requested scopes
|
// Finalize the requested scopes
|
||||||
|
@ -62,8 +62,11 @@ class AuthorizationServerTest extends TestCase
|
|||||||
|
|
||||||
public function testRespondToRequest()
|
public function testRespondToRequest()
|
||||||
{
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setConfidential();
|
||||||
|
|
||||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
$clientRepository->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
$scope = new ScopeEntity();
|
$scope = new ScopeEntity();
|
||||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||||
|
@ -29,6 +29,8 @@ class ClientCredentialsGrantTest extends TestCase
|
|||||||
public function testRespondToRequest()
|
public function testRespondToRequest()
|
||||||
{
|
{
|
||||||
$client = new ClientEntity();
|
$client = new ClientEntity();
|
||||||
|
$client->setConfidential();
|
||||||
|
|
||||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
@ -24,8 +24,11 @@ class AuthorizationServerMiddlewareTest extends TestCase
|
|||||||
|
|
||||||
public function testValidResponse()
|
public function testValidResponse()
|
||||||
{
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setConfidential();
|
||||||
|
|
||||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
$clientRepository->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
$scopeEntity = new ScopeEntity;
|
$scopeEntity = new ScopeEntity;
|
||||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||||
|
Loading…
Reference in New Issue
Block a user