Fix #213

2025-05-31 14:12:07 +05:30 · 2014-09-30 23:55:21 +01:00
parent 62d658524b
commit 136edf16c5
8 changed files with 30 additions and 14 deletions
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -13,6 +13,7 @@ namespace League\OAuth2\Server\Grant;

 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Exception;

 /**
@@ -120,10 +121,11 @@ abstract class AbstractGrant implements GrantTypeInterface
    /**
     * Given a list of scopes, validate them and return an arrary of Scope entities
     * @param  string          $scopeParam A string of scopes (e.g. "profile email birthday")
+     * @param  ClientEntity    $client A string of scopes (e.g. "profile email birthday")
     * @return array
     * @throws ClientException If scope is invalid, or no scopes passed when required
     */
-    public function validateScopes($scopeParam = '')
+    public function validateScopes($scopeParam = '', ClientEntity $client)
    {
        $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);

@@ -153,7 +155,8 @@ abstract class AbstractGrant implements GrantTypeInterface
        foreach ($scopesList as $scopeItem) {
            $scope = $this->server->getStorage('scope')->get(
                $scopeItem,
-                $this->getIdentifier()
+                $this->getIdentifier(),
+                $client->getId()
            );

            if (($scope instanceof ScopeEntity) === false) {
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -114,7 +114,7 @@ class AuthCodeGrant extends AbstractGrant

        // Validate any scopes that are in the request
        $scopeParam = $this->server->getRequest()->query->get('scope', '');
-        $scopes = $this->validateScopes($scopeParam);
+        $scopes = $this->validateScopes($scopeParam, $client);

        return [
            'client'        =>  $client,
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@@ -86,7 +86,7 @@ class ClientCredentialsGrant extends AbstractGrant

        // Validate any scopes that are in the request
        $scopeParam = $this->server->getRequest()->request->get('scope', '');
-        $scopes = $this->validateScopes($scopeParam);
+        $scopes = $this->validateScopes($scopeParam, $client);

        // Create a new session
        $session = new SessionEntity($this->server);
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@@ -127,7 +127,7 @@ class PasswordGrant extends AbstractGrant

        // Validate any scopes that are in the request
        $scopeParam = $this->server->getRequest()->request->get('scope', '');
-        $scopes = $this->validateScopes($scopeParam);
+        $scopes = $this->validateScopes($scopeParam, $client);

        // Create a new session
        $session = new SessionEntity($this->server);
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@@ -108,7 +108,7 @@ class RefreshTokenGrant extends AbstractGrant

        // Get and validate any requested scopes
        $requestedScopesString = $this->server->getRequest()->request->get('scope', '');
-        $requestedScopes = $this->validateScopes($requestedScopesString);
+        $requestedScopes = $this->validateScopes($requestedScopesString, $client);

        // If no new scopes are requested then give the access token the original session scopes
        if (count($requestedScopes) === 0) {