Add a test for a missing scope for the password grant

tests/Grant/AuthCodeGrantTest.php

@@ -1708,7 +1708,5 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
                 'redirect_uri'  => 'http://foo/bar',
             ]
         );
-
-        $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
     }
 }

tests/Grant/ClientCredentialsGrantTest.php

@@ -92,7 +92,5 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
 
         $responseType = new StubResponseType();
         $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
-
-        $this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface);
     }
 }

tests/Grant/ImplicitGrantTest.php

@@ -446,7 +446,5 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
                 'redirect_uri'  => 'http://foo/bar',
             ]
         );
-
-        $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
     }
 }

tests/Grant/PasswordGrantTest.php

@@ -173,4 +173,50 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $responseType = new StubResponseType();
         $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
     }
+
+    /**
+     * @expectedException     \League\OAuth2\Server\Exception\OAuthServerException
+     * @expectedExceptionCode 5
+     */
+    public function testRespondToRequestFailsWithoutScope()
+    {
+        $client = new ClientEntity();
+        $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
+        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
+
+        $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
+        $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
+        $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
+
+        $userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
+        $userEntity = new UserEntity();
+        $userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
+
+        $refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
+        $refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
+        $refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity());
+
+        $scope = new ScopeEntity();
+        $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
+        $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
+        $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
+
+        $grant = new PasswordGrant($userRepositoryMock, $refreshTokenRepositoryMock);
+        $grant->setClientRepository($clientRepositoryMock);
+        $grant->setAccessTokenRepository($accessTokenRepositoryMock);
+        $grant->setScopeRepository($scopeRepositoryMock);
+
+        $serverRequest = new ServerRequest();
+        $serverRequest = $serverRequest->withParsedBody(
+            [
+                'client_id'     => 'foo',
+                'client_secret' => 'bar',
+                'username'      => 'foo',
+                'password'      => 'bar',
+            ]
+        );
+
+        $responseType = new StubResponseType();
+        $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
+    }
 }