mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Merge pull request #444 from juliangut/secure_body_params_access
V5 - Secure access to body params
This commit is contained in:
commit
2b2d4a3df7
@ -276,7 +276,9 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
|
protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
|
||||||
{
|
{
|
||||||
return (isset($request->getParsedBody()[$parameter])) ? $request->getParsedBody()[$parameter] : $default;
|
$requestParameters = (array) $request->getParsedBody();
|
||||||
|
|
||||||
|
return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -290,7 +292,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
|
protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
|
||||||
{
|
{
|
||||||
return (isset($request->getQueryParams()[$parameter])) ? $request->getQueryParams()[$parameter] : $default;
|
return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -304,13 +306,13 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
|
protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
|
||||||
{
|
{
|
||||||
return (isset($request->getCookieParams()[$parameter])) ? $request->getCookieParams()[$parameter] : $default;
|
return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve server parameter.
|
* Retrieve server parameter.
|
||||||
*
|
*
|
||||||
* @param string|array $parameter
|
* @param string $parameter
|
||||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||||
* @param mixed $default
|
* @param mixed $default
|
||||||
*
|
*
|
||||||
@ -318,7 +320,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
|
protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
|
||||||
{
|
{
|
||||||
return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default;
|
return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -440,7 +442,11 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
public function canRespondToRequest(ServerRequestInterface $request)
|
public function canRespondToRequest(ServerRequestInterface $request)
|
||||||
{
|
{
|
||||||
return isset($request->getParsedBody()['grant_type'])
|
$requestParameters = (array) $request->getParsedBody();
|
||||||
&& $request->getParsedBody()['grant_type'] === $this->getIdentifier();
|
|
||||||
|
return (
|
||||||
|
array_key_exists('grant_type', $requestParameters)
|
||||||
|
&& $requestParameters['grant_type'] === $this->getIdentifier()
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -289,29 +289,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
return $responseType;
|
return $responseType;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritdoc}
|
|
||||||
*/
|
|
||||||
public function canRespondToRequest(ServerRequestInterface $request)
|
|
||||||
{
|
|
||||||
return
|
|
||||||
(
|
|
||||||
isset($request->getQueryParams()['response_type'])
|
|
||||||
&& $request->getQueryParams()['response_type'] === 'code'
|
|
||||||
&& isset($request->getQueryParams()['client_id'])
|
|
||||||
) || (parent::canRespondToRequest($request));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the grant identifier that can be used in matching up requests.
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getIdentifier()
|
|
||||||
{
|
|
||||||
return 'authorization_code';
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
@ -329,4 +306,28 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
|
|
||||||
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
public function canRespondToRequest(ServerRequestInterface $request)
|
||||||
|
{
|
||||||
|
return
|
||||||
|
(
|
||||||
|
array_key_exists('response_type', $request->getQueryParams())
|
||||||
|
&& $request->getQueryParams()['response_type'] === 'code'
|
||||||
|
&& isset($request->getQueryParams()['client_id'])
|
||||||
|
)
|
||||||
|
|| parent::canRespondToRequest($request);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the grant identifier that can be used in matching up requests.
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getIdentifier()
|
||||||
|
{
|
||||||
|
return 'authorization_code';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user