mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-09 05:23:53 +05:30
secure params access on authcode grant
This commit is contained in:
Julián Gutiérrez
parent
95e3c1d1a2
commit
2f914a0aa3
@ -307,17 +307,44 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
return $responseType;
|
return $responseType;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritdoc
|
||||||
|
*/
|
||||||
|
public function respondToRequest(
|
||||||
|
ServerRequestInterface $request,
|
||||||
|
ResponseTypeInterface $responseType,
|
||||||
|
\DateInterval $accessTokenTTL
|
||||||
|
) {
|
||||||
|
$requestParameters = (array) $request->getParsedBody();
|
||||||
|
|
||||||
|
if (array_key_exists('response_type', $requestParameters)
|
||||||
|
&& $requestParameters['response_type'] === 'code'
|
||||||
|
&& array_key_exists('client_id', $requestParameters)
|
||||||
|
) {
|
||||||
|
return $this->respondToAuthorizationRequest($request);
|
||||||
|
} elseif (array_key_exists('grant_type', $requestParameters)
|
||||||
|
&& $requestParameters['grant_type'] === $this->getIdentifier()
|
||||||
|
) {
|
||||||
|
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
||||||
|
} else {
|
||||||
|
throw OAuthServerException::serverError('respondToRequest() should not have been called');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function canRespondToRequest(ServerRequestInterface $request)
|
public function canRespondToRequest(ServerRequestInterface $request)
|
||||||
{
|
{
|
||||||
|
$requestParameters = (array) $request->getParsedBody();
|
||||||
|
|
||||||
return (
|
return (
|
||||||
(
|
(
|
||||||
isset($request->getQueryParams()['response_type'])
|
array_key_exists('response_type', $requestParameters)
|
||||||
&& $request->getQueryParams()['response_type'] === 'code'
|
&& $requestParameters['response_type'] === 'code'
|
||||||
&& isset($request->getQueryParams()['client_id'])
|
&& array_key_exists('client_id', $requestParameters)
|
||||||
) || (parent::canRespondToRequest($request))
|
)
|
||||||
|
|| parent::canRespondToRequest($request)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -330,28 +357,4 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
{
|
{
|
||||||
return 'authorization_code';
|
return 'authorization_code';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritdoc
|
|
||||||
*/
|
|
||||||
public function respondToRequest(
|
|
||||||
ServerRequestInterface $request,
|
|
||||||
ResponseTypeInterface $responseType,
|
|
||||||
\DateInterval $accessTokenTTL
|
|
||||||
) {
|
|
||||||
if (
|
|
||||||
isset($request->getQueryParams()['response_type'])
|
|
||||||
&& $request->getQueryParams()['response_type'] === 'code'
|
|
||||||
&& isset($request->getQueryParams()['client_id'])
|
|
||||||
) {
|
|
||||||
return $this->respondToAuthorizationRequest($request);
|
|
||||||
} elseif (
|
|
||||||
isset($request->getParsedBody()['grant_type'])
|
|
||||||
&& $request->getParsedBody()['grant_type'] === 'authorization_code'
|
|
||||||
) {
|
|
||||||
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
|
||||||
} else {
|
|
||||||
throw OAuthServerException::serverError('respondToRequest() should not have been called');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user