mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-20 18:42:49 +05:30
Add $required parameter to hasScope(), triggers InsufficientScopeException
This commit is contained in:
parent
e61782975a
commit
33f4f5b7ab
@ -0,0 +1,20 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* OAuth 2.0 Insufficient Scope Exception
|
||||||
|
*
|
||||||
|
* @package php-loep/oauth2-server
|
||||||
|
* @author Woody Gilk <woody@shadowhand.me>
|
||||||
|
* @copyright Copyright (c) 2014 PHP League of Extraordinary Packages
|
||||||
|
* @license http://mit-license.org/
|
||||||
|
* @link http://github.com/php-loep/oauth2-server
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace League\OAuth2\Server\Exception;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* InsufficientScope Exception
|
||||||
|
*/
|
||||||
|
class InsufficientScopeException extends OAuth2Exception
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
@ -93,7 +93,7 @@ class Resource
|
|||||||
protected static $exceptionMessages = array(
|
protected static $exceptionMessages = array(
|
||||||
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
||||||
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
|
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
|
||||||
'insufficient_scope' => 'The request requires higher privileges than provided by the access token.',
|
'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -328,26 +328,27 @@ class Resource
|
|||||||
* Checks if the presented access token has the given scope(s).
|
* Checks if the presented access token has the given scope(s).
|
||||||
*
|
*
|
||||||
* @param array|string An array of scopes or a single scope as a string
|
* @param array|string An array of scopes or a single scope as a string
|
||||||
|
* @param bool If scopes are required, missing scope will trigger an exception
|
||||||
|
* @throws Exception\InsufficientScopeException Thrown if the any of the given scopes are not in the session
|
||||||
* @return bool Returns bool if all scopes are found, false if any fail
|
* @return bool Returns bool if all scopes are found, false if any fail
|
||||||
*/
|
*/
|
||||||
public function hasScope($scopes)
|
public function hasScope($scopes, $required = false)
|
||||||
{
|
{
|
||||||
if (is_string($scopes)) {
|
if (!is_array($scopes)) {
|
||||||
if (in_array($scopes, $this->sessionScopes)) {
|
$scopes = array($scopes);
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
} elseif (is_array($scopes)) {
|
|
||||||
foreach ($scopes as $scope) {
|
|
||||||
if (! in_array($scope, $this->sessionScopes)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$missing = array_diff($scopes, $this->sessionScopes);
|
||||||
|
|
||||||
|
if ($missing) {
|
||||||
|
if ($required) {
|
||||||
|
$missing = implode(', ', $missing);
|
||||||
|
throw new Exception\InsufficientScopeException(sprintf(self::$exceptionMessages['insufficient_scope'], $missing), 3);
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Reads in the access token from the headers.
|
* Reads in the access token from the headers.
|
||||||
|
@ -192,6 +192,39 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertEquals('abcdef', $result);
|
$this->assertEquals('abcdef', $result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_hasScope_isRequired()
|
||||||
|
{
|
||||||
|
$s = $this->returnDefault();
|
||||||
|
|
||||||
|
$reflector = new ReflectionClass($s);
|
||||||
|
$param = $reflector->getProperty('sessionScopes');
|
||||||
|
$param->setAccessible(true);
|
||||||
|
$param->setValue($s, array(
|
||||||
|
'a', 'b', 'c'
|
||||||
|
));
|
||||||
|
|
||||||
|
$result = $s->hasScope(array('a', 'b'), true);
|
||||||
|
|
||||||
|
$this->assertEquals(true, $result);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException League\OAuth2\Server\Exception\InsufficientScopeException
|
||||||
|
*/
|
||||||
|
public function test_hasScope_isRequiredFailure()
|
||||||
|
{
|
||||||
|
$s = $this->returnDefault();
|
||||||
|
|
||||||
|
$reflector = new ReflectionClass($s);
|
||||||
|
$param = $reflector->getProperty('sessionScopes');
|
||||||
|
$param->setAccessible(true);
|
||||||
|
$param->setValue($s, array(
|
||||||
|
'a', 'b', 'c'
|
||||||
|
));
|
||||||
|
|
||||||
|
$s->hasScope('d', true);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
|
* @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
|
||||||
*/
|
*/
|
||||||
|
Loading…
x
Reference in New Issue
Block a user