Add $required parameter to hasScope(), triggers InsufficientScopeException

This commit is contained in:
Woody Gilk 2014-05-31 16:11:00 -05:00
parent e61782975a
commit 33f4f5b7ab
3 changed files with 69 additions and 15 deletions

View File

@ -0,0 +1,20 @@
<?php
/**
* OAuth 2.0 Insufficient Scope Exception
*
* @package php-loep/oauth2-server
* @author Woody Gilk <woody@shadowhand.me>
* @copyright Copyright (c) 2014 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Exception;
/**
* InsufficientScope Exception
*/
class InsufficientScopeException extends OAuth2Exception
{
}

View File

@ -93,7 +93,7 @@ class Resource
protected static $exceptionMessages = array( protected static $exceptionMessages = array(
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.', 'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
'insufficient_scope' => 'The request requires higher privileges than provided by the access token.', 'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
); );
/** /**
@ -328,25 +328,26 @@ class Resource
* Checks if the presented access token has the given scope(s). * Checks if the presented access token has the given scope(s).
* *
* @param array|string An array of scopes or a single scope as a string * @param array|string An array of scopes or a single scope as a string
* @param bool If scopes are required, missing scope will trigger an exception
* @throws Exception\InsufficientScopeException Thrown if the any of the given scopes are not in the session
* @return bool Returns bool if all scopes are found, false if any fail * @return bool Returns bool if all scopes are found, false if any fail
*/ */
public function hasScope($scopes) public function hasScope($scopes, $required = false)
{ {
if (is_string($scopes)) { if (!is_array($scopes)) {
if (in_array($scopes, $this->sessionScopes)) { $scopes = array($scopes);
return true;
}
return false;
} elseif (is_array($scopes)) {
foreach ($scopes as $scope) {
if (! in_array($scope, $this->sessionScopes)) {
return false;
}
}
return true;
} }
return false; $missing = array_diff($scopes, $this->sessionScopes);
if ($missing) {
if ($required) {
$missing = implode(', ', $missing);
throw new Exception\InsufficientScopeException(sprintf(self::$exceptionMessages['insufficient_scope'], $missing), 3);
}
return false;
}
return true;
} }
/** /**

View File

@ -192,6 +192,39 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
$this->assertEquals('abcdef', $result); $this->assertEquals('abcdef', $result);
} }
public function test_hasScope_isRequired()
{
$s = $this->returnDefault();
$reflector = new ReflectionClass($s);
$param = $reflector->getProperty('sessionScopes');
$param->setAccessible(true);
$param->setValue($s, array(
'a', 'b', 'c'
));
$result = $s->hasScope(array('a', 'b'), true);
$this->assertEquals(true, $result);
}
/**
* @expectedException League\OAuth2\Server\Exception\InsufficientScopeException
*/
public function test_hasScope_isRequiredFailure()
{
$s = $this->returnDefault();
$reflector = new ReflectionClass($s);
$param = $reflector->getProperty('sessionScopes');
$param->setAccessible(true);
$param->setValue($s, array(
'a', 'b', 'c'
));
$s->hasScope('d', true);
}
/** /**
* @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException * @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
*/ */