mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Rewrote validateClient method to progressively test client secret and redirect URI
This commit is contained in:
parent
7f67000d53
commit
3b36ae9000
@ -130,17 +130,12 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
* Validate the client
|
* Validate the client
|
||||||
*
|
*
|
||||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||||
* @param bool $validateSecret
|
|
||||||
* @param bool $validateRedirectUri
|
|
||||||
*
|
*
|
||||||
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
||||||
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
||||||
*/
|
*/
|
||||||
protected function validateClient(
|
protected function validateClient(ServerRequestInterface $request)
|
||||||
ServerRequestInterface $request,
|
{
|
||||||
$validateSecret = true,
|
|
||||||
$validateRedirectUri = false
|
|
||||||
) {
|
|
||||||
$clientId = $this->getRequestParameter(
|
$clientId = $this->getRequestParameter(
|
||||||
'client_id',
|
'client_id',
|
||||||
$request,
|
$request,
|
||||||
@ -150,30 +145,34 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
throw OAuthServerException::invalidRequest('client_id', null, '`%s` parameter is missing');
|
throw OAuthServerException::invalidRequest('client_id', null, '`%s` parameter is missing');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$client = $this->clientRepository->getClientEntity(
|
||||||
|
$clientId,
|
||||||
|
$this->getIdentifier()
|
||||||
|
);
|
||||||
|
|
||||||
|
if (!$client instanceof ClientEntityInterface) {
|
||||||
|
throw OAuthServerException::invalidClient();
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the client is confidential require the client secret
|
||||||
$clientSecret = $this->getRequestParameter(
|
$clientSecret = $this->getRequestParameter(
|
||||||
'client_secret',
|
'client_secret',
|
||||||
$request,
|
$request,
|
||||||
$this->getServerParameter('PHP_AUTH_PW', $request)
|
$this->getServerParameter('PHP_AUTH_PW', $request)
|
||||||
);
|
);
|
||||||
if (is_null($clientSecret) && $validateSecret === true) {
|
|
||||||
|
if ($client->canKeepASecret() && is_null($clientSecret)) {
|
||||||
throw OAuthServerException::invalidRequest('client_secret', null, '`%s` parameter is missing');
|
throw OAuthServerException::invalidRequest('client_secret', null, '`%s` parameter is missing');
|
||||||
}
|
}
|
||||||
|
|
||||||
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
if ($client->canKeepASecret() && $client->validateSecret($clientSecret) === false) {
|
||||||
if (is_null($redirectUri) && $validateRedirectUri === true) {
|
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
||||||
throw OAuthServerException::invalidRequest('redirect_uri', null, '`%s` parameter is missing');
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
|
||||||
$client = $this->clientRepository->getClientEntity(
|
// If a redirect URI is provided ensure it matches what is pre-registered
|
||||||
$clientId,
|
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
||||||
$clientSecret,
|
if ($redirectUri !== null && (strcmp($client->getRedirectUri(), $redirectUri) !== 0)) {
|
||||||
$redirectUri,
|
|
||||||
$this->getIdentifier()
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!$client instanceof ClientEntityInterface) {
|
|
||||||
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
|
||||||
|
|
||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user