Check responses from the database are valid

This commit is contained in:
Alex Bilbie 2012-09-19 19:27:04 +01:00
parent d9c4962380
commit 3f3b987fb1

View File

@ -2,7 +2,12 @@
namespace Oauth2\Resource; namespace Oauth2\Resource;
class OAuthResourceServerException extends \Exception class ServerException extends \Exception
{
}
class ClientException extends \Exception
{ {
} }
@ -56,7 +61,9 @@ class Server
*/ */
public $errors = array( public $errors = array(
'missing_access_token' => 'An access token was not presented with the request', 'missing_access_token' => 'An access token was not presented with the request',
'invalid_access_token' => 'The access token is not registered with the resource server' 'invalid_access_token' => 'The access token is not registered with the resource server',
'missing_access_token_details' => 'The registered database abstractor did not return a valid access token details response',
'invalid_access_token_scopes' => 'The registered database abstractor did not return a valid access token scopes response',
); );
/** /**
@ -147,21 +154,33 @@ class Server
if ($result === false) { if ($result === false) {
throw new OAuthResourceServerException($this->errors['invalid_access_token']); throw new ClientException($this->errors['invalid_access_token']);
} else { } else {
if ( ! array_key_exists('id', $result) || ! array_key_exists('owner_id', $result) ||
! array_key_exists('owner_type', $result)) {
throw new ServerException($this->errors['missing_access_token_details']);
}
$this->_accessToken = $accessToken; $this->_accessToken = $accessToken;
$this->_type = $result['owner_type']; $this->_type = $result['owner_type'];
$this->_typeId = $result['owner_id']; $this->_typeId = $result['owner_id'];
// Get the scopes // Get the scopes
$this->_scopes = $this->_dbCall('sessionScopes', $result['id']); $scopes = $this->_dbCall('sessionScopes', $result['id']);
if ( ! is_array($scopes))
{
throw new ServerException($this->errors['invalid_access_token_scopes']);
}
$this->_scopes = $scopes;
} }
} else { } else {
throw new OAuthResourceServerException($this->errors['missing_access_token']); throw new ClientException($this->errors['missing_access_token']);
} }
} }
@ -208,11 +227,11 @@ class Server
private function _dbCall() private function _dbCall()
{ {
if ($this->_db === null) { if ($this->_db === null) {
throw new OAuthResourceServerException('No registered database abstractor'); throw new ServerException('No registered database abstractor');
} }
if ( ! $this->_db instanceof Database) { if ( ! $this->_db instanceof Database) {
throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database'); throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database');
} }
$args = func_get_args(); $args = func_get_args();