mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 13:09:44 +05:30
Move code challenge check to auth code request
This commit is contained in:
parent
7f2fd7b22c
commit
491852b521
@ -151,7 +151,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
|
||||
// Validate code challenge
|
||||
if (!empty($authCodePayload->code_challenge)) {
|
||||
$codeVerifier = $this->getRequestParameter('code_verifier', $request, null);
|
||||
$codeVerifier = $this->getRequestParameter('code_verifier', $request, null);
|
||||
|
||||
if ($codeVerifier === null) {
|
||||
throw OAuthServerException::invalidRequest('code_verifier');
|
||||
@ -193,8 +193,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
} else if ($this->requireCodeChallengeForPublicClients && !$client->isConfidential()) {
|
||||
throw OAuthServerException::invalidRequest('code_challenge', 'Code challenge must be provided for public clients');
|
||||
}
|
||||
|
||||
// Issue and persist access + refresh tokens
|
||||
@ -296,7 +294,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
|
||||
$authorizationRequest->setScopes($scopes);
|
||||
|
||||
$codeChallenge = $this->getQueryStringParameter('code_challenge', $request);
|
||||
$codeChallenge = $this->getQueryStringParameter('code_challenge', $request);
|
||||
|
||||
if ($codeChallenge !== null) {
|
||||
$codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain');
|
||||
@ -319,6 +317,8 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
|
||||
$authorizationRequest->setCodeChallenge($codeChallenge);
|
||||
$authorizationRequest->setCodeChallengeMethod($codeChallengeMethod);
|
||||
} else if ($this->requireCodeChallengeForPublicClients && !$client->isConfidential()) {
|
||||
throw OAuthServerException::invalidRequest('code_challenge', 'Code challenge must be provided for public clients');
|
||||
}
|
||||
|
||||
return $authorizationRequest;
|
||||
|
@ -1784,4 +1784,44 @@ class AuthCodeGrantTest extends TestCase
|
||||
|
||||
$grant->completeAuthorizationRequest(new AuthorizationRequest());
|
||||
}
|
||||
|
||||
public function testPublicClientAuthCodeRequestRejectedWhenCodeChallengeRequiredButNotGiven()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setRedirectUri('http://foo/bar');
|
||||
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
new \DateInterval('PT10M')
|
||||
);
|
||||
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
[],
|
||||
null,
|
||||
null,
|
||||
'php://input',
|
||||
[],
|
||||
[],
|
||||
[
|
||||
'response_type' => 'code',
|
||||
'client_id' => 'foo',
|
||||
'redirect_uri' => 'http://foo/bar',
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user