mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 21:19:46 +05:30
Move code challenge check to auth code request
This commit is contained in:
parent
7f2fd7b22c
commit
491852b521
@ -193,8 +193,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
);
|
);
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
}
|
}
|
||||||
} else if ($this->requireCodeChallengeForPublicClients && !$client->isConfidential()) {
|
|
||||||
throw OAuthServerException::invalidRequest('code_challenge', 'Code challenge must be provided for public clients');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Issue and persist access + refresh tokens
|
// Issue and persist access + refresh tokens
|
||||||
@ -319,6 +317,8 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
|
|
||||||
$authorizationRequest->setCodeChallenge($codeChallenge);
|
$authorizationRequest->setCodeChallenge($codeChallenge);
|
||||||
$authorizationRequest->setCodeChallengeMethod($codeChallengeMethod);
|
$authorizationRequest->setCodeChallengeMethod($codeChallengeMethod);
|
||||||
|
} else if ($this->requireCodeChallengeForPublicClients && !$client->isConfidential()) {
|
||||||
|
throw OAuthServerException::invalidRequest('code_challenge', 'Code challenge must be provided for public clients');
|
||||||
}
|
}
|
||||||
|
|
||||||
return $authorizationRequest;
|
return $authorizationRequest;
|
||||||
|
@ -1784,4 +1784,44 @@ class AuthCodeGrantTest extends TestCase
|
|||||||
|
|
||||||
$grant->completeAuthorizationRequest(new AuthorizationRequest());
|
$grant->completeAuthorizationRequest(new AuthorizationRequest());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testPublicClientAuthCodeRequestRejectedWhenCodeChallengeRequiredButNotGiven()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$scope = new ScopeEntity();
|
||||||
|
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||||
|
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||||
|
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setScopeRepository($scopeRepositoryMock);
|
||||||
|
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
null,
|
||||||
|
null,
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'response_type' => 'code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user