ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-18 17:42:54 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fix #169

Browse Source
This commit is contained in:
Alex Bilbie 2014-08-06 09:53:47 +01:00
parent 130d42c85e
commit 522c7478c7
7 changed files with 109 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Exception/InvalidRequestException.php
View File

@ -30,7 +30,7 @@ class InvalidRequestException extends OAuthException
* {@inheritdoc} * {@inheritdoc}
*/ */
public function __construct($parameter) public function __construct($parameter, $shouldRedirect = false)
{ {
parent::__construct( parent::__construct(
sprintf( sprintf(
@ -38,5 +38,7 @@ class InvalidRequestException extends OAuthException
$parameter $parameter
) )
); );
$this->serverShouldRedirect = $shouldRedirect;
} }
} }

4
src/Exception/InvalidScopeException.php
View File

@ -30,7 +30,7 @@ class InvalidScopeException extends OAuthException
* {@inheritdoc} * {@inheritdoc}
*/ */
public function __construct($parameter) public function __construct($parameter, $shouldRedirect = false)
{ {
parent::__construct( parent::__construct(
sprintf( sprintf(
@ -38,5 +38,7 @@ class InvalidScopeException extends OAuthException
$parameter $parameter
) )
); );
$this->serverShouldRedirect = $shouldRedirect;
} }
} }

15
src/Exception/OAuthException.php
View File

@ -23,6 +23,12 @@ class OAuthException extends \Exception
*/ */
public $httpStatusCode = 400; public $httpStatusCode = 400;
/**
* If true the server should redirect back to the client
* @var boolean
*/
public $serverShouldRedirect = false;
/** /**
* The exception type * The exception type
*/ */
@ -36,6 +42,15 @@ class OAuthException extends \Exception
parent::__construct($msg); parent::__construct($msg);
} }
/**
* Should the server redirect back to the client?
* @return bool
*/
public function shouldRedirect()
{
return $this->serverShouldRedirect;
}
/** /**
* Get all headers that have to be send with the error response * Get all headers that have to be send with the error response
* @return array Array with header values * @return array Array with header values

1
src/Exception/UnsupportedResponseTypeException.php
View File

@ -32,5 +32,6 @@ class UnsupportedResponseTypeException extends OAuthException
public function __construct($parameter) public function __construct($parameter)
{ {
parent::__construct('The authorization server does not support obtaining an access token using this method.'); parent::__construct('The authorization server does not support obtaining an access token using this method.');
$this->serverShouldRedirect = true;
} }
} }

2
src/Grant/AbstractGrant.php
View File

@ -144,7 +144,7 @@ abstract class AbstractGrant implements GrantTypeInterface
); );
if (($scope instanceof ScopeEntity) === false) { if (($scope instanceof ScopeEntity) === false) {
throw new Exception\InvalidScopeException($scopeItem); throw new Exception\InvalidScopeException($scopeItem, true);
} }
$scopes[$scope->getId()] = $scope; $scopes[$scope->getId()] = $scope;

30
src/Grant/AuthCodeGrant.php
View File

@ -83,21 +83,6 @@ class AuthCodeGrant extends AbstractGrant
throw new Exception\InvalidRequestException('redirect_uri'); throw new Exception\InvalidRequestException('redirect_uri');
} }
$state = $this->server->getRequest()->query->get('state', null);
if ($this->server->stateParamRequired() === true && is_null($state)) {
throw new Exception\InvalidRequestException('state');
}
$responseType = $this->server->getRequest()->query->get('response_type', null);
if (is_null($responseType)) {
throw new Exception\InvalidRequestException('response_type');
}
// Ensure response type is one that is recognised
if (!in_array($responseType, $this->server->getResponseTypes())) {
throw new Exception\UnsupportedResponseTypeException($responseType);
}
// Validate client ID and redirect URI // Validate client ID and redirect URI
$client = $this->server->getStorage('client')->get( $client = $this->server->getStorage('client')->get(
$clientId, $clientId,
@ -110,6 +95,21 @@ class AuthCodeGrant extends AbstractGrant
throw new Exception\InvalidClientException(); throw new Exception\InvalidClientException();
} }
$state = $this->server->getRequest()->query->get('state', null);
if ($this->server->stateParamRequired() === true && is_null($state)) {
throw new Exception\InvalidRequestException('state', true);
}
$responseType = $this->server->getRequest()->query->get('response_type', null);
if (is_null($responseType)) {
throw new Exception\InvalidRequestException('response_type', true);
}
// Ensure response type is one that is recognised
if (!in_array($responseType, $this->server->getResponseTypes())) {
throw new Exception\UnsupportedResponseTypeException($responseType);
}
// Validate any scopes that are in the request // Validate any scopes that are in the request
$scopeParam = $this->server->getRequest()->query->get('scope', ''); $scopeParam = $this->server->getRequest()->query->get('scope', '');
$scopes = $this->validateScopes($scopeParam); $scopes = $this->validateScopes($scopeParam);

121
tests/unit/Grant/AuthCodeGrantTest.php
View File

@ -54,56 +54,6 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
$grant->checkAuthorizeParams(); $grant->checkAuthorizeParams();
} }
public function testCheckAuthoriseParamsMissingStateParam()
{
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
$_GET = [
'client_id' => 'testapp',
'redirect_uri' => 'http://foo/bar'
];
$server = new AuthorizationServer;
$grant = new AuthCodeGrant;
$server->requireStateParam(true);
$server->addGrantType($grant);
$grant->checkAuthorizeParams();
}
public function testCheckAuthoriseParamsMissingResponseType()
{
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
$_GET = [
'client_id' => 'testapp',
'redirect_uri' => 'http://foo/bar'
];
$server = new AuthorizationServer;
$grant = new AuthCodeGrant;
$server->addGrantType($grant);
$grant->checkAuthorizeParams();
}
public function testCheckAuthoriseParamsInvalidResponseType()
{
$this->setExpectedException('League\OAuth2\Server\Exception\UnsupportedResponseTypeException');
$_GET = [
'client_id' => 'testapp',
'redirect_uri' => 'http://foo/bar',
'response_type' => 'foobar'
];
$server = new AuthorizationServer;
$grant = new AuthCodeGrant;
$server->addGrantType($grant);
$grant->checkAuthorizeParams();
}
public function testCheckAuthoriseParamsInvalidClient() public function testCheckAuthoriseParamsInvalidClient()
{ {
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidClientException'); $this->setExpectedException('League\OAuth2\Server\Exception\InvalidClientException');
@ -127,6 +77,77 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
$grant->checkAuthorizeParams(); $grant->checkAuthorizeParams();
} }
public function testCheckAuthoriseParamsMissingStateParam()
{
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
$_GET = [
'client_id' => 'testapp',
'redirect_uri' => 'http://foo/bar'
];
$server = new AuthorizationServer;
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
$clientStorage->shouldReceive('setServer');
$clientStorage->shouldReceive('get')->andReturn(
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
);
$server->setClientStorage($clientStorage);
$grant = new AuthCodeGrant;
$server->requireStateParam(true);
$server->addGrantType($grant);
$grant->checkAuthorizeParams();
}
public function testCheckAuthoriseParamsMissingResponseType()
{
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
$_GET = [
'client_id' => 'testapp',
'redirect_uri' => 'http://foo/bar'
];
$server = new AuthorizationServer;
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
$clientStorage->shouldReceive('setServer');
$clientStorage->shouldReceive('get')->andReturn(
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
);
$server->setClientStorage($clientStorage);
$grant = new AuthCodeGrant;
$server->addGrantType($grant);
$grant->checkAuthorizeParams();
}
public function testCheckAuthoriseParamsInvalidResponseType()
{
$this->setExpectedException('League\OAuth2\Server\Exception\UnsupportedResponseTypeException');
$_GET = [
'client_id' => 'testapp',
'redirect_uri' => 'http://foo/bar',
'response_type' => 'foobar'
];
$server = new AuthorizationServer;
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
$clientStorage->shouldReceive('setServer');
$clientStorage->shouldReceive('get')->andReturn(
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
);
$server->setClientStorage($clientStorage);
$grant = new AuthCodeGrant;
$server->addGrantType($grant);
$grant->checkAuthorizeParams();
}
public function testCheckAuthoriseParamsInvalidScope() public function testCheckAuthoriseParamsInvalidScope()
{ {
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidScopeException'); $this->setExpectedException('League\OAuth2\Server\Exception\InvalidScopeException');