mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-03 10:41:51 +05:30
Fix #169
This commit is contained in:
parent
130d42c85e
commit
522c7478c7
@ -30,7 +30,7 @@ class InvalidRequestException extends OAuthException
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
|
||||
public function __construct($parameter)
|
||||
public function __construct($parameter, $shouldRedirect = false)
|
||||
{
|
||||
parent::__construct(
|
||||
sprintf(
|
||||
@ -38,5 +38,7 @@ class InvalidRequestException extends OAuthException
|
||||
$parameter
|
||||
)
|
||||
);
|
||||
|
||||
$this->serverShouldRedirect = $shouldRedirect;
|
||||
}
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ class InvalidScopeException extends OAuthException
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
|
||||
public function __construct($parameter)
|
||||
public function __construct($parameter, $shouldRedirect = false)
|
||||
{
|
||||
parent::__construct(
|
||||
sprintf(
|
||||
@ -38,5 +38,7 @@ class InvalidScopeException extends OAuthException
|
||||
$parameter
|
||||
)
|
||||
);
|
||||
|
||||
$this->serverShouldRedirect = $shouldRedirect;
|
||||
}
|
||||
}
|
||||
|
@ -23,6 +23,12 @@ class OAuthException extends \Exception
|
||||
*/
|
||||
public $httpStatusCode = 400;
|
||||
|
||||
/**
|
||||
* If true the server should redirect back to the client
|
||||
* @var boolean
|
||||
*/
|
||||
public $serverShouldRedirect = false;
|
||||
|
||||
/**
|
||||
* The exception type
|
||||
*/
|
||||
@ -36,6 +42,15 @@ class OAuthException extends \Exception
|
||||
parent::__construct($msg);
|
||||
}
|
||||
|
||||
/**
|
||||
* Should the server redirect back to the client?
|
||||
* @return bool
|
||||
*/
|
||||
public function shouldRedirect()
|
||||
{
|
||||
return $this->serverShouldRedirect;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all headers that have to be send with the error response
|
||||
* @return array Array with header values
|
||||
|
@ -32,5 +32,6 @@ class UnsupportedResponseTypeException extends OAuthException
|
||||
public function __construct($parameter)
|
||||
{
|
||||
parent::__construct('The authorization server does not support obtaining an access token using this method.');
|
||||
$this->serverShouldRedirect = true;
|
||||
}
|
||||
}
|
||||
|
@ -144,7 +144,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
);
|
||||
|
||||
if (($scope instanceof ScopeEntity) === false) {
|
||||
throw new Exception\InvalidScopeException($scopeItem);
|
||||
throw new Exception\InvalidScopeException($scopeItem, true);
|
||||
}
|
||||
|
||||
$scopes[$scope->getId()] = $scope;
|
||||
|
@ -83,21 +83,6 @@ class AuthCodeGrant extends AbstractGrant
|
||||
throw new Exception\InvalidRequestException('redirect_uri');
|
||||
}
|
||||
|
||||
$state = $this->server->getRequest()->query->get('state', null);
|
||||
if ($this->server->stateParamRequired() === true && is_null($state)) {
|
||||
throw new Exception\InvalidRequestException('state');
|
||||
}
|
||||
|
||||
$responseType = $this->server->getRequest()->query->get('response_type', null);
|
||||
if (is_null($responseType)) {
|
||||
throw new Exception\InvalidRequestException('response_type');
|
||||
}
|
||||
|
||||
// Ensure response type is one that is recognised
|
||||
if (!in_array($responseType, $this->server->getResponseTypes())) {
|
||||
throw new Exception\UnsupportedResponseTypeException($responseType);
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$client = $this->server->getStorage('client')->get(
|
||||
$clientId,
|
||||
@ -110,6 +95,21 @@ class AuthCodeGrant extends AbstractGrant
|
||||
throw new Exception\InvalidClientException();
|
||||
}
|
||||
|
||||
$state = $this->server->getRequest()->query->get('state', null);
|
||||
if ($this->server->stateParamRequired() === true && is_null($state)) {
|
||||
throw new Exception\InvalidRequestException('state', true);
|
||||
}
|
||||
|
||||
$responseType = $this->server->getRequest()->query->get('response_type', null);
|
||||
if (is_null($responseType)) {
|
||||
throw new Exception\InvalidRequestException('response_type', true);
|
||||
}
|
||||
|
||||
// Ensure response type is one that is recognised
|
||||
if (!in_array($responseType, $this->server->getResponseTypes())) {
|
||||
throw new Exception\UnsupportedResponseTypeException($responseType);
|
||||
}
|
||||
|
||||
// Validate any scopes that are in the request
|
||||
$scopeParam = $this->server->getRequest()->query->get('scope', '');
|
||||
$scopes = $this->validateScopes($scopeParam);
|
||||
|
@ -54,56 +54,6 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsMissingStateParam()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
|
||||
|
||||
$_GET = [
|
||||
'client_id' => 'testapp',
|
||||
'redirect_uri' => 'http://foo/bar'
|
||||
];
|
||||
$server = new AuthorizationServer;
|
||||
|
||||
$grant = new AuthCodeGrant;
|
||||
$server->requireStateParam(true);
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsMissingResponseType()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
|
||||
|
||||
$_GET = [
|
||||
'client_id' => 'testapp',
|
||||
'redirect_uri' => 'http://foo/bar'
|
||||
];
|
||||
$server = new AuthorizationServer;
|
||||
|
||||
$grant = new AuthCodeGrant;
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsInvalidResponseType()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\UnsupportedResponseTypeException');
|
||||
|
||||
$_GET = [
|
||||
'client_id' => 'testapp',
|
||||
'redirect_uri' => 'http://foo/bar',
|
||||
'response_type' => 'foobar'
|
||||
];
|
||||
$server = new AuthorizationServer;
|
||||
|
||||
$grant = new AuthCodeGrant;
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsInvalidClient()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidClientException');
|
||||
@ -127,6 +77,77 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsMissingStateParam()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
|
||||
|
||||
$_GET = [
|
||||
'client_id' => 'testapp',
|
||||
'redirect_uri' => 'http://foo/bar'
|
||||
];
|
||||
$server = new AuthorizationServer;
|
||||
|
||||
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
|
||||
$clientStorage->shouldReceive('setServer');
|
||||
$clientStorage->shouldReceive('get')->andReturn(
|
||||
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
|
||||
);
|
||||
$server->setClientStorage($clientStorage);
|
||||
|
||||
$grant = new AuthCodeGrant;
|
||||
$server->requireStateParam(true);
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsMissingResponseType()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
|
||||
|
||||
$_GET = [
|
||||
'client_id' => 'testapp',
|
||||
'redirect_uri' => 'http://foo/bar'
|
||||
];
|
||||
$server = new AuthorizationServer;
|
||||
|
||||
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
|
||||
$clientStorage->shouldReceive('setServer');
|
||||
$clientStorage->shouldReceive('get')->andReturn(
|
||||
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
|
||||
);
|
||||
$server->setClientStorage($clientStorage);
|
||||
|
||||
$grant = new AuthCodeGrant;
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsInvalidResponseType()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\UnsupportedResponseTypeException');
|
||||
|
||||
$_GET = [
|
||||
'client_id' => 'testapp',
|
||||
'redirect_uri' => 'http://foo/bar',
|
||||
'response_type' => 'foobar'
|
||||
];
|
||||
$server = new AuthorizationServer;
|
||||
|
||||
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
|
||||
$clientStorage->shouldReceive('setServer');
|
||||
$clientStorage->shouldReceive('get')->andReturn(
|
||||
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
|
||||
);
|
||||
$server->setClientStorage($clientStorage);
|
||||
|
||||
$grant = new AuthCodeGrant;
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$grant->checkAuthorizeParams();
|
||||
}
|
||||
|
||||
public function testCheckAuthoriseParamsInvalidScope()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidScopeException');
|
||||
|
Loading…
Reference in New Issue
Block a user