diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index f700c57b..9b3592c5 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -226,7 +226,7 @@ abstract class AbstractGrant implements GrantTypeInterface /** * Validate scopes in the request. * - * @param \Psr\Http\Message\ServerRequestInterface $request + * @param string $scopes * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client * @param string $redirectUri * @@ -235,13 +235,12 @@ abstract class AbstractGrant implements GrantTypeInterface * @return \League\OAuth2\Server\Entities\ScopeEntity[] */ public function validateScopes( - ServerRequestInterface $request, + $scopes, ClientEntityInterface $client, $redirectUri = null ) { - $requestedScopes = $this->getRequestParameter('scope', $request); $scopesList = array_filter( - explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)), + explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), function ($scope) { return !empty($scope); } diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index ca54b824..6f3d6dfb 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -94,7 +94,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant throw OAuthServerException::invalidClient(); } - $scopes = $this->validateScopes($request, $client, $client->getRedirectUri()); + $scopes = $this->validateScopes( + $this->getQueryStringParameter('scope', $request), + $client, + $client->getRedirectUri() + ); $queryString = http_build_query($request->getQueryParams()); $postbackUri = new Uri( sprintf( diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index 6da17f21..1b15defd 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -28,7 +28,7 @@ class ClientCredentialsGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $scopes = $this->validateScopes($request, $client); + $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); // Issue and persist access token $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes); diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index c3541ad3..7f846f90 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -94,7 +94,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant throw OAuthServerException::invalidClient(); } - $scopes = $this->validateScopes($request, $client, $client->getRedirectUri()); + $scopes = $this->validateScopes( + $this->getQueryStringParameter('scope', $request), + $client, + $client->getRedirectUri() + ); $queryString = http_build_query($request->getQueryParams()); $postbackUri = new Uri( sprintf( diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index 1145e6ab..d7328f71 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -53,7 +53,7 @@ class PasswordGrant extends AbstractGrant // Validate request $client = $this->validateClient($request); $user = $this->validateUser($request); - $scopes = $this->validateScopes($request, $client); + $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 83ffe5ed..efcc6454 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -44,7 +44,7 @@ class RefreshTokenGrant extends AbstractGrant // Validate request $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); - $scopes = $this->validateScopes($request, $client); + $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); // If no new scopes are requested then give the access token the original session scopes if (count($scopes) === 0) { diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php index a2b764d2..8fbf7626 100644 --- a/tests/Grant/AbstractGrantTest.php +++ b/tests/Grant/AbstractGrantTest.php @@ -343,14 +343,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase $grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock->setScopeRepository($scopeRepositoryMock); - $serverRequest = new ServerRequest(); - $serverRequest = $serverRequest->withParsedBody( - [ - 'scope' => 'basic ', - ] - ); - - $this->assertEquals([$scope], $grantMock->validateScopes($serverRequest, new ClientEntity())); + $this->assertEquals([$scope], $grantMock->validateScopes('basic ', new ClientEntity())); } /** @@ -365,14 +358,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase $grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock->setScopeRepository($scopeRepositoryMock); - $serverRequest = new ServerRequest(); - $serverRequest = $serverRequest->withParsedBody( - [ - 'scope' => 'basic ', - ] - ); - - $grantMock->validateScopes($serverRequest, new ClientEntity()); + $grantMock->validateScopes('basic ', new ClientEntity()); } public function testGenerateUniqueIdentifier()