Throw correct exception when access token is invalid

This commit is contained in:
Alex Bilbie 2014-05-08 10:29:40 +01:00
parent 6a0596f40b
commit 61f039366b
2 changed files with 11 additions and 6 deletions

View File

@ -17,6 +17,7 @@ use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Entity\AccessTokenEntity; use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\TokenType\Bearer; use League\OAuth2\Server\TokenType\Bearer;
use League\OAuth2\Server\Exception;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
/** /**
@ -184,7 +185,11 @@ class ResourceServer extends AbstractServer
// Set the access token // Set the access token
$this->accessToken = $this->storages['access_token']->get($accessTokenString); $this->accessToken = $this->storages['access_token']->get($accessTokenString);
return ($this->accessToken instanceof AccessTokenEntity); if (!$this->accessToken instanceof AccessTokenEntity) {
throw new Exception\AccessDeniedException;
}
return true;
} }
/** /**
@ -198,9 +203,9 @@ class ResourceServer extends AbstractServer
if ($this->getRequest()->headers->get('Authorization') !== null) { if ($this->getRequest()->headers->get('Authorization') !== null) {
$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest()); $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
} elseif ($headersOnly === false) { } elseif ($headersOnly === false) {
$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET') ? $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
$this->getRequest()->query->get($this->tokenKey) : ? $this->getRequest()->query->get($this->tokenKey)
$this->getRequest()->request->get($this->tokenKey); : $this->getRequest()->request->get($this->tokenKey);
} }
if (empty($accessToken)) { if (empty($accessToken)) {

View File

@ -110,8 +110,8 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
$scopeStorage $scopeStorage
); );
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException'); $this->setExpectedException('League\OAuth2\Server\Exception\AccessDeniedException');
$server->isValidRequest(); $server->isValidRequest(false, 'foobar');
} }
public function testIsValid() public function testIsValid()