diff --git a/examples/src/Repositories/ScopeRepository.php b/examples/src/Repositories/ScopeRepository.php index 014ca3dd..441c0116 100644 --- a/examples/src/Repositories/ScopeRepository.php +++ b/examples/src/Repositories/ScopeRepository.php @@ -2,6 +2,8 @@ namespace OAuth2ServerExamples\Repositories; +use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface; +use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use OAuth2ServerExamples\Entities\ScopeEntity; @@ -10,7 +12,7 @@ class ScopeRepository implements ScopeRepositoryInterface /** * {@inheritdoc} */ - public function getScopeEntityByIdentifier($scopeIdentifier, $grantType, $clientId = null) + public function getScopeEntityByIdentifier($scopeIdentifier) { $scopes = [ 'basic' => [ @@ -30,4 +32,17 @@ class ScopeRepository implements ScopeRepositoryInterface return $scope; } + + + /** + * @inheritdoc + */ + public function finalizeScopes( + array $scopes, + $grantType, + ClientEntityInterface $clientEntity, + $userIdentifier = null + ) { + return $scopes; + } } diff --git a/examples/src/Repositories/UserRepository.php b/examples/src/Repositories/UserRepository.php index 403a568d..f69e93cf 100644 --- a/examples/src/Repositories/UserRepository.php +++ b/examples/src/Repositories/UserRepository.php @@ -3,7 +3,6 @@ namespace OAuth2ServerExamples\Repositories; use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface; -use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface; use OAuth2ServerExamples\Entities\ScopeEntity; use OAuth2ServerExamples\Entities\UserEntity; @@ -11,22 +10,13 @@ use OAuth2ServerExamples\Entities\UserEntity; class UserRepository implements UserRepositoryInterface { /** - * Get a user entity. - * - * @param string $username - * @param string $password - * @param string $grantType The grant type used - * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity - * @param ScopeEntityInterface[] $scopes - * - * @return \League\OAuth2\Server\Entities\Interfaces\UserEntityInterface + * @inheritdoc */ public function getUserEntityByUserCredentials( $username, $password, $grantType, - ClientEntityInterface $clientEntity, - array &$scopes + ClientEntityInterface $clientEntity ) { if ($username === 'alex' && $password === 'whisky') { $scope = new ScopeEntity(); diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 51661d1c..14a46e35 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -205,11 +205,7 @@ abstract class AbstractGrant implements GrantTypeInterface $scopes = []; foreach ($scopesList as $scopeItem) { - $scope = $this->scopeRepository->getScopeEntityByIdentifier( - $scopeItem, - $this->getIdentifier(), - $client->getIdentifier() - ); + $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem); if (($scope instanceof ScopeEntityInterface) === false) { throw OAuthServerException::invalidScope($scopeItem, $redirectUri); diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index d035001b..eec6d5f0 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -78,6 +78,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $redirectUriParameter = $this->getQueryStringParameter('redirect_uri', $request, $client->getRedirectUri()); if ($redirectUriParameter !== $client->getRedirectUri()) { + $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request)); throw OAuthServerException::invalidClient(); } @@ -124,8 +125,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $usernameParameter, $passwordParameter, $this->getIdentifier(), - $client, - $scopes + $client ); if ($userEntity instanceof UserEntityInterface) { @@ -134,7 +134,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $loginError = 'Incorrect username or password'; } } - + // The user hasn't logged in yet so show a login form if ($userId === null) { $html = $this->getTemplateRenderer()->renderLogin([ @@ -192,7 +192,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant if ($userHasApprovedClient === true) { // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $userId); + $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $userId); $authCode = $this->issueAuthCode( $this->authCodeTTL, @@ -281,11 +281,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $scopes = []; foreach ($authCodePayload->scopes as $scopeId) { - $scope = $this->scopeRepository->getScopeEntityByIdentifier( - $scopeId, - $this->getIdentifier(), - $client->getIdentifier() - ); + $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId); if (!$scope) { // @codeCoverageIgnoreStart diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index 3c1db5e0..41a47f6f 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -31,7 +31,7 @@ class ClientCredentialsGrant extends AbstractGrant $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes($scopes, $client); + $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client); // Issue and persist access token $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes); diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index 62aacb06..f932730d 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -69,14 +69,12 @@ class ImplicitGrant extends AbstractAuthorizeGrant if ($client instanceof ClientEntityInterface === false) { $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request)); - throw OAuthServerException::invalidClient(); } $redirectUriParameter = $this->getQueryStringParameter('redirect_uri', $request, $client->getRedirectUri()); if ($redirectUriParameter !== $client->getRedirectUri()) { $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request)); - throw OAuthServerException::invalidClient(); } @@ -114,7 +112,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant // The username + password might be available in $_POST $usernameParameter = $this->getRequestParameter('username', $request, null); $passwordParameter = $this->getRequestParameter('password', $request, null); - + $loginError = null; // Assert if the user has logged in already @@ -190,7 +188,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant if ($userHasApprovedClient === true) { // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $userId); + $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $userId); $accessToken = $this->issueAccessToken( $accessTokenTTL, diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index 40bf39d5..be3d4707 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -52,7 +52,7 @@ class PasswordGrant extends AbstractGrant $user = $this->validateUser($request, $client); // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $user->getIdentifier()); + $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier()); // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index b25c1537..10ebcad5 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -47,11 +47,7 @@ class RefreshTokenGrant extends AbstractGrant // If no new scopes are requested then give the access token the original session scopes if (count($scopes) === 0) { $scopes = array_map(function ($scopeId) use ($client) { - $scope = $this->scopeRepository->getScopeEntityByIdentifier( - $scopeId, - $this->getIdentifier(), - $client->getIdentifier() - ); + $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId); if (!$scope) { // @codeCoverageIgnoreStart diff --git a/src/Repositories/ScopeRepositoryInterface.php b/src/Repositories/ScopeRepositoryInterface.php index 95230bb6..ccafbbdd 100644 --- a/src/Repositories/ScopeRepositoryInterface.php +++ b/src/Repositories/ScopeRepositoryInterface.php @@ -21,23 +21,27 @@ interface ScopeRepositoryInterface extends RepositoryInterface /** * Return information about a scope. * - * @param string $identifier The scope identifier - * @param string $grantType The grant type used in the request - * @param string|null $clientId The client sending the request + * @param string $identifier The scope identifier * * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface */ - public function getScopeEntityByIdentifier($identifier, $grantType, $clientId = null); + public function getScopeEntityByIdentifier($identifier); /** - * Given a client (and optional user identifier) validate the set of scopes requested are valid and optionally + * Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally * append additional scopes or remove requested scopes. * * @param ScopeEntityInterface[] $scopes + * @param string $grantType * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity * @param null|string $userIdentifier * * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[] */ - public function finalizeScopes(array $scopes, ClientEntityInterface $clientEntity, $userIdentifier = null); + public function finalizeScopes( + array $scopes, + $grantType, + ClientEntityInterface $clientEntity, + $userIdentifier = null + ); }