Fix #837

Unifies how we fetch the client_id from the request and allows us to throw a more appropriate exception when the client_id parameter is missing. Improves the test method for this validation by checking the culpable method in this particular case. The test was missing this by calling the wrong method.
2024-12-22 13:09:44 +05:30 · 2018-02-26 15:56:28 +00:00 · 2018-02-26 15:56:28 +00:00 · 6723aadfe8
commit 6723aadfe8
parent e24964af07
2 changed files with 24 additions and 10 deletions
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -196,6 +196,27 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
        return 'authorization_code';
    }

+    /**
+     * Fetch the client_id parameter from the query string.
+     *
+     * @return string
+     * @throws OAuthServerException
+     */
+    protected function getClientIdFromRequest($request)
+    {
+        $clientId = $this->getQueryStringParameter(
+            'client_id',
+            $request,
+            $this->getServerParameter('PHP_AUTH_USER', $request)
+        );
+
+        if (is_null($clientId)) {
+            throw OAuthServerException::invalidRequest('client_id');
+        }
+
+        return $clientId;
+    }
+
    /**
     * {@inheritdoc}
     */
@ -204,7 +225,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
        return (
            array_key_exists('response_type', $request->getQueryParams())
            && $request->getQueryParams()['response_type'] === 'code'
-            && isset($request->getQueryParams()['client_id'])
+            && null !== $this->getClientIdFromRequest($request)
        );
    }

@ -213,14 +234,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
-        $clientId = $this->getQueryStringParameter(
-            'client_id',
-            $request,
-            $this->getServerParameter('PHP_AUTH_USER', $request)
-        );
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
+        $clientId = $this->getClientIdFromRequest($request);

        $client = $this->clientRepository->getClientEntity(
            $clientId,
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@ -335,7 +335,7 @@ class AuthCodeGrantTest extends TestCase
            ]
        );

-        $grant->validateAuthorizationRequest($request);
+        $grant->canRespondToAuthorizationRequest($request);
    }

    /**