From 6723aadfe88c3d05e8eb72a772c34974be3ee906 Mon Sep 17 00:00:00 2001
From: Simon Hamp <simon@chiaro.co.uk>
Date: Mon, 26 Feb 2018 15:56:28 +0000
Subject: [PATCH] Fix #837

Unifies how we fetch the client_id from the request and allows us to throw a more appropriate exception when the client_id parameter is missing.

Improves the test method for this validation by checking the culpable method in this particular case. The test was missing this by calling the wrong method.
---
 src/Grant/AuthCodeGrant.php       | 32 ++++++++++++++++++++++---------
 tests/Grant/AuthCodeGrantTest.php |  2 +-
 2 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index d1669b2f..c7c7e8c9 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -196,6 +196,27 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
         return 'authorization_code';
     }
 
+    /**
+     * Fetch the client_id parameter from the query string.
+     *
+     * @return string
+     * @throws OAuthServerException
+     */
+    protected function getClientIdFromRequest($request)
+    {
+        $clientId = $this->getQueryStringParameter(
+            'client_id',
+            $request,
+            $this->getServerParameter('PHP_AUTH_USER', $request)
+        );
+
+        if (is_null($clientId)) {
+            throw OAuthServerException::invalidRequest('client_id');
+        }
+
+        return $clientId;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -204,7 +225,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
         return (
             array_key_exists('response_type', $request->getQueryParams())
             && $request->getQueryParams()['response_type'] === 'code'
-            && isset($request->getQueryParams()['client_id'])
+            && null !== $this->getClientIdFromRequest($request)
         );
     }
 
@@ -213,14 +234,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
      */
     public function validateAuthorizationRequest(ServerRequestInterface $request)
     {
-        $clientId = $this->getQueryStringParameter(
-            'client_id',
-            $request,
-            $this->getServerParameter('PHP_AUTH_USER', $request)
-        );
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
+        $clientId = $this->getClientIdFromRequest($request);
 
         $client = $this->clientRepository->getClientEntity(
             $clientId,
diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php
index 6a319234..e23bb06b 100644
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@@ -335,7 +335,7 @@ class AuthCodeGrantTest extends TestCase
             ]
         );
 
-        $grant->validateAuthorizationRequest($request);
+        $grant->canRespondToAuthorizationRequest($request);
     }
 
     /**