Unifies how we fetch the client_id from the request and allows us to throw a more appropriate exception when the client_id parameter is missing.

Improves the test method for this validation by checking the culpable method in this particular case. The test was missing this by calling the wrong method.
This commit is contained in:
Simon Hamp 2018-02-26 15:56:28 +00:00
parent e24964af07
commit 6723aadfe8
2 changed files with 24 additions and 10 deletions

View File

@ -196,6 +196,27 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
return 'authorization_code'; return 'authorization_code';
} }
/**
* Fetch the client_id parameter from the query string.
*
* @return string
* @throws OAuthServerException
*/
protected function getClientIdFromRequest($request)
{
$clientId = $this->getQueryStringParameter(
'client_id',
$request,
$this->getServerParameter('PHP_AUTH_USER', $request)
);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}
return $clientId;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
@ -204,7 +225,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
return ( return (
array_key_exists('response_type', $request->getQueryParams()) array_key_exists('response_type', $request->getQueryParams())
&& $request->getQueryParams()['response_type'] === 'code' && $request->getQueryParams()['response_type'] === 'code'
&& isset($request->getQueryParams()['client_id']) && null !== $this->getClientIdFromRequest($request)
); );
} }
@ -213,14 +234,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
*/ */
public function validateAuthorizationRequest(ServerRequestInterface $request) public function validateAuthorizationRequest(ServerRequestInterface $request)
{ {
$clientId = $this->getQueryStringParameter( $clientId = $this->getClientIdFromRequest($request);
'client_id',
$request,
$this->getServerParameter('PHP_AUTH_USER', $request)
);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}
$client = $this->clientRepository->getClientEntity( $client = $this->clientRepository->getClientEntity(
$clientId, $clientId,

View File

@ -335,7 +335,7 @@ class AuthCodeGrantTest extends TestCase
] ]
); );
$grant->validateAuthorizationRequest($request); $grant->canRespondToAuthorizationRequest($request);
} }
/** /**