From 7035792325c525cbe25b7d621f4558854a9fd02c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 9 May 2013 10:15:36 -0700 Subject: [PATCH] Allow for multiple default scopes. Fixes #42 --- src/League/OAuth2/Server/Authorization.php | 6 +-- src/League/OAuth2/Server/Grant/AuthCode.php | 8 +++- .../OAuth2/Server/Grant/ClientCredentials.php | 8 +++- src/League/OAuth2/Server/Grant/Password.php | 8 +++- tests/authorization/AuthCodeGrantTest.php | 35 ++++++++++++++ .../ClientCredentialsGrantTest.php | 41 ++++++++++++++++ tests/authorization/PasswordGrantTest.php | 48 +++++++++++++++++++ 7 files changed, 145 insertions(+), 9 deletions(-) diff --git a/src/League/OAuth2/Server/Authorization.php b/src/League/OAuth2/Server/Authorization.php index d04dc904..fd11316f 100644 --- a/src/League/OAuth2/Server/Authorization.php +++ b/src/League/OAuth2/Server/Authorization.php @@ -62,8 +62,8 @@ class Authorization protected $requireScopeParam = false; /** - * Default scope to be used if none is provided - * @var string + * Default scope(s) to be used if none is provided + * @var string|array */ protected $defaultScope = null; @@ -287,7 +287,7 @@ class Authorization /** * Default scope to be used if none is provided and requireScopeParam is false - * @var string + * @var string|array */ public function setDefaultScope($default = null) { diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php index 99f90a7f..b8837099 100644 --- a/src/League/OAuth2/Server/Grant/AuthCode.php +++ b/src/League/OAuth2/Server/Grant/AuthCode.php @@ -154,8 +154,12 @@ class AuthCode implements GrantTypeInterface { if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); - } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) { - $scopes = array($this->authServer->getDefaultScope()); + } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) { + if (is_array($this->authServer->getDefaultScope())) { + $scopes = $this->authServer->getDefaultScope(); + } else { + $scopes = array($this->authServer->getDefaultScope()); + } } $authParams['scopes'] = array(); diff --git a/src/League/OAuth2/Server/Grant/ClientCredentials.php b/src/League/OAuth2/Server/Grant/ClientCredentials.php index ce5110df..027a51d9 100644 --- a/src/League/OAuth2/Server/Grant/ClientCredentials.php +++ b/src/League/OAuth2/Server/Grant/ClientCredentials.php @@ -124,8 +124,12 @@ class ClientCredentials implements GrantTypeInterface { if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); - } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) { - $scopes = array($this->authServer->getDefaultScope()); + } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) { + if (is_array($this->authServer->getDefaultScope())) { + $scopes = $this->authServer->getDefaultScope(); + } else { + $scopes = array($this->authServer->getDefaultScope()); + } } $authParams['scopes'] = array(); diff --git a/src/League/OAuth2/Server/Grant/Password.php b/src/League/OAuth2/Server/Grant/Password.php index da3b9f1e..eff20f32 100644 --- a/src/League/OAuth2/Server/Grant/Password.php +++ b/src/League/OAuth2/Server/Grant/Password.php @@ -168,8 +168,12 @@ class Password implements GrantTypeInterface { if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); - } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) { - $scopes = array($this->authServer->getDefaultScope()); + } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) { + if (is_array($this->authServer->getDefaultScope())) { + $scopes = $this->authServer->getDefaultScope(); + } else { + $scopes = array($this->authServer->getDefaultScope()); + } } $authParams['scopes'] = array(); diff --git a/tests/authorization/AuthCodeGrantTest.php b/tests/authorization/AuthCodeGrantTest.php index fd6b1927..7cec3ded 100644 --- a/tests/authorization/AuthCodeGrantTest.php +++ b/tests/authorization/AuthCodeGrantTest.php @@ -197,6 +197,41 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase )); $this->assertArrayHasKey('scopes', $params); + $this->assertEquals(1, count($params['scopes'])); + } + + public function test_checkAuthoriseParams_defaultScopeArray() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $a = $this->returnDefault(); + $g = new League\OAuth2\Server\Grant\AuthCode($a); + $a->addGrantType($g); + $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a)); + $a->setDefaultScope(array('test.scope', 'test.scope2')); + $a->requireScopeParam(false); + + $params = $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'code', + 'scope' => '' + )); + + $this->assertArrayHasKey('scopes', $params); + $this->assertEquals(2, count($params['scopes'])); } /** diff --git a/tests/authorization/ClientCredentialsGrantTest.php b/tests/authorization/ClientCredentialsGrantTest.php index d6bbb419..753c73e5 100644 --- a/tests/authorization/ClientCredentialsGrantTest.php +++ b/tests/authorization/ClientCredentialsGrantTest.php @@ -146,6 +146,47 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); } + public function test_issueAccessToken_clientCredentialsGrant_defaultScopeArray() + { + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'key' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + + $a = $this->returnDefault(); + $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a)); + $a->requireScopeParam(false); + $a->setDefaultScope(array('foobar', 'barfoo')); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'client_credentials', + 'client_id' => 1234, + 'client_secret' => 5678, + 'scope' => '' + )); + + $this->assertArrayHasKey('access_token', $v); + $this->assertArrayHasKey('token_type', $v); + $this->assertArrayHasKey('expires', $v); + $this->assertArrayHasKey('expires_in', $v); + } + /** * @expectedException League\OAuth2\Server\Exception\ClientException * @expectedExceptionCode 4 diff --git a/tests/authorization/PasswordGrantTest.php b/tests/authorization/PasswordGrantTest.php index 3f5f79fa..a73054f8 100644 --- a/tests/authorization/PasswordGrantTest.php +++ b/tests/authorization/PasswordGrantTest.php @@ -338,6 +338,54 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); } + public function test_issueAccessToken_passwordGrant_defaultScopeArray() + { + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + + $testCredentials = function() { return 1; }; + + $a = $this->returnDefault(); + $pgrant = new League\OAuth2\Server\Grant\Password($a); + $pgrant->setVerifyCredentialsCallback($testCredentials); + $a->addGrantType($pgrant); + $a->requireScopeParam(false); + $a->setDefaultScope(array('foobar', 'barfoo')); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'password', + 'client_id' => 1234, + 'client_secret' => 5678, + 'username' => 'foo', + 'password' => 'bar', + 'scope' => '' + )); + + $this->assertArrayHasKey('access_token', $v); + $this->assertArrayHasKey('token_type', $v); + $this->assertArrayHasKey('expires', $v); + $this->assertArrayHasKey('expires_in', $v); + } + public function test_issueAccessToken_passwordGrant_goodScope() { $this->scope->shouldReceive('getScope')->andReturn(array(