mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-18 17:42:54 +05:30
Allow for multiple default scopes. Fixes #42
This commit is contained in:
parent
351c2e97ea
commit
7035792325
@ -62,8 +62,8 @@ class Authorization
|
|||||||
protected $requireScopeParam = false;
|
protected $requireScopeParam = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default scope to be used if none is provided
|
* Default scope(s) to be used if none is provided
|
||||||
* @var string
|
* @var string|array
|
||||||
*/
|
*/
|
||||||
protected $defaultScope = null;
|
protected $defaultScope = null;
|
||||||
|
|
||||||
@ -287,7 +287,7 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Default scope to be used if none is provided and requireScopeParam is false
|
* Default scope to be used if none is provided and requireScopeParam is false
|
||||||
* @var string
|
* @var string|array
|
||||||
*/
|
*/
|
||||||
public function setDefaultScope($default = null)
|
public function setDefaultScope($default = null)
|
||||||
{
|
{
|
||||||
|
@ -154,9 +154,13 @@ class AuthCode implements GrantTypeInterface {
|
|||||||
|
|
||||||
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
|
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
|
||||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
||||||
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
|
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
|
||||||
|
if (is_array($this->authServer->getDefaultScope())) {
|
||||||
|
$scopes = $this->authServer->getDefaultScope();
|
||||||
|
} else {
|
||||||
$scopes = array($this->authServer->getDefaultScope());
|
$scopes = array($this->authServer->getDefaultScope());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$authParams['scopes'] = array();
|
$authParams['scopes'] = array();
|
||||||
|
|
||||||
|
@ -124,9 +124,13 @@ class ClientCredentials implements GrantTypeInterface {
|
|||||||
|
|
||||||
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
|
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
|
||||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
||||||
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
|
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
|
||||||
|
if (is_array($this->authServer->getDefaultScope())) {
|
||||||
|
$scopes = $this->authServer->getDefaultScope();
|
||||||
|
} else {
|
||||||
$scopes = array($this->authServer->getDefaultScope());
|
$scopes = array($this->authServer->getDefaultScope());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$authParams['scopes'] = array();
|
$authParams['scopes'] = array();
|
||||||
|
|
||||||
|
@ -168,9 +168,13 @@ class Password implements GrantTypeInterface {
|
|||||||
|
|
||||||
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
|
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
|
||||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
||||||
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
|
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
|
||||||
|
if (is_array($this->authServer->getDefaultScope())) {
|
||||||
|
$scopes = $this->authServer->getDefaultScope();
|
||||||
|
} else {
|
||||||
$scopes = array($this->authServer->getDefaultScope());
|
$scopes = array($this->authServer->getDefaultScope());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$authParams['scopes'] = array();
|
$authParams['scopes'] = array();
|
||||||
|
|
||||||
|
@ -197,6 +197,41 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
|
|||||||
));
|
));
|
||||||
|
|
||||||
$this->assertArrayHasKey('scopes', $params);
|
$this->assertArrayHasKey('scopes', $params);
|
||||||
|
$this->assertEquals(1, count($params['scopes']));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_checkAuthoriseParams_defaultScopeArray()
|
||||||
|
{
|
||||||
|
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||||
|
'client_id' => 1234,
|
||||||
|
'client_secret' => 5678,
|
||||||
|
'redirect_uri' => 'http://foo/redirect',
|
||||||
|
'name' => 'Example Client'
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||||
|
'id' => 1,
|
||||||
|
'scope' => 'foo',
|
||||||
|
'name' => 'Foo Name',
|
||||||
|
'description' => 'Foo Name Description'
|
||||||
|
));
|
||||||
|
|
||||||
|
$a = $this->returnDefault();
|
||||||
|
$g = new League\OAuth2\Server\Grant\AuthCode($a);
|
||||||
|
$a->addGrantType($g);
|
||||||
|
$a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
|
||||||
|
$a->setDefaultScope(array('test.scope', 'test.scope2'));
|
||||||
|
$a->requireScopeParam(false);
|
||||||
|
|
||||||
|
$params = $g->checkAuthoriseParams(array(
|
||||||
|
'client_id' => 1234,
|
||||||
|
'redirect_uri' => 'http://foo/redirect',
|
||||||
|
'response_type' => 'code',
|
||||||
|
'scope' => ''
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->assertArrayHasKey('scopes', $params);
|
||||||
|
$this->assertEquals(2, count($params['scopes']));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -146,6 +146,47 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertArrayHasKey('expires_in', $v);
|
$this->assertArrayHasKey('expires_in', $v);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_issueAccessToken_clientCredentialsGrant_defaultScopeArray()
|
||||||
|
{
|
||||||
|
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||||
|
'id' => 1,
|
||||||
|
'key' => 'foo',
|
||||||
|
'name' => 'Foo Name',
|
||||||
|
'description' => 'Foo Name Description'
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||||
|
'client_id' => 1234,
|
||||||
|
'client_secret' => 5678,
|
||||||
|
'redirect_uri' => 'http://foo/redirect',
|
||||||
|
'name' => 'Example Client'
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
|
||||||
|
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||||
|
$this->session->shouldReceive('createSession')->andReturn(1);
|
||||||
|
$this->session->shouldReceive('deleteSession')->andReturn(null);
|
||||||
|
$this->session->shouldReceive('associateScope')->andReturn(null);
|
||||||
|
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
|
||||||
|
|
||||||
|
$a = $this->returnDefault();
|
||||||
|
$a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
|
||||||
|
$a->requireScopeParam(false);
|
||||||
|
$a->setDefaultScope(array('foobar', 'barfoo'));
|
||||||
|
|
||||||
|
$v = $a->issueAccessToken(array(
|
||||||
|
'grant_type' => 'client_credentials',
|
||||||
|
'client_id' => 1234,
|
||||||
|
'client_secret' => 5678,
|
||||||
|
'scope' => ''
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->assertArrayHasKey('access_token', $v);
|
||||||
|
$this->assertArrayHasKey('token_type', $v);
|
||||||
|
$this->assertArrayHasKey('expires', $v);
|
||||||
|
$this->assertArrayHasKey('expires_in', $v);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @expectedException League\OAuth2\Server\Exception\ClientException
|
* @expectedException League\OAuth2\Server\Exception\ClientException
|
||||||
* @expectedExceptionCode 4
|
* @expectedExceptionCode 4
|
||||||
|
@ -338,6 +338,54 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertArrayHasKey('expires_in', $v);
|
$this->assertArrayHasKey('expires_in', $v);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_issueAccessToken_passwordGrant_defaultScopeArray()
|
||||||
|
{
|
||||||
|
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||||
|
'id' => 1,
|
||||||
|
'scope' => 'foo',
|
||||||
|
'name' => 'Foo Name',
|
||||||
|
'description' => 'Foo Name Description'
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||||
|
'client_id' => 1234,
|
||||||
|
'client_secret' => 5678,
|
||||||
|
'redirect_uri' => 'http://foo/redirect',
|
||||||
|
'name' => 'Example Client'
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
|
||||||
|
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||||
|
$this->session->shouldReceive('createSession')->andReturn(1);
|
||||||
|
$this->session->shouldReceive('deleteSession')->andReturn(null);
|
||||||
|
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||||
|
$this->session->shouldReceive('associateScope')->andReturn(null);
|
||||||
|
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
|
||||||
|
|
||||||
|
$testCredentials = function() { return 1; };
|
||||||
|
|
||||||
|
$a = $this->returnDefault();
|
||||||
|
$pgrant = new League\OAuth2\Server\Grant\Password($a);
|
||||||
|
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||||
|
$a->addGrantType($pgrant);
|
||||||
|
$a->requireScopeParam(false);
|
||||||
|
$a->setDefaultScope(array('foobar', 'barfoo'));
|
||||||
|
|
||||||
|
$v = $a->issueAccessToken(array(
|
||||||
|
'grant_type' => 'password',
|
||||||
|
'client_id' => 1234,
|
||||||
|
'client_secret' => 5678,
|
||||||
|
'username' => 'foo',
|
||||||
|
'password' => 'bar',
|
||||||
|
'scope' => ''
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->assertArrayHasKey('access_token', $v);
|
||||||
|
$this->assertArrayHasKey('token_type', $v);
|
||||||
|
$this->assertArrayHasKey('expires', $v);
|
||||||
|
$this->assertArrayHasKey('expires_in', $v);
|
||||||
|
}
|
||||||
|
|
||||||
public function test_issueAccessToken_passwordGrant_goodScope()
|
public function test_issueAccessToken_passwordGrant_goodScope()
|
||||||
{
|
{
|
||||||
$this->scope->shouldReceive('getScope')->andReturn(array(
|
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||||
|
Loading…
x
Reference in New Issue
Block a user