Include redirect_uri check on authorization endpoint

This commit is contained in:
İsmail BASKIN 2016-05-04 13:34:37 +03:00
parent 4a4f4fe2d7
commit 7285ede563
No known key found for this signature in database
GPG Key ID: D6B75A80D259B2FA
2 changed files with 50 additions and 0 deletions

View File

@ -195,6 +195,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
} }
} elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1
|| empty($client->getRedirectUri())
) {
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
throw OAuthServerException::invalidClient();
} }
$scopes = $this->validateScopes( $scopes = $this->validateScopes(

View File

@ -135,6 +135,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
public function testValidateAuthorizationRequest() public function testValidateAuthorizationRequest()
{ {
$client = new ClientEntity(); $client = new ClientEntity();
$client->setRedirectUri('http://foo/bar');
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client); $clientRepositoryMock->method('getClientEntity')->willReturn($client);
@ -171,6 +172,50 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
$this->assertTrue($server->validateAuthorizationRequest($request) instanceof AuthorizationRequest); $this->assertTrue($server->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
} }
public function testValidateAuthorizationRequestWithMissingRedirectUri()
{
$client = new ClientEntity();
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
$grant = new AuthCodeGrant(
$this->getMock(AuthCodeRepositoryInterface::class),
$this->getMock(RefreshTokenRepositoryInterface::class),
new \DateInterval('PT10M')
);
$grant->setClientRepository($clientRepositoryMock);
$server = new AuthorizationServer(
$clientRepositoryMock,
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
'file://' . __DIR__ . '/Stubs/private.key',
'file://' . __DIR__ . '/Stubs/public.key'
);
$server->enableGrantType($grant);
$request = new ServerRequest(
[],
[],
null,
null,
'php://input',
$headers = [],
$cookies = [],
$queryParams = [
'response_type' => 'code',
'client_id' => 'foo',
]
);
try {
$server->validateAuthorizationRequest($request);
} catch (OAuthServerException $e) {
$this->assertEquals('invalid_client', $e->getErrorType());
$this->assertEquals(401, $e->getHttpStatusCode());
}
}
/** /**
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException * @expectedException \League\OAuth2\Server\Exception\OAuthServerException
* @expectedExceptionCode 2 * @expectedExceptionCode 2