Merge pull request #186 from ushahidi/resource-server-correct-http-error

Send HTTP 401 for invalid_token, rather than insufficient_scope
This commit is contained in:
Phil Sturgeon 2014-07-15 15:39:28 +01:00
commit 7771bc04ec
2 changed files with 3 additions and 3 deletions

View File

@ -163,7 +163,7 @@ class Resource
// include the "WWW-Authenticate" response header field
// matching the authentication scheme used by the client.
// @codeCoverageIgnoreStart
if ($error === 'insufficient_scope') {
if ($error === 'invalid_token') {
$authScheme = null;
$request = new Request();
if ($request->server('PHP_AUTH_USER') !== null) {

View File

@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
public function test_getExceptionHttpHeaders()
{
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
$this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
$this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
$this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
}
public function test_setRequest()