ClientRepository implementations are now responsible for dealing with client secret

2024-11-01 16:33:07 +05:30 · 2016-03-22 16:29:04 +00:00 · 2016-03-22 16:29:04 +00:00 · 878afeb9f9
commit 878afeb9f9
parent f688401f63
5 changed files with 12 additions and 35 deletions
--- a/src/Entities/Interfaces/ClientEntityInterface.php
+++ b/src/Entities/Interfaces/ClientEntityInterface.php
@ -32,18 +32,6 @@ interface ClientEntityInterface
     */
    public function setName($name);

-    /**
-     * @param string $secret
-     */
-    public function setSecret($secret);
-
-    /**
-     * Get the hashed client secret
-     *
-     * @return string
-     */
-    public function getSecret();
-
    /**
     * Set the client's redirect uri.
     *
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@ -153,15 +153,6 @@ abstract class AbstractGrant implements GrantTypeInterface
            throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
        }

-        $client = $this->clientRepository->getClientEntity(
-            $clientId,
-            $this->getIdentifier()
-        );
-
-        if (!$client instanceof ClientEntityInterface) {
-            throw OAuthServerException::invalidClient();
-        }
-
        // If the client is confidential require the client secret
        $clientSecret = $this->getRequestParameter(
            'client_secret',
@ -169,11 +160,13 @@ abstract class AbstractGrant implements GrantTypeInterface
            $this->getServerParameter('PHP_AUTH_PW', $request)
        );

-        if ($client->canKeepASecret() && is_null($clientSecret)) {
-            throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
-        }
+        $client = $this->clientRepository->getClientEntity(
+            $clientId,
+            $this->getIdentifier(),
+            $clientSecret
+        );

-        if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
+        if (!$client instanceof ClientEntityInterface) {
            $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
            throw OAuthServerException::invalidClient();
        }
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -73,7 +73,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant

        if ($client instanceof ClientEntityInterface === false) {
            $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
-
            throw OAuthServerException::invalidClient();
        }

--- a/src/Repositories/ClientRepositoryInterface.php
+++ b/src/Repositories/ClientRepositoryInterface.php
@ -18,10 +18,11 @@ interface ClientRepositoryInterface extends RepositoryInterface
    /**
     * Get a client.
     *
-     * @param string $clientIdentifier The client's identifier
-     * @param string $grantType        The grant type used
+     * @param string      $clientIdentifier The client's identifier
+     * @param string      $grantType        The grant type used
+     * @param null|string $clientSecret     The client's secret (if sent)
     *
     * @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
     */
-    public function getClientEntity($clientIdentifier, $grantType);
+    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null);
 }
--- a/tests/Grant/AbstractGrantTest.php
+++ b/tests/Grant/AbstractGrantTest.php
@ -111,10 +111,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
     */
    public function testValidateClientMissingClientSecret()
    {
-        $client = new ClientEntity();
-        $client->setSecret('bar');
        $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
-        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
+        $clientRepositoryMock->method('getClientEntity')->willReturn(null);

        /** @var AbstractGrant $grantMock */
        $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
@ -138,10 +136,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
     */
    public function testValidateClientInvalidClientSecret()
    {
-        $client = new ClientEntity();
-        $client->setSecret('bar');
        $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
-        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
+        $clientRepositoryMock->method('getClientEntity')->willReturn(null);

        /** @var AbstractGrant $grantMock */
        $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);