From 878afeb9f93b83d02696fbbb7b1ed42bcab21e54 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Tue, 22 Mar 2016 16:29:04 +0000
Subject: [PATCH] ClientRepository implementations are now responsible for
 dealing with client secret

---
 .../Interfaces/ClientEntityInterface.php      | 12 ------------
 src/Grant/AbstractGrant.php                   | 19 ++++++-------------
 src/Grant/AuthCodeGrant.php                   |  1 -
 .../ClientRepositoryInterface.php             |  7 ++++---
 tests/Grant/AbstractGrantTest.php             |  8 ++------
 5 files changed, 12 insertions(+), 35 deletions(-)

diff --git a/src/Entities/Interfaces/ClientEntityInterface.php b/src/Entities/Interfaces/ClientEntityInterface.php
index 180719b1..4ca55442 100644
--- a/src/Entities/Interfaces/ClientEntityInterface.php
+++ b/src/Entities/Interfaces/ClientEntityInterface.php
@@ -32,18 +32,6 @@ interface ClientEntityInterface
      */
     public function setName($name);
 
-    /**
-     * @param string $secret
-     */
-    public function setSecret($secret);
-
-    /**
-     * Get the hashed client secret
-     *
-     * @return string
-     */
-    public function getSecret();
-
     /**
      * Set the client's redirect uri.
      *
diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index 49b03741..92a55a1f 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -153,15 +153,6 @@ abstract class AbstractGrant implements GrantTypeInterface
             throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
         }
 
-        $client = $this->clientRepository->getClientEntity(
-            $clientId,
-            $this->getIdentifier()
-        );
-
-        if (!$client instanceof ClientEntityInterface) {
-            throw OAuthServerException::invalidClient();
-        }
-
         // If the client is confidential require the client secret
         $clientSecret = $this->getRequestParameter(
             'client_secret',
@@ -169,11 +160,13 @@ abstract class AbstractGrant implements GrantTypeInterface
             $this->getServerParameter('PHP_AUTH_PW', $request)
         );
 
-        if ($client->canKeepASecret() && is_null($clientSecret)) {
-            throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
-        }
+        $client = $this->clientRepository->getClientEntity(
+            $clientId,
+            $this->getIdentifier(),
+            $clientSecret
+        );
 
-        if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
+        if (!$client instanceof ClientEntityInterface) {
             $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
             throw OAuthServerException::invalidClient();
         }
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index b08bf965..d804b191 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -73,7 +73,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
 
         if ($client instanceof ClientEntityInterface === false) {
             $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
-
             throw OAuthServerException::invalidClient();
         }
 
diff --git a/src/Repositories/ClientRepositoryInterface.php b/src/Repositories/ClientRepositoryInterface.php
index 0c7ebe4f..a742b366 100644
--- a/src/Repositories/ClientRepositoryInterface.php
+++ b/src/Repositories/ClientRepositoryInterface.php
@@ -18,10 +18,11 @@ interface ClientRepositoryInterface extends RepositoryInterface
     /**
      * Get a client.
      *
-     * @param string $clientIdentifier The client's identifier
-     * @param string $grantType        The grant type used
+     * @param string      $clientIdentifier The client's identifier
+     * @param string      $grantType        The grant type used
+     * @param null|string $clientSecret     The client's secret (if sent)
      *
      * @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
      */
-    public function getClientEntity($clientIdentifier, $grantType);
+    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null);
 }
diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php
index 5e71bdf7..1161ebc4 100644
--- a/tests/Grant/AbstractGrantTest.php
+++ b/tests/Grant/AbstractGrantTest.php
@@ -111,10 +111,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
      */
     public function testValidateClientMissingClientSecret()
     {
-        $client = new ClientEntity();
-        $client->setSecret('bar');
         $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
-        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
+        $clientRepositoryMock->method('getClientEntity')->willReturn(null);
 
         /** @var AbstractGrant $grantMock */
         $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
@@ -138,10 +136,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
      */
     public function testValidateClientInvalidClientSecret()
     {
-        $client = new ClientEntity();
-        $client->setSecret('bar');
         $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
-        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
+        $clientRepositoryMock->method('getClientEntity')->willReturn(null);
 
         /** @var AbstractGrant $grantMock */
         $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);