ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

ClientRepository implementations are now responsible for dealing with client secret

Browse Source
This commit is contained in:
Alex Bilbie
2016-03-22 16:29:04 +00:00
parent f688401f63
commit 878afeb9f9
5 changed files with 12 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Grant/AbstractGrant.php
View File

@@ -153,15 +153,6 @@ abstract class AbstractGrant implements GrantTypeInterface
throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
}
$client = $this->clientRepository->getClientEntity(
$clientId,
$this->getIdentifier()
);
if (!$client instanceof ClientEntityInterface) {
throw OAuthServerException::invalidClient();
}
// If the client is confidential require the client secret
$clientSecret = $this->getRequestParameter(
'client_secret',
@@ -169,11 +160,13 @@ abstract class AbstractGrant implements GrantTypeInterface
$this->getServerParameter('PHP_AUTH_PW', $request)
);
if ($client->canKeepASecret() && is_null($clientSecret)) {
throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
}
$client = $this->clientRepository->getClientEntity(
$clientId,
$this->getIdentifier(),
$clientSecret
);
if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
if (!$client instanceof ClientEntityInterface) {
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
throw OAuthServerException::invalidClient();
}