mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
ClientRepository implementations are now responsible for dealing with client secret
This commit is contained in:
parent
f688401f63
commit
878afeb9f9
@ -32,18 +32,6 @@ interface ClientEntityInterface
|
|||||||
*/
|
*/
|
||||||
public function setName($name);
|
public function setName($name);
|
||||||
|
|
||||||
/**
|
|
||||||
* @param string $secret
|
|
||||||
*/
|
|
||||||
public function setSecret($secret);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the hashed client secret
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getSecret();
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the client's redirect uri.
|
* Set the client's redirect uri.
|
||||||
*
|
*
|
||||||
|
@ -153,15 +153,6 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
|
throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
|
||||||
}
|
}
|
||||||
|
|
||||||
$client = $this->clientRepository->getClientEntity(
|
|
||||||
$clientId,
|
|
||||||
$this->getIdentifier()
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!$client instanceof ClientEntityInterface) {
|
|
||||||
throw OAuthServerException::invalidClient();
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the client is confidential require the client secret
|
// If the client is confidential require the client secret
|
||||||
$clientSecret = $this->getRequestParameter(
|
$clientSecret = $this->getRequestParameter(
|
||||||
'client_secret',
|
'client_secret',
|
||||||
@ -169,11 +160,13 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$this->getServerParameter('PHP_AUTH_PW', $request)
|
$this->getServerParameter('PHP_AUTH_PW', $request)
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($client->canKeepASecret() && is_null($clientSecret)) {
|
$client = $this->clientRepository->getClientEntity(
|
||||||
throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
|
$clientId,
|
||||||
}
|
$this->getIdentifier(),
|
||||||
|
$clientSecret
|
||||||
|
);
|
||||||
|
|
||||||
if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
|
if (!$client instanceof ClientEntityInterface) {
|
||||||
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
@ -73,7 +73,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
|
|
||||||
if ($client instanceof ClientEntityInterface === false) {
|
if ($client instanceof ClientEntityInterface === false) {
|
||||||
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
||||||
|
|
||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,8 +20,9 @@ interface ClientRepositoryInterface extends RepositoryInterface
|
|||||||
*
|
*
|
||||||
* @param string $clientIdentifier The client's identifier
|
* @param string $clientIdentifier The client's identifier
|
||||||
* @param string $grantType The grant type used
|
* @param string $grantType The grant type used
|
||||||
|
* @param null|string $clientSecret The client's secret (if sent)
|
||||||
*
|
*
|
||||||
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
||||||
*/
|
*/
|
||||||
public function getClientEntity($clientIdentifier, $grantType);
|
public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null);
|
||||||
}
|
}
|
||||||
|
@ -111,10 +111,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
*/
|
*/
|
||||||
public function testValidateClientMissingClientSecret()
|
public function testValidateClientMissingClientSecret()
|
||||||
{
|
{
|
||||||
$client = new ClientEntity();
|
|
||||||
$client->setSecret('bar');
|
|
||||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
$clientRepositoryMock->method('getClientEntity')->willReturn(null);
|
||||||
|
|
||||||
/** @var AbstractGrant $grantMock */
|
/** @var AbstractGrant $grantMock */
|
||||||
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
||||||
@ -138,10 +136,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
*/
|
*/
|
||||||
public function testValidateClientInvalidClientSecret()
|
public function testValidateClientInvalidClientSecret()
|
||||||
{
|
{
|
||||||
$client = new ClientEntity();
|
|
||||||
$client->setSecret('bar');
|
|
||||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
$clientRepositoryMock->method('getClientEntity')->willReturn(null);
|
||||||
|
|
||||||
/** @var AbstractGrant $grantMock */
|
/** @var AbstractGrant $grantMock */
|
||||||
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
||||||
|
Loading…
Reference in New Issue
Block a user