mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Updated @ziege's patch to overcome awkward access token definition requirement (i.e. access token can have a space in it) and also optimised code. Fixes #52
This commit is contained in:
Alex Bilbie
@@ -250,15 +250,12 @@ class Resource
|
||||
// 1st request: Authorization: Bearer XXX
|
||||
// 2nd request: Authorization: Bearer XXX, Bearer XXX
|
||||
if (strpos($header, ',') !== false) {
|
||||
$accessTokens = array();
|
||||
foreach (explode(',', $header) as $header_part) {
|
||||
$accessTokens[] = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header_part));
|
||||
}
|
||||
// take always the first one
|
||||
$accessToken = $accessTokens[0];
|
||||
$headerPart = explode(',', $header);
|
||||
$accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $headerPart[0]);
|
||||
} else {
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header));
|
||||
$accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $header);
|
||||
}
|
||||
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
|
||||
} else {
|
||||
$method = $this->getRequest()->server('REQUEST_METHOD');
|
||||
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
|
||||
|
||||
@@ -83,6 +83,24 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
||||
$method->invoke($s);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
|
||||
*/
|
||||
public function test_determineAccessToken_brokenCurlRequest()
|
||||
{
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer, Bearer abcdef';
|
||||
$request = new League\OAuth2\Server\Util\Request(array(), array(), array(), array(), $_SERVER);
|
||||
|
||||
$s = $this->returnDefault();
|
||||
$s->setRequest($request);
|
||||
|
||||
$reflector = new ReflectionClass($s);
|
||||
$method = $reflector->getMethod('determineAccessToken');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$method->invoke($s);
|
||||
}
|
||||
|
||||
public function test_determineAccessToken_fromHeader()
|
||||
{
|
||||
$request = new League\OAuth2\Server\Util\Request();
|
||||
@@ -106,6 +124,29 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertEquals('abcdef', $result);
|
||||
}
|
||||
|
||||
public function test_determineAccessToken_fromBrokenCurlHeader()
|
||||
{
|
||||
$request = new League\OAuth2\Server\Util\Request();
|
||||
|
||||
$requestReflector = new ReflectionClass($request);
|
||||
$param = $requestReflector->getProperty('headers');
|
||||
$param->setAccessible(true);
|
||||
$param->setValue($request, array(
|
||||
'Authorization' => 'Bearer abcdef, Bearer abcdef'
|
||||
));
|
||||
$s = $this->returnDefault();
|
||||
$s->setRequest($request);
|
||||
|
||||
$reflector = new ReflectionClass($s);
|
||||
|
||||
$method = $reflector->getMethod('determineAccessToken');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$result = $method->invoke($s);
|
||||
|
||||
$this->assertEquals('abcdef', $result);
|
||||
}
|
||||
|
||||
public function test_determineAccessToken_fromMethod()
|
||||
{
|
||||
$s = $this->returnDefault();
|
||||
|
||||
Reference in New Issue
Block a user