ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Updated @ziege's patch to overcome awkward access token definition requirement (i.e. access token can have a space in it) and also optimised code. Fixes #52

Browse Source
This commit is contained in:
Alex Bilbie 2013-05-10 12:57:06 -07:00
parent b88ef82563
commit 8c4019693b
2 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/League/OAuth2/Server/Resource.php
View File

@ -250,15 +250,12 @@ class Resource
// 1st request: Authorization: Bearer XXX // 1st request: Authorization: Bearer XXX
// 2nd request: Authorization: Bearer XXX, Bearer XXX // 2nd request: Authorization: Bearer XXX, Bearer XXX
if (strpos($header, ',') !== false) { if (strpos($header, ',') !== false) {
$accessTokens = array(); $headerPart = explode(',', $header);
foreach (explode(',', $header) as $header_part) { $accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $headerPart[0]);
$accessTokens[] = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header_part));
}
// take always the first one
$accessToken = $accessTokens[0];
} else { } else {
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header)); $accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $header);
} }
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
} else { } else {
$method = $this->getRequest()->server('REQUEST_METHOD'); $method = $this->getRequest()->server('REQUEST_METHOD');
$accessToken = $this->getRequest()->{$method}($this->tokenKey); $accessToken = $this->getRequest()->{$method}($this->tokenKey);

41
tests/resource/ResourceServerTest.php
View File

@ -83,6 +83,24 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
$method->invoke($s); $method->invoke($s);
} }
/**
* @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
*/
public function test_determineAccessToken_brokenCurlRequest()
{
$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer, Bearer abcdef';
$request = new League\OAuth2\Server\Util\Request(array(), array(), array(), array(), $_SERVER);
$s = $this->returnDefault();
$s->setRequest($request);
$reflector = new ReflectionClass($s);
$method = $reflector->getMethod('determineAccessToken');
$method->setAccessible(true);
$method->invoke($s);
}
public function test_determineAccessToken_fromHeader() public function test_determineAccessToken_fromHeader()
{ {
$request = new League\OAuth2\Server\Util\Request(); $request = new League\OAuth2\Server\Util\Request();
@ -106,6 +124,29 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
$this->assertEquals('abcdef', $result); $this->assertEquals('abcdef', $result);
} }
public function test_determineAccessToken_fromBrokenCurlHeader()
{
$request = new League\OAuth2\Server\Util\Request();
$requestReflector = new ReflectionClass($request);
$param = $requestReflector->getProperty('headers');
$param->setAccessible(true);
$param->setValue($request, array(
'Authorization' => 'Bearer abcdef, Bearer abcdef'
));
$s = $this->returnDefault();
$s->setRequest($request);
$reflector = new ReflectionClass($s);
$method = $reflector->getMethod('determineAccessToken');
$method->setAccessible(true);
$result = $method->invoke($s);
$this->assertEquals('abcdef', $result);
}
public function test_determineAccessToken_fromMethod() public function test_determineAccessToken_fromMethod()
{ {
$s = $this->returnDefault(); $s = $this->returnDefault();