diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index a8528bb5..8d824296 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -240,6 +240,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } + } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 + || empty($client->getRedirectUri()) + ) { + $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); + throw OAuthServerException::invalidClient(); } $scopes = $this->validateScopes( diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index 870e930a..f3c9e694 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -149,6 +149,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } + } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 + || empty($client->getRedirectUri()) + ) { + $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); + throw OAuthServerException::invalidClient(); } $scopes = $this->validateScopes( diff --git a/tests/AuthorizationServerTest.php b/tests/AuthorizationServerTest.php index 40458059..a08b6b7a 100644 --- a/tests/AuthorizationServerTest.php +++ b/tests/AuthorizationServerTest.php @@ -146,6 +146,7 @@ class AuthorizationServerTest extends TestCase public function testValidateAuthorizationRequest() { $client = new ClientEntity(); + $client->setRedirectUri('http://foo/bar'); $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); @@ -188,6 +189,50 @@ class AuthorizationServerTest extends TestCase $this->assertTrue($server->validateAuthorizationRequest($request) instanceof AuthorizationRequest); } + public function testValidateAuthorizationRequestWithMissingRedirectUri() + { + $client = new ClientEntity(); + $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); + $clientRepositoryMock->method('getClientEntity')->willReturn($client); + + $grant = new AuthCodeGrant( + $this->getMock(AuthCodeRepositoryInterface::class), + $this->getMock(RefreshTokenRepositoryInterface::class), + new \DateInterval('PT10M') + ); + $grant->setClientRepository($clientRepositoryMock); + + $server = new AuthorizationServer( + $clientRepositoryMock, + $this->getMock(AccessTokenRepositoryInterface::class), + $this->getMock(ScopeRepositoryInterface::class), + 'file://' . __DIR__ . '/Stubs/private.key', + 'file://' . __DIR__ . '/Stubs/public.key' + ); + $server->enableGrantType($grant); + + $request = new ServerRequest( + [], + [], + null, + null, + 'php://input', + $headers = [], + $cookies = [], + $queryParams = [ + 'response_type' => 'code', + 'client_id' => 'foo', + ] + ); + + try { + $server->validateAuthorizationRequest($request); + } catch (OAuthServerException $e) { + $this->assertEquals('invalid_client', $e->getErrorType()); + $this->assertEquals(401, $e->getHttpStatusCode()); + } + } + /** * @expectedException \League\OAuth2\Server\Exception\OAuthServerException * @expectedExceptionCode 2