ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-24 04:22:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2.

Browse Source
This commit is contained in:
Alex McRoberts 2013-05-27 21:27:30 -07:00
parent a9ecca92fc
commit a4a8f6e661
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/League/OAuth2/Server/Resource.php
View File

@ -173,12 +173,13 @@ class Resource
/** /**
* Checks if the access token is valid or not. * Checks if the access token is valid or not.
* *
* @param $headersOnly Limit Access Token to Authorization header only
* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid * @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
* @return bool * @return bool
*/ */
public function isValid() public function isValid($headersOnly = false)
{ {
$accessToken = $this->determineAccessToken(); $accessToken = $this->determineAccessToken($headersOnly);
$result = $this->storages['session']->validateAccessToken($accessToken); $result = $this->storages['session']->validateAccessToken($accessToken);
@ -237,10 +238,11 @@ class Resource
/** /**
* Reads in the access token from the headers. * Reads in the access token from the headers.
* *
* @param $headersOnly Limit Access Token to Authorization header only
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
* @return string * @return string
*/ */
protected function determineAccessToken() protected function determineAccessToken($headersOnly = false)
{ {
if ($header = $this->getRequest()->header('Authorization')) { if ($header = $this->getRequest()->header('Authorization')) {
// Check for special case, because cURL sometimes does an // Check for special case, because cURL sometimes does an
@ -256,7 +258,7 @@ class Resource
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header)); $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
} }
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken; $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
} else { } elseif ($headersOnly === false) {
$method = $this->getRequest()->server('REQUEST_METHOD'); $method = $this->getRequest()->server('REQUEST_METHOD');
$accessToken = $this->getRequest()->{$method}($this->tokenKey); $accessToken = $this->getRequest()->{$method}($this->tokenKey);
} }