diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d36285c..e2fe02fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +### Changed +- Refactoring: extracted `validateRedirectUri` method to remove 3 code duplicates (PR #912) + ### Added - Function `hasRedirect()` added to `OAuthServerException` (PR #703) diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 79a1ac47..99f1626a 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -193,27 +193,43 @@ abstract class AbstractGrant implements GrantTypeInterface throw OAuthServerException::invalidClient(); } - // If a redirect URI is provided ensure it matches what is pre-registered $redirectUri = $this->getRequestParameter('redirect_uri', $request, null); + if ($redirectUri !== null) { - if ( - is_string($client->getRedirectUri()) - && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) - ) { - $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); - } elseif ( - is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri(), true) === false - ) { - $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); - } + $this->validateRedirectUri($redirectUri, $client, $request); } return $client; } + /** + * Validate redirectUri from the request. + * If a redirect URI is provided ensure it matches what is pre-registered + * + * @param string $redirectUri + * @param ClientEntityInterface $client + * @param ServerRequestInterface $request + * + * @throws OAuthServerException + */ + protected function validateRedirectUri( + string $redirectUri, + ClientEntityInterface $client, + ServerRequestInterface $request + ) { + if (is_string($client->getRedirectUri()) + && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) + ) { + $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); + throw OAuthServerException::invalidClient(); + } elseif (is_array($client->getRedirectUri()) + && in_array($redirectUri, $client->getRedirectUri(), true) === false + ) { + $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); + throw OAuthServerException::invalidClient(); + } + } + /** * Validate scopes in the request. * diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 80e1cd0f..cfa8309b 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -242,19 +242,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $redirectUri = $this->getQueryStringParameter('redirect_uri', $request); if ($redirectUri !== null) { - if ( - is_string($client->getRedirectUri()) - && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) - ) { - $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); - } elseif ( - is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri(), true) === false - ) { - $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); - } + $this->validateRedirectUri($redirectUri, $client, $request); } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index b4157883..9810c30a 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -118,6 +118,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant $request, $this->getServerParameter('PHP_AUTH_USER', $request) ); + if (is_null($clientId)) { throw OAuthServerException::invalidRequest('client_id'); } @@ -135,20 +136,9 @@ class ImplicitGrant extends AbstractAuthorizeGrant } $redirectUri = $this->getQueryStringParameter('redirect_uri', $request); + if ($redirectUri !== null) { - if ( - is_string($client->getRedirectUri()) - && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) - ) { - $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); - } elseif ( - is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri(), true) === false - ) { - $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); - } + $this->validateRedirectUri($redirectUri, $client, $request); } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));