diff --git a/CHANGELOG.md b/CHANGELOG.md index 8792e1e5..91ba6ca1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Changelog -## 1.0.6 (released 2013-02-) +## 1.0.7 (released 2013-03-04) + +* Added method `requireStateParam()` +* Added method `requireScopeParam()` + +## 1.0.6 (released 2013-02-22) * Added links to tutorials in the README * Added missing `state` parameter request to the `checkAuthoriseParams()` method. @@ -24,4 +29,4 @@ ## 1.0.0 (released 2013-02-15) -* First release \ No newline at end of file +* First major release \ No newline at end of file diff --git a/composer.json b/composer.json index 203ee7e5..9cacbf5b 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "lncd/oauth2", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants", - "version": "1.0.6", + "version": "1.0.7", "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 1cdb182b..995e1c75 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -57,6 +57,18 @@ class AuthServer */ static protected $grantTypes = array(); + /** + * Require the "scope" parameter to be in checkAuthoriseParams() + * @var boolean + */ + protected $requireScopeParam = true; + + /** + * Require the "state" parameter to be in checkAuthoriseParams() + * @var boolean + */ + protected $requireStateParam = false; + /** * The request object * @var Util\RequestInterface @@ -164,6 +176,26 @@ class AuthServer return (array_key_exists($identifier, self::$grantTypes)); } + /** + * Require the "scope" paremter in checkAuthoriseParams() + * @param boolean $require + * @return void + */ + public function requireScopeParam($require = true) + { + $this->requireScopeParam = $require; + } + + /** + * Require the "state" paremter in checkAuthoriseParams() + * @param boolean $require + * @return void + */ + public function requireStateParam($require = false) + { + $this->requireStateParam = $require; + } + /** * Get the scope delimeter * @@ -259,6 +291,10 @@ class AuthServer throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0); } + if ($this->requireStateParam === true && is_null($authParams['redirect_uri'])) { + throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0); + } + // Validate client ID and redirect URI $clientDetails = self::getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']); @@ -285,7 +321,7 @@ class AuthServer if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes } - if (count($scopes) === 0) { + if ($this->requireScopeParam === true && count($scopes) === 0) { throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0); } diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index ced7f555..84651909 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -105,25 +105,6 @@ interface SessionInterface * redirect_uri = $redirectUri AND auth_code = $authCode * * - * Response: - * - * - * Array - * ( - * [id] => (int) The session ID - * [client_id] => (string) The client ID - * [redirect_uri] => (string) The redirect URI - * [owner_type] => (string) The session owner type - * [owner_id] => (string) The session owner's ID - * [auth_code] => (string) The authorisation code - * [stage] => (string) The session's stage - * [first_requested] => (int) Unix timestamp of the time the session was - * first generated - * [last_updated] => (int) Unix timestamp of the time the session was - * last updated - * ) - * - * * @param string $clientId The client ID * @param string $redirectUri The redirect URI * @param string $authCode The authorisation code @@ -201,7 +182,12 @@ interface SessionInterface * @param int $accessTokenExpires The UNIX timestamp of when the new token expires * @return void */ - public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires); + public function updateRefreshToken( + $sessionId, + $newAccessToken, + $newRefreshToken, + $accessTokenExpires + ); /** * Associates a session with a scope diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 95ca9a99..6ab843f3 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -89,6 +89,32 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertEquals(';', $a->getScopeDelimeter()); } + public function test_requireScopeParam() + { + $a = $this->returnDefault(); + $a->requireScopeParam(false); + + $reflector = new ReflectionClass($a); + $requestProperty = $reflector->getProperty('requireScopeParam'); + $requestProperty->setAccessible(true); + $v = $requestProperty->getValue($a); + + $this->assertFalse($v); + } + + public function test_requireStateParam() + { + $a = $this->returnDefault(); + $a->requireStateParam(true); + + $reflector = new ReflectionClass($a); + $requestProperty = $reflector->getProperty('requireStateParam'); + $requestProperty->setAccessible(true); + $v = $requestProperty->getValue($a); + + $this->assertTrue($v); + } + public function test_getExpiresIn() { $a = $this->returnDefault();