allow scopes extraction on GET requests for auth_code and implicit grants

This commit is contained in:
Julián Gutiérrez 2016-03-14 00:12:14 +01:00
parent c3ffed2daf
commit ced63e2051
7 changed files with 18 additions and 25 deletions

View File

@ -226,7 +226,7 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Validate scopes in the request. * Validate scopes in the request.
* *
* @param \Psr\Http\Message\ServerRequestInterface $request * @param string $scopes
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
* @param string $redirectUri * @param string $redirectUri
* *
@ -235,13 +235,12 @@ abstract class AbstractGrant implements GrantTypeInterface
* @return \League\OAuth2\Server\Entities\ScopeEntity[] * @return \League\OAuth2\Server\Entities\ScopeEntity[]
*/ */
public function validateScopes( public function validateScopes(
ServerRequestInterface $request, $scopes,
ClientEntityInterface $client, ClientEntityInterface $client,
$redirectUri = null $redirectUri = null
) { ) {
$requestedScopes = $this->getRequestParameter('scope', $request);
$scopesList = array_filter( $scopesList = array_filter(
explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)), explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
function ($scope) { function ($scope) {
return !empty($scope); return !empty($scope);
} }

View File

@ -94,7 +94,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
} }
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri()); $scopes = $this->validateScopes(
$this->getQueryStringParameter('scope', $request),
$client,
$client->getRedirectUri()
);
$queryString = http_build_query($request->getQueryParams()); $queryString = http_build_query($request->getQueryParams());
$postbackUri = new Uri( $postbackUri = new Uri(
sprintf( sprintf(

View File

@ -28,7 +28,7 @@ class ClientCredentialsGrant extends AbstractGrant
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$scopes = $this->validateScopes($request, $client); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
// Issue and persist access token // Issue and persist access token
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes); $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);

View File

@ -94,7 +94,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
} }
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri()); $scopes = $this->validateScopes(
$this->getQueryStringParameter('scope', $request),
$client,
$client->getRedirectUri()
);
$queryString = http_build_query($request->getQueryParams()); $queryString = http_build_query($request->getQueryParams());
$postbackUri = new Uri( $postbackUri = new Uri(
sprintf( sprintf(

View File

@ -53,7 +53,7 @@ class PasswordGrant extends AbstractGrant
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$user = $this->validateUser($request); $user = $this->validateUser($request);
$scopes = $this->validateScopes($request, $client); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
// Issue and persist new tokens // Issue and persist new tokens
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);

View File

@ -44,7 +44,7 @@ class RefreshTokenGrant extends AbstractGrant
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
$scopes = $this->validateScopes($request, $client); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
// If no new scopes are requested then give the access token the original session scopes // If no new scopes are requested then give the access token the original session scopes
if (count($scopes) === 0) { if (count($scopes) === 0) {

View File

@ -343,14 +343,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
$grantMock->setScopeRepository($scopeRepositoryMock); $grantMock->setScopeRepository($scopeRepositoryMock);
$serverRequest = new ServerRequest(); $this->assertEquals([$scope], $grantMock->validateScopes('basic ', new ClientEntity()));
$serverRequest = $serverRequest->withParsedBody(
[
'scope' => 'basic ',
]
);
$this->assertEquals([$scope], $grantMock->validateScopes($serverRequest, new ClientEntity()));
} }
/** /**
@ -365,14 +358,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
$grantMock->setScopeRepository($scopeRepositoryMock); $grantMock->setScopeRepository($scopeRepositoryMock);
$serverRequest = new ServerRequest(); $grantMock->validateScopes('basic ', new ClientEntity());
$serverRequest = $serverRequest->withParsedBody(
[
'scope' => 'basic ',
]
);
$grantMock->validateScopes($serverRequest, new ClientEntity());
} }
public function testGenerateUniqueIdentifier() public function testGenerateUniqueIdentifier()