mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-03 10:41:51 +05:30
allow scopes extraction on GET requests for auth_code and implicit grants
This commit is contained in:
parent
c3ffed2daf
commit
ced63e2051
@ -226,7 +226,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
/**
|
/**
|
||||||
* Validate scopes in the request.
|
* Validate scopes in the request.
|
||||||
*
|
*
|
||||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
* @param string $scopes
|
||||||
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
|
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
|
||||||
* @param string $redirectUri
|
* @param string $redirectUri
|
||||||
*
|
*
|
||||||
@ -235,13 +235,12 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
|
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
|
||||||
*/
|
*/
|
||||||
public function validateScopes(
|
public function validateScopes(
|
||||||
ServerRequestInterface $request,
|
$scopes,
|
||||||
ClientEntityInterface $client,
|
ClientEntityInterface $client,
|
||||||
$redirectUri = null
|
$redirectUri = null
|
||||||
) {
|
) {
|
||||||
$requestedScopes = $this->getRequestParameter('scope', $request);
|
|
||||||
$scopesList = array_filter(
|
$scopesList = array_filter(
|
||||||
explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)),
|
explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
|
||||||
function ($scope) {
|
function ($scope) {
|
||||||
return !empty($scope);
|
return !empty($scope);
|
||||||
}
|
}
|
||||||
|
@ -94,7 +94,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
|
||||||
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
|
$scopes = $this->validateScopes(
|
||||||
|
$this->getQueryStringParameter('scope', $request),
|
||||||
|
$client,
|
||||||
|
$client->getRedirectUri()
|
||||||
|
);
|
||||||
$queryString = http_build_query($request->getQueryParams());
|
$queryString = http_build_query($request->getQueryParams());
|
||||||
$postbackUri = new Uri(
|
$postbackUri = new Uri(
|
||||||
sprintf(
|
sprintf(
|
||||||
|
@ -28,7 +28,7 @@ class ClientCredentialsGrant extends AbstractGrant
|
|||||||
) {
|
) {
|
||||||
// Validate request
|
// Validate request
|
||||||
$client = $this->validateClient($request);
|
$client = $this->validateClient($request);
|
||||||
$scopes = $this->validateScopes($request, $client);
|
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
|
||||||
|
|
||||||
// Issue and persist access token
|
// Issue and persist access token
|
||||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);
|
||||||
|
@ -94,7 +94,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
|||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
|
||||||
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
|
$scopes = $this->validateScopes(
|
||||||
|
$this->getQueryStringParameter('scope', $request),
|
||||||
|
$client,
|
||||||
|
$client->getRedirectUri()
|
||||||
|
);
|
||||||
$queryString = http_build_query($request->getQueryParams());
|
$queryString = http_build_query($request->getQueryParams());
|
||||||
$postbackUri = new Uri(
|
$postbackUri = new Uri(
|
||||||
sprintf(
|
sprintf(
|
||||||
|
@ -53,7 +53,7 @@ class PasswordGrant extends AbstractGrant
|
|||||||
// Validate request
|
// Validate request
|
||||||
$client = $this->validateClient($request);
|
$client = $this->validateClient($request);
|
||||||
$user = $this->validateUser($request);
|
$user = $this->validateUser($request);
|
||||||
$scopes = $this->validateScopes($request, $client);
|
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
|
||||||
|
|
||||||
// Issue and persist new tokens
|
// Issue and persist new tokens
|
||||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
|
||||||
|
@ -44,7 +44,7 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
// Validate request
|
// Validate request
|
||||||
$client = $this->validateClient($request);
|
$client = $this->validateClient($request);
|
||||||
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
|
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
|
||||||
$scopes = $this->validateScopes($request, $client);
|
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
|
||||||
|
|
||||||
// If no new scopes are requested then give the access token the original session scopes
|
// If no new scopes are requested then give the access token the original session scopes
|
||||||
if (count($scopes) === 0) {
|
if (count($scopes) === 0) {
|
||||||
|
@ -343,14 +343,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
||||||
$grantMock->setScopeRepository($scopeRepositoryMock);
|
$grantMock->setScopeRepository($scopeRepositoryMock);
|
||||||
|
|
||||||
$serverRequest = new ServerRequest();
|
$this->assertEquals([$scope], $grantMock->validateScopes('basic ', new ClientEntity()));
|
||||||
$serverRequest = $serverRequest->withParsedBody(
|
|
||||||
[
|
|
||||||
'scope' => 'basic ',
|
|
||||||
]
|
|
||||||
);
|
|
||||||
|
|
||||||
$this->assertEquals([$scope], $grantMock->validateScopes($serverRequest, new ClientEntity()));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -365,14 +358,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
|
||||||
$grantMock->setScopeRepository($scopeRepositoryMock);
|
$grantMock->setScopeRepository($scopeRepositoryMock);
|
||||||
|
|
||||||
$serverRequest = new ServerRequest();
|
$grantMock->validateScopes('basic ', new ClientEntity());
|
||||||
$serverRequest = $serverRequest->withParsedBody(
|
|
||||||
[
|
|
||||||
'scope' => 'basic ',
|
|
||||||
]
|
|
||||||
);
|
|
||||||
|
|
||||||
$grantMock->validateScopes($serverRequest, new ClientEntity());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGenerateUniqueIdentifier()
|
public function testGenerateUniqueIdentifier()
|
||||||
|
Loading…
Reference in New Issue
Block a user