mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Improved testing
This commit is contained in:
Alex Bilbie
@@ -286,4 +286,12 @@ class OAuthServerException extends \Exception
|
||||
{
|
||||
return $this->httpStatusCode;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return null|string
|
||||
*/
|
||||
public function getHint()
|
||||
{
|
||||
return $this->hint;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ use League\Event\Event;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntity;
|
||||
use League\OAuth2\Server\Entities\AuthCodeEntity;
|
||||
use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
|
||||
use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface;
|
||||
use League\OAuth2\Server\Entities\RefreshTokenEntity;
|
||||
use League\OAuth2\Server\Entities\ScopeEntity;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
@@ -344,6 +345,11 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
$accessToken->setUserIdentifier($userIdentifier);
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
if (is_string($scope)) {
|
||||
$s = new ScopeEntity();
|
||||
$s->setIdentifier($scope);
|
||||
$scope = $s;
|
||||
}
|
||||
$accessToken->addScope($scope);
|
||||
}
|
||||
|
||||
@@ -435,8 +441,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
public function canRespondToRequest(ServerRequestInterface $request)
|
||||
{
|
||||
return
|
||||
isset($request->getParsedBody()['grant_type'])
|
||||
&& $request->getParsedBody()['grant_type'] === $this->getIdentifier();
|
||||
return isset($request->getParsedBody()['grant_type'])
|
||||
&& $request->getParsedBody()['grant_type'] === $this->getIdentifier();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ class AuthCodeGrant extends AbstractGrant
|
||||
$this->authCodeTTL = $authCodeTTL;
|
||||
$this->refreshTokenTTL = new \DateInterval('P1M');
|
||||
|
||||
$this->pathToLoginTemplate = __DIR__ . '/../ResponseTypes/DefaultTemplates/login_user';
|
||||
$this->pathToLoginTemplate = __DIR__ . '/../ResponseTypes/DefaultTemplates/login_user';
|
||||
if ($pathToLoginTemplate !== null) {
|
||||
$this->pathToLoginTemplate = (substr($pathToLoginTemplate, -4) === '.php')
|
||||
? substr($pathToLoginTemplate, 0, -4)
|
||||
@@ -108,6 +108,11 @@ class AuthCodeGrant extends AbstractGrant
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
|
||||
$redirectUriParameter = $this->getQueryStringParameter('redirect_uri', $request, $client->getRedirectUri());
|
||||
if ($redirectUriParameter !== $client->getRedirectUri()) {
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
|
||||
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
|
||||
$queryString = http_build_query($request->getQueryParams());
|
||||
$postbackUri = new Uri(
|
||||
@@ -224,6 +229,7 @@ class AuthCodeGrant extends AbstractGrant
|
||||
json_encode(
|
||||
[
|
||||
'client_id' => $authCode->getClient()->getIdentifier(),
|
||||
'redirect_uri' => $authCode->getRedirectUri(),
|
||||
'auth_code_id' => $authCode->getIdentifier(),
|
||||
'scopes' => $authCode->getScopes(),
|
||||
'user_id' => $authCode->getUserIdentifier(),
|
||||
@@ -258,7 +264,7 @@ class AuthCodeGrant extends AbstractGrant
|
||||
DateInterval $accessTokenTTL
|
||||
) {
|
||||
// The redirect URI is required in this request
|
||||
$redirectUri = $this->getQueryStringParameter('redirect_uri', $request, null);
|
||||
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
||||
if (is_null($redirectUri)) {
|
||||
throw OAuthServerException::invalidRequest('redirect_uri');
|
||||
}
|
||||
@@ -285,6 +291,10 @@ class AuthCodeGrant extends AbstractGrant
|
||||
if ($authCodePayload->client_id !== $client->getIdentifier()) {
|
||||
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
|
||||
}
|
||||
|
||||
if ($authCodePayload->redirect_uri !== $redirectUri) {
|
||||
throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI');
|
||||
}
|
||||
} catch (\LogicException $e) {
|
||||
throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code');
|
||||
}
|
||||
@@ -341,13 +351,8 @@ class AuthCodeGrant extends AbstractGrant
|
||||
&& $request->getQueryParams()['response_type'] === 'code'
|
||||
) {
|
||||
return $this->respondToAuthorizationRequest($request);
|
||||
} elseif (
|
||||
array_key_exists('grant_type', $request->getParsedBody())
|
||||
&& $request->getParsedBody()['grant_type'] === 'authorization_code'
|
||||
) {
|
||||
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
||||
} else {
|
||||
throw OAuthServerException::serverError('respondToRequest() should not have been called');
|
||||
}
|
||||
|
||||
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user