ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Improved testing

Browse Source
This commit is contained in:
Alex Bilbie
2016-02-21 18:13:39 +00:00
parent cee4147688
commit d02437dd73
4 changed files with 521 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/Grant/AuthCodeGrant.php
View File

@@ -61,7 +61,7 @@ class AuthCodeGrant extends AbstractGrant
$this->authCodeTTL = $authCodeTTL;
$this->refreshTokenTTL = new \DateInterval('P1M');
$this->pathToLoginTemplate = __DIR__ . '/../ResponseTypes/DefaultTemplates/login_user';
$this->pathToLoginTemplate = __DIR__ . '/../ResponseTypes/DefaultTemplates/login_user';
if ($pathToLoginTemplate !== null) {
$this->pathToLoginTemplate = (substr($pathToLoginTemplate, -4) === '.php')
? substr($pathToLoginTemplate, 0, -4)
@@ -108,6 +108,11 @@ class AuthCodeGrant extends AbstractGrant
throw OAuthServerException::invalidClient();
}
$redirectUriParameter = $this->getQueryStringParameter('redirect_uri', $request, $client->getRedirectUri());
if ($redirectUriParameter !== $client->getRedirectUri()) {
throw OAuthServerException::invalidClient();
}
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
$queryString = http_build_query($request->getQueryParams());
$postbackUri = new Uri(
@@ -224,6 +229,7 @@ class AuthCodeGrant extends AbstractGrant
json_encode(
[
'client_id' => $authCode->getClient()->getIdentifier(),
'redirect_uri' => $authCode->getRedirectUri(),
'auth_code_id' => $authCode->getIdentifier(),
'scopes' => $authCode->getScopes(),
'user_id' => $authCode->getUserIdentifier(),
@@ -258,7 +264,7 @@ class AuthCodeGrant extends AbstractGrant
DateInterval $accessTokenTTL
) {
// The redirect URI is required in this request
$redirectUri = $this->getQueryStringParameter('redirect_uri', $request, null);
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
if (is_null($redirectUri)) {
throw OAuthServerException::invalidRequest('redirect_uri');
}
@@ -285,6 +291,10 @@ class AuthCodeGrant extends AbstractGrant
if ($authCodePayload->client_id !== $client->getIdentifier()) {
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
}
if ($authCodePayload->redirect_uri !== $redirectUri) {
throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI');
}
} catch (\LogicException $e) {
throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code');
}
@@ -341,13 +351,8 @@ class AuthCodeGrant extends AbstractGrant
&& $request->getQueryParams()['response_type'] === 'code'
) {
return $this->respondToAuthorizationRequest($request);
} elseif (
array_key_exists('grant_type', $request->getParsedBody())
&& $request->getParsedBody()['grant_type'] === 'authorization_code'
) {
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
} else {
throw OAuthServerException::serverError('respondToRequest() should not have been called');
}
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
}
}