mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 13:09:44 +05:30
Merge pull request #967 from Sephster/password-grant-use-invalid-grant
Password Grant Should Issue an invalid_grant Error When Credentials are Incorrect
This commit is contained in:
commit
eea9c30e70
@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
||||
- `issueAccessToken()` in the Abstract Grant no longer sets access token client, user ID or scopes. These values should already have been set when calling `getNewToken()` (PR #919)
|
||||
- No longer need to enable PKCE with `enableCodeExchangeProof` flag. Any client sending a code challenge will initiate PKCE checks. (PR #938)
|
||||
- Function `getClientEntity()` no longer performs client validation (PR #938)
|
||||
- Password Grant now returns an invalid_grant error instead of invalid_credentials if a user cannot be validated (PR #967)
|
||||
|
||||
### Removed
|
||||
- `enableCodeExchangeProof` flag (PR #938)
|
||||
|
@ -81,11 +81,13 @@ class PasswordGrant extends AbstractGrant
|
||||
protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
|
||||
{
|
||||
$username = $this->getRequestParameter('username', $request);
|
||||
|
||||
if (is_null($username)) {
|
||||
throw OAuthServerException::invalidRequest('username');
|
||||
}
|
||||
|
||||
$password = $this->getRequestParameter('password', $request);
|
||||
|
||||
if (is_null($password)) {
|
||||
throw OAuthServerException::invalidRequest('password');
|
||||
}
|
||||
@ -96,10 +98,11 @@ class PasswordGrant extends AbstractGrant
|
||||
$this->getIdentifier(),
|
||||
$client
|
||||
);
|
||||
|
||||
if ($user instanceof UserEntityInterface === false) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
|
||||
|
||||
throw OAuthServerException::invalidCredentials();
|
||||
throw OAuthServerException::invalidGrant();
|
||||
}
|
||||
|
||||
return $user;
|
||||
|
@ -145,6 +145,7 @@ class PasswordGrantTest extends TestCase
|
||||
|
||||
/**
|
||||
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||
* @expectedExceptionCode 10
|
||||
*/
|
||||
public function testRespondToRequestBadCredentials()
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user