Ian Littman
27d5c5ed8d
Ensure unvalidated ClientEntity gets throw/emit if they return null
...
In many cases, we validate client info before pulling from client itself
from the repository, in which case it's safe to assume that you can grab
the client once validation passes. However on implicit/auth code grants
we don't have this guarantee due to non-confidential clients that just
reference the client ID. In those cases the client may supply a client
ID that doesn't exist, and we don't do a validation step before pulling
it from the repo.
The issue with that is that ClientRepository doesn't actually enforce
returning a ClientInterface via typehint, nor does it even suggest an
exception to throw if the client doesn't exist. So in most places we
do an instanceof check after the repository returns and throw/emit an
error event if the client doesn't exist.
This approach ends up being a bit error-prone; we missed one case where
we should've been doing this check: in the access token request on an
auth code grant. We don't do enough validation beforehand to assume that
the incoming request has an accurate client ID, so L96 could absolutely
be a method call on a non-object.
This commit centralizes the return-check-emit-throw logic so it's a
one-liner for wherever we need it, including the access token request
processor for auth code grants.
2019-05-11 14:35:59 -05:00
Andrew Millington
d7defafd83
Merge pull request #963 from marc-mabe/date-time-handling
...
BC-Break: cleanup DateTime handline for 8.0.0
2018-12-19 13:10:20 +00:00
sephster
16f37560d4
Merge latest version of 8 branch
2018-12-19 13:03:10 +00:00
sephster
5ed8e59ef3
Update changelog
2018-12-19 12:58:11 +00:00
sephster
c2cd12e0b8
Remove return types
2018-12-19 12:54:26 +00:00
Andrew Millington
8e9368cf44
Merge pull request #978 from Devristo/fix-http-basic-respond-to-access-token-request
...
Fixed respondToAccessTokenRequest using Http Basic Auth
2018-12-10 23:07:58 +00:00
sephster
894724c45b
Remove invalid commenting
2018-12-10 23:01:45 +00:00
sephster
fd65bf9e54
Streamline tests
2018-12-10 22:51:58 +00:00
Chris Tanaskoski
b6955a6c65
Fixed respondToAccessTokenRequest such that it accepts client_id through request body and Http Basic Auth
2018-11-30 10:19:06 +01:00
Chris Tanaskoski
ec8a663a81
Added test for respondToAccessTokenRequest using Http Basic Auth for client credentials
2018-11-29 09:28:36 +01:00
Andrew Millington
eea9c30e70
Merge pull request #967 from Sephster/password-grant-use-invalid-grant
...
Password Grant Should Issue an invalid_grant Error When Credentials are Incorrect
2018-11-13 18:28:09 +00:00
sephster
a936962716
Update changelog
2018-11-13 18:27:03 +00:00
sephster
685dc6edea
Update test
2018-11-13 18:19:20 +00:00
sephster
2b4974b697
Change to use invalid_grant
2018-11-13 18:18:07 +00:00
Marc Bennewitz
16f9de86f2
cleanup DateTime handline
...
* DateTime -> DateTimeImmutable
* DateTime::format('U') -> DateTime::getTimestamp()
* (new DateTime())->getTimestamp() -> time()
2018-11-08 12:45:18 +01:00
Andrew Millington
fe421878e6
Merge pull request #938 from Sephster/force-pkce-for-public-clients
...
Force PKCE for public clients
2018-09-21 20:50:46 +01:00
sephster
0c2356a508
Fix file names for code challenge verifier tests
2018-09-21 20:43:04 +01:00
sephster
9645119ccb
Fix missing comma
2018-09-21 20:35:04 +01:00
sephster
da2742bea7
Add details on client validation changes
2018-09-21 20:32:47 +01:00
sephster
efb5ce5e2a
Update changelog
2018-09-21 20:29:27 +01:00
sephster
1ddc27e792
Add code challenge verifier tests
2018-09-21 20:12:05 +01:00
sephster
fcd6eb8a3c
Fix variable name
2018-09-18 18:01:24 +01:00
sephster
133d9cc97a
Fix missing
2018-09-18 17:51:11 +01:00
Andrew Millington
592dd2f433
Fix typo in function name
2018-09-17 20:10:26 +01:00
sephster
4a464dd336
Fix coding standard issue
2018-09-17 12:49:37 +01:00
sephster
970df8f34b
Add code challenge verifiers
2018-09-17 12:48:32 +01:00
sephster
6a1645aebc
Start to add code challenge verifier interfaces
2018-09-14 18:56:22 +01:00
sephster
e3e7abf41e
Set default isConfidential to false for client entity
2018-09-03 13:09:52 +01:00
sephster
d831868d58
Fix getClientEntity parameters
2018-09-02 16:27:31 +01:00
sephster
36bf4ff8f2
Fix accidental paste of code
2018-09-02 16:19:47 +01:00
sephster
07ebe43b91
Change else if to elseif
2018-09-02 16:17:34 +01:00
sephster
5d3d9d95be
Remove extra line
2018-09-02 15:46:59 +01:00
sephster
e85a8e31e8
Remove assignment as not needed
2018-09-02 14:58:02 +01:00
sephster
de899fbe0a
Fix incorrect usage of isConfidential
2018-09-01 15:05:12 +01:00
sephster
3eabbafe5b
Client says if it is confidential instead of repository
2018-09-01 14:53:27 +01:00
sephster
cfa9b8d3b4
Move grant check for client back to validate method
2018-09-01 14:38:31 +01:00
sephster
060a090479
Change tests to use validClient instead of getClientEntity
2018-09-01 14:26:22 +01:00
sephster
46c2f99b06
Change function name to be more explicit
2018-09-01 13:17:36 +01:00
sephster
74495cac49
Set proper confidential settings in existing tests
2018-08-16 12:59:10 +01:00
Andrew Millington
fb43801458
Change function name to setConfidential()
2018-08-15 21:40:41 +01:00
sephster
8ab27ede39
Add test to ensure public clients are asked to provide a code challenge
2018-08-13 22:54:12 +01:00
sephster
0105a20126
Reverted tests to remove isConfidential check
2018-08-13 22:00:34 +01:00
sephster
491852b521
Move code challenge check to auth code request
2018-08-13 21:47:53 +01:00
sephster
7f2fd7b22c
Add set confidential to clients for tests
2018-08-13 21:21:59 +01:00
Andrew Millington
abef682031
Add setIsConfidential to client stub for tests
2018-08-12 20:34:58 +01:00
Andrew Millington
04807a1e2a
Fix incorrect variable reference
2018-08-12 20:29:39 +01:00
Andrew Millington
d07b5a4a03
Add isConfidential function to client entity trait
2018-08-12 20:26:46 +01:00
Andrew Millington
838f206832
Tidy up comments
2018-08-12 20:09:55 +01:00
Andrew Millington
972808561d
Add optional code challenge check for public clients
2018-08-12 20:06:34 +01:00
Andrew Millington
5ad00b0e33
Remove enableCodeExchangeProof function
2018-07-29 22:34:37 +01:00
