mirror of
https://github.com/elyby/accounts.git
synced 2024-12-23 22:00:06 +05:30
Fix redirect_uri validation for the AuthCodeGrant
This commit is contained in:
parent
a8e20a9775
commit
22d8971dc5
@ -9,7 +9,11 @@ use api\components\OAuth2\Repositories\PublicScopeRepository;
|
||||
use DateInterval;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Grant\AuthCodeGrant as BaseAuthCodeGrant;
|
||||
use League\OAuth2\Server\RequestEvent;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use yii\helpers\StringHelper;
|
||||
|
||||
class AuthCodeGrant extends BaseAuthCodeGrant {
|
||||
use CryptTrait;
|
||||
@ -40,4 +44,20 @@ class AuthCodeGrant extends BaseAuthCodeGrant {
|
||||
return parent::issueAccessToken($accessTokenTTL, $client, $userIdentifier, $scopes);
|
||||
}
|
||||
|
||||
protected function validateRedirectUri(
|
||||
string $redirectUri,
|
||||
ClientEntityInterface $client,
|
||||
ServerRequestInterface $request
|
||||
): void {
|
||||
$allowedRedirectUris = (array)$client->getRedirectUri();
|
||||
foreach ($allowedRedirectUris as $allowedRedirectUri) {
|
||||
if (StringHelper::startsWith($redirectUri, $allowedRedirectUri)) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient($request);
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user