Fix #213

2024-11-30 10:42:02 +05:30 · 2014-09-30 23:55:21 +01:00 · 2014-09-30 23:55:21 +01:00 · 136edf16c5
commit 136edf16c5
parent 62d658524b
8 changed files with 30 additions and 14 deletions
--- a/src/Entity/AbstractTokenEntity.php
+++ b/src/Entity/AbstractTokenEntity.php
@ -14,6 +14,7 @@ namespace League\OAuth2\Server\Entity;
 use League\OAuth2\Server\Util\SecureKey;
 use League\OAuth2\Server\AbstractServer;
 use Symfony\Component\HttpFoundation\ParameterBag;
+use League\OAuth2\Server\Entity\SessionEntity;

 /**
 * Abstract token class
@ -28,7 +29,7 @@ abstract class AbstractTokenEntity

    /**
     * Associated session
-     * @var \League\OAuth2\Server\SessionEntity
+     * @var \League\OAuth2\Server\Entity\SessionEntity
     */
    protected $session;

@ -64,7 +65,7 @@ abstract class AbstractTokenEntity

    /**
     * Set session
-     * @param  \League\OAuth2\Server\SessionEntity $session
+     * @param  \League\OAuth2\Server\Entity\SessionEntity $session
     * @return self
     */
    public function setSession(SessionEntity $session)
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@ -13,6 +13,7 @@ namespace League\OAuth2\Server\Grant;

 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Exception;

 /**
@ -120,10 +121,11 @@ abstract class AbstractGrant implements GrantTypeInterface
    /**
     * Given a list of scopes, validate them and return an arrary of Scope entities
     * @param  string          $scopeParam A string of scopes (e.g. "profile email birthday")
+     * @param  ClientEntity    $client A string of scopes (e.g. "profile email birthday")
     * @return array
     * @throws ClientException If scope is invalid, or no scopes passed when required
     */
-    public function validateScopes($scopeParam = '')
+    public function validateScopes($scopeParam = '', ClientEntity $client)
    {
        $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);

@ -153,7 +155,8 @@ abstract class AbstractGrant implements GrantTypeInterface
        foreach ($scopesList as $scopeItem) {
            $scope = $this->server->getStorage('scope')->get(
                $scopeItem,
-                $this->getIdentifier()
+                $this->getIdentifier(),
+                $client->getId()
            );

            if (($scope instanceof ScopeEntity) === false) {
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -114,7 +114,7 @@ class AuthCodeGrant extends AbstractGrant

        // Validate any scopes that are in the request
        $scopeParam = $this->server->getRequest()->query->get('scope', '');
-        $scopes = $this->validateScopes($scopeParam);
+        $scopes = $this->validateScopes($scopeParam, $client);

        return [
            'client'        =>  $client,
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@ -86,7 +86,7 @@ class ClientCredentialsGrant extends AbstractGrant

        // Validate any scopes that are in the request
        $scopeParam = $this->server->getRequest()->request->get('scope', '');
-        $scopes = $this->validateScopes($scopeParam);
+        $scopes = $this->validateScopes($scopeParam, $client);

        // Create a new session
        $session = new SessionEntity($this->server);
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@ -127,7 +127,7 @@ class PasswordGrant extends AbstractGrant

        // Validate any scopes that are in the request
        $scopeParam = $this->server->getRequest()->request->get('scope', '');
-        $scopes = $this->validateScopes($scopeParam);
+        $scopes = $this->validateScopes($scopeParam, $client);

        // Create a new session
        $session = new SessionEntity($this->server);
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@ -108,7 +108,7 @@ class RefreshTokenGrant extends AbstractGrant

        // Get and validate any requested scopes
        $requestedScopesString = $this->server->getRequest()->request->get('scope', '');
-        $requestedScopes = $this->validateScopes($requestedScopesString);
+        $requestedScopes = $this->validateScopes($requestedScopesString, $client);

        // If no new scopes are requested then give the access token the original session scopes
        if (count($requestedScopes) === 0) {
--- a/src/Storage/ScopeInterface.php
+++ b/src/Storage/ScopeInterface.php
@ -20,7 +20,8 @@ interface ScopeInterface
     * Return information about a scope
     * @param  string                                   $scope     The scope
     * @param  string                                   $grantType The grant type used in the request (default = "null")
+     * @param  string                                   $clientId  The client sending the request (default = "null")
     * @return \League\OAuth2\Server\Entity\ScopeEntity
     */
-    public function get($scope, $grantType = null);
+    public function get($scope, $grantType = null, $clientId = null);
 }
--- a/tests/unit/Grant/AbstractGrantTest.php
+++ b/tests/unit/Grant/AbstractGrantTest.php
@ -4,6 +4,7 @@ namespace LeagueTests\Grant;

 use League\OAuth2\Server\Grant;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\InvalidRequestException;
 use LeagueTests\Stubs\StubAbstractGrant;
@ -63,11 +64,13 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grant = new StubAbstractGrant;
        $grant->setAuthorizationServer($server);

+        $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
+
        $this->assertEquals(
            [
                'foo' => (new ScopeEntity($server))->hydrate(['id' => 'foo'])
            ],
-            $grant->validateScopes('foo')
+            $grant->validateScopes('foo', $client)
        );
    }

@ -85,7 +88,9 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grant = new StubAbstractGrant;
        $grant->setAuthorizationServer($server);

-        $grant->validateScopes();
+        $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
+
+        $grant->validateScopes(null, $client);
    }

    public function testValidateScopesInvalidScope()
@ -102,7 +107,9 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grant = new StubAbstractGrant;
        $grant->setAuthorizationServer($server);

-        $grant->validateScopes('blah');
+        $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
+
+        $grant->validateScopes('blah', $client);
    }

    public function testValidateScopesDefaultScope()
@ -123,7 +130,9 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grant = new StubAbstractGrant;
        $grant->setAuthorizationServer($server);

-        $grant->validateScopes();
+        $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
+
+        $grant->validateScopes(null, $client);
    }

    public function testValidateScopesDefaultScopeArray()
@ -144,6 +153,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grant = new StubAbstractGrant;
        $grant->setAuthorizationServer($server);

-        $grant->validateScopes();
+        $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
+
+        $grant->validateScopes(null, $client);
    }
 }