ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-12-16 18:19:47 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/http-headers' into develop. Fixes #29

Browse Source
This commit is contained in:
Alex Bilbie 2013-03-27 14:27:14 +00:00
commit 18933d5075
2 changed files with 89 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
src/OAuth2/AuthServer.php
View File

@ -117,6 +117,87 @@ class AuthServer
'invalid_refresh' => 'The refresh token is invalid.', 'invalid_refresh' => 'The refresh token is invalid.',
); );
/**
* Exception error HTTP status codes
* @var array
*
* RFC 6749, section 4.1.2.1.:
* No 503 status code for 'temporarily_unavailable', because
* "a 503 Service Unavailable HTTP status code cannot be
* returned to the client via an HTTP redirect"
*/
protected static $exceptionHttpStatusCodes = array(
'invalid_request' => 400,
'unauthorized_client' => 400,
'access_denied' => 401,
'unsupported_response_type' => 400,
'invalid_scope' => 400,
'server_error' => 500,
'temporarily_unavailable' => 400,
'unsupported_grant_type' => 501,
'invalid_client' => 401,
'invalid_grant' => 400,
'invalid_credentials' => 400,
'invalid_refresh' => 400,
);
/**
* Get all headers that have to be send with the error response
*
* @param string $error The error message key
* @return array Array with header values
*/
public static function getExceptionHttpHeaders($error)
{
$headers = array();
switch (self::$exceptionHttpStatusCodes[$error]) {
case 401:
$headers[] = 'HTTP/1.1 401 Unauthorized';
break;
case 500:
$headers[] = 'HTTP/1.1 500 Internal Server Error';
break;
case 501:
$headers[] = 'HTTP/1.1 501 Not Implemented';
break;
case 400:
default:
$headers[] = 'HTTP/1.1 400 Bad Request';
}
// Add "WWW-Authenticate" header
//
// RFC 6749, section 5.2.:
// "If the client attempted to authenticate via the 'Authorization'
// request header field, the authorization server MUST
// respond with an HTTP 401 (Unauthorized) status code and
// include the "WWW-Authenticate" response header field
// matching the authentication scheme used by the client.
// @codeCoverageIgnoreStart
if ($error === 'invalid_client') {
$authScheme = null;
$request = new Request();
if ($request->server('PHP_AUTH_USER') !== null) {
$authScheme = 'Basic';
} else {
$authHeader = $request->header('Authorization');
if ($authHeader !== null) {
if (strpos($authHeader, 'Bearer') === 0) {
$authScheme = 'Bearer';
} elseif (strpos($authHeader, 'Basic') === 0) {
$authScheme = 'Basic';
}
}
}
if ($authScheme !== null) {
$headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
}
}
// @codeCoverageIgnoreEnd
return $headers;
}
/** /**
* Get an exception message * Get an exception message
* *

8
tests/authorization/AuthServerTest.php
View File

@ -50,6 +50,14 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->assertEquals('access_denied', OAuth2\AuthServer::getExceptionType(2)); $this->assertEquals('access_denied', OAuth2\AuthServer::getExceptionType(2));
} }
public function test_getExceptionHttpHeaders()
{
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), OAuth2\AuthServer::getExceptionHttpHeaders('access_denied'));
$this->assertEquals(array('HTTP/1.1 500 Internal Server Error'), OAuth2\AuthServer::getExceptionHttpHeaders('server_error'));
$this->assertEquals(array('HTTP/1.1 501 Not Implemented'), OAuth2\AuthServer::getExceptionHttpHeaders('unsupported_grant_type'));
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), OAuth2\AuthServer::getExceptionHttpHeaders('invalid_refresh'));
}
public function test_hasGrantType() public function test_hasGrantType()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();