mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 13:39:48 +05:30
Prevent public clients from using the client_credentials grant type
See https://tools.ietf.org/html/rfc6749#section-4.4.2
This commit is contained in:
parent
e1dc4d708c
commit
3413c20590
@ -12,6 +12,7 @@
|
||||
namespace League\OAuth2\Server\Grant;
|
||||
|
||||
use DateInterval;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\RequestEvent;
|
||||
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
@ -29,8 +30,18 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
ResponseTypeInterface $responseType,
|
||||
DateInterval $accessTokenTTL
|
||||
) {
|
||||
list($clientId) = $this->getClientCredentials($request);
|
||||
|
||||
$client = $this->getClientEntityOrFail($clientId, $request);
|
||||
|
||||
if (!$client->isConfidential()) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient($request);
|
||||
}
|
||||
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$this->validateClient($request);
|
||||
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
|
||||
|
||||
// Finalize the requested scopes
|
||||
|
@ -62,8 +62,11 @@ class AuthorizationServerTest extends TestCase
|
||||
|
||||
public function testRespondToRequest()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setConfidential();
|
||||
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
||||
$clientRepository->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
|
@ -29,6 +29,7 @@ class ClientCredentialsGrantTest extends TestCase
|
||||
public function testRespondToRequest()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setConfidential();
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
|
@ -24,8 +24,11 @@ class AuthorizationServerMiddlewareTest extends TestCase
|
||||
|
||||
public function testValidResponse()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setConfidential();
|
||||
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
||||
$clientRepository->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scopeEntity = new ScopeEntity;
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
|
Loading…
Reference in New Issue
Block a user