Added requireStateParam() method. Fixes #9

2024-11-15 01:36:02 +05:30 · 2013-03-04 13:15:12 +00:00 · 2013-03-04 13:15:12 +00:00 · 34a7d14557
commit 34a7d14557
parent f5b6b43bef
2 changed files with 40 additions and 7 deletions
--- a/src/OAuth2/AuthServer.php
+++ b/src/OAuth2/AuthServer.php
@ -61,7 +61,13 @@ class AuthServer
     * Require the "scope" parameter to be in checkAuthoriseParams()
     * @var boolean
     */
-    protected $requireScopes = true;
+    protected $requireScopeParam = true;
+
+    /**
+     * Require the "state" parameter to be in checkAuthoriseParams()
+     * @var boolean
+     */
+    protected $requireStateParam = false;

    /**
     * The request object
@ -175,9 +181,19 @@ class AuthServer
     * @param  boolean $require
     * @return void
     */
-    public function requireScopes($require = true)
+    public function requireScopeParam($require = true)
    {
-        $this->requireScopes = $require;
+        $this->requireScopeParam = $require;
+    }
+
+    /**
+     * Require the "state" paremter in checkAuthoriseParams()
+     * @param  boolean $require
+     * @return void
+     */
+    public function requireStateParam($require = false)
+    {
+        $this->requireStateParam = $require;
    }

    /**
@ -275,6 +291,10 @@ class AuthServer
            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
        }

+        if ($this->requireStateParam === true && is_null($authParams['redirect_uri'])) {
+            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
+        }
+
        // Validate client ID and redirect URI
        $clientDetails = self::getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']);

@ -301,7 +321,7 @@ class AuthServer
            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
        }

-        if ($this->requireScopes === true && count($scopes) === 0) {
+        if ($this->requireScopeParam === true && count($scopes) === 0) {
            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0);
        }

--- a/tests/authorization/AuthServerTest.php
+++ b/tests/authorization/AuthServerTest.php
@ -89,19 +89,32 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
        $this->assertEquals(';', $a->getScopeDelimeter());
    }

-    public function test_requireScopes()
+    public function test_requireScopeParam()
    {
        $a = $this->returnDefault();
-        $a->requireScopes(false);
+        $a->requireScopeParam(false);

        $reflector = new ReflectionClass($a);
-        $requestProperty = $reflector->getProperty('requireScopes');
+        $requestProperty = $reflector->getProperty('requireScopeParam');
        $requestProperty->setAccessible(true);
        $v = $requestProperty->getValue($a);

        $this->assertFalse($v);
    }

+    public function test_requireStateParam()
+    {
+        $a = $this->returnDefault();
+        $a->requireStateParam(true);
+
+        $reflector = new ReflectionClass($a);
+        $requestProperty = $reflector->getProperty('requireStateParam');
+        $requestProperty->setAccessible(true);
+        $v = $requestProperty->getValue($a);
+
+        $this->assertTrue($v);
+    }
+
    public function test_getExpiresIn()
    {
        $a = $this->returnDefault();