diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 17ccf76c..5668f7be 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -123,7 +123,9 @@ class AuthCodeGrant extends AbstractAuthorizeGrant if ($userId === null && $usernameParameter !== null && $passwordParameter !== null) { $userEntity = $this->userRepository->getUserEntityByUserCredentials( $usernameParameter, - $passwordParameter + $passwordParameter, + $this->getIdentifier(), + $scopes ); if ($userEntity instanceof UserEntityInterface) { diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index 9b46d019..3929560d 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -121,7 +121,9 @@ class ImplicitGrant extends AbstractAuthorizeGrant if ($userId === null && $usernameParameter !== null && $passwordParameter !== null) { $userEntity = $this->userRepository->getUserEntityByUserCredentials( $usernameParameter, - $passwordParameter + $passwordParameter, + $this->getIdentifier(), + $scopes ); if ($userEntity instanceof UserEntityInterface) { diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index a2ce660b..e2960072 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -11,6 +11,7 @@ namespace League\OAuth2\Server\Grant; use League\Event\Event; +use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface; use League\OAuth2\Server\Entities\Interfaces\UserEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; @@ -47,8 +48,8 @@ class PasswordGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $user = $this->validateUser($request); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); + $user = $this->validateUser($request, $scopes); // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); @@ -64,11 +65,12 @@ class PasswordGrant extends AbstractGrant /** * @param \Psr\Http\Message\ServerRequestInterface $request * - * @throws \League\OAuth2\Server\Exception\OAuthServerException + * @param ScopeEntityInterface[] $scopes * * @return \League\OAuth2\Server\Entities\Interfaces\UserEntityInterface + * @throws \League\OAuth2\Server\Exception\OAuthServerException */ - protected function validateUser(ServerRequestInterface $request) + protected function validateUser(ServerRequestInterface $request, array $scopes) { $username = $this->getRequestParameter('username', $request); if (is_null($username)) { @@ -80,7 +82,12 @@ class PasswordGrant extends AbstractGrant throw OAuthServerException::invalidRequest('password', '`%s` parameter is missing'); } - $user = $this->userRepository->getUserEntityByUserCredentials($username, $password); + $user = $this->userRepository->getUserEntityByUserCredentials( + $username, + $password, + $this->getIdentifier(), + $scopes + ); if (!$user instanceof UserEntityInterface) { $this->getEmitter()->emit(new Event('user.authentication.failed', $request)); diff --git a/src/Repositories/UserRepositoryInterface.php b/src/Repositories/UserRepositoryInterface.php index d93c85a7..a2ae0701 100644 --- a/src/Repositories/UserRepositoryInterface.php +++ b/src/Repositories/UserRepositoryInterface.php @@ -2,15 +2,19 @@ namespace League\OAuth2\Server\Repositories; +use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface; + interface UserRepositoryInterface extends RepositoryInterface { /** * Get a user entity. * - * @param string $username - * @param string $password + * @param string $username + * @param string $password + * @param string $grantType The grant type used + * @param ScopeEntityInterface[] $scopes * * @return \League\OAuth2\Server\Entities\Interfaces\UserEntityInterface */ - public function getUserEntityByUserCredentials($username, $password); + public function getUserEntityByUserCredentials($username, $password, $grantType, array &$scopes); }