mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-16 02:08:56 +05:30
Reworked newAuthoriseRequest method so that is always creates a new session (and removes any existing sessions)
This commit is contained in:
parent
17ce8b97d8
commit
411cab1734
@ -201,43 +201,23 @@ maintenance of the server.'
|
||||
*/
|
||||
public function newAuthoriseRequest($type, $typeId, $authoriseParams)
|
||||
{
|
||||
// Check if the user already has an access token
|
||||
$accessToken = $this->db->hasAccessToken($type, $typeId,
|
||||
$authoriseParams['client_id']);
|
||||
// Remove any old sessions the user might have
|
||||
$this->db->deleteSession(
|
||||
$authoriseParams['client_id'],
|
||||
$type,
|
||||
$typeId
|
||||
);
|
||||
|
||||
if ($accessToken !== false) {
|
||||
// Create the new auth code
|
||||
$authCode = $this->newAuthCode(
|
||||
$authoriseParams['client_id'],
|
||||
'user',
|
||||
$typeId,
|
||||
$authoriseParams['redirect_uri'],
|
||||
$authoriseParams['scopes']
|
||||
);
|
||||
|
||||
// Validate the access token matches the scopes requested
|
||||
$originalScopes = $this->db->accessTokenScopes($accessToken);
|
||||
|
||||
foreach ($authoriseParams['scopes'] as $scope) {
|
||||
|
||||
if ( ! in_array($scope, $originalScopes)) {
|
||||
|
||||
throw new OAuthServerClientException(
|
||||
$this->errors['invalid_scope'], 4);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// The user has authorised the client so generate a new
|
||||
// authorisation code and return it
|
||||
|
||||
$authCode = $this->newAuthCode($authoriseParams['client_id'],
|
||||
'user', $typeId, $authoriseParams['redirect_uri'],
|
||||
$authoriseParams['scopes'], $accessToken);
|
||||
|
||||
return $authCode;
|
||||
|
||||
} else {
|
||||
|
||||
$authCode = $this->newAuthCode($authoriseParams['client_id'],
|
||||
'user', $typeId, $authoriseParams['redirect_uri'],
|
||||
$authoriseParams['scopes']);
|
||||
|
||||
return $authCode;
|
||||
}
|
||||
return $authCode;
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user