Merge pull request #425 from juliangut/scopes_extraction

V5 - normalize validatescopes
2024-12-02 19:51:03 +05:30 · 2016-01-17 14:59:37 +00:00 · 2016-01-17 14:59:37 +00:00 · 5fcb47d66a
commit 5fcb47d66a
parent cbd45cc5ab 4862ca7d60
4 changed files with 53 additions and 51 deletions
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@ -120,6 +120,14 @@ abstract class AbstractGrant implements GrantTypeInterface
        $this->pathToPublicKey = $pathToPublicKey;
    }

+    /**
+     * @inheritdoc
+     */
+    public function setEmitter(EmitterInterface $emitter)
+    {
+        $this->emitter = $emitter;
+    }
+
    /**
     * {@inheritdoc}
     */
@ -179,6 +187,46 @@ abstract class AbstractGrant implements GrantTypeInterface
        return $client;
    }

+    /**
+     * @param \Psr\Http\Message\ServerRequestInterface                        $request
+     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
+     * @param string                                                          $redirectUri
+     *
+     * @return \League\OAuth2\Server\Entities\ScopeEntity[]
+     *
+     * @throws \League\OAuth2\Server\Exception\OAuthServerException
+     */
+    public function validateScopes(
+        ServerRequestInterface $request,
+        ClientEntityInterface $client,
+        $redirectUri = null
+    ) {
+        $requestedScopes = $this->getRequestParameter('scope', $request);
+        $scopesList = array_filter(
+            explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)),
+            function ($scope) {
+                return !empty($scope);
+            }
+        );
+
+        $scopes = [];
+        foreach ($scopesList as $scopeItem) {
+            $scope = $this->scopeRepository->getScopeEntityByIdentifier(
+                $scopeItem,
+                $this->getIdentifier(),
+                $client->getIdentifier()
+            );
+
+            if (($scope instanceof ScopeEntity) === false) {
+                throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
+            }
+
+            $scopes[] = $scope;
+        }
+
+        return $scopes;
+    }
+
    /**
     * Retrieve request parameter.
     *
@ -207,52 +255,6 @@ abstract class AbstractGrant implements GrantTypeInterface
        return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default;
    }

-    /**
-     * @param string                $scopeParamValue      A string containing a delimited set of scope identifiers
-     * @param ClientEntityInterface $client
-     * @param string                $redirectUri
-     *
-     * @return \League\OAuth2\Server\Entities\ScopeEntity[]
-     * @throws \League\OAuth2\Server\Exception\OAuthServerException
-     */
-    public function validateScopes(
-        $scopeParamValue,
-        ClientEntityInterface $client,
-        $redirectUri = null
-    ) {
-        $scopesList = array_filter(
-            explode(self::SCOPE_DELIMITER_STRING, trim($scopeParamValue)),
-            function ($scope) {
-                return !empty($scope);
-            }
-        );
-
-        $scopes = [];
-        foreach ($scopesList as $scopeItem) {
-            $scope = $this->scopeRepository->getScopeEntityByIdentifier(
-                $scopeItem,
-                $this->getIdentifier(),
-                $client->getIdentifier()
-            );
-
-            if (($scope instanceof ScopeEntity) === false) {
-                throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
-            }
-
-            $scopes[] = $scope;
-        }
-
-        return $scopes;
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setEmitter(EmitterInterface $emitter)
-    {
-        $this->emitter = $emitter;
-    }
-
    /**
     * @param \DateInterval                                                   $tokenTTL
     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@ -36,7 +36,7 @@ class ClientCredentialsGrant extends AbstractGrant
    ) {
        // Validate request
        $client = $this->validateClient($request);
-        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
+        $scopes = $this->validateScopes($request, $scopeDelimiter, $client);

        // Issue and persist access token
        $accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes);
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@ -63,8 +63,8 @@ class PasswordGrant extends AbstractGrant
    ) {
        // Validate request
        $client = $this->validateClient($request);
-        $user = $this->validateUser($request);
-        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
+        $user   = $this->validateUser($request);
+        $scopes = $this->validateScopes($request, $scopeDelimiter, $client);

        // Issue and persist new tokens
        $accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes);
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@ -52,9 +52,9 @@ class RefreshTokenGrant extends AbstractGrant
        ResponseTypeInterface $responseType,
        \DateInterval $tokenTTL
    ) {
-        $client = $this->validateClient($request);
+        $client          = $this->validateClient($request);
        $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
-        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
+        $scopes          = $this->validateScopes($request, $scopeDelimiter, $client);

        // If no new scopes are requested then give the access token the original session scopes
        if (count($scopes) === 0) {