diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 74af64b9..490ecf4c 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -120,6 +120,14 @@ abstract class AbstractGrant implements GrantTypeInterface $this->pathToPublicKey = $pathToPublicKey; } + /** + * @inheritdoc + */ + public function setEmitter(EmitterInterface $emitter) + { + $this->emitter = $emitter; + } + /** * {@inheritdoc} */ @@ -179,6 +187,46 @@ abstract class AbstractGrant implements GrantTypeInterface return $client; } + /** + * @param \Psr\Http\Message\ServerRequestInterface $request + * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client + * @param string $redirectUri + * + * @return \League\OAuth2\Server\Entities\ScopeEntity[] + * + * @throws \League\OAuth2\Server\Exception\OAuthServerException + */ + public function validateScopes( + ServerRequestInterface $request, + ClientEntityInterface $client, + $redirectUri = null + ) { + $requestedScopes = $this->getRequestParameter('scope', $request); + $scopesList = array_filter( + explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)), + function ($scope) { + return !empty($scope); + } + ); + + $scopes = []; + foreach ($scopesList as $scopeItem) { + $scope = $this->scopeRepository->getScopeEntityByIdentifier( + $scopeItem, + $this->getIdentifier(), + $client->getIdentifier() + ); + + if (($scope instanceof ScopeEntity) === false) { + throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri); + } + + $scopes[] = $scope; + } + + return $scopes; + } + /** * Retrieve request parameter. * @@ -207,52 +255,6 @@ abstract class AbstractGrant implements GrantTypeInterface return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default; } - /** - * @param string $scopeParamValue A string containing a delimited set of scope identifiers - * @param ClientEntityInterface $client - * @param string $redirectUri - * - * @return \League\OAuth2\Server\Entities\ScopeEntity[] - * @throws \League\OAuth2\Server\Exception\OAuthServerException - */ - public function validateScopes( - $scopeParamValue, - ClientEntityInterface $client, - $redirectUri = null - ) { - $scopesList = array_filter( - explode(self::SCOPE_DELIMITER_STRING, trim($scopeParamValue)), - function ($scope) { - return !empty($scope); - } - ); - - $scopes = []; - foreach ($scopesList as $scopeItem) { - $scope = $this->scopeRepository->getScopeEntityByIdentifier( - $scopeItem, - $this->getIdentifier(), - $client->getIdentifier() - ); - - if (($scope instanceof ScopeEntity) === false) { - throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri); - } - - $scopes[] = $scope; - } - - return $scopes; - } - - /** - * @inheritdoc - */ - public function setEmitter(EmitterInterface $emitter) - { - $this->emitter = $emitter; - } - /** * @param \DateInterval $tokenTTL * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index a52b9385..17b944f4 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -36,7 +36,7 @@ class ClientCredentialsGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); + $scopes = $this->validateScopes($request, $scopeDelimiter, $client); // Issue and persist access token $accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes); diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index e526384d..351954b4 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -63,8 +63,8 @@ class PasswordGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $user = $this->validateUser($request); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); + $user = $this->validateUser($request); + $scopes = $this->validateScopes($request, $scopeDelimiter, $client); // Issue and persist new tokens $accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 99e32401..99b6b402 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -52,9 +52,9 @@ class RefreshTokenGrant extends AbstractGrant ResponseTypeInterface $responseType, \DateInterval $tokenTTL ) { - $client = $this->validateClient($request); + $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); + $scopes = $this->validateScopes($request, $scopeDelimiter, $client); // If no new scopes are requested then give the access token the original session scopes if (count($scopes) === 0) {