ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #186 from ushahidi/resource-server-correct-http-error

Browse Source 
Send HTTP 401 for invalid_token, rather than insufficient_scope
This commit is contained in:
Phil Sturgeon
2014-07-15 15:39:28 +01:00
parent 4480aa3456 f34dd4a0cb
commit 7771bc04ec
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/League/OAuth2/Server/Resource.php
View File

@@ -163,7 +163,7 @@ class Resource
// include the "WWW-Authenticate" response header field // include the "WWW-Authenticate" response header field
// matching the authentication scheme used by the client. // matching the authentication scheme used by the client.
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
if ($error === 'insufficient_scope') { if ($error === 'invalid_token') {
$authScheme = null; $authScheme = null;
$request = new Request(); $request = new Request();
if ($request->server('PHP_AUTH_USER') !== null) { if ($request->server('PHP_AUTH_USER') !== null) {

4
tests/resource/ResourceServerTest.php
View File

@@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
public function test_getExceptionHttpHeaders() public function test_getExceptionHttpHeaders()
{ {
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request')); $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); $this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
$this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); $this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
} }
public function test_setRequest() public function test_setRequest()