ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-15 17:56:14 +05:30
Code Issues Packages Projects Releases Wiki Activity

Validate client can now optionally validate secret + redirectUri, and actually validate the redirectUri

Browse Source
This commit is contained in:
Alex Bilbie 2016-02-12 09:03:35 +00:00
parent c6d806d3f7
commit 7a628409db
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Grant/AbstractGrant.php
View File

@ -143,14 +143,20 @@ abstract class AbstractGrant implements GrantTypeInterface
} }
/** /**
* Validate the client
*
* @param \Psr\Http\Message\ServerRequestInterface $request * @param \Psr\Http\Message\ServerRequestInterface $request
* @param bool $validateSecret
* @param bool $validateRedirectUri
* *
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface * @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
*
* @throws \League\OAuth2\Server\Exception\OAuthServerException * @throws \League\OAuth2\Server\Exception\OAuthServerException
*/ */
protected function validateClient(ServerRequestInterface $request) protected function validateClient(
{ ServerRequestInterface $request,
$validateSecret = true,
$validateRedirectUri = false
) {
$clientId = $this->getRequestParameter( $clientId = $this->getRequestParameter(
'client_id', 'client_id',
$request, $request,
@ -165,14 +171,19 @@ abstract class AbstractGrant implements GrantTypeInterface
$request, $request,
$this->getServerParameter('PHP_AUTH_PW', $request) $this->getServerParameter('PHP_AUTH_PW', $request)
); );
if (is_null($clientSecret)) { if (is_null($clientSecret) && $validateSecret === true) {
throw OAuthServerException::invalidRequest('client_secret', null, '`%s` parameter is missing'); throw OAuthServerException::invalidRequest('client_secret', null, '`%s` parameter is missing');
} }
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
if (is_null($redirectUri) && $validateRedirectUri === true) {
throw OAuthServerException::invalidRequest('redirect_uri', null, '`%s` parameter is missing');
}
$client = $this->clientRepository->getClientEntity( $client = $this->clientRepository->getClientEntity(
$clientId, $clientId,
$clientSecret, $clientSecret,
null, $redirectUri,
$this->getIdentifier() $this->getIdentifier()
); );