ClientRepository implementations are now responsible for dealing with client secret

This commit is contained in:
Alex Bilbie 2016-03-22 16:29:04 +00:00
parent f688401f63
commit 878afeb9f9
5 changed files with 12 additions and 35 deletions

View File

@ -32,18 +32,6 @@ interface ClientEntityInterface
*/ */
public function setName($name); public function setName($name);
/**
* @param string $secret
*/
public function setSecret($secret);
/**
* Get the hashed client secret
*
* @return string
*/
public function getSecret();
/** /**
* Set the client's redirect uri. * Set the client's redirect uri.
* *

View File

@ -153,15 +153,6 @@ abstract class AbstractGrant implements GrantTypeInterface
throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing'); throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
} }
$client = $this->clientRepository->getClientEntity(
$clientId,
$this->getIdentifier()
);
if (!$client instanceof ClientEntityInterface) {
throw OAuthServerException::invalidClient();
}
// If the client is confidential require the client secret // If the client is confidential require the client secret
$clientSecret = $this->getRequestParameter( $clientSecret = $this->getRequestParameter(
'client_secret', 'client_secret',
@ -169,11 +160,13 @@ abstract class AbstractGrant implements GrantTypeInterface
$this->getServerParameter('PHP_AUTH_PW', $request) $this->getServerParameter('PHP_AUTH_PW', $request)
); );
if ($client->canKeepASecret() && is_null($clientSecret)) { $client = $this->clientRepository->getClientEntity(
throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing'); $clientId,
} $this->getIdentifier(),
$clientSecret
);
if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) { if (!$client instanceof ClientEntityInterface) {
$this->getEmitter()->emit(new Event('client.authentication.failed', $request)); $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
} }

View File

@ -73,7 +73,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
if ($client instanceof ClientEntityInterface === false) { if ($client instanceof ClientEntityInterface === false) {
$this->getEmitter()->emit(new Event('client.authentication.failed', $request)); $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
} }

View File

@ -18,10 +18,11 @@ interface ClientRepositoryInterface extends RepositoryInterface
/** /**
* Get a client. * Get a client.
* *
* @param string $clientIdentifier The client's identifier * @param string $clientIdentifier The client's identifier
* @param string $grantType The grant type used * @param string $grantType The grant type used
* @param null|string $clientSecret The client's secret (if sent)
* *
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface * @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
*/ */
public function getClientEntity($clientIdentifier, $grantType); public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null);
} }

View File

@ -111,10 +111,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
*/ */
public function testValidateClientMissingClientSecret() public function testValidateClientMissingClientSecret()
{ {
$client = new ClientEntity();
$client->setSecret('bar');
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client); $clientRepositoryMock->method('getClientEntity')->willReturn(null);
/** @var AbstractGrant $grantMock */ /** @var AbstractGrant $grantMock */
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
@ -138,10 +136,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
*/ */
public function testValidateClientInvalidClientSecret() public function testValidateClientInvalidClientSecret()
{ {
$client = new ClientEntity();
$client->setSecret('bar');
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client); $clientRepositoryMock->method('getClientEntity')->willReturn(null);
/** @var AbstractGrant $grantMock */ /** @var AbstractGrant $grantMock */
$grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);