ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-02-05 08:31:24 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fix codeVerifier check. Keep code style.

Browse Source
This commit is contained in:
Erick Torres 2017-07-07 12:35:42 -05:00
parent e2f9b73df3
commit 88ccb6ff13
1 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Grant/AuthCodeGrant.php
View File

@ -136,9 +136,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
// Validate code_verifier according to RFC-7636 // Validate code_verifier according to RFC-7636
// @see: https://tools.ietf.org/html/rfc7636#section-4.1 // @see: https://tools.ietf.org/html/rfc7636#section-4.1
$isValidCodeVerifier = (bool) preg_match('#[A-Za-z0-9\-|\.|\_|\~]{43,128}#', $codeVerifier); if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $codeVerifier) !== 1) {
if ($isValidCodeVerifier === false) {
throw OAuthServerException::invalidRequest( throw OAuthServerException::invalidRequest(
'code_verifier', 'code_verifier',
'Code Verifier must follow the specifications of RFC-7636.' 'Code Verifier must follow the specifications of RFC-7636.'
@ -275,13 +273,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
throw OAuthServerException::invalidRequest('code_challenge'); throw OAuthServerException::invalidRequest('code_challenge');
} }
if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $codeChallenge) !== 1) {
throw OAuthServerException::invalidRequest(
'code_challenge',
'The code_challenge must be between 43 and 128 characters'
);
}
$codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain'); $codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain');
if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) { if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) {
throw OAuthServerException::invalidRequest( throw OAuthServerException::invalidRequest(
@ -292,9 +283,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
// Validate code_challenge according to RFC-7636 // Validate code_challenge according to RFC-7636
// @see: https://tools.ietf.org/html/rfc7636#section-4.2 // @see: https://tools.ietf.org/html/rfc7636#section-4.2
$isValidCodeChallenge = (bool) preg_match('#[A-Za-z0-9\-|\.|\_|\~]{43}#', $codeChallenge); if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $codeChallenge) !== 1) {
if ($isValidCodeChallenge === false) {
throw OAuthServerException::invalidRequest( throw OAuthServerException::invalidRequest(
'code_challenged', 'code_challenged',
'Code challenge must follow the specifications of RFC-7636.' 'Code challenge must follow the specifications of RFC-7636.'