mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-25 22:49:49 +05:30
normalize validatescopes
This commit is contained in:
parent
9e4fd82763
commit
8d8dbaea0c
@ -99,6 +99,14 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
return $this->respondsWith;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function setEmitter(EmitterInterface $emitter)
|
||||
{
|
||||
$this->emitter = $emitter;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
*
|
||||
@ -142,6 +150,48 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
return $client;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
* @param string $scopeDelimiterString
|
||||
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
|
||||
* @param string $redirectUri
|
||||
*
|
||||
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
|
||||
*
|
||||
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
||||
*/
|
||||
public function validateScopes(
|
||||
ServerRequestInterface $request,
|
||||
$scopeDelimiterString,
|
||||
ClientEntityInterface $client,
|
||||
$redirectUri = null
|
||||
) {
|
||||
$requestedScopes = $this->getRequestParameter('scope', $request);
|
||||
$scopesList = array_filter(
|
||||
explode($scopeDelimiterString, trim($requestedScopes)),
|
||||
function ($scope) {
|
||||
return !empty($scope);
|
||||
}
|
||||
);
|
||||
|
||||
$scopes = [];
|
||||
foreach ($scopesList as $scopeItem) {
|
||||
$scope = $this->scopeRepository->getScopeEntityByIdentifier(
|
||||
$scopeItem,
|
||||
$this->getIdentifier(),
|
||||
$client->getIdentifier()
|
||||
);
|
||||
|
||||
if (($scope instanceof ScopeEntity) === false) {
|
||||
throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
|
||||
}
|
||||
|
||||
$scopes[] = $scope;
|
||||
}
|
||||
|
||||
return $scopes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve request parameter.
|
||||
*
|
||||
@ -170,54 +220,6 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $scopeParamValue A string containing a delimited set of scope identifiers
|
||||
* @param string $scopeDelimiterString The delimiter between the scopes in the value string
|
||||
* @param ClientEntityInterface $client
|
||||
* @param string $redirectUri
|
||||
*
|
||||
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
|
||||
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
||||
*/
|
||||
public function validateScopes(
|
||||
$scopeParamValue,
|
||||
$scopeDelimiterString,
|
||||
ClientEntityInterface $client,
|
||||
$redirectUri = null
|
||||
) {
|
||||
$scopesList = array_filter(
|
||||
explode($scopeDelimiterString, trim($scopeParamValue)),
|
||||
function ($scope) {
|
||||
return !empty($scope);
|
||||
}
|
||||
);
|
||||
|
||||
$scopes = [];
|
||||
foreach ($scopesList as $scopeItem) {
|
||||
$scope = $this->scopeRepository->getScopeEntityByIdentifier(
|
||||
$scopeItem,
|
||||
$this->getIdentifier(),
|
||||
$client->getIdentifier()
|
||||
);
|
||||
|
||||
if (($scope instanceof ScopeEntity) === false) {
|
||||
throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
|
||||
}
|
||||
|
||||
$scopes[] = $scope;
|
||||
}
|
||||
|
||||
return $scopes;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function setEmitter(EmitterInterface $emitter)
|
||||
{
|
||||
$this->emitter = $emitter;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param \DateInterval $tokenTTL
|
||||
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
|
||||
|
@ -39,7 +39,7 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
) {
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client);
|
||||
$scopes = $this->validateScopes($request, $scopeDelimiter, $client);
|
||||
|
||||
// Issue and persist access token
|
||||
$accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes);
|
||||
|
@ -77,7 +77,7 @@ class PasswordGrant extends AbstractGrant
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$user = $this->validateUser($request);
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client);
|
||||
$scopes = $this->validateScopes($request, $scopeDelimiter, $client);
|
||||
|
||||
// Issue and persist new tokens
|
||||
$accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes);
|
||||
|
@ -74,7 +74,7 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
) {
|
||||
$client = $this->validateClient($request);
|
||||
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client);
|
||||
$scopes = $this->validateScopes($request, $scopeDelimiter, $client);
|
||||
|
||||
// If no new scopes are requested then give the access token the original session scopes
|
||||
if (count($scopes) === 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user