diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index ff7aaced..78e7fce0 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -99,6 +99,14 @@ abstract class AbstractGrant implements GrantTypeInterface return $this->respondsWith; } + /** + * @inheritdoc + */ + public function setEmitter(EmitterInterface $emitter) + { + $this->emitter = $emitter; + } + /** * @param \Psr\Http\Message\ServerRequestInterface $request * @@ -142,6 +150,48 @@ abstract class AbstractGrant implements GrantTypeInterface return $client; } + /** + * @param \Psr\Http\Message\ServerRequestInterface $request + * @param string $scopeDelimiterString + * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client + * @param string $redirectUri + * + * @return \League\OAuth2\Server\Entities\ScopeEntity[] + * + * @throws \League\OAuth2\Server\Exception\OAuthServerException + */ + public function validateScopes( + ServerRequestInterface $request, + $scopeDelimiterString, + ClientEntityInterface $client, + $redirectUri = null + ) { + $requestedScopes = $this->getRequestParameter('scope', $request); + $scopesList = array_filter( + explode($scopeDelimiterString, trim($requestedScopes)), + function ($scope) { + return !empty($scope); + } + ); + + $scopes = []; + foreach ($scopesList as $scopeItem) { + $scope = $this->scopeRepository->getScopeEntityByIdentifier( + $scopeItem, + $this->getIdentifier(), + $client->getIdentifier() + ); + + if (($scope instanceof ScopeEntity) === false) { + throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri); + } + + $scopes[] = $scope; + } + + return $scopes; + } + /** * Retrieve request parameter. * @@ -170,54 +220,6 @@ abstract class AbstractGrant implements GrantTypeInterface return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default; } - /** - * @param string $scopeParamValue A string containing a delimited set of scope identifiers - * @param string $scopeDelimiterString The delimiter between the scopes in the value string - * @param ClientEntityInterface $client - * @param string $redirectUri - * - * @return \League\OAuth2\Server\Entities\ScopeEntity[] - * @throws \League\OAuth2\Server\Exception\OAuthServerException - */ - public function validateScopes( - $scopeParamValue, - $scopeDelimiterString, - ClientEntityInterface $client, - $redirectUri = null - ) { - $scopesList = array_filter( - explode($scopeDelimiterString, trim($scopeParamValue)), - function ($scope) { - return !empty($scope); - } - ); - - $scopes = []; - foreach ($scopesList as $scopeItem) { - $scope = $this->scopeRepository->getScopeEntityByIdentifier( - $scopeItem, - $this->getIdentifier(), - $client->getIdentifier() - ); - - if (($scope instanceof ScopeEntity) === false) { - throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri); - } - - $scopes[] = $scope; - } - - return $scopes; - } - - /** - * @inheritdoc - */ - public function setEmitter(EmitterInterface $emitter) - { - $this->emitter = $emitter; - } - /** * @param \DateInterval $tokenTTL * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index 1ed22b8d..fb0fafb8 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -39,7 +39,7 @@ class ClientCredentialsGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client); + $scopes = $this->validateScopes($request, $scopeDelimiter, $client); // Issue and persist access token $accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes); diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index 30702744..60287d64 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -77,7 +77,7 @@ class PasswordGrant extends AbstractGrant // Validate request $client = $this->validateClient($request); $user = $this->validateUser($request); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client); + $scopes = $this->validateScopes($request, $scopeDelimiter, $client); // Issue and persist new tokens $accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 4747811b..6db2b1c9 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -74,7 +74,7 @@ class RefreshTokenGrant extends AbstractGrant ) { $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client); + $scopes = $this->validateScopes($request, $scopeDelimiter, $client); // If no new scopes are requested then give the access token the original session scopes if (count($scopes) === 0) {