normalize validatescopes

This commit is contained in:
Julián Gutiérrez 2016-01-17 14:35:43 +01:00
parent 9e4fd82763
commit 8d8dbaea0c
4 changed files with 53 additions and 51 deletions

View File

@ -99,6 +99,14 @@ abstract class AbstractGrant implements GrantTypeInterface
return $this->respondsWith; return $this->respondsWith;
} }
/**
* @inheritdoc
*/
public function setEmitter(EmitterInterface $emitter)
{
$this->emitter = $emitter;
}
/** /**
* @param \Psr\Http\Message\ServerRequestInterface $request * @param \Psr\Http\Message\ServerRequestInterface $request
* *
@ -142,6 +150,48 @@ abstract class AbstractGrant implements GrantTypeInterface
return $client; return $client;
} }
/**
* @param \Psr\Http\Message\ServerRequestInterface $request
* @param string $scopeDelimiterString
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
* @param string $redirectUri
*
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
*
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
public function validateScopes(
ServerRequestInterface $request,
$scopeDelimiterString,
ClientEntityInterface $client,
$redirectUri = null
) {
$requestedScopes = $this->getRequestParameter('scope', $request);
$scopesList = array_filter(
explode($scopeDelimiterString, trim($requestedScopes)),
function ($scope) {
return !empty($scope);
}
);
$scopes = [];
foreach ($scopesList as $scopeItem) {
$scope = $this->scopeRepository->getScopeEntityByIdentifier(
$scopeItem,
$this->getIdentifier(),
$client->getIdentifier()
);
if (($scope instanceof ScopeEntity) === false) {
throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
}
$scopes[] = $scope;
}
return $scopes;
}
/** /**
* Retrieve request parameter. * Retrieve request parameter.
* *
@ -170,54 +220,6 @@ abstract class AbstractGrant implements GrantTypeInterface
return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default; return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default;
} }
/**
* @param string $scopeParamValue A string containing a delimited set of scope identifiers
* @param string $scopeDelimiterString The delimiter between the scopes in the value string
* @param ClientEntityInterface $client
* @param string $redirectUri
*
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
public function validateScopes(
$scopeParamValue,
$scopeDelimiterString,
ClientEntityInterface $client,
$redirectUri = null
) {
$scopesList = array_filter(
explode($scopeDelimiterString, trim($scopeParamValue)),
function ($scope) {
return !empty($scope);
}
);
$scopes = [];
foreach ($scopesList as $scopeItem) {
$scope = $this->scopeRepository->getScopeEntityByIdentifier(
$scopeItem,
$this->getIdentifier(),
$client->getIdentifier()
);
if (($scope instanceof ScopeEntity) === false) {
throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
}
$scopes[] = $scope;
}
return $scopes;
}
/**
* @inheritdoc
*/
public function setEmitter(EmitterInterface $emitter)
{
$this->emitter = $emitter;
}
/** /**
* @param \DateInterval $tokenTTL * @param \DateInterval $tokenTTL
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client

View File

@ -39,7 +39,7 @@ class ClientCredentialsGrant extends AbstractGrant
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client); $scopes = $this->validateScopes($request, $scopeDelimiter, $client);
// Issue and persist access token // Issue and persist access token
$accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes); $accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes);

View File

@ -77,7 +77,7 @@ class PasswordGrant extends AbstractGrant
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$user = $this->validateUser($request); $user = $this->validateUser($request);
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client); $scopes = $this->validateScopes($request, $scopeDelimiter, $client);
// Issue and persist new tokens // Issue and persist new tokens
$accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes); $accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes);

View File

@ -74,7 +74,7 @@ class RefreshTokenGrant extends AbstractGrant
) { ) {
$client = $this->validateClient($request); $client = $this->validateClient($request);
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $scopeDelimiter, $client); $scopes = $this->validateScopes($request, $scopeDelimiter, $client);
// If no new scopes are requested then give the access token the original session scopes // If no new scopes are requested then give the access token the original session scopes
if (count($scopes) === 0) { if (count($scopes) === 0) {