Merge pull request #978 from Devristo/fix-http-basic-respond-to-access-token-request

Fixed respondToAccessTokenRequest using Http Basic Auth
2024-11-26 16:52:04 +05:30 · 2018-12-10 23:07:58 +00:00 · 2018-12-10 23:07:58 +00:00 · 8e9368cf44
commit 8e9368cf44
parent eea9c30e70 894724c45b
3 changed files with 92 additions and 27 deletions
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@ -171,15 +171,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     */
    protected function validateClient(ServerRequestInterface $request)
    {
-        list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
-
-        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
-
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
-
-        $clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
+        list($clientId, $clientSecret) = $this->getClientCredentials($request);

        if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
@ -199,6 +191,29 @@ abstract class AbstractGrant implements GrantTypeInterface
        return $client;
    }

+    /**
+     * Gets the client credentials from the request from the request body or
+     * the Http Basic Authorization header
+     *
+     * @param ServerRequestInterface $request
+     *
+     * @return array
+     */
+    protected function getClientCredentials(ServerRequestInterface $request)
+    {
+        list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
+
+        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
+
+        if (is_null($clientId)) {
+            throw OAuthServerException::invalidRequest('client_id');
+        }
+
+        $clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
+
+        return [$clientId, $clientSecret];
+    }
+
    /**
     * Validate redirectUri from the request.
     * If a redirect URI is provided ensure it matches what is pre-registered
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -90,11 +90,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
        ResponseTypeInterface $responseType,
        \DateInterval $accessTokenTTL
    ) {
-        $clientId = $this->getRequestParameter('client_id', $request, null);
-
-        if ($clientId === null) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
+        list($clientId) = $this->getClientCredentials($request);

        $client = $this->clientRepository->getClientEntity($clientId);

--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@ -606,6 +606,71 @@ class AuthCodeGrantTest extends TestCase
        $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
    }

+    public function testRespondToAccessTokenRequestUsingHttpBasicAuth()
+    {
+        $client = new ClientEntity();
+        $client->setIdentifier('foo');
+        $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
+        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
+
+        $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
+        $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn(new ScopeEntity());
+        $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
+
+        $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
+        $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
+
+        $refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
+        $refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity());
+
+        $authCodeGrant = new AuthCodeGrant(
+            $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
+            $refreshTokenRepositoryMock,
+            new \DateInterval('PT10M')
+        );
+
+        $authCodeGrant->setClientRepository($clientRepositoryMock);
+        $authCodeGrant->setScopeRepository($scopeRepositoryMock);
+        $authCodeGrant->setAccessTokenRepository($accessTokenRepositoryMock);
+        $authCodeGrant->setEncryptionKey($this->cryptStub->getKey());
+        $authCodeGrant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
+
+        $request = new ServerRequest(
+            [],
+            [],
+            null,
+            'POST',
+            'php://input',
+            [
+                'Authorization' => 'Basic Zm9vOmJhcg==',
+            ],
+            [],
+            [],
+            [
+                'grant_type'   => 'authorization_code',
+                'redirect_uri' => 'http://foo/bar',
+                'code'         => $this->cryptStub->doEncrypt(
+                    json_encode(
+                        [
+                            'auth_code_id' => uniqid(),
+                            'client_id' => 'foo',
+                            'expire_time'  => time() + 3600,
+                            'user_id'      => 123,
+                            'scopes'       => ['foo'],
+                            'redirect_uri' => 'http://foo/bar',
+                        ]
+                    )
+                ),
+            ]
+        );
+
+        /** @var StubResponseType $response */
+        $response = $authCodeGrant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
+
+        $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
+        $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
+    }
+
    public function testRespondToAccessTokenRequestForPublicClient()
    {
        $client = new ClientEntity();
@ -965,27 +1030,16 @@ class AuthCodeGrantTest extends TestCase

    public function testRespondToAccessTokenRequestExpiredCode()
    {
-        $client = new ClientEntity();
-        $client->setIdentifier('foo');
-        $client->setRedirectUri('http://foo/bar');
-        $client->setConfidential();
        $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
-        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
-
-        $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
-        $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
-
-        $refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
-        $refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
+        $clientRepositoryMock->method('getClientEntity')->willReturn(new ClientEntity());

        $grant = new AuthCodeGrant(
            $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
            $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
            new \DateInterval('PT10M')
        );
+
        $grant->setClientRepository($clientRepositoryMock);
-        $grant->setAccessTokenRepository($accessTokenRepositoryMock);
-        $grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
        $grant->setEncryptionKey($this->cryptStub->getKey());

        $request = new ServerRequest(