ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-30 10:42:02 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #978 from Devristo/fix-http-basic-respond-to-access-token-request

Browse Source 
Fixed respondToAccessTokenRequest using Http Basic Auth
This commit is contained in:
Andrew Millington 2018-12-10 23:07:58 +00:00 committed by GitHub
commit 8e9368cf44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 92 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/Grant/AbstractGrant.php
View File

@ -171,15 +171,7 @@ abstract class AbstractGrant implements GrantTypeInterface
*/ */
protected function validateClient(ServerRequestInterface $request) protected function validateClient(ServerRequestInterface $request)
{ {
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request); list($clientId, $clientSecret) = $this->getClientCredentials($request);
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) { if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) {
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
@ -199,6 +191,29 @@ abstract class AbstractGrant implements GrantTypeInterface
return $client; return $client;
} }
/**
* Gets the client credentials from the request from the request body or
* the Http Basic Authorization header
*
* @param ServerRequestInterface $request
*
* @return array
*/
protected function getClientCredentials(ServerRequestInterface $request)
{
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
return [$clientId, $clientSecret];
}
/** /**
* Validate redirectUri from the request. * Validate redirectUri from the request.
* If a redirect URI is provided ensure it matches what is pre-registered * If a redirect URI is provided ensure it matches what is pre-registered

6
src/Grant/AuthCodeGrant.php
View File

@ -90,11 +90,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL \DateInterval $accessTokenTTL
) { ) {
$clientId = $this->getRequestParameter('client_id', $request, null); list($clientId) = $this->getClientCredentials($request);
if ($clientId === null) {
throw OAuthServerException::invalidRequest('client_id');
}
$client = $this->clientRepository->getClientEntity($clientId); $client = $this->clientRepository->getClientEntity($clientId);

80
tests/Grant/AuthCodeGrantTest.php
View File

@ -606,6 +606,71 @@ class AuthCodeGrantTest extends TestCase
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
} }
public function testRespondToAccessTokenRequestUsingHttpBasicAuth()
{
$client = new ClientEntity();
$client->setIdentifier('foo');
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn(new ScopeEntity());
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
$refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity());
$authCodeGrant = new AuthCodeGrant(
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
$refreshTokenRepositoryMock,
new \DateInterval('PT10M')
);
$authCodeGrant->setClientRepository($clientRepositoryMock);
$authCodeGrant->setScopeRepository($scopeRepositoryMock);
$authCodeGrant->setAccessTokenRepository($accessTokenRepositoryMock);
$authCodeGrant->setEncryptionKey($this->cryptStub->getKey());
$authCodeGrant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$request = new ServerRequest(
[],
[],
null,
'POST',
'php://input',
[
'Authorization' => 'Basic Zm9vOmJhcg==',
],
[],
[],
[
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://foo/bar',
'code' => $this->cryptStub->doEncrypt(
json_encode(
[
'auth_code_id' => uniqid(),
'client_id' => 'foo',
'expire_time' => time() + 3600,
'user_id' => 123,
'scopes' => ['foo'],
'redirect_uri' => 'http://foo/bar',
]
)
),
]
);
/** @var StubResponseType $response */
$response = $authCodeGrant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
}
public function testRespondToAccessTokenRequestForPublicClient() public function testRespondToAccessTokenRequestForPublicClient()
{ {
$client = new ClientEntity(); $client = new ClientEntity();
@ -965,27 +1030,16 @@ class AuthCodeGrantTest extends TestCase
public function testRespondToAccessTokenRequestExpiredCode() public function testRespondToAccessTokenRequestExpiredCode()
{ {
$client = new ClientEntity();
$client->setIdentifier('foo');
$client->setRedirectUri('http://foo/bar');
$client->setConfidential();
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client); $clientRepositoryMock->method('getClientEntity')->willReturn(new ClientEntity());
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
$grant = new AuthCodeGrant( $grant = new AuthCodeGrant(
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
new \DateInterval('PT10M') new \DateInterval('PT10M')
); );
$grant->setClientRepository($clientRepositoryMock); $grant->setClientRepository($clientRepositoryMock);
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
$grant->setEncryptionKey($this->cryptStub->getKey()); $grant->setEncryptionKey($this->cryptStub->getKey());
$request = new ServerRequest( $request = new ServerRequest(