Merge pull request #969 from ceeram/fix-bc-break

Fix bc breaking change

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [7.3.2] - released 2018-11-21
+
+- Revert setting keys on response type to be inside `getResponseType()` function instead of AuthorizationServer constructor (PR #969)
+
 ## [7.3.1] - released 2018-11-15
 
 ### Fixed
@@ -427,7 +431,8 @@ Version 5 is a complete code rewrite.
 
 - First major release
 
-[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.3.1...HEAD
+[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.3.2...HEAD
+[7.3.2]: https://github.com/thephpleague/oauth2-server/compare/7.3.1...7.3.2
 [7.3.1]: https://github.com/thephpleague/oauth2-server/compare/7.3.0...7.3.1
 [7.3.0]: https://github.com/thephpleague/oauth2-server/compare/7.2.0...7.3.0
 [7.2.0]: https://github.com/thephpleague/oauth2-server/compare/7.1.1...7.2.0

src/AuthorizationServer.php

@@ -114,12 +114,6 @@ class AuthorizationServer implements EmitterAwareInterface
             $responseType = clone $responseType;
         }
 
-        if ($responseType instanceof AbstractResponseType) {
-            $responseType->setPrivateKey($this->privateKey);
-        }
-
-        $responseType->setEncryptionKey($this->encryptionKey);
-
         $this->responseType = $responseType;
     }
 
@@ -219,7 +213,15 @@ class AuthorizationServer implements EmitterAwareInterface
      */
     protected function getResponseType()
     {
-        return clone $this->responseType;
+        $responseType = clone $this->responseType;
+
+        if ($responseType instanceof AbstractResponseType) {
+            $responseType->setPrivateKey($this->privateKey);
+        }
+
+        $responseType->setEncryptionKey($this->encryptionKey);
+
+        return $responseType;
     }
 
     /**

tests/AuthorizationServerTest.php

@@ -110,6 +110,43 @@ class AuthorizationServerTest extends TestCase
         $this->assertInstanceOf(BearerTokenResponse::class, $method->invoke($server));
     }
 
+    public function testGetResponseTypeExtended()
+    {
+        $clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
+        $privateKey = 'file://' . __DIR__ . '/Stubs/private.key';
+        $encryptionKey = 'file://' . __DIR__ . '/Stubs/public.key';
+
+        $server = new class($clientRepository, $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(), $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(), $privateKey, $encryptionKey) extends AuthorizationServer {
+            protected function getResponseType()
+            {
+                $this->responseType = new class extends BearerTokenResponse {
+                    /* @return null|CryptKey */
+                    public function getPrivateKey()
+                    {
+                        return $this->privateKey;
+                    }
+
+                    public function getEncryptionKey()
+                    {
+                        return $this->encryptionKey;
+                    }
+                };
+
+                return parent::getResponseType();
+            }
+        };
+
+        $abstractGrantReflection = new \ReflectionClass($server);
+        $method = $abstractGrantReflection->getMethod('getResponseType');
+        $method->setAccessible(true);
+        $responseType = $method->invoke($server);
+
+        $this->assertInstanceOf(BearerTokenResponse::class, $responseType);
+        // generated instances should have keys setup
+        $this->assertSame($privateKey, $responseType->getPrivateKey()->getKeyPath());
+        $this->assertSame($encryptionKey, $responseType->getEncryptionKey());
+    }
+
     public function testMultipleRequestsGetDifferentResponseTypeInstances()
     {
         $privateKey = 'file://' . __DIR__ . '/Stubs/private.key';