From 592f60de704a11be2fea2d9836e9088144d9d145 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Tue, 15 Mar 2016 01:10:47 +0100 Subject: [PATCH 1/2] allways extract scopes from repository --- src/Entities/ClientEntity.php | 15 ---------- src/Grant/AbstractGrant.php | 30 ++++++++----------- src/Grant/AuthCodeGrant.php | 22 ++++++++++---- src/Grant/RefreshTokenGrant.php | 13 ++++++-- tests/Bootstrap.php | 8 ++++- tests/Grant/AbstractGrantTest.php | 4 +-- tests/Grant/AuthCodeGrantTest.php | 10 ++++++- tests/Grant/ClientCredentialsGrantTest.php | 2 +- tests/Grant/ImplicitGrantTest.php | 2 +- tests/Grant/PasswordGrantTest.php | 2 +- tests/Grant/RefreshTokenGrantTest.php | 9 ++++-- .../AuthenticationServerMiddlewareTest.php | 2 +- .../ResponseTypes/BearerResponseTypeTest.php | 4 +-- tests/ServerTest.php | 2 +- .../Stubs/ClientEntity.php | 9 ++++-- {src/Entities => tests/Stubs}/ScopeEntity.php | 8 +---- 16 files changed, 78 insertions(+), 64 deletions(-) delete mode 100644 src/Entities/ClientEntity.php rename src/Entities/Traits/ClientEntityTrait.php => tests/Stubs/ClientEntity.php (82%) rename {src/Entities => tests/Stubs}/ScopeEntity.php (73%) diff --git a/src/Entities/ClientEntity.php b/src/Entities/ClientEntity.php deleted file mode 100644 index d72b6b3f..00000000 --- a/src/Entities/ClientEntity.php +++ /dev/null @@ -1,15 +0,0 @@ -getIdentifier() ); - if (($scope instanceof ScopeEntity) === false) { + if (($scope instanceof ScopeEntityInterface) === false) { throw OAuthServerException::invalidScope($scopeItem, $redirectUri); } @@ -325,10 +324,10 @@ abstract class AbstractGrant implements GrantTypeInterface /** * Issue an access token. * - * @param \DateInterval $tokenTTL - * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client - * @param string $userIdentifier - * @param array $scopes + * @param \DateInterval $tokenTTL + * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client + * @param string $userIdentifier + * @param \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[] $scopes * * @return \League\OAuth2\Server\Entities\AccessTokenEntity */ @@ -345,11 +344,6 @@ abstract class AbstractGrant implements GrantTypeInterface $accessToken->setUserIdentifier($userIdentifier); foreach ($scopes as $scope) { - if (is_string($scope)) { - $s = new ScopeEntity(); - $s->setIdentifier($scope); - $scope = $s; - } $accessToken->addScope($scope); } @@ -361,11 +355,11 @@ abstract class AbstractGrant implements GrantTypeInterface /** * Issue an auth code. * - * @param \DateInterval $tokenTTL - * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client - * @param string $userIdentifier - * @param string $redirectUri - * @param array $scopes + * @param \DateInterval $tokenTTL + * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client + * @param string $userIdentifier + * @param string $redirectUri + * @param \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[] $scopes * * @throws \League\OAuth2\Server\Exception\OAuthServerException * diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 6f3d6dfb..bc65dc9a 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -273,17 +273,27 @@ class AuthCodeGrant extends AbstractAuthorizeGrant if ($authCodePayload->redirect_uri !== $redirectUri) { throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI'); } + + $scopes = []; + foreach ($authCodePayload->scopes as $scopeId) { + $scope = $this->scopeRepository->getScopeEntityByIdentifier( + $scopeId, + $this->getIdentifier(), + $client->getIdentifier() + ); + + if (!$scope) { + throw OAuthServerException::invalidScope($scopeId); + } + + $scopes[] = $scope; + } } catch (\LogicException $e) { throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code'); } // Issue and persist access + refresh tokens - $accessToken = $this->issueAccessToken( - $accessTokenTTL, - $client, - $authCodePayload->user_id, - $authCodePayload->scopes - ); + $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $authCodePayload->user_id, $scopes); $refreshToken = $this->issueRefreshToken($accessToken); // Inject tokens into response type diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index efcc6454..75d1cee4 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -48,9 +48,16 @@ class RefreshTokenGrant extends AbstractGrant // If no new scopes are requested then give the access token the original session scopes if (count($scopes) === 0) { - $scopes = array_map(function ($scopeId) { - $scope = new ScopeEntity(); - $scope->setIdentifier($scopeId); + $scopes = array_map(function ($scopeId) use ($client) { + $scope = $this->scopeRepository->getScopeEntityByIdentifier( + $scopeId, + $this->getIdentifier(), + $client->getIdentifier() + ); + + if (!$scope) { + throw OAuthServerException::invalidScope($scopeId); + } return $scope; }, $oldRefreshToken['scopes']); diff --git a/tests/Bootstrap.php b/tests/Bootstrap.php index 99c00e16..b02cb7be 100644 --- a/tests/Bootstrap.php +++ b/tests/Bootstrap.php @@ -1,5 +1,11 @@ wget http://getcomposer.org/composer.phar\n> php composer.phar install\n"); + $message = << wget http://getcomposer.org/composer.phar +> php composer.phar install +MSG; + + exit($message); } diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php index 8fbf7626..4820e3a2 100644 --- a/tests/Grant/AbstractGrantTest.php +++ b/tests/Grant/AbstractGrantTest.php @@ -4,17 +4,17 @@ namespace LeagueTests\Grant; use League\Event\Emitter; use League\OAuth2\Server\Entities\AccessTokenEntity; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; -use League\OAuth2\Server\Entities\ScopeEntity; use League\OAuth2\Server\Grant\AbstractGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; +use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use Zend\Diactoros\ServerRequest; class AbstractGrantTest extends \PHPUnit_Framework_TestCase diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php index 2772527d..22323388 100644 --- a/tests/Grant/AuthCodeGrantTest.php +++ b/tests/Grant/AuthCodeGrantTest.php @@ -2,17 +2,20 @@ namespace LeagueTests\Grant; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; +use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; +use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface; use League\OAuth2\Server\Utils\KeyCrypt; +use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; use Psr\Http\Message\ResponseInterface; @@ -577,6 +580,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase $userEntity = new UserEntity(); $userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeEntity = new ScopeEntity(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity); + $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf(); @@ -590,6 +597,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase new \DateInterval('PT10M') ); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); $grant->setAccessTokenRepository($accessTokenRepositoryMock); $grant->setRefreshTokenRepository($refreshTokenRepositoryMock); $grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key'); diff --git a/tests/Grant/ClientCredentialsGrantTest.php b/tests/Grant/ClientCredentialsGrantTest.php index c67e889c..7ca1487d 100644 --- a/tests/Grant/ClientCredentialsGrantTest.php +++ b/tests/Grant/ClientCredentialsGrantTest.php @@ -2,11 +2,11 @@ namespace LeagueTests\Grant; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; +use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\StubResponseType; use Zend\Diactoros\ServerRequest; diff --git a/tests/Grant/ImplicitGrantTest.php b/tests/Grant/ImplicitGrantTest.php index 85371d82..9d075a69 100644 --- a/tests/Grant/ImplicitGrantTest.php +++ b/tests/Grant/ImplicitGrantTest.php @@ -2,13 +2,13 @@ namespace LeagueTests\Grant; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\ImplicitGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface; use League\OAuth2\Server\Utils\KeyCrypt; +use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; use Psr\Http\Message\ResponseInterface; diff --git a/tests/Grant/PasswordGrantTest.php b/tests/Grant/PasswordGrantTest.php index e4f9e3a9..d7938b94 100644 --- a/tests/Grant/PasswordGrantTest.php +++ b/tests/Grant/PasswordGrantTest.php @@ -2,7 +2,6 @@ namespace LeagueTests\Grant; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; use League\OAuth2\Server\Grant\PasswordGrant; @@ -10,6 +9,7 @@ use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface; +use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; use Zend\Diactoros\ServerRequest; diff --git a/tests/Grant/RefreshTokenGrantTest.php b/tests/Grant/RefreshTokenGrantTest.php index c9edebe2..d6b63203 100644 --- a/tests/Grant/RefreshTokenGrantTest.php +++ b/tests/Grant/RefreshTokenGrantTest.php @@ -2,16 +2,16 @@ namespace LeagueTests\Grant; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; -use League\OAuth2\Server\Entities\ScopeEntity; use League\OAuth2\Server\Grant\RefreshTokenGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\Utils\KeyCrypt; +use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use Zend\Diactoros\ServerRequest; @@ -33,6 +33,10 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeEntity = new ScopeEntity(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity); + $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf(); @@ -41,6 +45,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase $grant = new RefreshTokenGrant($refreshTokenRepositoryMock); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); $grant->setAccessTokenRepository($accessTokenRepositoryMock); $grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key'); $grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key'); diff --git a/tests/Middleware/AuthenticationServerMiddlewareTest.php b/tests/Middleware/AuthenticationServerMiddlewareTest.php index ca2c430a..8fb8a553 100644 --- a/tests/Middleware/AuthenticationServerMiddlewareTest.php +++ b/tests/Middleware/AuthenticationServerMiddlewareTest.php @@ -2,13 +2,13 @@ namespace LeagueTests\Middleware; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\Server; +use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\StubResponseType; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequestFactory; diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php index de4ac7fa..ce7620ea 100644 --- a/tests/ResponseTypes/BearerResponseTypeTest.php +++ b/tests/ResponseTypes/BearerResponseTypeTest.php @@ -3,12 +3,12 @@ namespace LeagueTests\ResponseTypes; use League\OAuth2\Server\Entities\AccessTokenEntity; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Entities\RefreshTokenEntity; -use League\OAuth2\Server\Entities\ScopeEntity; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; +use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; diff --git a/tests/ServerTest.php b/tests/ServerTest.php index 66eadc27..1563e34a 100644 --- a/tests/ServerTest.php +++ b/tests/ServerTest.php @@ -2,7 +2,6 @@ namespace LeagueTests; -use League\OAuth2\Server\Entities\ClientEntity; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Grant\ClientCredentialsGrant; @@ -14,6 +13,7 @@ use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface; use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; use League\OAuth2\Server\Server; +use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\StubResponseType; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\ServerRequest; diff --git a/src/Entities/Traits/ClientEntityTrait.php b/tests/Stubs/ClientEntity.php similarity index 82% rename from src/Entities/Traits/ClientEntityTrait.php rename to tests/Stubs/ClientEntity.php index 88e1188f..74775ab0 100644 --- a/src/Entities/Traits/ClientEntityTrait.php +++ b/tests/Stubs/ClientEntity.php @@ -1,9 +1,14 @@ getIdentifier(); From 9e04da01de8b48c5cd48e0cb779e6cce618e6494 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Tue, 15 Mar 2016 01:18:54 +0100 Subject: [PATCH 2/2] unused use statements --- src/Grant/RefreshTokenGrant.php | 1 - tests/Grant/AuthCodeGrantTest.php | 1 - 2 files changed, 2 deletions(-) diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 75d1cee4..f1aebd3d 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -11,7 +11,6 @@ namespace League\OAuth2\Server\Grant; use League\Event\Event; -use League\OAuth2\Server\Entities\ScopeEntity; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php index 22323388..230c9442 100644 --- a/tests/Grant/AuthCodeGrantTest.php +++ b/tests/Grant/AuthCodeGrantTest.php @@ -4,7 +4,6 @@ namespace LeagueTests\Grant; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; -use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;