diff --git a/examples/public/api.php b/examples/public/api.php index c386363c..3032ffed 100644 --- a/examples/public/api.php +++ b/examples/public/api.php @@ -31,7 +31,6 @@ $app->add( $app->get( '/users', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { - $users = [ [ 'id' => 123, @@ -70,4 +69,4 @@ $app->get( } ); -$app->run(); \ No newline at end of file +$app->run(); diff --git a/examples/public/client_credentials.php b/examples/public/client_credentials.php index e4b8ddff..c982f275 100644 --- a/examples/public/client_credentials.php +++ b/examples/public/client_credentials.php @@ -30,9 +30,9 @@ $app = new App([ $accessTokenRepository = new AccessTokenRepository(); // instance of AccessTokenRepositoryInterface // Path to public and private keys - $privateKey = 'file://'.__DIR__.'/../private.key'; + $privateKey = 'file://' . __DIR__ . '/../private.key'; //$privateKey = new CryptKey('file://path/to/private.key', 'passphrase'); // if private key has a pass phrase - $publicKey = 'file://'.__DIR__.'/../public.key'; + $publicKey = 'file://' . __DIR__ . '/../public.key'; // Setup the authorization server $server = new AuthorizationServer( diff --git a/examples/public/password.php b/examples/public/password.php index 75766477..02a85a56 100644 --- a/examples/public/password.php +++ b/examples/public/password.php @@ -23,8 +23,8 @@ $app = new App([ new ClientRepository(), // instance of ClientRepositoryInterface new AccessTokenRepository(), // instance of AccessTokenRepositoryInterface new ScopeRepository(), // instance of ScopeRepositoryInterface - 'file://'.__DIR__.'/../private.key', // path to private key - 'file://'.__DIR__.'/../public.key' // path to public key + 'file://' . __DIR__ . '/../private.key', // path to private key + 'file://' . __DIR__ . '/../public.key' // path to public key ); $grant = new PasswordGrant( @@ -54,19 +54,17 @@ $app->post( // Try to respond to the access token request return $server->respondToAccessTokenRequest($request, $response); - } catch (OAuthServerException $exception) { // All instances of OAuthServerException can be converted to a PSR-7 response return $exception->generateHttpResponse($response); - } catch (\Exception $exception) { // Catch unexpected exceptions $body = $response->getBody(); $body->write($exception->getMessage()); - return $response->withStatus(500)->withBody($body); + return $response->withStatus(500)->withBody($body); } } ); diff --git a/examples/src/Repositories/ScopeRepository.php b/examples/src/Repositories/ScopeRepository.php index f9879850..d050d55f 100644 --- a/examples/src/Repositories/ScopeRepository.php +++ b/examples/src/Repositories/ScopeRepository.php @@ -54,7 +54,7 @@ class ScopeRepository implements ScopeRepositoryInterface $scope->setIdentifier('email'); $scopes[] = $scope; } - + return $scopes; } } diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index f24d9abb..2bab4cb5 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -75,7 +75,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface } catch (\InvalidArgumentException $exception) { // JWT couldn't be parsed so return the request as is throw OAuthServerException::accessDenied($exception->getMessage()); - } catch(\RuntimeException $exception){ + } catch (\RuntimeException $exception) { //JWR couldn't be parsed so return the request as is throw OAuthServerException::accessDenied('Error while decoding to JSON'); } diff --git a/src/Exception/UniqueTokenIdentifierConstraintViolationException.php b/src/Exception/UniqueTokenIdentifierConstraintViolationException.php index 816c249f..a67855b2 100644 --- a/src/Exception/UniqueTokenIdentifierConstraintViolationException.php +++ b/src/Exception/UniqueTokenIdentifierConstraintViolationException.php @@ -9,7 +9,6 @@ namespace League\OAuth2\Server\Exception; - class UniqueTokenIdentifierConstraintViolationException extends OAuthServerException { public static function create() diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index e230c500..d916e3f1 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -345,6 +345,7 @@ abstract class AbstractGrant implements GrantTypeInterface $accessToken->setIdentifier($this->generateUniqueIdentifier()); try { $this->accessTokenRepository->persistNewAccessToken($accessToken); + return $accessToken; } catch (UniqueTokenIdentifierConstraintViolationException $e) { if ($maxGenerationAttempts === 0) { @@ -391,6 +392,7 @@ abstract class AbstractGrant implements GrantTypeInterface $authCode->setIdentifier($this->generateUniqueIdentifier()); try { $this->authCodeRepository->persistNewAuthCode($authCode); + return $authCode; } catch (UniqueTokenIdentifierConstraintViolationException $e) { if ($maxGenerationAttempts === 0) { @@ -420,6 +422,7 @@ abstract class AbstractGrant implements GrantTypeInterface $refreshToken->setIdentifier($this->generateUniqueIdentifier()); try { $this->refreshTokenRepository->persistNewRefreshToken($refreshToken); + return $refreshToken; } catch (UniqueTokenIdentifierConstraintViolationException $e) { if ($maxGenerationAttempts === 0) { diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index a85b70d4..62a48147 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -151,6 +151,13 @@ class ImplicitGrant extends AbstractAuthorizeGrant : $client->getRedirectUri() ); + // Finalize the requested scopes + $scopes = $this->scopeRepository->finalizeScopes( + $scopes, + $this->getIdentifier(), + $client + ); + $stateParameter = $this->getQueryStringParameter('state', $request); $authorizationRequest = new AuthorizationRequest(); diff --git a/src/RequestTypes/AuthorizationRequest.php b/src/RequestTypes/AuthorizationRequest.php index ad67dafd..41bfb509 100644 --- a/src/RequestTypes/AuthorizationRequest.php +++ b/src/RequestTypes/AuthorizationRequest.php @@ -66,12 +66,14 @@ class AuthorizationRequest /** * The code challenge (if provided) + * * @var string */ protected $codeChallenge; /** * The code challenge method (if provided) + * * @var string */ protected $codeChallengeMethod; diff --git a/src/ResponseTypes/BearerTokenResponse.php b/src/ResponseTypes/BearerTokenResponse.php index ceeeed9d..a57573a0 100644 --- a/src/ResponseTypes/BearerTokenResponse.php +++ b/src/ResponseTypes/BearerTokenResponse.php @@ -68,6 +68,7 @@ class BearerTokenResponse extends AbstractResponseType * this class rather than the default. * * @param AccessTokenEntityInterface $accessToken + * * @return array */ protected function getExtraParams(AccessTokenEntityInterface $accessToken) diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php index 18420c16..498fdb4e 100644 --- a/tests/Grant/AuthCodeGrantTest.php +++ b/tests/Grant/AuthCodeGrantTest.php @@ -137,7 +137,6 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest); } - public function testValidateAuthorizationRequestCodeChallenge() { $client = new ClientEntity(); diff --git a/tests/Grant/ImplicitGrantTest.php b/tests/Grant/ImplicitGrantTest.php index f5f1feb2..0fc06370 100644 --- a/tests/Grant/ImplicitGrantTest.php +++ b/tests/Grant/ImplicitGrantTest.php @@ -9,11 +9,13 @@ use League\OAuth2\Server\Grant\ImplicitGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; +use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\RequestTypes\AuthorizationRequest; use League\OAuth2\Server\ResponseTypes\RedirectResponse; use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\CryptTraitStub; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; use Zend\Diactoros\ServerRequest; @@ -86,8 +88,14 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeEntity = new ScopeEntity(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity); + $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0); + $grant = new ImplicitGrant(new \DateInterval('PT10M')); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); $request = new ServerRequest( [], @@ -114,8 +122,14 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeEntity = new ScopeEntity(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity); + $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0); + $grant = new ImplicitGrant(new \DateInterval('PT10M')); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); $request = new ServerRequest( [],