Added scope parameter association for clientcredentials and password scope

TODO: Unit tests
2024-12-16 18:19:47 +05:30 · 2013-03-06 17:18:37 +00:00 · 2013-03-06 17:18:37 +00:00 · a9a68a5cc8
commit a9a68a5cc8
parent 542ca52d49
2 changed files with 57 additions and 3 deletions
--- a/src/OAuth2/Grant/ClientCredentials.php
+++ b/src/OAuth2/Grant/ClientCredentials.php
@ -78,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
    public function completeFlow($inputParams = null)
    {
         // Get the required params
-        $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams);
+        $authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);

        if (is_null($authParams['client_id'])) {
            throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
@ -97,6 +97,27 @@ class ClientCredentials implements GrantTypeInterface {

        $authParams['client_details'] = $clientDetails;

+        // Validate any scopes that are in the request
+        $scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
+        $scopes = explode($this->authServer->getScopeDelimeter(), $scope);
+
+        for ($i = 0; $i < count($scopes); $i++) {
+            $scopes[$i] = trim($scopes[$i]);
+            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
+        }
+
+        $authParams['scopes'] = array();
+
+        foreach ($scopes as $scope) {
+            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
+
+            if ($scopeDetails === false) {
+                throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
+            }
+
+            $authParams['scopes'][] = $scopeDetails;
+        }
+
        // Generate an access token
        $accessToken = SecureKey::make();
        $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
@ -108,7 +129,7 @@ class ClientCredentials implements GrantTypeInterface {
        $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);

        // Create a new session
-        $this->authServer->getStorage('session')->createSession(
+        $sessionId = $this->authServer->getStorage('session')->createSession(
            $authParams['client_id'],
            null,
            'client',
@ -120,6 +141,12 @@ class ClientCredentials implements GrantTypeInterface {
            'granted'
        );

+        // Associate scopes with the new session
+        foreach ($authParams['scopes'] as $scope)
+        {
+            $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
+        }
+
        $response = array(
            'access_token'  =>  $accessToken,
            'token_type'    =>  'bearer',
--- a/src/OAuth2/Grant/Password.php
+++ b/src/OAuth2/Grant/Password.php
@ -140,6 +140,27 @@ class Password implements GrantTypeInterface {
            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
        }

+        // Validate any scopes that are in the request
+        $scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
+        $scopes = explode($this->authServer->getScopeDelimeter(), $scope);
+
+        for ($i = 0; $i < count($scopes); $i++) {
+            $scopes[$i] = trim($scopes[$i]);
+            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
+        }
+
+        $authParams['scopes'] = array();
+
+        foreach ($scopes as $scope) {
+            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
+
+            if ($scopeDetails === false) {
+                throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
+            }
+
+            $authParams['scopes'][] = $scopeDetails;
+        }
+
        // Generate an access token
        $accessToken = SecureKey::make();
        $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
@ -151,7 +172,7 @@ class Password implements GrantTypeInterface {
        $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);

        // Create a new session
-        $this->authServer->getStorage('session')->createSession(
+        $sessionId = $this->authServer->getStorage('session')->createSession(
            $authParams['client_id'],
            null,
            'user',
@ -163,6 +184,12 @@ class Password implements GrantTypeInterface {
            'granted'
        );

+        // Associate scopes with the new session
+        foreach ($authParams['scopes'] as $scope)
+        {
+            $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
+        }
+
        $response = array(
            'access_token'  =>  $accessToken,
            'token_type'    =>  'bearer',