From a9a68a5cc8b5304086dbbed84387c9d3dc20cb26 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Wed, 6 Mar 2013 17:18:37 +0000
Subject: [PATCH] Added scope parameter association for clientcredentials and
 password scope

TODO: Unit tests
---
 src/OAuth2/Grant/ClientCredentials.php | 31 ++++++++++++++++++++++++--
 src/OAuth2/Grant/Password.php          | 29 +++++++++++++++++++++++-
 2 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php
index baed0aa9..b7736b3e 100644
--- a/src/OAuth2/Grant/ClientCredentials.php
+++ b/src/OAuth2/Grant/ClientCredentials.php
@@ -78,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
     public function completeFlow($inputParams = null)
     {
          // Get the required params
-        $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams);
+        $authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);
 
         if (is_null($authParams['client_id'])) {
             throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
@@ -97,6 +97,27 @@ class ClientCredentials implements GrantTypeInterface {
 
         $authParams['client_details'] = $clientDetails;
 
+        // Validate any scopes that are in the request
+        $scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
+        $scopes = explode($this->authServer->getScopeDelimeter(), $scope);
+
+        for ($i = 0; $i < count($scopes); $i++) {
+            $scopes[$i] = trim($scopes[$i]);
+            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
+        }
+
+        $authParams['scopes'] = array();
+
+        foreach ($scopes as $scope) {
+            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
+
+            if ($scopeDetails === false) {
+                throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
+            }
+
+            $authParams['scopes'][] = $scopeDetails;
+        }
+
         // Generate an access token
         $accessToken = SecureKey::make();
         $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
@@ -108,7 +129,7 @@ class ClientCredentials implements GrantTypeInterface {
         $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
 
         // Create a new session
-        $this->authServer->getStorage('session')->createSession(
+        $sessionId = $this->authServer->getStorage('session')->createSession(
             $authParams['client_id'],
             null,
             'client',
@@ -120,6 +141,12 @@ class ClientCredentials implements GrantTypeInterface {
             'granted'
         );
 
+        // Associate scopes with the new session
+        foreach ($authParams['scopes'] as $scope)
+        {
+            $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
+        }
+
         $response = array(
             'access_token'  =>  $accessToken,
             'token_type'    =>  'bearer',
diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php
index ccd8a6a1..0fc5a7bc 100644
--- a/src/OAuth2/Grant/Password.php
+++ b/src/OAuth2/Grant/Password.php
@@ -140,6 +140,27 @@ class Password implements GrantTypeInterface {
             throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
         }
 
+        // Validate any scopes that are in the request
+        $scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
+        $scopes = explode($this->authServer->getScopeDelimeter(), $scope);
+
+        for ($i = 0; $i < count($scopes); $i++) {
+            $scopes[$i] = trim($scopes[$i]);
+            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
+        }
+
+        $authParams['scopes'] = array();
+
+        foreach ($scopes as $scope) {
+            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
+
+            if ($scopeDetails === false) {
+                throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
+            }
+
+            $authParams['scopes'][] = $scopeDetails;
+        }
+
         // Generate an access token
         $accessToken = SecureKey::make();
         $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
@@ -151,7 +172,7 @@ class Password implements GrantTypeInterface {
         $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
 
         // Create a new session
-        $this->authServer->getStorage('session')->createSession(
+        $sessionId = $this->authServer->getStorage('session')->createSession(
             $authParams['client_id'],
             null,
             'user',
@@ -163,6 +184,12 @@ class Password implements GrantTypeInterface {
             'granted'
         );
 
+        // Associate scopes with the new session
+        foreach ($authParams['scopes'] as $scope)
+        {
+            $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
+        }
+
         $response = array(
             'access_token'  =>  $accessToken,
             'token_type'    =>  'bearer',