Added scope parameter association for clientcredentials and password scope

TODO: Unit tests
This commit is contained in:
Alex Bilbie 2013-03-06 17:18:37 +00:00
parent 542ca52d49
commit a9a68a5cc8
2 changed files with 57 additions and 3 deletions

View File

@ -78,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
public function completeFlow($inputParams = null) public function completeFlow($inputParams = null)
{ {
// Get the required params // Get the required params
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams); $authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);
if (is_null($authParams['client_id'])) { if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
@ -97,6 +97,27 @@ class ClientCredentials implements GrantTypeInterface {
$authParams['client_details'] = $clientDetails; $authParams['client_details'] = $clientDetails;
// Validate any scopes that are in the request
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
for ($i = 0; $i < count($scopes); $i++) {
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
}
$authParams['scopes'] = array();
foreach ($scopes as $scope) {
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
if ($scopeDetails === false) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
}
$authParams['scopes'][] = $scopeDetails;
}
// Generate an access token // Generate an access token
$accessToken = SecureKey::make(); $accessToken = SecureKey::make();
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
@ -108,7 +129,7 @@ class ClientCredentials implements GrantTypeInterface {
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']); $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
// Create a new session // Create a new session
$this->authServer->getStorage('session')->createSession( $sessionId = $this->authServer->getStorage('session')->createSession(
$authParams['client_id'], $authParams['client_id'],
null, null,
'client', 'client',
@ -120,6 +141,12 @@ class ClientCredentials implements GrantTypeInterface {
'granted' 'granted'
); );
// Associate scopes with the new session
foreach ($authParams['scopes'] as $scope)
{
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
}
$response = array( $response = array(
'access_token' => $accessToken, 'access_token' => $accessToken,
'token_type' => 'bearer', 'token_type' => 'bearer',

View File

@ -140,6 +140,27 @@ class Password implements GrantTypeInterface {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0); throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
} }
// Validate any scopes that are in the request
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
for ($i = 0; $i < count($scopes); $i++) {
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
}
$authParams['scopes'] = array();
foreach ($scopes as $scope) {
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
if ($scopeDetails === false) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
}
$authParams['scopes'][] = $scopeDetails;
}
// Generate an access token // Generate an access token
$accessToken = SecureKey::make(); $accessToken = SecureKey::make();
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
@ -151,7 +172,7 @@ class Password implements GrantTypeInterface {
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId); $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
// Create a new session // Create a new session
$this->authServer->getStorage('session')->createSession( $sessionId = $this->authServer->getStorage('session')->createSession(
$authParams['client_id'], $authParams['client_id'],
null, null,
'user', 'user',
@ -163,6 +184,12 @@ class Password implements GrantTypeInterface {
'granted' 'granted'
); );
// Associate scopes with the new session
foreach ($authParams['scopes'] as $scope)
{
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
}
$response = array( $response = array(
'access_token' => $accessToken, 'access_token' => $accessToken,
'token_type' => 'bearer', 'token_type' => 'bearer',