Added finalizeScopes method to ScopeRepositoryInterface

2025-01-13 15:22:12 +05:30 · 2016-03-23 18:36:23 +00:00 · 2016-03-23 18:36:23 +00:00 · b5b5d9f347
commit b5b5d9f347
parent a698a4da7e
5 changed files with 32 additions and 5 deletions
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -190,6 +190,10 @@ class AuthCodeGrant extends AbstractAuthorizeGrant

        // THe user approved the client, redirect them back with an auth code
        if ($userHasApprovedClient === true) {
+
+            // Finalize the requested scopes
+            $scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $userId);
+
            $authCode = $this->issueAuthCode(
                $this->authCodeTTL,
                $client,
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@ -30,6 +30,9 @@ class ClientCredentialsGrant extends AbstractGrant
        $client = $this->validateClient($request);
        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);

+        // Finalize the requested scopes
+        $scopes = $this->scopeRepository->finalizeScopes($scopes, $client);
+
        // Issue and persist access token
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);

--- a/src/Grant/ImplicitGrant.php
+++ b/src/Grant/ImplicitGrant.php
@ -189,6 +189,10 @@ class ImplicitGrant extends AbstractAuthorizeGrant

        // THe user approved the client, redirect them back with an access token
        if ($userHasApprovedClient === true) {
+
+            // Finalize the requested scopes
+            $scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $userId);
+
            $accessToken = $this->issueAccessToken(
                $accessTokenTTL,
                $client,
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@ -51,7 +51,10 @@ class PasswordGrant extends AbstractGrant
        // Validate request
        $client = $this->validateClient($request);
        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
-        $user = $this->validateUser($request, $client, $scopes);
+        $user = $this->validateUser($request, $client);
+
+        // Finalize the requested scopes
+        $scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $user->getIdentifier());

        // Issue and persist new tokens
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
@ -67,13 +70,12 @@ class PasswordGrant extends AbstractGrant
    /**
     * @param \Psr\Http\Message\ServerRequestInterface                        $request
     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
-     * @param ScopeEntityInterface[]                                          $scopes
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return \League\OAuth2\Server\Entities\Interfaces\UserEntityInterface
     */
-    protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client, array &$scopes)
+    protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
    {
        $username = $this->getRequestParameter('username', $request);
        if (is_null($username)) {
@ -89,8 +91,7 @@ class PasswordGrant extends AbstractGrant
            $username,
            $password,
            $this->getIdentifier(),
-            $client,
-            $scopes
+            $client
        );
        if (!$user instanceof UserEntityInterface) {
            $this->getEmitter()->emit(new RequestEvent('user.authentication.failed', $request));
--- a/src/Repositories/ScopeRepositoryInterface.php
+++ b/src/Repositories/ScopeRepositoryInterface.php
@ -10,6 +10,9 @@
 */
 namespace League\OAuth2\Server\Repositories;

+use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
+use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface;
+
 /**
 * Scope interface.
 */
@ -25,4 +28,16 @@ interface ScopeRepositoryInterface extends RepositoryInterface
     * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface
     */
    public function getScopeEntityByIdentifier($identifier, $grantType, $clientId = null);
+
+    /**
+     * Given a client and user validate the set of scopes requested are valid and optionally
+     * append additional scopes or remove requested scopes.
+     *
+     * @param ScopeEntityInterface[]                                          $scopes
+     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity
+     * @param null|string                                                     $userIdentifier
+     *
+     * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[]
+     */
+    public function finalizeScopes(array $scopes = [], ClientEntityInterface $clientEntity, $userIdentifier = null);
 }