ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-13 23:32:20 +05:30
Code Issues Packages Projects Releases Wiki Activity

Added finalizeScopes method to ScopeRepositoryInterface

Browse Source
This commit is contained in:
Alex Bilbie 2016-03-23 18:36:23 +00:00
parent a698a4da7e
commit b5b5d9f347
5 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Grant/AuthCodeGrant.php
View File

@ -190,6 +190,10 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
// THe user approved the client, redirect them back with an auth code // THe user approved the client, redirect them back with an auth code
if ($userHasApprovedClient === true) { if ($userHasApprovedClient === true) {
// Finalize the requested scopes
$scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $userId);
$authCode = $this->issueAuthCode( $authCode = $this->issueAuthCode(
$this->authCodeTTL, $this->authCodeTTL,
$client, $client,

3
src/Grant/ClientCredentialsGrant.php
View File

@ -30,6 +30,9 @@ class ClientCredentialsGrant extends AbstractGrant
$client = $this->validateClient($request); $client = $this->validateClient($request);
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
// Finalize the requested scopes
$scopes = $this->scopeRepository->finalizeScopes($scopes, $client);
// Issue and persist access token // Issue and persist access token
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes); $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);

4
src/Grant/ImplicitGrant.php
View File

@ -189,6 +189,10 @@ class ImplicitGrant extends AbstractAuthorizeGrant
// THe user approved the client, redirect them back with an access token // THe user approved the client, redirect them back with an access token
if ($userHasApprovedClient === true) { if ($userHasApprovedClient === true) {
// Finalize the requested scopes
$scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $userId);
$accessToken = $this->issueAccessToken( $accessToken = $this->issueAccessToken(
$accessTokenTTL, $accessTokenTTL,
$client, $client,

11
src/Grant/PasswordGrant.php
View File

@ -51,7 +51,10 @@ class PasswordGrant extends AbstractGrant
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
$user = $this->validateUser($request, $client, $scopes); $user = $this->validateUser($request, $client);
// Finalize the requested scopes
$scopes = $this->scopeRepository->finalizeScopes($scopes, $client, $user->getIdentifier());
// Issue and persist new tokens // Issue and persist new tokens
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
@ -67,13 +70,12 @@ class PasswordGrant extends AbstractGrant
/** /**
* @param \Psr\Http\Message\ServerRequestInterface $request * @param \Psr\Http\Message\ServerRequestInterface $request
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
* @param ScopeEntityInterface[] $scopes
* *
* @throws \League\OAuth2\Server\Exception\OAuthServerException * @throws \League\OAuth2\Server\Exception\OAuthServerException
* *
* @return \League\OAuth2\Server\Entities\Interfaces\UserEntityInterface * @return \League\OAuth2\Server\Entities\Interfaces\UserEntityInterface
*/ */
protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client, array &$scopes) protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
{ {
$username = $this->getRequestParameter('username', $request); $username = $this->getRequestParameter('username', $request);
if (is_null($username)) { if (is_null($username)) {
@ -89,8 +91,7 @@ class PasswordGrant extends AbstractGrant
$username, $username,
$password, $password,
$this->getIdentifier(), $this->getIdentifier(),
$client, $client
$scopes
); );
if (!$user instanceof UserEntityInterface) { if (!$user instanceof UserEntityInterface) {
$this->getEmitter()->emit(new RequestEvent('user.authentication.failed', $request)); $this->getEmitter()->emit(new RequestEvent('user.authentication.failed', $request));

15
src/Repositories/ScopeRepositoryInterface.php
View File

@ -10,6 +10,9 @@
*/ */
namespace League\OAuth2\Server\Repositories; namespace League\OAuth2\Server\Repositories;
use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface;
/** /**
* Scope interface. * Scope interface.
*/ */
@ -25,4 +28,16 @@ interface ScopeRepositoryInterface extends RepositoryInterface
* @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface
*/ */
public function getScopeEntityByIdentifier($identifier, $grantType, $clientId = null); public function getScopeEntityByIdentifier($identifier, $grantType, $clientId = null);
/**
* Given a client and user validate the set of scopes requested are valid and optionally
* append additional scopes or remove requested scopes.
*
* @param ScopeEntityInterface[] $scopes
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity
* @param null|string $userIdentifier
*
* @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[]
*/
public function finalizeScopes(array $scopes = [], ClientEntityInterface $clientEntity, $userIdentifier = null);
} }