From b6ba08813d574299f9bcbdbc976f1cc2c69508fd Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Mon, 18 Mar 2013 16:46:07 +0000
Subject: [PATCH] Small bug fixes. Fixes #13

---
 src/OAuth2/AuthServer.php     | 4 ++--
 src/OAuth2/Grant/Password.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php
index 995e1c75..f72ff446 100644
--- a/src/OAuth2/AuthServer.php
+++ b/src/OAuth2/AuthServer.php
@@ -291,8 +291,8 @@ class AuthServer
             throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
         }
 
-        if ($this->requireStateParam === true && is_null($authParams['redirect_uri'])) {
-            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
+        if ($this->requireStateParam === true && is_null($authParams['state'])) {
+            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'state'), 0);
         }
 
         // Validate client ID and redirect URI
diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php
index 1cf61c74..582bf4da 100644
--- a/src/OAuth2/Grant/Password.php
+++ b/src/OAuth2/Grant/Password.php
@@ -120,7 +120,7 @@ class Password implements GrantTypeInterface {
         // Check if user's username and password are correct
         $userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']);
 
-        if ($userId === false) {
+        if ($userId === false || $userId === null) {
             throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_credentials'), 0);
         }