mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-24 05:59:48 +05:30
Merge pull request #960 from marc-mabe/stateless-server
Make AuthorizationServer stateless
This commit is contained in:
commit
c87be9477c
@ -49,9 +49,9 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
protected $publicKey;
|
||||
|
||||
/**
|
||||
* @var null|ResponseTypeInterface
|
||||
* @var ResponseTypeInterface
|
||||
*/
|
||||
protected $responseType;
|
||||
protected $responseTypePrototype;
|
||||
|
||||
/**
|
||||
* @var ClientRepositoryInterface
|
||||
@ -86,7 +86,7 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
* @param ScopeRepositoryInterface $scopeRepository
|
||||
* @param CryptKey|string $privateKey
|
||||
* @param string|Key $encryptionKey
|
||||
* @param null|ResponseTypeInterface $responseType
|
||||
* @param null|ResponseTypeInterface $responseTypePrototype
|
||||
*/
|
||||
public function __construct(
|
||||
ClientRepositoryInterface $clientRepository,
|
||||
@ -94,7 +94,7 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
ScopeRepositoryInterface $scopeRepository,
|
||||
$privateKey,
|
||||
$encryptionKey,
|
||||
ResponseTypeInterface $responseType = null
|
||||
ResponseTypeInterface $responseTypePrototype = null
|
||||
) {
|
||||
$this->clientRepository = $clientRepository;
|
||||
$this->accessTokenRepository = $accessTokenRepository;
|
||||
@ -105,7 +105,17 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
}
|
||||
$this->privateKey = $privateKey;
|
||||
$this->encryptionKey = $encryptionKey;
|
||||
$this->responseType = $responseType;
|
||||
|
||||
if ($responseTypePrototype === null) {
|
||||
$responseTypePrototype = new BearerTokenResponse();
|
||||
} else {
|
||||
$responseTypePrototype = clone $responseTypePrototype;
|
||||
}
|
||||
if ($responseTypePrototype instanceof AbstractResponseType) {
|
||||
$responseTypePrototype->setPrivateKey($this->privateKey);
|
||||
}
|
||||
$responseTypePrototype->setEncryptionKey($this->encryptionKey);
|
||||
$this->responseTypePrototype = $responseTypePrototype;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -185,7 +195,7 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
}
|
||||
$tokenResponse = $grantType->respondToAccessTokenRequest(
|
||||
$request,
|
||||
$this->getResponseType(),
|
||||
$this->newResponseType(),
|
||||
$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
|
||||
);
|
||||
|
||||
@ -202,18 +212,9 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
*
|
||||
* @return ResponseTypeInterface
|
||||
*/
|
||||
protected function getResponseType()
|
||||
protected function newResponseType()
|
||||
{
|
||||
if ($this->responseType instanceof ResponseTypeInterface === false) {
|
||||
$this->responseType = new BearerTokenResponse();
|
||||
}
|
||||
|
||||
if ($this->responseType instanceof AbstractResponseType === true) {
|
||||
$this->responseType->setPrivateKey($this->privateKey);
|
||||
}
|
||||
$this->responseType->setEncryptionKey($this->encryptionKey);
|
||||
|
||||
return $this->responseType;
|
||||
return clone $this->responseTypePrototype;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -3,6 +3,7 @@
|
||||
namespace LeagueTests;
|
||||
|
||||
use League\OAuth2\Server\AuthorizationServer;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Grant\AuthCodeGrant;
|
||||
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
|
||||
@ -90,7 +91,7 @@ class AuthorizationServerTest extends TestCase
|
||||
$this->assertEquals(200, $response->getStatusCode());
|
||||
}
|
||||
|
||||
public function testGetResponseType()
|
||||
public function testNewDefaultResponseType()
|
||||
{
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
|
||||
@ -103,10 +104,66 @@ class AuthorizationServerTest extends TestCase
|
||||
);
|
||||
|
||||
$abstractGrantReflection = new \ReflectionClass($server);
|
||||
$method = $abstractGrantReflection->getMethod('getResponseType');
|
||||
$method = $abstractGrantReflection->getMethod('newResponseType');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$this->assertInstanceOf(BearerTokenResponse::class, $method->invoke($server));
|
||||
$responseTypeA = $method->invoke($server);
|
||||
$responseTypeB = $method->invoke($server);
|
||||
$this->assertInstanceOf(BearerTokenResponse::class, $responseTypeA);
|
||||
$this->assertInstanceOf(BearerTokenResponse::class, $responseTypeB);
|
||||
$this->assertNotSame($responseTypeA, $responseTypeB);
|
||||
}
|
||||
|
||||
public function testNewResponseTypeFromPrototype()
|
||||
{
|
||||
$privateKey = 'file://' . __DIR__ . '/Stubs/private.key';
|
||||
$encryptionKey = 'file://' . __DIR__ . '/Stubs/public.key';
|
||||
|
||||
$responseTypePrototype = new class extends BearerTokenResponse {
|
||||
/* @return null|CryptKey */
|
||||
public function getPrivateKey()
|
||||
{
|
||||
return $this->privateKey;
|
||||
}
|
||||
|
||||
public function getEncryptionKey()
|
||||
{
|
||||
return $this->encryptionKey;
|
||||
}
|
||||
};
|
||||
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
|
||||
$server = new AuthorizationServer(
|
||||
$clientRepository,
|
||||
$this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(),
|
||||
$privateKey,
|
||||
$encryptionKey,
|
||||
$responseTypePrototype
|
||||
);
|
||||
|
||||
$abstractGrantReflection = new \ReflectionClass($server);
|
||||
$method = $abstractGrantReflection->getMethod('newResponseType');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$responseTypeA = $method->invoke($server);
|
||||
$responseTypeB = $method->invoke($server);
|
||||
|
||||
// prototype should not get changed
|
||||
$this->assertNull($responseTypePrototype->getPrivateKey());
|
||||
$this->assertNull($responseTypePrototype->getEncryptionKey());
|
||||
|
||||
// generated instances should have keys setup
|
||||
$this->assertSame($privateKey, $responseTypeA->getPrivateKey()->getKeyPath());
|
||||
$this->assertSame($encryptionKey, $responseTypeA->getEncryptionKey());
|
||||
|
||||
// all instances should be different but based on the same prototype
|
||||
$this->assertSame(get_class($responseTypePrototype), get_class($responseTypeA));
|
||||
$this->assertSame(get_class($responseTypePrototype), get_class($responseTypeB));
|
||||
$this->assertNotSame($responseTypePrototype, $responseTypeA);
|
||||
$this->assertNotSame($responseTypePrototype, $responseTypeB);
|
||||
$this->assertNotSame($responseTypeA, $responseTypeB);
|
||||
}
|
||||
|
||||
public function testCompleteAuthorizationRequest()
|
||||
|
Loading…
Reference in New Issue
Block a user