allow scopes extraction on GET requests for auth_code and implicit grants

2024-11-30 10:42:02 +05:30 · 2016-03-14 00:12:14 +01:00 · 2016-03-14 00:12:14 +01:00 · ced63e2051
commit ced63e2051
parent c3ffed2daf
7 changed files with 18 additions and 25 deletions
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@ -226,7 +226,7 @@ abstract class AbstractGrant implements GrantTypeInterface
    /**
     * Validate scopes in the request.
     *
-     * @param \Psr\Http\Message\ServerRequestInterface                        $request
+     * @param string                                                          $scopes
     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
     * @param string                                                          $redirectUri
     *
@ -235,13 +235,12 @@ abstract class AbstractGrant implements GrantTypeInterface
     * @return \League\OAuth2\Server\Entities\ScopeEntity[]
     */
    public function validateScopes(
-        ServerRequestInterface $request,
+        $scopes,
        ClientEntityInterface $client,
        $redirectUri = null
    ) {
-        $requestedScopes = $this->getRequestParameter('scope', $request);
        $scopesList = array_filter(
-            explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)),
+            explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
            function ($scope) {
                return !empty($scope);
            }
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -94,7 +94,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
            throw OAuthServerException::invalidClient();
        }

-        $scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
+        $scopes = $this->validateScopes(
+            $this->getQueryStringParameter('scope', $request),
+            $client,
+            $client->getRedirectUri()
+        );
        $queryString = http_build_query($request->getQueryParams());
        $postbackUri = new Uri(
            sprintf(
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@ -28,7 +28,7 @@ class ClientCredentialsGrant extends AbstractGrant
    ) {
        // Validate request
        $client = $this->validateClient($request);
-        $scopes = $this->validateScopes($request, $client);
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);

        // Issue and persist access token
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);
--- a/src/Grant/ImplicitGrant.php
+++ b/src/Grant/ImplicitGrant.php
@ -94,7 +94,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant
            throw OAuthServerException::invalidClient();
        }

-        $scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
+        $scopes = $this->validateScopes(
+            $this->getQueryStringParameter('scope', $request),
+            $client,
+            $client->getRedirectUri()
+        );
        $queryString = http_build_query($request->getQueryParams());
        $postbackUri = new Uri(
            sprintf(
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@ -53,7 +53,7 @@ class PasswordGrant extends AbstractGrant
        // Validate request
        $client = $this->validateClient($request);
        $user = $this->validateUser($request);
-        $scopes = $this->validateScopes($request, $client);
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);

        // Issue and persist new tokens
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@ -44,7 +44,7 @@ class RefreshTokenGrant extends AbstractGrant
        // Validate request
        $client = $this->validateClient($request);
        $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
-        $scopes = $this->validateScopes($request, $client);
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);

        // If no new scopes are requested then give the access token the original session scopes
        if (count($scopes) === 0) {
--- a/tests/Grant/AbstractGrantTest.php
+++ b/tests/Grant/AbstractGrantTest.php
@ -343,14 +343,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
        $grantMock->setScopeRepository($scopeRepositoryMock);

-        $serverRequest = new ServerRequest();
-        $serverRequest = $serverRequest->withParsedBody(
-            [
-                'scope' => 'basic   ',
-            ]
-        );
-
-        $this->assertEquals([$scope], $grantMock->validateScopes($serverRequest, new ClientEntity()));
+        $this->assertEquals([$scope], $grantMock->validateScopes('basic   ', new ClientEntity()));
    }

    /**
@ -365,14 +358,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
        $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
        $grantMock->setScopeRepository($scopeRepositoryMock);

-        $serverRequest = new ServerRequest();
-        $serverRequest = $serverRequest->withParsedBody(
-            [
-                'scope' => 'basic   ',
-            ]
-        );
-
-        $grantMock->validateScopes($serverRequest, new ClientEntity());
+        $grantMock->validateScopes('basic   ', new ClientEntity());
    }

    public function testGenerateUniqueIdentifier()