ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-23 05:33:06 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #967 from Sephster/password-grant-use-invalid-grant

Browse Source 
Password Grant Should Issue an invalid_grant Error When Credentials are Incorrect
This commit is contained in:
Andrew Millington 2018-11-13 18:28:09 +00:00 committed by GitHub
commit eea9c30e70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- `issueAccessToken()` in the Abstract Grant no longer sets access token client, user ID or scopes. These values should already have been set when calling `getNewToken()` (PR #919)
- No longer need to enable PKCE with `enableCodeExchangeProof` flag. Any client sending a code challenge will initiate PKCE checks. (PR #938)
- Function `getClientEntity()` no longer performs client validation (PR #938)
- Password Grant now returns an invalid_grant error instead of invalid_credentials if a user cannot be validated (PR #967)
### Removed
- `enableCodeExchangeProof` flag (PR #938)

5
src/Grant/PasswordGrant.php
View File

@ -81,11 +81,13 @@ class PasswordGrant extends AbstractGrant
protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
{
$username = $this->getRequestParameter('username', $request);
if (is_null($username)) {
throw OAuthServerException::invalidRequest('username');
}
$password = $this->getRequestParameter('password', $request);
if (is_null($password)) {
throw OAuthServerException::invalidRequest('password');
}
@ -96,10 +98,11 @@ class PasswordGrant extends AbstractGrant
$this->getIdentifier(),
$client
);
if ($user instanceof UserEntityInterface === false) {
$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
throw OAuthServerException::invalidCredentials();
throw OAuthServerException::invalidGrant();
}
return $user;

1
tests/Grant/PasswordGrantTest.php
View File

@ -145,6 +145,7 @@ class PasswordGrantTest extends TestCase
/**
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
* @expectedExceptionCode 10
*/
public function testRespondToRequestBadCredentials()
{