Change to store code challenge and method whenever sent for PKCE

2024-11-23 05:33:06 +05:30 · 2018-07-29 19:56:30 +01:00 · 2018-07-29 19:56:30 +01:00 · f49cc65c13
commit f49cc65c13
parent dc2a048b95
2 changed files with 3 additions and 49 deletions
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -271,12 +271,9 @@ class AuthCodeGrant extends AbstractAuthorizeGrant

        $authorizationRequest->setScopes($scopes);

-        if ($this->enableCodeExchangeProof === true) {
-            $codeChallenge = $this->getQueryStringParameter('code_challenge', $request);
-            if ($codeChallenge === null) {
-                throw OAuthServerException::invalidRequest('code_challenge');
-            }
+	$codeChallenge = $this->getQueryStringParameter('code_challenge', $request);

+        if ($codeChallenge !== null) {
            $codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain');

            if (in_array($codeChallengeMethod, ['plain', 'S256'], true) === false) {
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@ -212,7 +212,7 @@ class AuthCodeGrantTest extends TestCase
            $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
            new \DateInterval('PT10M')
        );
-        $grant->enableCodeExchangeProof();
+
        $grant->setClientRepository($clientRepositoryMock);

        $request = new ServerRequest(
@ -444,49 +444,6 @@ class AuthCodeGrantTest extends TestCase
        $grant->validateAuthorizationRequest($request);
    }

-    /**
-     * @expectedException \League\OAuth2\Server\Exception\OAuthServerException
-     * @expectedExceptionCode 3
-     */
-    public function testValidateAuthorizationRequestMissingCodeChallenge()
-    {
-        $client = new ClientEntity();
-        $client->setRedirectUri('http://foo/bar');
-        $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
-        $clientRepositoryMock->method('getClientEntity')->willReturn($client);
-
-        $scope = new ScopeEntity();
-        $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
-        $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
-
-        $grant = new AuthCodeGrant(
-            $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
-            $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
-            new \DateInterval('PT10M')
-        );
-        $grant->enableCodeExchangeProof();
-        $grant->setClientRepository($clientRepositoryMock);
-        $grant->setScopeRepository($scopeRepositoryMock);
-        $grant->setDefaultScope(self::DEFAULT_SCOPE);
-
-        $request = new ServerRequest(
-            [],
-            [],
-            null,
-            null,
-            'php://input',
-            [],
-            [],
-            [
-                'response_type' => 'code',
-                'client_id'     => 'foo',
-                'redirect_uri'  => 'http://foo/bar',
-            ]
-        );
-
-        $grant->validateAuthorizationRequest($request);
-    }
-
    /**
     * @expectedException \League\OAuth2\Server\Exception\OAuthServerException
     * @expectedExceptionCode 3