Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Oct 11, 2018. It is now read-only.

Commit 23e7653

Browse files
alanbemalanbem
committed
Merge pull request FriendsOfSymfony#64 from pyrech/patch-1
Use scope asked by the client if any
2 parents 171d865 + 0f6fc0d commit 23e7653

File tree

2 files changed

+66
-5
lines changed

2 files changed

+66
-5
lines changed

lib/OAuth2.php

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -830,13 +830,16 @@ public function grantAccessToken(Request $request = null)
830830
'access_token_lifetime' => $this->getVariable(self::CONFIG_ACCESS_LIFETIME),
831831
'issue_refresh_token' => true, 'refresh_token_lifetime' => $this->getVariable(self::CONFIG_REFRESH_LIFETIME));
832832

833-
// Check scope, if provided
834-
if ($input["scope"] && (!isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"]))) {
835-
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.');
833+
$scope = $stored['scope'];
834+
if ($input["scope"]) {
835+
// Check scope, if provided
836+
if (!isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"])) {
837+
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.');
838+
}
839+
$scope = $input["scope"];
836840
}
837841

838-
$token = $this->createAccessToken($client, $stored['data'], $stored['scope'], $stored['access_token_lifetime'], $stored['issue_refresh_token'], $stored['refresh_token_lifetime']);
839-
842+
$token = $this->createAccessToken($client, $stored['data'], $scope, $stored['access_token_lifetime'], $stored['issue_refresh_token'], $stored['refresh_token_lifetime']);
840843
return new Response(json_encode($token), 200, $this->getJsonHeaders());
841844
}
842845

tests/OAuth2Test.php

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -525,13 +525,71 @@ public function testGrantAccessTokenWithGrantUserWithReducedScope()
525525
array('date' => null)
526526
));
527527

528+
$this->assertRegExp('{"access_token":"[^"]+","expires_in":3600,"token_type":"bearer","scope":"scope1"}', $response->getContent());
529+
530+
$token = $stub->getLastAccessToken();
531+
$this->assertSame('cid', $token->getClientId());
532+
$this->assertSame('scope1', $token->getScope());
533+
}
534+
535+
public function testGrantAccessTokenWithGrantUserWithNoScope()
536+
{
537+
$stub = new OAuth2GrantUserStub;
538+
$stub->addClient(new OAuth2Client('cid', 'cpass'));
539+
$stub->addUser('foo', 'bar', 'scope1 scope2');
540+
$stub->setAllowedGrantTypes(array('authorization_code', 'password'));
541+
542+
$oauth2 = new OAuth2($stub);
543+
544+
$response = $oauth2->grantAccessToken(new Request(array(
545+
'grant_type' => 'password',
546+
'client_id' => 'cid',
547+
'client_secret' => 'cpass',
548+
'username' => 'foo',
549+
'password' => 'bar',
550+
)));
551+
552+
$this->assertSame(array(
553+
'content-type' => array('application/json'),
554+
'cache-control' => array('no-store, private'),
555+
'pragma' => array('no-cache'),
556+
), array_diff_key(
557+
$response->headers->all(),
558+
array('date' => null)
559+
));
560+
528561
$this->assertRegExp('{"access_token":"[^"]+","expires_in":3600,"token_type":"bearer","scope":"scope1 scope2"}', $response->getContent());
529562

530563
$token = $stub->getLastAccessToken();
531564
$this->assertSame('cid', $token->getClientId());
532565
$this->assertSame('scope1 scope2', $token->getScope());
533566
}
534567

568+
public function testGrantAccessTokenWithGrantUserWithNewScopeThrowsError()
569+
{
570+
$stub = new OAuth2GrantUserStub;
571+
$stub->addClient(new OAuth2Client('cid', 'cpass'));
572+
$stub->addUser('foo', 'bar', 'scope1 scope2');
573+
$stub->setAllowedGrantTypes(array('authorization_code', 'password'));
574+
575+
$oauth2 = new OAuth2($stub);
576+
577+
try {
578+
$response = $oauth2->grantAccessToken(new Request(array(
579+
'grant_type' => 'password',
580+
'client_id' => 'cid',
581+
'client_secret' => 'cpass',
582+
'username' => 'foo',
583+
'password' => 'bar',
584+
'scope' => 'scope3',
585+
)));
586+
$this->fail('The expected exception OAuth2ServerException was not thrown');
587+
} catch (OAuth2ServerException $e) {
588+
$this->assertSame('invalid_scope', $e->getMessage());
589+
$this->assertSame('An unsupported scope was requested.', $e->getDescription());
590+
}
591+
}
592+
535593
/**
536594
* Tests OAuth2->grantAccessToken() with client credentials
537595
*

0 commit comments

Comments
 (0)