/** * @group unit * @group utility */ public function testAugmentOAuth2ScopesForClientWithRequiredScopesNotPresent() { $client = array('scope' => array('SCOPE3' => true, 'SCOPE4' => true)); $scopes = array('SCOPE1', 'SCOPE2'); $result = \sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, $scopes); $this->assertEquals(array('SCOPE1', 'SCOPE2', 'SCOPE3', 'SCOPE4'), $result); }
*/ session_cache_limiter('nocache'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); if (isset($_REQUEST['client_id'])) { $client = $clientStore->getClient($_REQUEST['client_id']); } if (isset($client)) { $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client); $as->requireAuth($params); if (array_key_exists('redirect_uri', $client) && is_array($client['redirect_uri']) && count($client['redirect_uri']) > 0) { $returnUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : $client['redirect_uri'][0]; $legalRedirectUri = sspmod_oauth2server_Utility_Uri::validateRedirectUri($returnUri, $client); if ($legalRedirectUri) { $requestedScopes = sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, isset($_REQUEST['scope']) ? explode(' ', $_REQUEST['scope']) : array()); $invalidScopes = sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $requestedScopes); if (count($invalidScopes) == 0) { if (isset($_REQUEST['response_type']) && ($_REQUEST['response_type'] === 'code' || $_REQUEST['response_type'] === 'token')) { $state = array('clientId' => $_REQUEST['client_id'], 'redirectUri' => isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : null, 'requestedScopes' => array_unique($requestedScopes), 'returnUri' => $returnUri, 'response_type' => $_REQUEST['response_type']); if (array_key_exists('state', $_REQUEST)) { $state['state'] = $_REQUEST['state']; } $stateId = SimpleSAML_Auth_State::saveState($state, 'oauth2server:authorization/consent'); $consentUri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/consent.php'), array('stateId' => $stateId)); SimpleSAML\Utils\HTTP::redirectTrustedURL($consentUri); } else { if (!isset($_REQUEST['response_type'])) { $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'missing response type', 'MISSING_RESPONSE_TYPE', array()); } else { $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('unsupported_response_type', 'unsupported response type: ' . $_REQUEST['response_type'], 'UNSUPPORTED_RESPONSE_TYPE', array('RESPONSE_TYPE' => $_REQUEST['response_type']));
} $idAttribute = $config->getValue('user_id_attribute', 'eduPersonScopedAffiliation'); $attributes = $as->getAttributes(); if ($state['response_type'] === 'code') { $authorizationCodeFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationCodeTTL, $accessTokenTTL, $tokenTTL); $token = $authorizationCodeFactory->createAuthorizationCode($state['clientId'], $state['redirectUri'], array(), $attributes[$idAttribute][0]); } else { $authorizationCodeFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationCodeTTL, $tokenTTL, $tokenTTL); $token = $authorizationCodeFactory->createBearerAccessToken($state['clientId'], array(), $attributes[$idAttribute][0]); } if (isset($_REQUEST['grantedScopes'])) { $scopesTemp = $_REQUEST['grantedScopes']; } else { $scopesTemp = array(); } \sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, $scopesTemp); $token['scopes'] = \sspmod_oauth2server_Utility_Uri::findValidScopes($client, $scopesTemp); $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); if ($state['response_type'] === 'code') { $tokenStore->addAuthorizationCode($token); } else { $tokenStore->addAccessToken($token); } $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $user = $userStore->getUser($token['userId']); if (is_array($user)) { $user['attributes'] = $as->getAttributes(); $liveTokens = array($token['id']); if ($state['response_type'] === 'code') { foreach ($user['authorizationCodes'] as $tokenId) { if (!is_null($tokenStore->getAuthorizationCode($tokenId))) {