session_cache_limiter('nocache'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); if (isset($_REQUEST['client_id'])) { $client = $clientStore->getClient($_REQUEST['client_id']); } if (isset($client)) { $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client); $as->requireAuth($params); if (array_key_exists('redirect_uri', $client) && is_array($client['redirect_uri']) && count($client['redirect_uri']) > 0) { $returnUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : $client['redirect_uri'][0]; $legalRedirectUri = sspmod_oauth2server_Utility_Uri::validateRedirectUri($returnUri, $client); if ($legalRedirectUri) { $requestedScopes = sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, isset($_REQUEST['scope']) ? explode(' ', $_REQUEST['scope']) : array()); $invalidScopes = sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $requestedScopes); if (count($invalidScopes) == 0) { if (isset($_REQUEST['response_type']) && ($_REQUEST['response_type'] === 'code' || $_REQUEST['response_type'] === 'token')) { $state = array('clientId' => $_REQUEST['client_id'], 'redirectUri' => isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : null, 'requestedScopes' => array_unique($requestedScopes), 'returnUri' => $returnUri, 'response_type' => $_REQUEST['response_type']); if (array_key_exists('state', $_REQUEST)) { $state['state'] = $_REQUEST['state']; } $stateId = SimpleSAML_Auth_State::saveState($state, 'oauth2server:authorization/consent'); $consentUri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/consent.php'), array('stateId' => $stateId)); SimpleSAML\Utils\HTTP::redirectTrustedURL($consentUri); } else { if (!isset($_REQUEST['response_type'])) { $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'missing response type', 'MISSING_RESPONSE_TYPE', array()); } else { $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('unsupported_response_type', 'unsupported response type: ' . $_REQUEST['response_type'], 'UNSUPPORTED_RESPONSE_TYPE', array('RESPONSE_TYPE' => $_REQUEST['response_type'])); }
/** * @group unit * @group utility */ public function testFindInvalidScopeForClientWithScopes() { $client = array('scope' => array('SCOPE1' => false, 'SCOPE2' => false)); $scopes = array('SCOPE1', 'SCOPE3'); $result = \sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $scopes); $this->assertEquals(array(1 => 'SCOPE3'), $result); }