function it_throws_exception_if_client_secret_is_provided_for_public_client(IRequest $request, IClientStorage $clientStorage, IClient $client) { $request->request('client_id')->willReturn('public')->shouldBeCalled(); $request->request('client_secret')->willReturn('secret')->shouldBeCalled(); $clientStorage->get('public')->willReturn($client)->shouldBeCalled(); $client->getSecret()->willReturn(null)->shouldBeCalled(); $this->shouldThrow(new InvalidClientException('Invalid client credentials.'))->during('authenticate', [$request]); }
/** * Authenticates client and returns it * * @param IRequest $request * * @return IClient * @throws InvalidClientException */ public function authenticate(IRequest $request) { $id = $request->request('client_id'); $secret = $request->request('client_secret'); if (!$id) { throw new InvalidClientException('Client id is missing.'); } if (!($client = $this->clientStorage->get($id))) { throw new InvalidClientException('Invalid client credentials.'); } if ((string) $secret !== (string) $client->getSecret()) { throw new InvalidClientException('Invalid client credentials.'); } return $client; }
/** * Authenticates client and returns it * * @param IRequest $request * * @return IClient * @throws InvalidClientException */ public function authenticate(IRequest $request) { $id = $request->headers('PHP_AUTH_USER'); $secret = $request->headers('PHP_AUTH_PW'); if (!$id) { throw new InvalidClientException('Client id is missing.'); } // find client or throw exception if does not exist if (!($client = $this->clientStorage->get($id))) { throw new InvalidClientException('Invalid client credentials.'); } // if client is confidential and secrets does not match // or if client is public (does not have secret key) and credentials contains secret // throw exception if ((string) $secret !== (string) $client->getSecret()) { throw new InvalidClientException('Invalid client credentials.'); } return $client; }
/** * Parses authorization request * * @param IRequest $request * * @param IUser $user * * @throws \OAuth2\Exception\InvalidClientException * @throws \OAuth2\Exception\InvalidRequestException * @throws \OAuth2\Exception\InvalidScopeException * @throws \OAuth2\Exception\UnauthorizedClientException * @return array * */ protected function parseAuthorizationRequest(IRequest $request, IUser $user) { $clientId = $request->query('client_id'); if (!$clientId) { throw new InvalidRequestException('Client id is missing.'); } $client = $this->clientStorage->get($clientId); if (!$client) { throw new InvalidClientException('Invalid client.'); } if (!$client->isAllowedToUse($this)) { throw new UnauthorizedClientException('Client can not use this grant type.'); } $redirectUri = $request->query('redirect_uri'); $clientRedirectUri = $client->getRedirectUri(); if ($redirectUri) { $parsedUrl = parse_url($redirectUri); if ($parsedUrl === false || isset($parsedUrl['fragment'])) { throw new InvalidRequestException('Redirect URI is invalid.'); } if (!$this->compareUris($redirectUri, $clientRedirectUri)) { throw new InvalidRequestException('Redirect URI does not match.'); } } else { // use registered redirect uri or throw exception if (!$clientRedirectUri) { throw new InvalidRequestException('Redirect URI was not supplied or registered.'); } $redirectUri = $clientRedirectUri; } $requestedScopes = $request->query('scope'); $availableScopes = $user->getScopes(); if (!$availableScopes) { $availableScopes = $this->scopeResolver->getDefaultScopes(); } if (empty($availableScopes)) { throw new InvalidScopeException('Scope parameter has to be specified.'); } $scopes = $this->scopeResolver->intersect($requestedScopes, $availableScopes); return ['client' => $client, 'redirect_uri' => $redirectUri, 'state' => $request->query('state'), 'scopes' => $scopes]; }
function it_should_issue_access_token_and_return_implicit_authorization_session(IAccessTokenStorage $accessTokenStorage, IScopeResolver $scopeResolver, IClientStorage $clientStorage, IClient $client, IRequest $request, ITokenType $tokenType, IUser $user, IAccessToken $accessToken, IScope $scope) { $request->query('client_id')->willReturn('test')->shouldBeCalled(); $clientStorage->get('test')->willReturn($client)->shouldBeCalled(); $client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled(); $request->query('redirect_uri')->willReturn('http://google.com')->shouldBeCalled(); $client->getRedirectUri()->willReturn('http://google.com')->shouldBeCalled(); $request->query('scope')->willReturn('scope1')->shouldBeCalled(); $user->getScopes()->willReturn([])->shouldBeCalled(); $scopeResolver->getDefaultScopes()->willReturn([$scope])->shouldBeCalled(); $scopeResolver->intersect('scope1', [$scope])->willReturn([$scope])->shouldBeCalled(); $request->query('state')->willReturn(null)->shouldBeCalled(); $accessTokenStorage->generate($user, $client, [$scope])->willReturn($accessToken)->shouldBeCalled(); $tokenType->getName()->willReturn('Bearer')->shouldBeCalled(); $this->authorize($request, $user)->shouldReturnAnInstanceOf('OAuth2\\Security\\ImplicitSession'); }
function it_issues_authorization_code_and_creates_authorization_session(IRequest $request, IClientStorage $clientStorage, IClient $client, IAuthorizationCodeStorage $authorizationCodeStorage, IAuthorizationCode $authorizationCode, IScopeResolver $scopeResolver, IScope $scope, IUser $user) { $request->query('client_id')->willReturn('a')->shouldBeCalled(); $request->query('redirect_uri')->willReturn(null)->shouldBeCalled(); $clientStorage->get('a')->willReturn($client)->shouldBeCalled(); $client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled(); $client->getRedirectUri()->willReturn('http://google.sk')->shouldBeCalled(); $request->query('state')->willReturn('test')->shouldBeCalled(); $request->query('scope')->willReturn(null)->shouldBeCalled(); $user->getScopes()->willReturn([$scope])->shouldBeCalled(); $scopeResolver->intersect(null, [$scope])->willReturn([$scope])->shouldBeCalled(); $authorizationCodeStorage->generate($user, $client, [$scope], 'http://google.sk', 'test')->willReturn($authorizationCode)->shouldBeCalled(); $this->authorize($request, $user)->shouldReturnAnInstanceOf('OAuth2\\Security\\AuthorizationCodeSession'); }