Skip to content

Commit

Permalink
Merge pull request #54 from ajgarlag/fix-scope-comparison
Browse files Browse the repository at this point in the history
Fix scope comparison
  • Loading branch information
spideyfusion authored May 23, 2019
2 parents de3e338 + 4a72527 commit 7ad80d0
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 2 deletions.
6 changes: 4 additions & 2 deletions League/Repository/ScopeRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,12 @@ private function setupScopes(ClientModel $client, array $requestedScopes): array
}

$finalizedScopes = [];
$clientScopesAsStrings = array_map('strval', $clientScopes);

foreach ($requestedScopes as $requestedScope) {
if (!\in_array($requestedScope, $clientScopes, true)) {
throw OAuthServerException::invalidScope((string) $requestedScope);
$requestedScopeAsString = (string) $requestedScope;
if (!\in_array($requestedScopeAsString, $clientScopesAsStrings, true)) {
throw OAuthServerException::invalidScope($requestedScopeAsString);
}

$finalizedScopes[] = $requestedScope;
Expand Down
32 changes: 32 additions & 0 deletions Tests/Integration/AuthorizationServerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,38 @@ public function testValidClientCredentialsGrantWithInheritedScope(): void
);
}

public function testValidClientCredentialsGrantWithRequestedScope(): void
{
$request = $this->createAuthorizationRequest('quux_restricted_scopes:beer', [
'grant_type' => 'client_credentials',
'scope' => 'rock',
]);

timecop_freeze(new DateTime());

$response = $this->handleAuthorizationRequest($request);

timecop_return();

$accessToken = $this->getAccessToken($response['access_token']);

// Response assertions.
$this->assertSame('Bearer', $response['token_type']);
$this->assertSame(3600, $response['expires_in']);
$this->assertInstanceOf(AccessToken::class, $accessToken);

// Make sure the access token is issued for the given client ID.
$this->assertSame('quux_restricted_scopes', $accessToken->getClient()->getIdentifier());

// The access token should have the requested scope.
$this->assertEquals(
[
$this->scopeManager->find(FixtureFactory::FIXTURE_SCOPE_SECOND),
],
$accessToken->getScopes()
);
}

public function testValidPasswordGrant(): void
{
$this->eventDispatcher->addListener('trikoder.oauth2.user_resolve', function (UserResolveEvent $event) {
Expand Down

0 comments on commit 7ad80d0

Please sign in to comment.