Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add previous authorized token information to getNewToken() #1108

Closed
wants to merge 5 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .scrutinizer.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
build:
environment:
php:
version: 7.4
nodes:
analysis:
tests:
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
method being defined (PR #1051)
- An exception is now thrown if a refresh token is accidentally sent in place of an authorization code when using the
Auth Code Grant (PR #1057)
- Can now send access token request without being forced to specify a redirect URI (PR #1096)

## [8.0.0] - released 2019-07-13

Expand Down
2 changes: 1 addition & 1 deletion examples/src/Repositories/AccessTokenRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public function isAccessTokenRevoked($tokenId)
/**
* {@inheritdoc}
*/
public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null)
public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null, $authorizedAuthCodeIdentifier = null, $authorizedAccessTokenIdentifier = null)
{
$accessToken = new AccessTokenEntity();
$accessToken->setClient($clientEntity);
Expand Down
8 changes: 6 additions & 2 deletions src/Grant/AbstractGrant.php
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,8 @@ protected function getServerParameter($parameter, ServerRequestInterface $reques
* @param ClientEntityInterface $client
* @param string|null $userIdentifier
* @param ScopeEntityInterface[] $scopes
* @param string|null $authorizedAuthCodeIdentifier
* @param string|null $authorizedAccessTokenIdentifier
*
* @throws OAuthServerException
* @throws UniqueTokenIdentifierConstraintViolationException
Expand All @@ -428,11 +430,13 @@ protected function issueAccessToken(
DateInterval $accessTokenTTL,
ClientEntityInterface $client,
$userIdentifier,
array $scopes = []
array $scopes = [],
$authorizedAuthCodeIdentifier = null,
$authorizedAccessTokenIdentifier = null
) {
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;

$accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
$accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier, $authorizedAuthCodeIdentifier, $authorizedAccessTokenIdentifier);
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add($accessTokenTTL));
$accessToken->setPrivateKey($this->privateKey);

Expand Down
12 changes: 6 additions & 6 deletions src/Grant/AuthCodeGrant.php
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ public function respondToAccessTokenRequest(
}

// Issue and persist new access token
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $authCodePayload->user_id, $scopes);
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $authCodePayload->user_id, $scopes, $authCodePayload->auth_code_id);
$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
$responseType->setAccessToken($accessToken);

Expand Down Expand Up @@ -265,15 +265,15 @@ public function validateAuthorizationRequest(ServerRequestInterface $request)
(\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1)) {
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
throw OAuthServerException::invalidClient($request);
} else {
$redirectUri = \is_array($client->getRedirectUri())
? $client->getRedirectUri()[0]
: $client->getRedirectUri();
}

$defaultClientRedirectUri = \is_array($client->getRedirectUri())
? $client->getRedirectUri()[0]
: $client->getRedirectUri();

$scopes = $this->validateScopes(
$this->getQueryStringParameter('scope', $request, $this->defaultScope),
$redirectUri
$defaultClientRedirectUri
);

$stateParameter = $this->getQueryStringParameter('state', $request);
Expand Down
9 changes: 8 additions & 1 deletion src/Grant/RefreshTokenGrant.php
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,14 @@ public function respondToAccessTokenRequest(
$this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);

// Issue and persist new access token
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
$accessToken = $this->issueAccessToken(
$accessTokenTTL,
$client,
$oldRefreshToken['user_id'],
$scopes,
null,
$oldRefreshToken['access_token_id']
);
$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
$responseType->setAccessToken($accessToken);

Expand Down
6 changes: 4 additions & 2 deletions src/Repositories/AccessTokenRepositoryInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,13 @@ interface AccessTokenRepositoryInterface extends RepositoryInterface
*
* @param ClientEntityInterface $clientEntity
* @param ScopeEntityInterface[] $scopes
* @param mixed $userIdentifier
* @param string|null $userIdentifier
* @param string|null $authorizedAuthCodeIdentifier
* @param string|null $authorizedAccessTokenIdentifier
*
* @return AccessTokenEntityInterface
*/
public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null);
public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null, $authorizedAuthCodeIdentifier = null, $authorizedAccessTokenIdentifier = null);

/**
* Persists a new access token to permanent storage.
Expand Down
42 changes: 42 additions & 0 deletions tests/Grant/AuthCodeGrantTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,48 @@ public function testValidateAuthorizationRequestRedirectUriArray()
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
}

public function testValidateAuthorizationRequestWithoutRedirectUri()
{
$client = new ClientEntity();
$client->setRedirectUri('http://foo/bar');
$client->setConfidential();

$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
$clientRepositoryMock->method('getClientEntity')->willReturn($client);

$scope = new ScopeEntity();
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);

$grant = new AuthCodeGrant(
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
new DateInterval('PT10M')
);
$grant->setClientRepository($clientRepositoryMock);
$grant->setScopeRepository($scopeRepositoryMock);
$grant->setDefaultScope(self::DEFAULT_SCOPE);

$request = new ServerRequest(
[],
[],
null,
null,
'php://input',
[],
[],
[
'response_type' => 'code',
'client_id' => 'foo',
]
);

$authorizationRequest = $grant->validateAuthorizationRequest($request);
$this->assertInstanceOf(AuthorizationRequest::class, $authorizationRequest);

$this->assertEmpty($authorizationRequest->getRedirectUri());
}

public function testValidateAuthorizationRequestCodeChallenge()
{
$client = new ClientEntity();
Expand Down