Improved Missing Scope error
if scope was missing on oauth2 request, not a very descriptive error was given. Change-Id: I2573c77bcfec8dd340ae60e15db8c2558c3af851
This commit is contained in:
parent
c2a3148da4
commit
d83b763c2c
|
@ -235,8 +235,13 @@ class Client extends BaseModelEloquent implements IClient
|
|||
return explode(',',$this->redirect_uris);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $scope
|
||||
* @return bool
|
||||
*/
|
||||
public function isScopeAllowed($scope)
|
||||
{
|
||||
if(empty($scope)) return false;
|
||||
$res = true;
|
||||
$desired_scopes = explode(" ",$scope);
|
||||
foreach($desired_scopes as $desired_scope){
|
||||
|
|
|
@ -18,6 +18,14 @@ use OAuth2\OAuth2Protocol;
|
|||
*/
|
||||
final class ScopeNotAllowedException extends OAuth2BaseException
|
||||
{
|
||||
/**
|
||||
* @param string $scope
|
||||
*/
|
||||
public function __construct($scope = null)
|
||||
{
|
||||
$description = empty($scope) ? "missing scope param" : sprintf("scope not allowed %s", $scope);
|
||||
parent::__construct($description);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
|
|
|
@ -210,8 +210,8 @@ abstract class InteractiveGrantType extends AbstractGrantType
|
|||
//check requested scope
|
||||
$scope = $request->getScope();
|
||||
$this->log_service->debug_msg(sprintf("scope %s", $scope));
|
||||
if (!$client->isScopeAllowed($scope)) {
|
||||
throw new ScopeNotAllowedException(sprintf("scope %s", $scope));
|
||||
if (empty($scope) || !$client->isScopeAllowed($scope)) {
|
||||
throw new ScopeNotAllowedException($scope);
|
||||
}
|
||||
|
||||
$authentication_response = $this->auth_service->getUserAuthenticationResponse();
|
||||
|
|
|
@ -1170,4 +1170,31 @@ class OAuth2ProtocolTest extends OpenStackIDBaseTest
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
public function testMissingScope()
|
||||
{
|
||||
|
||||
$client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client';
|
||||
|
||||
$params = array(
|
||||
'client_id' => $client_id,
|
||||
'redirect_uri' => 'https://www.test.com/oauth2',
|
||||
'response_type' => 'code',
|
||||
);
|
||||
|
||||
$response = $this->action("POST", "OAuth2\OAuth2ProviderController@auth",
|
||||
$params,
|
||||
array(),
|
||||
array(),
|
||||
array());
|
||||
|
||||
$this->assertResponseStatus(302);
|
||||
|
||||
$url = $response->getTargetUrl();
|
||||
|
||||
$comps = @parse_url($url);
|
||||
|
||||
$this->assertTrue(isset($comps["query"]));
|
||||
$this->assertTrue($comps["query"] == "error=invalid_scope&error_description=missing+scope+param");
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue