Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deny access if user is not authenticated #1408

Closed
wants to merge 6 commits into from
Closed

Deny access if user is not authenticated #1408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8a79632
deny access if user is not authenticated
hafezdivandari May 17, 2024
e96eb77
formatting
hafezdivandari May 17, 2024
c3e3cbe
formatting
hafezdivandari May 17, 2024
7b1754d
formatting
hafezdivandari May 17, 2024
75e96e6
formatting
hafezdivandari Aug 29, 2024
9fd553d
fix tests
hafezdivandari Aug 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions src/Grant/AbstractAuthorizeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,14 @@ protected function createAuthorizationRequest(): AuthorizationRequestInterface
{
return new AuthorizationRequest();
}

/**
* Get the client redirect URI.
*/
protected function getClientRedirectUri(AuthorizationRequestInterface $authorizationRequest): string
{
return is_array($authorizationRequest->getClient()->getRedirectUri())
? $authorizationRequest->getClient()->getRedirectUri()[0]
: $authorizationRequest->getClient()->getRedirectUri();
}
}
18 changes: 4 additions & 14 deletions src/Grant/AuthCodeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,15 +347,15 @@ function ($method) {
*/
public function completeAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): ResponseTypeInterface
{
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

$finalRedirectUri = $authorizationRequest->getRedirectUri()
?? $this->getClientRedirectUri($authorizationRequest);

// The user approved the client, redirect them back with an auth code
if ($authorizationRequest->isAuthorizationApproved() === true) {
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
hafezdivandari marked this conversation as resolved.
Show resolved Hide resolved
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

$authCode = $this->issueAuthCode(
$this->authCodeTTL,
$authorizationRequest->getClient(),
Expand Down Expand Up @@ -406,14 +406,4 @@ public function completeAuthorizationRequest(AuthorizationRequestInterface $auth
)
);
}

/**
* Get the client redirect URI if not set in the request.
*/
private function getClientRedirectUri(AuthorizationRequestInterface $authorizationRequest): string
{
return is_array($authorizationRequest->getClient()->getRedirectUri())
? $authorizationRequest->getClient()->getRedirectUri()[0]
: $authorizationRequest->getClient()->getRedirectUri();
}
}
15 changes: 6 additions & 9 deletions src/Grant/ImplicitGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,18 +148,15 @@ public function validateAuthorizationRequest(ServerRequestInterface $request): A
*/
public function completeAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): ResponseTypeInterface
{
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

$clientRegisteredRedirectUri = is_array($authorizationRequest->getClient()->getRedirectUri())
? $authorizationRequest->getClient()->getRedirectUri()[0]
: $authorizationRequest->getClient()->getRedirectUri();

$finalRedirectUri = $authorizationRequest->getRedirectUri() ?? $clientRegisteredRedirectUri;
$finalRedirectUri = $authorizationRequest->getRedirectUri()
?? $this->getClientRedirectUri($authorizationRequest);

// The user approved the client, redirect them back with an access token
if ($authorizationRequest->isAuthorizationApproved() === true) {
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

// Finalize the requested scopes
$finalizedScopes = $this->scopeRepository->finalizeScopes(
$authorizationRequest->getScopes(),
Expand Down
32 changes: 31 additions & 1 deletion tests/Grant/AuthCodeGrantTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2186,6 +2186,14 @@ public function testRefreshTokenRepositoryFailToPersistUniqueNoInfiniteLoop(): v

public function testCompleteAuthorizationRequestNoUser(): void
{
$client = new ClientEntity();
$client->setRedirectUri('http://foo/bar');

$authRequest = new AuthorizationRequest();
$authRequest->setAuthorizationApproved(true);
$authRequest->setClient($client);
$authRequest->setGrantTypeId('authorization_code');

$grant = new AuthCodeGrant(
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
Expand All @@ -2194,7 +2202,29 @@ public function testCompleteAuthorizationRequestNoUser(): void

$this->expectException(LogicException::class);

$grant->completeAuthorizationRequest(new AuthorizationRequest());
$grant->completeAuthorizationRequest($authRequest);
}

public function testCompleteAuthorizationRequestDeniedNoUser(): void
{
$client = new ClientEntity();
$client->setRedirectUri('http://foo/bar');

$authRequest = new AuthorizationRequest();
$authRequest->setAuthorizationApproved(false);
$authRequest->setClient($client);
$authRequest->setGrantTypeId('authorization_code');

$grant = new AuthCodeGrant(
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
new DateInterval('PT10M')
);

$this->expectException(OAuthServerException::class);
$this->expectExceptionCode(9);

$grant->completeAuthorizationRequest($authRequest);
}

public function testPublicClientAuthCodeRequestRejectedWhenCodeChallengeRequiredButNotGiven(): void
Expand Down
28 changes: 27 additions & 1 deletion tests/Grant/ImplicitGrantTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,10 +395,36 @@ public function testSetRefreshTokenRepository(): void

public function testCompleteAuthorizationRequestNoUser(): void
{
$client = new ClientEntity();
$client->setRedirectUri('https://foo/bar');

$authRequest = new AuthorizationRequest();
$authRequest->setAuthorizationApproved(true);
$authRequest->setClient($client);
$authRequest->setGrantTypeId('authorization_code');

$grant = new ImplicitGrant(new DateInterval('PT10M'));

$this->expectException(LogicException::class);

$grant->completeAuthorizationRequest(new AuthorizationRequest());
$grant->completeAuthorizationRequest($authRequest);
}

public function testCompleteAuthorizationRequestDeniedNoUser(): void
{
$client = new ClientEntity();
$client->setRedirectUri('https://foo/bar');

$authRequest = new AuthorizationRequest();
$authRequest->setAuthorizationApproved(false);
$authRequest->setClient($client);
$authRequest->setGrantTypeId('authorization_code');

$grant = new ImplicitGrant(new DateInterval('PT10M'));

$this->expectException(OAuthServerException::class);
$this->expectExceptionCode(9);

$grant->completeAuthorizationRequest($authRequest);
}
}