Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deny access if user is not authenticated #1408

Closed
wants to merge 6 commits into from
Closed

Deny access if user is not authenticated #1408

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8a79632
deny access if user is not authenticated
hafezdivandari May 17, 2024
e96eb77
formatting
hafezdivandari May 17, 2024
c3e3cbe
formatting
hafezdivandari May 17, 2024
7b1754d
formatting
hafezdivandari May 17, 2024
75e96e6
formatting
hafezdivandari Aug 29, 2024
9fd553d
fix tests
hafezdivandari Aug 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions src/Grant/AbstractAuthorizeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,14 @@ protected function createAuthorizationRequest(): AuthorizationRequestInterface
{
return new AuthorizationRequest();
}

/**
* Get the client redirect URI.
*/
protected function getClientRedirectUri(AuthorizationRequestInterface $authorizationRequest): string
{
return is_array($authorizationRequest->getClient()->getRedirectUri())
? $authorizationRequest->getClient()->getRedirectUri()[0]
: $authorizationRequest->getClient()->getRedirectUri();
}
}
22 changes: 7 additions & 15 deletions src/Grant/AuthCodeGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,15 +347,15 @@ function ($method) {
*/
public function completeAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): ResponseTypeInterface
{
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

$finalRedirectUri = $authorizationRequest->getRedirectUri()
?? $this->getClientRedirectUri($authorizationRequest);

// The user approved the client, redirect them back with an auth code
if ($authorizationRequest->isAuthorizationApproved() === true) {
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

$authCode = $this->issueAuthCode(
$this->authCodeTTL,
$authorizationRequest->getClient(),
Expand Down Expand Up @@ -397,7 +397,9 @@ public function completeAuthorizationRequest(AuthorizationRequestInterface $auth

// The user denied the client, redirect them back with an error
throw OAuthServerException::accessDenied(
'The user denied the request',
is_null($authorizationRequest->getUser())
? 'The user is not authenticated.'
: 'The user denied the request',
$this->makeRedirectUri(
$finalRedirectUri,
[
Expand All @@ -406,14 +408,4 @@ public function completeAuthorizationRequest(AuthorizationRequestInterface $auth
)
);
}

/**
* Get the client redirect URI if not set in the request.
*/
private function getClientRedirectUri(AuthorizationRequestInterface $authorizationRequest): string
{
return is_array($authorizationRequest->getClient()->getRedirectUri())
? $authorizationRequest->getClient()->getRedirectUri()[0]
: $authorizationRequest->getClient()->getRedirectUri();
}
}
19 changes: 9 additions & 10 deletions src/Grant/ImplicitGrant.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,18 +148,15 @@ public function validateAuthorizationRequest(ServerRequestInterface $request): A
*/
public function completeAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): ResponseTypeInterface
{
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

$clientRegisteredRedirectUri = is_array($authorizationRequest->getClient()->getRedirectUri())
? $authorizationRequest->getClient()->getRedirectUri()[0]
: $authorizationRequest->getClient()->getRedirectUri();

$finalRedirectUri = $authorizationRequest->getRedirectUri() ?? $clientRegisteredRedirectUri;
$finalRedirectUri = $authorizationRequest->getRedirectUri()
?? $this->getClientRedirectUri($authorizationRequest);

// The user approved the client, redirect them back with an access token
if ($authorizationRequest->isAuthorizationApproved() === true) {
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
}

// Finalize the requested scopes
$finalizedScopes = $this->scopeRepository->finalizeScopes(
$authorizationRequest->getScopes(),
Expand Down Expand Up @@ -194,7 +191,9 @@ public function completeAuthorizationRequest(AuthorizationRequestInterface $auth

// The user denied the client, redirect them back with an error
throw OAuthServerException::accessDenied(
'The user denied the request',
is_null($authorizationRequest->getUser())
? 'The user is not authenticated.'
: 'The user denied the request',
$this->makeRedirectUri(
$finalRedirectUri,
[
Expand Down