Allow for multiple default scopes. Fixes #42

thephpleague · May 9, 2013 · 7035792 · 7035792
1 parent 351c2e9
commit 7035792
Show file tree

Hide file tree

Showing 7 changed files with 145 additions and 9 deletions.
diff --git a/src/League/OAuth2/Server/Authorization.php b/src/League/OAuth2/Server/Authorization.php
@@ -62,8 +62,8 @@ class Authorization
     protected $requireScopeParam = false;
 
     /**
-     * Default scope to be used if none is provided
-     * @var string
+     * Default scope(s) to be used if none is provided
+     * @var string|array
      */
     protected $defaultScope = null;
 
@@ -287,7 +287,7 @@ public function scopeParamRequired()
 
     /**
      * Default scope to be used if none is provided and requireScopeParam is false
-     * @var string
+     * @var string|array
      */
     public function setDefaultScope($default = null)
     {

diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php
@@ -154,8 +154,12 @@ public function checkAuthoriseParams($inputParams = array())
 
         if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
             throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
-            $scopes = array($this->authServer->getDefaultScope());
+        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
+            if (is_array($this->authServer->getDefaultScope())) {
+                $scopes = $this->authServer->getDefaultScope();
+            } else {
+                $scopes = array($this->authServer->getDefaultScope());
+            }
         }
 
         $authParams['scopes'] = array();

diff --git a/src/League/OAuth2/Server/Grant/ClientCredentials.php b/src/League/OAuth2/Server/Grant/ClientCredentials.php
@@ -124,8 +124,12 @@ public function completeFlow($inputParams = null)
 
         if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
             throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
-            $scopes = array($this->authServer->getDefaultScope());
+        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
+            if (is_array($this->authServer->getDefaultScope())) {
+                $scopes = $this->authServer->getDefaultScope();
+            } else {
+                $scopes = array($this->authServer->getDefaultScope());
+            }
         }
 
         $authParams['scopes'] = array();

diff --git a/src/League/OAuth2/Server/Grant/Password.php b/src/League/OAuth2/Server/Grant/Password.php
@@ -168,8 +168,12 @@ public function completeFlow($inputParams = null)
 
         if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
             throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
-            $scopes = array($this->authServer->getDefaultScope());
+        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
+            if (is_array($this->authServer->getDefaultScope())) {
+                $scopes = $this->authServer->getDefaultScope();
+            } else {
+                $scopes = array($this->authServer->getDefaultScope());
+            }
         }
 
         $authParams['scopes'] = array();

diff --git a/tests/authorization/AuthCodeGrantTest.php b/tests/authorization/AuthCodeGrantTest.php
@@ -197,6 +197,41 @@ public function test_checkAuthoriseParams_defaultScope()
         ));
 
         $this->assertArrayHasKey('scopes', $params);
+        $this->assertEquals(1, count($params['scopes']));
+    }
+
+    public function test_checkAuthoriseParams_defaultScopeArray()
+    {
+        $this->client->shouldReceive('getClient')->andReturn(array(
+            'client_id' =>  1234,
+            'client_secret' =>  5678,
+            'redirect_uri'  =>  'http://foo/redirect',
+            'name'  =>  'Example Client'
+        ));
+
+        $this->scope->shouldReceive('getScope')->andReturn(array(
+            'id'    =>  1,
+            'scope' =>  'foo',
+            'name'  =>  'Foo Name',
+            'description'   =>  'Foo Name Description'
+        ));
+
+        $a = $this->returnDefault();
+        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $a->addGrantType($g);
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->setDefaultScope(array('test.scope', 'test.scope2'));
+        $a->requireScopeParam(false);
+
+        $params = $g->checkAuthoriseParams(array(
+            'client_id' =>  1234,
+            'redirect_uri'  =>  'http://foo/redirect',
+            'response_type' =>  'code',
+            'scope'    =>  ''
+        ));
+
+        $this->assertArrayHasKey('scopes', $params);
+        $this->assertEquals(2, count($params['scopes']));
     }
 
     /**

diff --git a/tests/authorization/ClientCredentialsGrantTest.php b/tests/authorization/ClientCredentialsGrantTest.php
@@ -146,6 +146,47 @@ public function test_issueAccessToken_clientCredentialsGrant_defaultScope()
         $this->assertArrayHasKey('expires_in', $v);
     }
 
+    public function test_issueAccessToken_clientCredentialsGrant_defaultScopeArray()
+    {
+        $this->scope->shouldReceive('getScope')->andReturn(array(
+            'id'    =>  1,
+            'key' =>  'foo',
+            'name'  =>  'Foo Name',
+            'description'   =>  'Foo Name Description'
+        ));
+
+        $this->client->shouldReceive('getClient')->andReturn(array(
+            'client_id' =>  1234,
+            'client_secret' =>  5678,
+            'redirect_uri'  =>  'http://foo/redirect',
+            'name'  =>  'Example Client'
+        ));
+
+        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
+        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
+        $this->session->shouldReceive('createSession')->andReturn(1);
+        $this->session->shouldReceive('deleteSession')->andReturn(null);
+        $this->session->shouldReceive('associateScope')->andReturn(null);
+        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
+
+        $a = $this->returnDefault();
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->requireScopeParam(false);
+        $a->setDefaultScope(array('foobar', 'barfoo'));
+
+        $v = $a->issueAccessToken(array(
+            'grant_type'    =>  'client_credentials',
+            'client_id' =>  1234,
+            'client_secret' =>  5678,
+            'scope' =>  ''
+        ));
+
+        $this->assertArrayHasKey('access_token', $v);
+        $this->assertArrayHasKey('token_type', $v);
+        $this->assertArrayHasKey('expires', $v);
+        $this->assertArrayHasKey('expires_in', $v);
+    }
+
     /**
      * @expectedException        League\OAuth2\Server\Exception\ClientException
      * @expectedExceptionCode    4

diff --git a/tests/authorization/PasswordGrantTest.php b/tests/authorization/PasswordGrantTest.php
@@ -338,6 +338,54 @@ public function test_issueAccessToken_passwordGrant_defaultScope()
         $this->assertArrayHasKey('expires_in', $v);
     }
 
+    public function test_issueAccessToken_passwordGrant_defaultScopeArray()
+    {
+        $this->scope->shouldReceive('getScope')->andReturn(array(
+            'id'    =>  1,
+            'scope' =>  'foo',
+            'name'  =>  'Foo Name',
+            'description'   =>  'Foo Name Description'
+        ));
+
+        $this->client->shouldReceive('getClient')->andReturn(array(
+            'client_id' =>  1234,
+            'client_secret' =>  5678,
+            'redirect_uri'  =>  'http://foo/redirect',
+            'name'  =>  'Example Client'
+        ));
+
+        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
+        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
+        $this->session->shouldReceive('createSession')->andReturn(1);
+        $this->session->shouldReceive('deleteSession')->andReturn(null);
+        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
+        $this->session->shouldReceive('associateScope')->andReturn(null);
+        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
+
+        $testCredentials = function() { return 1; };
+
+        $a = $this->returnDefault();
+        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant->setVerifyCredentialsCallback($testCredentials);
+        $a->addGrantType($pgrant);
+        $a->requireScopeParam(false);
+        $a->setDefaultScope(array('foobar', 'barfoo'));
+
+        $v = $a->issueAccessToken(array(
+            'grant_type'    =>  'password',
+            'client_id' =>  1234,
+            'client_secret' =>  5678,
+            'username'  =>  'foo',
+            'password'  =>  'bar',
+            'scope' =>  ''
+        ));
+
+        $this->assertArrayHasKey('access_token', $v);
+        $this->assertArrayHasKey('token_type', $v);
+        $this->assertArrayHasKey('expires', $v);
+        $this->assertArrayHasKey('expires_in', $v);
+    }
+
     public function test_issueAccessToken_passwordGrant_goodScope()
     {
         $this->scope->shouldReceive('getScope')->andReturn(array(