Merge branch '11.x'

# Conflicts:
#	CHANGELOG.md
#	src/Client.php

Author: driesvints

CHANGELOG.md

@@ -1,6 +1,10 @@
 # Release Notes
 
-## [Unreleased](https://github.com/laravel/passport/compare/v11.10.4...master)
+## [Unreleased](https://github.com/laravel/passport/compare/v11.10.5...master)
+
+## [v11.10.5](https://github.com/laravel/passport/compare/v11.10.4...v11.10.5) - 2024-02-09
+
+* [11.x] Fix getting/setting client scopes and grant types by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1717
 
 ## [v11.10.4](https://github.com/laravel/passport/compare/v11.10.2...v11.10.4) - 2024-01-30
 

phpunit.xml.dist

@@ -1,16 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit backupGlobals="false"
-         backupStaticAttributes="false"
-         beStrictAboutTestsThatDoNotTestAnything="false"
-         bootstrap="vendor/autoload.php"
-         colors="true"
-         convertDeprecationsToExceptions="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         processIsolation="false"
-         stopOnFailure="false"
->
+<phpunit colors="true">
     <testsuites>
         <testsuite name="Unit">
             <directory suffix="Test.php">./tests/Unit</directory>

src/Bridge/ClientRepository.php

@@ -72,7 +72,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType)
      */
     protected function handlesGrant($record, $grantType)
     {
-        if (is_array($record->grant_types) && ! in_array($grantType, $record->grant_types)) {
+        if (! $record->hasGrantType($grantType)) {
             return false;
         }
 

src/Client.php

@@ -108,34 +108,15 @@ public function tokens()
     }
 
     /**
-     * Get the grant types the client can use.
+     * The temporary non-hashed client secret.
      *
-     * @return array|null
-     */
-    public function getGrantTypesAttribute()
-    {
-        return $this->attributes['grant_types'] ?? null;
-    }
-
-    /**
-     * Get the scopes for the client.
-     *
-     * @return array|null
-     */
-    public function getScopesAttribute()
-    {
-        return $this->attributes['scopes'] ?? null;
-    }
-
-    /**
-     * Set the scopes for the client.
+     * This is only available once during the request that created the client.
      *
-     * @param  array|null  $scopes
-     * @return void
+     * @return string|null
      */
-    public function setScopesAttribute(?array $scopes)
+    public function getPlainSecretAttribute()
     {
-        $this->attributes['scopes'] = $scopes;
+        return $this->plainSecret;
     }
 
     /**
@@ -177,6 +158,21 @@ public function skipsAuthorization()
         return false;
     }
 
+    /**
+     * Determine if the client has the given grant type.
+     *
+     * @param  string  $grantType
+     * @return bool
+     */
+    public function hasGrantType($grantType)
+    {
+        if (! isset($this->attributes['grant_types']) || ! is_array($this->grant_types)) {
+            return true;
+        }
+
+        return in_array($grantType, $this->grant_types);
+    }
+
     /**
      * Determine whether the client has the given scope.
      *
@@ -185,7 +181,7 @@ public function skipsAuthorization()
      */
     public function hasScope($scope)
     {
-        if (! is_array($this->scopes)) {
+        if (! isset($this->attributes['scopes']) || ! is_array($this->scopes)) {
             return true;
         }
 

tests/Feature/AccessTokenControllerTest.php

@@ -49,7 +49,7 @@ public function testGettingAccessTokenWithClientCredentialsGrant()
         $this->assertArrayHasKey('expires_in', $decodedResponse);
         $this->assertArrayHasKey('access_token', $decodedResponse);
         $this->assertSame('Bearer', $decodedResponse['token_type']);
-        $expiresInSeconds = 31622400;
+        $expiresInSeconds = 31536000;
         $this->assertEqualsWithDelta($expiresInSeconds, $decodedResponse['expires_in'], 5);
 
         $token = $this->app->make(PersonalAccessTokenFactory::class)->findAccessToken($decodedResponse);
@@ -141,7 +141,7 @@ public function testGettingAccessTokenWithPasswordGrant()
         $this->assertArrayHasKey('access_token', $decodedResponse);
         $this->assertArrayHasKey('refresh_token', $decodedResponse);
         $this->assertSame('Bearer', $decodedResponse['token_type']);
-        $expiresInSeconds = 31622400;
+        $expiresInSeconds = 31536000;
         $this->assertEqualsWithDelta($expiresInSeconds, $decodedResponse['expires_in'], 5);
 
         $token = $this->app->make(PersonalAccessTokenFactory::class)->findAccessToken($decodedResponse);

tests/Feature/ClientTest.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace Laravel\Passport\Tests\Feature;
+
+use Illuminate\Database\Eloquent\Model;
+use Laravel\Passport\Client;
+use Orchestra\Testbench\TestCase;
+
+final class ClientTest extends TestCase
+{
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        Model::preventAccessingMissingAttributes();
+    }
+
+    protected function tearDown(): void
+    {
+        Model::preventAccessingMissingAttributes(false);
+
+        parent::tearDown();
+    }
+
+    public function testScopesWhenClientDoesNotHaveScope(): void
+    {
+        $client = new Client(['scopes' => ['bar']]);
+        $client->exists = true;
+
+        $this->assertFalse($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenClientHasScope(): void
+    {
+        $client = new Client(['scopes' => ['foo', 'bar']]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenColumnDoesNotExist(): void
+    {
+        $client = new Client();
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenColumnIsNull(): void
+    {
+        $client = new Client(['scopes' => null]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testGrantTypesWhenClientDoesNotHaveGrantType(): void
+    {
+        $client = new Client(['grant_types' => ['bar']]);
+        $client->exists = true;
+
+        $this->assertFalse($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenClientHasGrantType(): void
+    {
+        $client = new Client(['grant_types' => ['foo', 'bar']]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenColumnDoesNotExist(): void
+    {
+        $client = new Client();
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenColumnIsNull(): void
+    {
+        $client = new Client(['scopes' => null]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+}

tests/Unit/BridgeClientRepositoryTest.php

@@ -207,4 +207,13 @@ public function confidential()
     {
         return ! empty($this->secret);
     }
+
+    public function hasGrantType($grantType)
+    {
+        if (! isset($this->grant_types) || ! is_array($this->grant_types)) {
+            return true;
+        }
+
+        return in_array($grantType, $this->grant_types);
+    }
 }