Fix getting/setting client scopes and grant types (#1717)

axlon · web-flow · commit 4d81207941d6 · 2024-02-09T10:27:49.000-06:00
diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php
@@ -72,7 +72,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType)
      */
     protected function handlesGrant($record, $grantType)
     {
-        if (is_array($record->grant_types) && ! in_array($grantType, $record->grant_types)) {
+        if (! $record->hasGrantType($grantType)) {
             return false;
         }
 
diff --git a/src/Client.php b/src/Client.php
@@ -105,37 +105,6 @@ public function tokens()
         return $this->hasMany(Passport::tokenModel(), 'client_id');
     }
 
-    /**
-     * Get the grant types the client can use.
-     *
-     * @return array|null
-     */
-    public function getGrantTypesAttribute()
-    {
-        return $this->attributes['grant_types'] ?? null;
-    }
-
-    /**
-     * Get the scopes for the client.
-     *
-     * @return array|null
-     */
-    public function getScopesAttribute()
-    {
-        return $this->attributes['scopes'] ?? null;
-    }
-
-    /**
-     * Set the scopes for the client.
-     *
-     * @param  array|null  $scopes
-     * @return void
-     */
-    public function setScopesAttribute(?array $scopes)
-    {
-        $this->attributes['scopes'] = $scopes;
-    }
-
     /**
      * The temporary non-hashed client secret.
      *
@@ -187,6 +156,21 @@ public function skipsAuthorization()
         return false;
     }
 
+    /**
+     * Determine if the client has the given grant type.
+     *
+     * @param  string  $grantType
+     * @return bool
+     */
+    public function hasGrantType($grantType)
+    {
+        if (! isset($this->grant_types) || ! is_array($this->grant_types)) {
+            return true;
+        }
+
+        return in_array($grantType, $this->grant_types);
+    }
+
     /**
      * Determine whether the client has the given scope.
      *
@@ -195,7 +179,7 @@ public function skipsAuthorization()
      */
     public function hasScope($scope)
     {
-        if (! is_array($this->scopes)) {
+        if (! isset($this->scopes) || ! is_array($this->scopes)) {
             return true;
         }
 
diff --git a/tests/Feature/ClientTest.php b/tests/Feature/ClientTest.php
@@ -0,0 +1,88 @@
+<?php
+
+namespace Laravel\Passport\Tests\Feature;
+
+use Illuminate\Database\Eloquent\Model;
+use Laravel\Passport\Client;
+use Orchestra\Testbench\TestCase;
+
+final class ClientTest extends TestCase
+{
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        Model::preventAccessingMissingAttributes();
+    }
+
+    protected function tearDown(): void
+    {
+        Model::preventAccessingMissingAttributes(false);
+
+        parent::tearDown();
+    }
+
+    public function testScopesWhenClientDoesNotHaveScope(): void
+    {
+        $client = new Client(['scopes' => ['bar']]);
+        $client->exists = true;
+
+        $this->assertFalse($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenClientHasScope(): void
+    {
+        $client = new Client(['scopes' => ['foo', 'bar']]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenColumnDoesNotExist(): void
+    {
+        $client = new Client();
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenColumnIsNull(): void
+    {
+        $client = new Client(['scopes' => null]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testGrantTypesWhenClientDoesNotHaveGrantType(): void
+    {
+        $client = new Client(['grant_types' => ['bar']]);
+        $client->exists = true;
+
+        $this->assertFalse($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenClientHasGrantType(): void
+    {
+        $client = new Client(['grant_types' => ['foo', 'bar']]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenColumnDoesNotExist(): void
+    {
+        $client = new Client();
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenColumnIsNull(): void
+    {
+        $client = new Client(['scopes' => null]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+}
diff --git a/tests/Unit/BridgeClientRepositoryTest.php b/tests/Unit/BridgeClientRepositoryTest.php
@@ -207,4 +207,13 @@ public function confidential()
     {
         return ! empty($this->secret);
     }
+
+    public function hasGrantType($grantType)
+    {
+        if (! isset($this->grant_types) || ! is_array($this->grant_types)) {
+            return true;
+        }
+
+        return in_array($grantType, $this->grant_types);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType)`
`72`	`72`	`*/`
`73`	`73`	`protected function handlesGrant($record, $grantType)`
`74`	`74`	`{`
`75`		`- if (is_array($record->grant_types) && ! in_array($grantType, $record->grant_types)) {`
	`75`	`+ if (! $record->hasGrantType($grantType)) {`
`76`	`76`	`return false;`
`77`	`77`	`}`
`78`	`78`
Original file line number	Diff line number	Diff line change
`@@ -207,4 +207,13 @@ public function confidential()`
`207`	`207`	`{`
`208`	`208`	`return ! empty($this->secret);`
`209`	`209`	`}`
	`210`	`+`
	`211`	`+ public function hasGrantType($grantType)`
	`212`	`+ {`
	`213`	`+ if (! isset($this->grant_types) \|\| ! is_array($this->grant_types)) {`
	`214`	`+ return true;`
	`215`	`+ }`
	`216`	`+`
	`217`	`+ return in_array($grantType, $this->grant_types);`
	`218`	`+ }`
`210`	`219`	`}`