Authorizer throws exceptions accessing non-existent access tokens

feedback adddressed

Author: tpavlek

src/Authorizer.php

@@ -86,6 +86,26 @@ public function getChecker()
         return $this->checker;
     }
 
+    /**
+     * Get the current access token for the session.
+     *
+     * If the session does not have an active access token, an exception will be thrown.
+     *
+     * @throws \LucaDegasperi\OAuth2Server\NoActiveAccessTokenException
+     *
+     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
+     */
+    public function getAccessToken()
+    {
+        $accessToken = $this->getChecker()->getAccessToken();
+
+        if (is_null($accessToken)) {
+            throw new NoActiveAccessTokenException('Tried to access session data without an active access token');
+        }
+
+        return $accessToken;
+    }
+
     /**
      * Issue an access token if the request parameters are valid.
      *
@@ -209,7 +229,7 @@ public function validateAccessToken($httpHeadersOnly = false, $accessToken = nul
      */
     public function getScopes()
     {
-        return $this->checker->getAccessToken()->getScopes();
+        return $this->getAccessToken()->getScopes();
     }
 
     /**
@@ -231,7 +251,7 @@ public function hasScope($scope)
             return true;
         }
 
-        return $this->checker->getAccessToken()->hasScope($scope);
+        return $this->getAccessToken()->hasScope($scope);
     }
 
     /**
@@ -241,7 +261,7 @@ public function hasScope($scope)
      */
     public function getResourceOwnerId()
     {
-        return $this->checker->getAccessToken()->getSession()->getOwnerId();
+        return $this->getAccessToken()->getSession()->getOwnerId();
     }
 
     /**
@@ -251,7 +271,7 @@ public function getResourceOwnerId()
      */
     public function getResourceOwnerType()
     {
-        return $this->checker->getAccessToken()->getSession()->getOwnerType();
+        return $this->getAccessToken()->getSession()->getOwnerType();
     }
 
     /**

src/NoActiveAccessTokenException.php

@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of OAuth 2.0 Laravel.
+ *
+ * (c) Luca Degasperi <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LucaDegasperi\OAuth2Server;
+
+use Exception;
+
+/**
+ * This is the no active access token exception class.
+ *
+ * @author Troy Pavlek <[email protected]>
+ */
+class NoActiveAccessTokenException extends Exception
+{
+}

tests/unit/LucaDegasperi/OAuth2Server/AuthorizerSpec.php

@@ -18,6 +18,7 @@
 use League\OAuth2\Server\Grant\AuthCodeGrant;
 use League\OAuth2\Server\ResourceServer;
 use League\OAuth2\Server\Util\RedirectUri;
+use LucaDegasperi\OAuth2Server\NoActiveAccessTokenException;
 use PhpSpec\ObjectBehavior;
 use Symfony\Component\HttpFoundation\Request;
 
@@ -65,6 +66,12 @@ public function it_returns_the_current_scopes(ResourceServer $checker, AccessTok
         $this->getScopes()->shouldReturn(['foo', 'bar']);
     }
 
+    public function it_throws_exception_if_current_scopes_accessed_without_active_access_token(ResourceServer $checker)
+    {
+        $checker->getAccessToken()->willReturn(null);
+        $this->shouldThrow(NoActiveAccessTokenException::class)->during('getScopes');
+    }
+
     public function it_checks_if_a_scope_is_included_into_the_current_ones(ResourceServer $checker, AccessTokenEntity $accessTokenEntity)
     {
         $accessTokenEntity->hasScope('foo')->willReturn(true)->shouldBeCalled();
@@ -100,6 +107,12 @@ public function it_checks_if_multiple_valid_scopes_are_included_into_the_current
         $this->hasScope(['foo', 'bar'])->shouldReturn(true);
     }
 
+    public function it_throws_if_scopes_are_checked_without_active_access_token(ResourceServer $checker)
+    {
+        $checker->getAccessToken()->willReturn(null);
+        $this->shouldThrow(NoActiveAccessTokenException::class)->during('hasScope', ['foo']);
+    }
+
     public function it_returns_the_resource_owner_id(ResourceServer $checker, AccessTokenEntity $accessTokenEntity, SessionEntity $sessionEntity)
     {
         $sessionEntity->getOwnerId()->willReturn('1')->shouldBeCalled();
@@ -108,6 +121,12 @@ public function it_returns_the_resource_owner_id(ResourceServer $checker, Access
         $this->getResourceOwnerId()->shouldReturn('1');
     }
 
+    public function it_throws_exception_if_resource_owner_id_accessed_without_active_session(ResourceServer $checker)
+    {
+        $checker->getAccessToken()->willReturn(null);
+        $this->shouldThrow(NoActiveAccessTokenException::class)->during('getResourceOwnerId');
+    }
+
     public function it_returns_the_resource_owner_type(ResourceServer $checker, AccessTokenEntity $accessTokenEntity, SessionEntity $sessionEntity)
     {
         $sessionEntity->getOwnerType()->willReturn('user')->shouldBeCalled();
@@ -116,6 +135,12 @@ public function it_returns_the_resource_owner_type(ResourceServer $checker, Acce
         $this->getResourceOwnerType()->shouldReturn('user');
     }
 
+    public function test_it_throws_exception_if_resource_owner_type_accessed_without_active_session(ResourceServer $checker)
+    {
+        $checker->getAccessToken()->willReturn(null);
+        $this->shouldThrow(NoActiveAccessTokenException::class)->during('getResourceOwnerType');
+    }
+
     public function it_returns_the_client_id(ResourceServer $checker, AccessTokenEntity $accessTokenEntity, SessionEntity $sessionEntity, ClientEntity $clientEntity)
     {
         $clientEntity->getId()->willReturn('1')->shouldBeCalled();