Merge pull request #1181 from datapp/bugfix/scope-named-0-considered-to-be-invalid

Sephster · web-flow · commit 9bfb699ec4b7 · 2021-05-31T21:03:00.000+01:00
Default Scope does not work as expected
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 - The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
 - Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
+- Allow scope "0" to be used. Previously this was removed from a request because it failed an `empty()` check (PR #1181)
 
 ## [8.2.4] - released 2020-12-10
 ### Fixed
diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
@@ -325,7 +325,7 @@ public function validateScopes($scopes, $redirectUri = null)
     private function convertScopesQueryStringToArray(string $scopes)
     {
         return \array_filter(\explode(self::SCOPE_DELIMITER_STRING, \trim($scopes)), function ($scope) {
-            return !empty($scope);
+            return $scope !== '';
         });
     }
 
diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php
@@ -521,13 +521,13 @@ public function testValidateScopes()
     {
         $scope = new ScopeEntity();
         $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
-        $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
+        $scopeRepositoryMock->expects($this->exactly(3))->method('getScopeEntityByIdentifier')->willReturn($scope);
 
         /** @var AbstractGrant $grantMock */
         $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
         $grantMock->setScopeRepository($scopeRepositoryMock);
 
-        $this->assertEquals([$scope], $grantMock->validateScopes('basic   '));
+        $this->assertEquals([$scope, $scope, $scope], $grantMock->validateScopes('basic  test 0    '));
     }
 
     public function testValidateScopesBadScope()

Original file line number	Diff line number	Diff line change
`@@ -325,7 +325,7 @@ public function validateScopes($scopes, $redirectUri = null)`
`325`	`325`	`private function convertScopesQueryStringToArray(string $scopes)`
`326`	`326`	`{`
`327`	`327`	`return \array_filter(\explode(self::SCOPE_DELIMITER_STRING, \trim($scopes)), function ($scope) {`
`328`		`- return !empty($scope);`
	`328`	`+ return $scope !== '';`
`329`	`329`	`});`
`330`	`330`	`}`
`331`	`331`
Original file line number	Diff line number	Diff line change
`@@ -521,13 +521,13 @@ public function testValidateScopes()`
`521`	`521`	`{`
`522`	`522`	`$scope = new ScopeEntity();`
`523`	`523`	`$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();`
`524`		`- $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);`
	`524`	`+ $scopeRepositoryMock->expects($this->exactly(3))->method('getScopeEntityByIdentifier')->willReturn($scope);`
`525`	`525`
`526`	`526`	`/** @var AbstractGrant $grantMock */`
`527`	`527`	`$grantMock = $this->getMockForAbstractClass(AbstractGrant::class);`
`528`	`528`	`$grantMock->setScopeRepository($scopeRepositoryMock);`
`529`	`529`
`530`		`- $this->assertEquals([$scope], $grantMock->validateScopes('basic '));`
	`530`	`+ $this->assertEquals([$scope, $scope, $scope], $grantMock->validateScopes('basic test 0 '));`
`531`	`531`	`}`
`532`	`532`
`533`	`533`	`public function testValidateScopesBadScope()`