Merge pull request #28 from zf-fr/oauth

bakura10 · bakura10 · commit fb5ad45f564c · 2015-01-16T17:49:32.000+01:00
Trigger exception if invalid token
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ Please note that until I reach 1.0, I **WILL NOT** follow semantic version. This
 Installation is only officially supported using Composer:
 
 ```sh
-php composer.phar require zfr/zfr-oauth2-server:0.5.*
+php composer.phar require zfr/zfr-oauth2-server:0.6.*
 ```
 
 ## Framework integration
diff --git a/src/ZfrOAuth2/Server/ResourceServer.php b/src/ZfrOAuth2/Server/ResourceServer.php
@@ -52,12 +52,14 @@ public function __construct(TokenService $accessTokenService)
      * Get the access token
      *
      * Note that this method will only match tokens that are not expired and match the given scopes (if any).
-     * Otherwise, null will be returned
+     * If no token is pass, this method will return null, but if a token is given does not exist (ie. has been
+     * deleted) or is not valid, then it will trigger an exception
      *
      * @link   http://tools.ietf.org/html/rfc6750#page-5
      * @param  HttpRequest $request
      * @param  array       $scopes
      * @return AccessToken|null
+     * @throws Exception\InvalidAccessTokenException If given access token is invalid or expired
      */
     public function getAccessToken(HttpRequest $request, $scopes = [])
     {
@@ -68,7 +70,7 @@ public function getAccessToken(HttpRequest $request, $scopes = [])
         $token = $this->accessTokenService->getToken($token);
 
         if ($token === null || !$this->isTokenValid($token, $scopes)) {
-            return null;
+            throw new InvalidAccessTokenException('Access token has expired or has been deleted');
         }
 
         return $token;
@@ -79,7 +81,6 @@ public function getAccessToken(HttpRequest $request, $scopes = [])
      *
      * @param  HttpRequest $request
      * @return string|null
-     * @throws Exception\InvalidAccessTokenException If access token is malformed in the Authorization header
      */
     private function extractAccessToken(HttpRequest $request)
     {
@@ -89,16 +90,16 @@ private function extractAccessToken(HttpRequest $request)
         if ($headers->has('Authorization')) {
             // Header value is expected to be "Bearer xxx"
             $parts = explode(' ', $headers->get('Authorization')->getFieldValue());
-            $token = end($parts); // Access token is the last value
 
-            if (count($parts) < 2 || empty($token)) {
-                throw new InvalidAccessTokenException('No access token could be found in Authorization header');
+            if (count($parts) < 2) {
+                return null;
             }
-        } else {
-            $token = $request->getQuery('access_token');
+
+            return end($parts);
         }
 
-        return $token;
+        // Default back to authorization in query param
+        return $request->getQuery('access_token');
     }
 
     /**
diff --git a/tests/ZfrOAuth2Test/Server/ResourceServerTest.php b/tests/ZfrOAuth2Test/Server/ResourceServerTest.php
@@ -80,12 +80,25 @@ public function testCanExtractAccessTokenFromQueryString()
         $this->assertSame($token, $this->resourceServer->getAccessToken($request));
     }
 
-    public function testThrowExceptionIfNoAccessTokenIsInAuthorizationHeader()
+    public function testReturnNullIfNoAccessTokenIsInAuthorizationHeader()
+    {
+        $request = new HttpRequest();
+        $request->getHeaders()->addHeaderLine('Authorization', '');
+
+        $this->assertNull($this->resourceServer->getAccessToken($request));
+    }
+
+    public function testThrowExceptionIfTokenDoesNotExistAnymore()
     {
         $this->setExpectedException('ZfrOAuth2\Server\Exception\InvalidAccessTokenException');
 
         $request = new HttpRequest();
-        $request->getHeaders()->addHeaderLine('Authorization', '');
+        $request->getHeaders()->addHeaderLine('Authorization', 'Bearer foo');
+
+        $this->tokenService->expects($this->once())
+                           ->method('getToken')
+                           ->with('foo')
+                          ->will($this->returnValue(null));
 
         $this->resourceServer->getAccessToken($request);
     }
@@ -144,12 +157,11 @@ public function testCanValidateAccessToResource($expiredToken, $tokenScope, $des
                            ->with('token')
                            ->will($this->returnValue($accessToken));
 
-        $tokenResult = $this->resourceServer->getAccessToken($request, $desiredScope);
-
-        if ($match) {
-            $this->assertInstanceOf('ZfrOAuth2\Server\Entity\AccessToken', $tokenResult);
-        } else {
-            $this->assertNull($tokenResult);
+        if (!$match || $expiredToken) {
+            $this->setExpectedException('ZfrOAuth2\Server\Exception\InvalidAccessTokenException');
         }
+
+        $tokenResult = $this->resourceServer->getAccessToken($request, $desiredScope);
+        $this->assertInstanceOf('ZfrOAuth2\Server\Entity\AccessToken', $tokenResult);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -52,12 +52,14 @@ public function __construct(TokenService $accessTokenService)`
`52`	`52`	`* Get the access token`
`53`	`53`	`*`
`54`	`54`	`* Note that this method will only match tokens that are not expired and match the given scopes (if any).`
`55`		`- * Otherwise, null will be returned`
	`55`	`+ * If no token is pass, this method will return null, but if a token is given does not exist (ie. has been`
	`56`	`+ * deleted) or is not valid, then it will trigger an exception`
`56`	`57`	`*`
`57`	`58`	`* @link http://tools.ietf.org/html/rfc6750#page-5`
`58`	`59`	`* @param HttpRequest $request`
`59`	`60`	`* @param array $scopes`
`60`	`61`	`* @return AccessToken\|null`
	`62`	`+ * @throws Exception\InvalidAccessTokenException If given access token is invalid or expired`
`61`	`63`	`*/`
`62`	`64`	`public function getAccessToken(HttpRequest $request, $scopes = [])`
`63`	`65`	`{`
`@@ -68,7 +70,7 @@ public function getAccessToken(HttpRequest $request, $scopes = [])`
`68`	`70`	`$token = $this->accessTokenService->getToken($token);`
`69`	`71`
`70`	`72`	`if ($token === null \|\| !$this->isTokenValid($token, $scopes)) {`
`71`		`- return null;`
	`73`	`+ throw new InvalidAccessTokenException('Access token has expired or has been deleted');`
`72`	`74`	`}`
`73`	`75`
`74`	`76`	`return $token;`
`@@ -79,7 +81,6 @@ public function getAccessToken(HttpRequest $request, $scopes = [])`
`79`	`81`	`*`
`80`	`82`	`* @param HttpRequest $request`
`81`	`83`	`* @return string\|null`
`82`		`- * @throws Exception\InvalidAccessTokenException If access token is malformed in the Authorization header`
`83`	`84`	`*/`
`84`	`85`	`private function extractAccessToken(HttpRequest $request)`
`85`	`86`	`{`
`@@ -89,16 +90,16 @@ private function extractAccessToken(HttpRequest $request)`
`89`	`90`	`if ($headers->has('Authorization')) {`
`90`	`91`	`// Header value is expected to be "Bearer xxx"`
`91`	`92`	`$parts = explode(' ', $headers->get('Authorization')->getFieldValue());`
`92`		`- $token = end($parts); // Access token is the last value`
`93`	`93`
`94`		`- if (count($parts) < 2 \|\| empty($token)) {`
`95`		`- throw new InvalidAccessTokenException('No access token could be found in Authorization header');`
	`94`	`+ if (count($parts) < 2) {`
	`95`	`+ return null;`
`96`	`96`	`}`
`97`		`- } else {`
`98`		`- $token = $request->getQuery('access_token');`
	`97`	`+`
	`98`	`+ return end($parts);`
`99`	`99`	`}`
`100`	`100`
`101`		`- return $token;`
	`101`	`+ // Default back to authorization in query param`
	`102`	`+ return $request->getQuery('access_token');`
`102`	`103`	`}`
`103`	`104`
`104`	`105`	`/**`