diff --git a/composer.json b/composer.json index def5495..e6c4999 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ "ext-openssl": "*", "doctrine/doctrine-bundle": "^2.8.0", "doctrine/orm": "^2.14|^3.0", - "league/oauth2-server": "^9", + "league/oauth2-server": "^9.0.1", "nyholm/psr7": "^1.4", "psr/http-factory": "^1.0", "symfony/event-dispatcher": "^5.4|^6.2|^7.0", diff --git a/tests/Integration/AbstractIntegrationTest.php b/tests/Integration/AbstractIntegrationTest.php index 7f089d7..ef91fb6 100644 --- a/tests/Integration/AbstractIntegrationTest.php +++ b/tests/Integration/AbstractIntegrationTest.php @@ -223,7 +223,7 @@ protected function handleResourceRequest(ServerRequestInterface $serverRequest): return $serverRequest; } - protected function handleAuthorizationRequest(ServerRequestInterface $serverRequest, $approved = true): ResponseInterface + protected function handleAuthorizationRequest(ServerRequestInterface $serverRequest, $approved = true, $isImplicitGrantFlow = false): ResponseInterface { $response = $this->psrFactory->createResponse(); @@ -236,7 +236,7 @@ protected function handleAuthorizationRequest(ServerRequestInterface $serverRequ $response = $this->authorizationServer->completeAuthorizationRequest($authRequest, $response); } catch (OAuthServerException $e) { - $response = $e->generateHttpResponse($response); + $response = $e->generateHttpResponse($response, $isImplicitGrantFlow); } return $response; diff --git a/tests/Integration/AuthorizationServerTest.php b/tests/Integration/AuthorizationServerTest.php index 1b148b2..a9a708f 100644 --- a/tests/Integration/AuthorizationServerTest.php +++ b/tests/Integration/AuthorizationServerTest.php @@ -711,7 +711,7 @@ public function testSuccessfulImplicitRequest(): void 'client_id' => 'foo', ]); - $response = $this->handleAuthorizationRequest($request); + $response = $this->handleAuthorizationRequest($request, true, true); $this->assertSame(302, $response->getStatusCode()); $responseData = []; parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData); @@ -733,7 +733,7 @@ public function testSuccessfulImplicitRequestWithState(): void 'state' => 'quzbaz', ]); - $response = $this->handleAuthorizationRequest($request); + $response = $this->handleAuthorizationRequest($request, true, true); $this->assertSame(302, $response->getStatusCode()); $responseData = []; @@ -757,7 +757,7 @@ public function testSuccessfulImplicitRequestRedirectUri(): void 'redirect_uri' => 'https://example.org/oauth2/redirect-uri', ]); - $response = $this->handleAuthorizationRequest($request); + $response = $this->handleAuthorizationRequest($request, true, true); $this->assertSame(302, $response->getStatusCode()); $responseData = []; parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData); @@ -779,10 +779,10 @@ public function testImplicitRequestWithInvalidScope(): void 'scope' => 'non_existing', ]); - $response = $this->handleAuthorizationRequest($request); + $response = $this->handleAuthorizationRequest($request, true, true); $this->assertSame(302, $response->getStatusCode()); $responseData = []; - parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_QUERY), $responseData); + parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData); // Response assertions. $this->assertSame('invalid_scope', $responseData['error']); @@ -798,7 +798,7 @@ public function testImplicitRequestWithInvalidRedirectUri(): void 'redirect_uri' => 'https://example.org/oauth2/other-uri', ]); - $response = $this->handleAuthorizationRequest($request); + $response = $this->handleAuthorizationRequest($request, true, true); $this->assertSame(401, $response->getStatusCode()); $responseData = json_decode((string) $response->getBody(), true); @@ -814,10 +814,10 @@ public function testDeniedImplicitRequest(): void 'client_id' => 'foo', ]); - $response = $this->handleAuthorizationRequest($request, false); + $response = $this->handleAuthorizationRequest($request, false, true); $this->assertSame(302, $response->getStatusCode()); $responseData = []; - parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_QUERY), $responseData); + parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData); // Response assertions. $this->assertSame('access_denied', $responseData['error']); @@ -832,7 +832,7 @@ public function testImplicitRequestWithMissingClient(): void 'client_id' => 'yolo', ]); - $response = $this->handleAuthorizationRequest($request, false); + $response = $this->handleAuthorizationRequest($request, false, true); $this->assertSame(401, $response->getStatusCode()); $responseData = json_decode((string) $response->getBody(), true); @@ -848,7 +848,7 @@ public function testImplicitRequestWithInactiveClient(): void 'client_id' => 'baz_inactive', ]); - $response = $this->handleAuthorizationRequest($request, false); + $response = $this->handleAuthorizationRequest($request, false, true); $this->assertSame(401, $response->getStatusCode()); $responseData = json_decode((string) $response->getBody(), true); @@ -864,7 +864,7 @@ public function testImplicitRequestWithRestrictedGrantClient(): void 'client_id' => 'qux_restricted', ]); - $response = $this->handleAuthorizationRequest($request, false); + $response = $this->handleAuthorizationRequest($request, false, true); $this->assertSame(401, $response->getStatusCode()); $responseData = json_decode((string) $response->getBody(), true);