diff --git a/src/Http/Middleware/CheckToken.php b/src/Http/Middleware/CheckToken.php index f7e0c1eb..117754f7 100644 --- a/src/Http/Middleware/CheckToken.php +++ b/src/Http/Middleware/CheckToken.php @@ -2,7 +2,7 @@ namespace Laravel\Passport\Http\Middleware; -use Laravel\Passport\AccessToken; +use Laravel\Passport\Contracts\ScopeAuthorizable; use Laravel\Passport\Exceptions\MissingScopeException; class CheckToken extends ValidateToken @@ -12,7 +12,7 @@ class CheckToken extends ValidateToken * * @throws \Laravel\Passport\Exceptions\MissingScopeException */ - protected function validate(AccessToken $token, string ...$params): void + protected function validate(ScopeAuthorizable $token, string ...$params): void { foreach ($params as $scope) { if ($token->cant($scope)) { diff --git a/src/Http/Middleware/CheckTokenForAnyScope.php b/src/Http/Middleware/CheckTokenForAnyScope.php index 0386f17d..151d05da 100644 --- a/src/Http/Middleware/CheckTokenForAnyScope.php +++ b/src/Http/Middleware/CheckTokenForAnyScope.php @@ -2,7 +2,7 @@ namespace Laravel\Passport\Http\Middleware; -use Laravel\Passport\AccessToken; +use Laravel\Passport\Contracts\ScopeAuthorizable; use Laravel\Passport\Exceptions\MissingScopeException; class CheckTokenForAnyScope extends ValidateToken @@ -12,7 +12,7 @@ class CheckTokenForAnyScope extends ValidateToken * * @throws \Laravel\Passport\Exceptions\MissingScopeException */ - protected function validate(AccessToken $token, string ...$params): void + protected function validate(ScopeAuthorizable $token, string ...$params): void { foreach ($params as $scope) { if ($token->can($scope)) { diff --git a/src/Http/Middleware/EnsureClientIsResourceOwner.php b/src/Http/Middleware/EnsureClientIsResourceOwner.php index f0e3e7cd..81f19ae1 100644 --- a/src/Http/Middleware/EnsureClientIsResourceOwner.php +++ b/src/Http/Middleware/EnsureClientIsResourceOwner.php @@ -3,6 +3,7 @@ namespace Laravel\Passport\Http\Middleware; use Laravel\Passport\AccessToken; +use Laravel\Passport\Contracts\ScopeAuthorizable; use Laravel\Passport\Exceptions\AuthenticationException; use Laravel\Passport\Exceptions\MissingScopeException; @@ -13,9 +14,13 @@ class EnsureClientIsResourceOwner extends ValidateToken * * @throws \Laravel\Passport\Exceptions\AuthenticationException|\Laravel\Passport\Exceptions\MissingScopeException */ - protected function validate(AccessToken $token, string ...$params): void + protected function validate(ScopeAuthorizable $token, string ...$params): void { - if (! is_null($token->oauth_user_id) && $token->oauth_user_id !== $token->oauth_client_id) { + if ( + $token instanceof AccessToken + && ! is_null($token->oauth_user_id) + && $token->oauth_user_id !== $token->oauth_client_id + ) { throw new AuthenticationException; } diff --git a/src/Http/Middleware/ValidateToken.php b/src/Http/Middleware/ValidateToken.php index f57d7729..ec79af4e 100644 --- a/src/Http/Middleware/ValidateToken.php +++ b/src/Http/Middleware/ValidateToken.php @@ -5,6 +5,7 @@ use Closure; use Illuminate\Http\Request; use Laravel\Passport\AccessToken; +use Laravel\Passport\Contracts\ScopeAuthorizable; use Laravel\Passport\Exceptions\AuthenticationException; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\ResourceServer; @@ -54,7 +55,7 @@ public function handle(Request $request, Closure $next, string ...$params): Resp * * @throws \Laravel\Passport\Exceptions\AuthenticationException */ - protected function validateToken(Request $request): AccessToken + protected function validateToken(Request $request): ScopeAuthorizable { // If the user is authenticated and already has an access token set via // the token guard, there's no need to validate the request's bearer @@ -80,5 +81,5 @@ protected function validateToken(Request $request): AccessToken /** * Validate the given access token. */ - abstract protected function validate(AccessToken $token, string ...$params): void; + abstract protected function validate(ScopeAuthorizable $token, string ...$params): void; } diff --git a/tests/Unit/CheckTokenForAnyScopeTest.php b/tests/Unit/CheckTokenForAnyScopeTest.php index 9788abe3..bd01cce3 100644 --- a/tests/Unit/CheckTokenForAnyScopeTest.php +++ b/tests/Unit/CheckTokenForAnyScopeTest.php @@ -5,8 +5,10 @@ use Illuminate\Http\Request; use Illuminate\Http\Response; use Laravel\Passport\AccessToken; +use Laravel\Passport\Contracts\OAuthenticatable; use Laravel\Passport\Exceptions\AuthenticationException; use Laravel\Passport\Http\Middleware\CheckTokenForAnyScope; +use Laravel\Passport\TransientToken; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\ResourceServer; use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration; @@ -41,6 +43,27 @@ public function test_request_is_passed_along_if_token_is_valid() $this->assertSame('response', $response->getContent()); } + public function test_request_is_passed_along_if_token_is_transient() + { + $user = m::mock(OAuthenticatable::class); + $user->shouldReceive('currentAccessToken')->andReturn(new TransientToken()); + + $resourceServer = m::mock(ResourceServer::class); + $resourceServer->shouldNotReceive('validateAuthenticatedRequest'); + + $middleware = new CheckTokenForAnyScope($resourceServer); + + $request = Request::create('/'); + $request->headers->set('Authorization', 'Bearer token'); + $request->setUserResolver(fn () => $user); + + $response = $middleware->handle($request, function () { + return new Response('response'); + }, 'notfoo'); + + $this->assertSame('response', $response->getContent()); + } + public function test_request_is_passed_along_if_token_has_any_required_scope() { $resourceServer = m::mock(ResourceServer::class); diff --git a/tests/Unit/CheckTokenTest.php b/tests/Unit/CheckTokenTest.php index 0b3ea06a..1df9514b 100644 --- a/tests/Unit/CheckTokenTest.php +++ b/tests/Unit/CheckTokenTest.php @@ -5,8 +5,10 @@ use Illuminate\Http\Request; use Illuminate\Http\Response; use Laravel\Passport\AccessToken; +use Laravel\Passport\Contracts\OAuthenticatable; use Laravel\Passport\Exceptions\AuthenticationException; use Laravel\Passport\Http\Middleware\CheckToken; +use Laravel\Passport\TransientToken; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\ResourceServer; use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration; @@ -41,6 +43,27 @@ public function test_request_is_passed_along_if_token_is_valid() $this->assertSame('response', $response->getContent()); } + public function test_request_is_passed_along_if_token_is_transient() + { + $user = m::mock(OAuthenticatable::class); + $user->shouldReceive('currentAccessToken')->andReturn(new TransientToken()); + + $resourceServer = m::mock(ResourceServer::class); + $resourceServer->shouldNotReceive('validateAuthenticatedRequest'); + + $middleware = new CheckToken($resourceServer); + + $request = Request::create('/'); + $request->headers->set('Authorization', 'Bearer token'); + $request->setUserResolver(fn () => $user); + + $response = $middleware->handle($request, function () { + return new Response('response'); + }); + + $this->assertSame('response', $response->getContent()); + } + public function test_request_is_passed_along_if_token_and_scope_are_valid() { $resourceServer = m::mock(ResourceServer::class);