diff --git a/src/Http/Middleware/AddCustomProvider.php b/src/Http/Middleware/AddCustomProvider.php index a77ab31..3848124 100644 --- a/src/Http/Middleware/AddCustomProvider.php +++ b/src/Http/Middleware/AddCustomProvider.php @@ -34,7 +34,7 @@ public function handle(Request $request, Closure $next) $provider = $request->get('provider'); - if ($this->invalidProvider($provider)) { + if ($this->invalidProvider($provider) || $this->clientGrantType($request)) { throw OAuthServerException::invalidRequest('provider'); } @@ -78,4 +78,13 @@ protected function invalidProvider($provider) return true; } + + protected function clientGrantType(Request $request) + { + if (! $request->has('client_credentials')) { + return false; + } + + return true; + } } diff --git a/tests/Feature/MultiauthTest.php b/tests/Feature/MultiauthTest.php index c145485..1e0223e 100644 --- a/tests/Feature/MultiauthTest.php +++ b/tests/Feature/MultiauthTest.php @@ -12,7 +12,7 @@ class MultiauthTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp(); diff --git a/tests/TestCase.php b/tests/TestCase.php index 94db236..a649f76 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -13,7 +13,7 @@ abstract class TestCase extends BaseTestCase { - public function setUp() + public function setUp(): void { parent::setUp(); diff --git a/tests/Unit/AddCustomProviderTest.php b/tests/Unit/AddCustomProviderTest.php index 273bc12..da0e3e6 100644 --- a/tests/Unit/AddCustomProviderTest.php +++ b/tests/Unit/AddCustomProviderTest.php @@ -10,7 +10,7 @@ class AddCustomProviderTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp(); @@ -18,7 +18,7 @@ public function setUp() config(['auth.guards.api.provider', 'users']); } - public function tearDown() + public function tearDown(): void { Mockery::close(); } @@ -30,6 +30,7 @@ public function testIfApiProviderOnAuthWasSetCorrectly() $request = Mockery::mock(Request::class); $request->shouldReceive('get')->andReturn('companies')->with('provider'); + $request->shouldReceive('has')->andReturn(false); $middleware = new AddCustomProvider(); $middleware->handle($request, function () { @@ -49,6 +50,7 @@ public function testPassNotExistentProvider() $request = Mockery::mock(Request::class); $request->shouldReceive('get')->andReturn('not_found')->with('provider'); + $request->shouldReceive('has')->andReturn(false); $middleware = new AddCustomProvider(); $middleware->handle($request, function () { @@ -62,6 +64,35 @@ public function testDoNotPassProviderToRequest() $request = Mockery::mock(Request::class); $request->shouldReceive('get')->andReturn(null)->with('provider'); + $request->shouldReceive('has')->andReturn(false); + + $middleware = new AddCustomProvider(); + $middleware->handle($request, function () { + return 'response'; + }); + } + + public function testPassClientCredentialsAndNoProvider() + { + $this->expectException(OAuthServerException::class); + + $request = Mockery::mock(Request::class); + $request->shouldReceive('get')->andReturn(null)->with('provider'); + $request->shouldReceive('has')->andReturn(true); + + $middleware = new AddCustomProvider(); + $middleware->handle($request, function () { + return 'response'; + }); + } + + public function testDoNotPassNoClientCredentialsAndNoProvider() + { + $this->expectException(OAuthServerException::class); + + $request = Mockery::mock(Request::class); + $request->shouldReceive('get')->andReturn(null)->with('provider'); + $request->shouldReceive('has')->andReturn(false); $middleware = new AddCustomProvider(); $middleware->handle($request, function () { diff --git a/tests/Unit/AuthConfigHelperTest.php b/tests/Unit/AuthConfigHelperTest.php index a0ace99..2eca28a 100644 --- a/tests/Unit/AuthConfigHelperTest.php +++ b/tests/Unit/AuthConfigHelperTest.php @@ -11,7 +11,7 @@ class AuthConfigHelperTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp(); diff --git a/tests/Unit/HasApiTokensTest.php b/tests/Unit/HasApiTokensTest.php index 2eede4a..b6a6d1b 100644 --- a/tests/Unit/HasApiTokensTest.php +++ b/tests/Unit/HasApiTokensTest.php @@ -10,7 +10,7 @@ class HasApiTokensTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp(); diff --git a/tests/Unit/MultiAuthenticateMiddlewareTest.php b/tests/Unit/MultiAuthenticateMiddlewareTest.php index 8be1bd7..7491935 100644 --- a/tests/Unit/MultiAuthenticateMiddlewareTest.php +++ b/tests/Unit/MultiAuthenticateMiddlewareTest.php @@ -16,7 +16,7 @@ class MultiAuthenticateMiddlewareTest extends TestCase { protected $auth; - public function setUp() + public function setUp(): void { parent::setUp(); @@ -31,7 +31,7 @@ public function setUp() $this->auth = $this->app['auth']; } - public function tearDown() + public function tearDown(): void { Mockery::close(); diff --git a/tests/Unit/PassportMultiauthTest.php b/tests/Unit/PassportMultiauthTest.php index bdc6801..4e44a88 100644 --- a/tests/Unit/PassportMultiauthTest.php +++ b/tests/Unit/PassportMultiauthTest.php @@ -10,7 +10,7 @@ class PassportMultiauthTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp(); diff --git a/tests/Unit/ProviderRepositoryTest.php b/tests/Unit/ProviderRepositoryTest.php index 4724215..8670fbc 100644 --- a/tests/Unit/ProviderRepositoryTest.php +++ b/tests/Unit/ProviderRepositoryTest.php @@ -8,7 +8,7 @@ class ProviderRepositoryTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp(); diff --git a/tests/Unit/ServiceProviderTest.php b/tests/Unit/ServiceProviderTest.php index abf867e..0960dea 100644 --- a/tests/Unit/ServiceProviderTest.php +++ b/tests/Unit/ServiceProviderTest.php @@ -11,7 +11,7 @@ class ServiceProviderTest extends TestCase { - public function setUp() + public function setUp(): void { parent::setUp();