sfelix-martins · aukraiser · Aug 29, 2019 · Aug 29, 2019
diff --git a/src/Http/Middleware/AddCustomProvider.php b/src/Http/Middleware/AddCustomProvider.php
@@ -34,7 +34,7 @@ public function handle(Request $request, Closure $next)
 
         $provider = $request->get('provider');
 
-        if ($this->invalidProvider($provider)) {
+        if ($this->invalidProvider($provider) || $this->clientGrantType($request)) {
             throw OAuthServerException::invalidRequest('provider');
         }
 
@@ -78,4 +78,13 @@ protected function invalidProvider($provider)
 
         return true;
     }
+
+    protected function clientGrantType(Request $request)
+    {
+        if (! $request->has('client_credentials')) {
+            return false;
+        }
+
+        return true;
+    }
 }
diff --git a/tests/Feature/MultiauthTest.php b/tests/Feature/MultiauthTest.php
@@ -12,7 +12,7 @@
 
 class MultiauthTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 

diff --git a/tests/TestCase.php b/tests/TestCase.php
@@ -13,7 +13,7 @@
 
 abstract class TestCase extends BaseTestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 

diff --git a/tests/Unit/AddCustomProviderTest.php b/tests/Unit/AddCustomProviderTest.php
@@ -10,15 +10,15 @@
 
 class AddCustomProviderTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 
         // Config default provider
         config(['auth.guards.api.provider', 'users']);
     }
 
-    public function tearDown()
+    public function tearDown(): void
     {
         Mockery::close();
     }
@@ -30,6 +30,7 @@ public function testIfApiProviderOnAuthWasSetCorrectly()
 
         $request = Mockery::mock(Request::class);
         $request->shouldReceive('get')->andReturn('companies')->with('provider');
+        $request->shouldReceive('has')->andReturn(false);
 
         $middleware = new AddCustomProvider();
         $middleware->handle($request, function () {
@@ -49,6 +50,7 @@ public function testPassNotExistentProvider()
 
         $request = Mockery::mock(Request::class);
         $request->shouldReceive('get')->andReturn('not_found')->with('provider');
+        $request->shouldReceive('has')->andReturn(false);
 
         $middleware = new AddCustomProvider();
         $middleware->handle($request, function () {
@@ -62,6 +64,35 @@ public function testDoNotPassProviderToRequest()
 
         $request = Mockery::mock(Request::class);
         $request->shouldReceive('get')->andReturn(null)->with('provider');
+        $request->shouldReceive('has')->andReturn(false);
+
+        $middleware = new AddCustomProvider();
+        $middleware->handle($request, function () {
+            return 'response';
+        });
+    }
+
+    public function testPassClientCredentialsAndNoProvider()
+    {
+        $this->expectException(OAuthServerException::class);
+
+        $request = Mockery::mock(Request::class);
+        $request->shouldReceive('get')->andReturn(null)->with('provider');
+        $request->shouldReceive('has')->andReturn(true);
+
+        $middleware = new AddCustomProvider();
+        $middleware->handle($request, function () {
+            return 'response';
+        });
+    }
+
+    public function testDoNotPassNoClientCredentialsAndNoProvider()
+    {
+        $this->expectException(OAuthServerException::class);
+
+        $request = Mockery::mock(Request::class);
+        $request->shouldReceive('get')->andReturn(null)->with('provider');
+        $request->shouldReceive('has')->andReturn(false);
 
         $middleware = new AddCustomProvider();
         $middleware->handle($request, function () {

diff --git a/tests/Unit/AuthConfigHelperTest.php b/tests/Unit/AuthConfigHelperTest.php
@@ -11,7 +11,7 @@
 
 class AuthConfigHelperTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 

diff --git a/tests/Unit/HasApiTokensTest.php b/tests/Unit/HasApiTokensTest.php
@@ -10,7 +10,7 @@
 
 class HasApiTokensTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 

diff --git a/tests/Unit/MultiAuthenticateMiddlewareTest.php b/tests/Unit/MultiAuthenticateMiddlewareTest.php
@@ -16,7 +16,7 @@ class MultiAuthenticateMiddlewareTest extends TestCase
 {
     protected $auth;
 
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 
@@ -31,7 +31,7 @@ public function setUp()
         $this->auth = $this->app['auth'];
     }
 
-    public function tearDown()
+    public function tearDown(): void
     {
         Mockery::close();
 

diff --git a/tests/Unit/PassportMultiauthTest.php b/tests/Unit/PassportMultiauthTest.php
@@ -10,7 +10,7 @@
 
 class PassportMultiauthTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 

diff --git a/tests/Unit/ProviderRepositoryTest.php b/tests/Unit/ProviderRepositoryTest.php
@@ -8,7 +8,7 @@
 
 class ProviderRepositoryTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();
 

diff --git a/tests/Unit/ServiceProviderTest.php b/tests/Unit/ServiceProviderTest.php
@@ -11,7 +11,7 @@
 
 class ServiceProviderTest extends TestCase
 {
-    public function setUp()
+    public function setUp(): void
     {
         parent::setUp();