Merge pull request #28 from zf-fr/oauth

Trigger exception if invalid token
zf-fr · Jan 16, 2015 · fb5ad45 · fb5ad45
2 parents 66cbf21 + b597179
commit fb5ad45
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ Please note that until I reach 1.0, I **WILL NOT** follow semantic version. This
 Installation is only officially supported using Composer:
 
 ```sh
-php composer.phar require zfr/zfr-oauth2-server:0.5.*
+php composer.phar require zfr/zfr-oauth2-server:0.6.*
 ```
 
 ## Framework integration

diff --git a/src/ZfrOAuth2/Server/ResourceServer.php b/src/ZfrOAuth2/Server/ResourceServer.php
@@ -52,12 +52,14 @@ public function __construct(TokenService $accessTokenService)
      * Get the access token
      *
      * Note that this method will only match tokens that are not expired and match the given scopes (if any).
-     * Otherwise, null will be returned
+     * If no token is pass, this method will return null, but if a token is given does not exist (ie. has been
+     * deleted) or is not valid, then it will trigger an exception
      *
      * @link   http://tools.ietf.org/html/rfc6750#page-5
      * @param  HttpRequest $request
      * @param  array       $scopes
      * @return AccessToken|null
+     * @throws Exception\InvalidAccessTokenException If given access token is invalid or expired
      */
     public function getAccessToken(HttpRequest $request, $scopes = [])
     {
@@ -68,7 +70,7 @@ public function getAccessToken(HttpRequest $request, $scopes = [])
         $token = $this->accessTokenService->getToken($token);
 
         if ($token === null || !$this->isTokenValid($token, $scopes)) {
-            return null;
+            throw new InvalidAccessTokenException('Access token has expired or has been deleted');
         }
 
         return $token;
@@ -79,7 +81,6 @@ public function getAccessToken(HttpRequest $request, $scopes = [])
      *
      * @param  HttpRequest $request
      * @return string|null
-     * @throws Exception\InvalidAccessTokenException If access token is malformed in the Authorization header
      */
     private function extractAccessToken(HttpRequest $request)
     {
@@ -89,16 +90,16 @@ private function extractAccessToken(HttpRequest $request)
         if ($headers->has('Authorization')) {
             // Header value is expected to be "Bearer xxx"
             $parts = explode(' ', $headers->get('Authorization')->getFieldValue());
-            $token = end($parts); // Access token is the last value
 
-            if (count($parts) < 2 || empty($token)) {
-                throw new InvalidAccessTokenException('No access token could be found in Authorization header');
+            if (count($parts) < 2) {
+                return null;
             }
-        } else {
-            $token = $request->getQuery('access_token');
+
+            return end($parts);
         }
 
-        return $token;
+        // Default back to authorization in query param
+        return $request->getQuery('access_token');
     }
 
     /**

diff --git a/tests/ZfrOAuth2Test/Server/ResourceServerTest.php b/tests/ZfrOAuth2Test/Server/ResourceServerTest.php
@@ -80,12 +80,25 @@ public function testCanExtractAccessTokenFromQueryString()
         $this->assertSame($token, $this->resourceServer->getAccessToken($request));
     }
 
-    public function testThrowExceptionIfNoAccessTokenIsInAuthorizationHeader()
+    public function testReturnNullIfNoAccessTokenIsInAuthorizationHeader()
+    {
+        $request = new HttpRequest();
+        $request->getHeaders()->addHeaderLine('Authorization', '');
+
+        $this->assertNull($this->resourceServer->getAccessToken($request));
+    }
+
+    public function testThrowExceptionIfTokenDoesNotExistAnymore()
     {
         $this->setExpectedException('ZfrOAuth2\Server\Exception\InvalidAccessTokenException');
 
         $request = new HttpRequest();
-        $request->getHeaders()->addHeaderLine('Authorization', '');
+        $request->getHeaders()->addHeaderLine('Authorization', 'Bearer foo');
+
+        $this->tokenService->expects($this->once())
+                           ->method('getToken')
+                           ->with('foo')
+                          ->will($this->returnValue(null));
 
         $this->resourceServer->getAccessToken($request);
     }
@@ -144,12 +157,11 @@ public function testCanValidateAccessToResource($expiredToken, $tokenScope, $des
                            ->with('token')
                            ->will($this->returnValue($accessToken));
 
-        $tokenResult = $this->resourceServer->getAccessToken($request, $desiredScope);
-
-        if ($match) {
-            $this->assertInstanceOf('ZfrOAuth2\Server\Entity\AccessToken', $tokenResult);
-        } else {
-            $this->assertNull($tokenResult);
+        if (!$match || $expiredToken) {
+            $this->setExpectedException('ZfrOAuth2\Server\Exception\InvalidAccessTokenException');
         }
+
+        $tokenResult = $this->resourceServer->getAccessToken($request, $desiredScope);
+        $this->assertInstanceOf('ZfrOAuth2\Server\Entity\AccessToken', $tokenResult);
     }
 }