From 2f62832e74ae02ce6326f189a4333717d2ffbff6 Mon Sep 17 00:00:00 2001 From: Manuel Dimmler Date: Sun, 3 Jan 2021 21:20:08 +0100 Subject: [PATCH 1/3] Default Scope does not work as expected resolves issue #1092 --- src/Grant/AbstractGrant.php | 2 +- tests/Grant/AbstractGrantTest.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index c4797292a..3802e116f 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -316,7 +316,7 @@ public function validateScopes($scopes, $redirectUri = null) private function convertScopesQueryStringToArray($scopes) { return \array_filter(\explode(self::SCOPE_DELIMITER_STRING, \trim($scopes)), function ($scope) { - return !empty($scope); + return $scope !== ''; }); } diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php index 93f95fa5c..8e94acae2 100644 --- a/tests/Grant/AbstractGrantTest.php +++ b/tests/Grant/AbstractGrantTest.php @@ -431,13 +431,13 @@ public function testValidateScopes() { $scope = new ScopeEntity(); $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); - $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $scopeRepositoryMock->expects($this->exactly(3))->method('getScopeEntityByIdentifier')->willReturn($scope); /** @var AbstractGrant $grantMock */ $grantMock = $this->getMockForAbstractClass(AbstractGrant::class); $grantMock->setScopeRepository($scopeRepositoryMock); - $this->assertEquals([$scope], $grantMock->validateScopes('basic ')); + $this->assertEquals([$scope, $scope, $scope], $grantMock->validateScopes('basic test 0 ')); } public function testValidateScopesBadScope() From e3d5d6d4ca23ec44e6587b8051204595eaea0541 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Mon, 31 May 2021 20:59:58 +0100 Subject: [PATCH 2/3] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5cc7f0c4b..f1e6dfff8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Fixed - The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170) - Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210) +- Allow scope "0" to be used. Previously this was removed from a request because it failed an `empty()` check (PR #1092) ## [8.2.4] - released 2020-12-10 ### Fixed From 936e229c701e379f30e26b537c8838a472e4cd54 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Mon, 31 May 2021 21:01:33 +0100 Subject: [PATCH 3/3] Update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1e6dfff8..b7738c2f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Fixed - The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170) - Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210) -- Allow scope "0" to be used. Previously this was removed from a request because it failed an `empty()` check (PR #1092) +- Allow scope "0" to be used. Previously this was removed from a request because it failed an `empty()` check (PR #1181) ## [8.2.4] - released 2020-12-10 ### Fixed