From 1cd2bb7b317ad5efb5d34d934d7bf607be2c7bb1 Mon Sep 17 00:00:00 2001 From: tfrommen Date: Sat, 1 Jul 2017 11:05:37 +0200 Subject: [PATCH 1/3] Validate grant types and adapt documentation. --- inc/endpoints/class-authorization.php | 2 ++ plugin.php | 12 +++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/inc/endpoints/class-authorization.php b/inc/endpoints/class-authorization.php index 6f8931d..4f1e638 100644 --- a/inc/endpoints/class-authorization.php +++ b/inc/endpoints/class-authorization.php @@ -4,6 +4,7 @@ use WP_Error; use WP\OAuth2; +use WP\OAuth2\Types\Type; class Authorization { const LOGIN_ACTION = 'oauth2_authorize'; @@ -26,6 +27,7 @@ public function handle_request() { // Match type to a handler. $grant_types = OAuth2\get_grant_types(); if ( $grant_types ) { + /** @var Type $type_handler */ foreach ( array_reverse( $grant_types ) as $type_handler ) { if ( $type_handler->get_response_type_code() === $type ) { $handler = $type_handler; diff --git a/plugin.php b/plugin.php index 57d577c..c370aad 100644 --- a/plugin.php +++ b/plugin.php @@ -9,6 +9,7 @@ namespace WP\OAuth2; +use WP\OAuth2\Types\Type; use WP_REST_Response; bootstrap(); @@ -63,7 +64,7 @@ function rest_oauth2_load_authorize_page() { /** * Get valid grant types. * - * @return array Map of grant type to handler object. + * @return Type[] Map of grant type to handler object. */ function get_grant_types() { /** @@ -73,9 +74,14 @@ function get_grant_types() { * Note that additional grant types must follow the extension policy in the * OAuth 2 specification. * - * @param array $grant_types Map of grant type to handler object. + * @param Type[] $grant_types Map of grant type to handler object. */ - return apply_filters( 'oauth2.grant_types', array() ); + $grant_types = apply_filters( 'oauth2.grant_types', array() ); + + return array_filter( $grant_types, function ( $type ) { + + return $type instanceof Type; + } ); } /** From d29512ce00000b2a0c3783e21f24f2b9a1ff3db5 Mon Sep 17 00:00:00 2001 From: tfrommen Date: Sat, 1 Jul 2017 21:21:27 +0200 Subject: [PATCH 2/3] Remove superfluous blank line. --- plugin.php | 1 - 1 file changed, 1 deletion(-) diff --git a/plugin.php b/plugin.php index c370aad..865f3fc 100644 --- a/plugin.php +++ b/plugin.php @@ -79,7 +79,6 @@ function get_grant_types() { $grant_types = apply_filters( 'oauth2.grant_types', array() ); return array_filter( $grant_types, function ( $type ) { - return $type instanceof Type; } ); } From ce53f679264bb6339b3bc73725c3e55113da0feb Mon Sep 17 00:00:00 2001 From: tfrommen Date: Sun, 2 Jul 2017 10:38:37 +0200 Subject: [PATCH 3/3] Refactor grant type validation. Inform user when they are doing it wrong. Since it is PHP 5.6, we cannot use array_filter() with the ARRAY_FILTER_USE_BOTH flag, can we? Thus, use a regular foreach loop. --- plugin.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/plugin.php b/plugin.php index 3483220..d0b218f 100644 --- a/plugin.php +++ b/plugin.php @@ -80,10 +80,16 @@ function get_grant_types() { * @param Type[] $grant_types Map of grant type to handler object. */ $grant_types = apply_filters( 'oauth2.grant_types', array() ); - - return array_filter( $grant_types, function ( $type ) { - return $type instanceof Type; - } ); + foreach ( $grant_types as $type => $handler ) { + if ( ! $handler instanceof Type ) { + /* translators: 1: Grant type name, 2: Grant type interface */ + $message = __( 'Skipping invalid grant type "%s". Required interface "%s" not implemented.', 'oauth2' ); + _doing_it_wrong( __FUNCTION__, sprintf( $message, $type, 'WP\\OAuth2\\Types\\Type' ), '0.1.0' ); + unset( $grant_types[ $type ] ); + } + } + + return $grant_types; } /**