diff --git a/EventListener/AuthorizationRequestResolveListener.php b/EventListener/AuthorizationRequestResolveListener.php index d67d843..6f20155 100644 --- a/EventListener/AuthorizationRequestResolveListener.php +++ b/EventListener/AuthorizationRequestResolveListener.php @@ -5,6 +5,7 @@ use Eccube\Entity\Master\Authority; use Eccube\Entity\Member; +use League\OAuth2\Server\Exception\OAuthServerException; use Plugin\Api\Form\Type\Admin\OAuth2AuthorizationType; use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory; use Symfony\Component\EventDispatcher\EventSubscriberInterface; @@ -60,6 +61,12 @@ public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $ return; } + if (!$request->query->has('redirect_uri')) { + // redirect_uri_mismatch を返すべきだが OAuthServerException ではサポートされていない + // http://openid-foundation-japan.github.io/draft-ietf-oauth-v2.ja.html#auth-error-codes + throw OAuthServerException::invalidRequest('redirect_uri'); + } + if (!$event->isAuthorizationApproved()) { $builder = $this->formFactory->createBuilder(OAuth2AuthorizationType::class); $form = $builder->getForm(); diff --git a/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php b/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php index 34dab12..ded5f4d 100644 --- a/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php +++ b/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php @@ -34,7 +34,7 @@ public function testRoutingAdminOauth2Authorize_ログインしている場合 'oauth2_authorize', [ 'client_id' => $Client->getIdentifier(), - 'redirect_uri' => current($Client->getRedirectUris()), + 'redirect_uri' => (string) current($Client->getRedirectUris()), 'response_type' => 'code', 'scope' => 'read', 'state' => 'xxx' @@ -57,7 +57,7 @@ public function testRoutingAdminOauth2Authorize_権限移譲を許可() 'oauth2_authorize', [ 'client_id' => $Client->getIdentifier(), - 'redirect_uri' => current($Client->getRedirectUris()), + 'redirect_uri' => (string) current($Client->getRedirectUris()), 'response_type' => 'code', 'scope' => 'read', 'state' => 'xxx'