From 35b1306b8d2558ebf6c2cdf5b28613bbd40f4a2a Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Fri, 10 Jul 2020 14:47:48 +0900
Subject: [PATCH 1/2] =?UTF-8?q?redirect=5Furi=20=E3=82=92=E5=BF=85?=
 =?UTF-8?q?=E9=A0=88=E3=81=AB=E3=81=99=E3=82=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 EventListener/AuthorizationRequestResolveListener.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/EventListener/AuthorizationRequestResolveListener.php b/EventListener/AuthorizationRequestResolveListener.php
index d67d843..6f20155 100644
--- a/EventListener/AuthorizationRequestResolveListener.php
+++ b/EventListener/AuthorizationRequestResolveListener.php
@@ -5,6 +5,7 @@
 
 use Eccube\Entity\Master\Authority;
 use Eccube\Entity\Member;
+use League\OAuth2\Server\Exception\OAuthServerException;
 use Plugin\Api\Form\Type\Admin\OAuth2AuthorizationType;
 use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
@@ -60,6 +61,12 @@ public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $
             return;
         }
 
+        if (!$request->query->has('redirect_uri')) {
+            // redirect_uri_mismatch を返すべきだが OAuthServerException ではサポートされていない
+            // http://openid-foundation-japan.github.io/draft-ietf-oauth-v2.ja.html#auth-error-codes
+            throw OAuthServerException::invalidRequest('redirect_uri');
+        }
+
         if (!$event->isAuthorizationApproved()) {
             $builder = $this->formFactory->createBuilder(OAuth2AuthorizationType::class);
             $form = $builder->getForm();

From b8084ef2a663e6771bce4dc084393ea89e154512 Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Fri, 10 Jul 2020 16:59:50 +0900
Subject: [PATCH 2/2] to string

---
 Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php b/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php
index 34dab12..ded5f4d 100644
--- a/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php
+++ b/Tests/Web/Admin/OAuth2/OAuth2ControllerTest.php
@@ -34,7 +34,7 @@ public function testRoutingAdminOauth2Authorize_ログインしている場合
                                    'oauth2_authorize',
                                    [
                                        'client_id' => $Client->getIdentifier(),
-                                       'redirect_uri' => current($Client->getRedirectUris()),
+                                       'redirect_uri' => (string) current($Client->getRedirectUris()),
                                        'response_type' => 'code',
                                        'scope' => 'read',
                                        'state' => 'xxx'
@@ -57,7 +57,7 @@ public function testRoutingAdminOauth2Authorize_権限移譲を許可()
             'oauth2_authorize',
             [
                 'client_id' => $Client->getIdentifier(),
-                'redirect_uri' => current($Client->getRedirectUris()),
+                'redirect_uri' => (string) current($Client->getRedirectUris()),
                 'response_type' => 'code',
                 'scope' => 'read',
                 'state' => 'xxx'