Merge pull request #949 from philcross/fix_client_credentials_superuser_scope

taylorotwell · web-flow · commit 0499b40bb29b · 2019-01-28T09:03:31.000-06:00
[7.0] Allow '*' scope to be used with Client Credentials
diff --git a/src/Bridge/ScopeRepository.php b/src/Bridge/ScopeRepository.php
@@ -25,7 +25,7 @@ public function finalizeScopes(
         array $scopes, $grantType,
         ClientEntityInterface $clientEntity, $userIdentifier = null)
     {
-        if (! in_array($grantType, ['password', 'personal_access'])) {
+        if (! in_array($grantType, ['password', 'personal_access', 'client_credentials'])) {
             $scopes = collect($scopes)->reject(function ($scope) {
                 return trim($scope->getIdentifier()) === '*';
             })->values()->all();
diff --git a/tests/BridgeScopeRepositoryTest.php b/tests/BridgeScopeRepositoryTest.php
@@ -34,7 +34,7 @@ public function test_superuser_scope_cant_be_applied_if_wrong_grant()
         $repository = new ScopeRepository;
 
         $scopes = $repository->finalizeScopes(
-            [$scope1 = new Scope('*')], 'client_credentials', new Client('id', 'name', 'http://localhost'), 1
+            [$scope1 = new Scope('*')], 'refresh_token', new Client('id', 'name', 'http://localhost'), 1
         );
 
         $this->assertEquals([], $scopes);

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ public function finalizeScopes(`
`25`	`25`	`array $scopes, $grantType,`
`26`	`26`	`ClientEntityInterface $clientEntity, $userIdentifier = null)`
`27`	`27`	`{`
`28`		`- if (! in_array($grantType, ['password', 'personal_access'])) {`
	`28`	`+ if (! in_array($grantType, ['password', 'personal_access', 'client_credentials'])) {`
`29`	`29`	`$scopes = collect($scopes)->reject(function ($scope) {`
`30`	`30`	`return trim($scope->getIdentifier()) === '*';`
`31`	`31`	`})->values()->all();`