Allow array in supported_scopes option (#552)

* Allow multiline in supported_scopes option

* move from multiline string to array definition

* document array notation for supported scopes

* add exception if supported_scopes mixes array notation and string notation

Author: jdeniau

Controller/AuthorizeController.php

@@ -249,7 +249,7 @@ protected function getRedirectionUrl(UserInterface $user)
     }
 
     /**
-     * @return ClientInterface.
+     * @return ClientInterface
      */
     protected function getClient()
     {

DependencyInjection/Configuration.php

@@ -104,7 +104,7 @@ private function addServiceSection(ArrayNodeDefinition $node)
                             ->arrayNode('options')
                                 ->useAttributeAsKey('key')
                                 ->treatNullLike([])
-                                ->prototype('scalar')->end()
+                                ->prototype('variable')->end()
                             ->end()
                         ->end()
                     ->end()

DependencyInjection/FOSOAuthServerExtension.php

@@ -14,6 +14,7 @@
 namespace FOS\OAuthServerBundle\DependencyInjection;
 
 use FOS\OAuthServerBundle\Util\LegacyFormHelper;
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\Definition\Processor;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\Alias;
@@ -51,7 +52,11 @@ public function load(array $configs, ContainerBuilder $container)
             $container->setAlias('fos_oauth_server.user_provider', new Alias($config['service']['user_provider'], false));
         }
 
-        $container->setParameter('fos_oauth_server.server.options', $config['service']['options']);
+        $options = $config['service']['options'];
+        if (is_array($options['supported_scopes'] ?? null)) {
+            $options['supported_scopes'] = $this->computeArraySupportedScopes($options['supported_scopes']);
+        }
+        $container->setParameter('fos_oauth_server.server.options', $options);
 
         $this->remapParametersNamespaces($config, $container, [
             '' => [
@@ -150,4 +155,15 @@ protected function loadAuthorize(array $config, ContainerBuilder $container, Xml
             'form' => 'fos_oauth_server.authorize.form.%s',
         ]);
     }
+
+    private function computeArraySupportedScopes(array $supportedScopes)
+    {
+        foreach ($supportedScopes as $scope) {
+            if (false !== mb_strpos($scope, ' ')) {
+                throw new InvalidConfigurationException('The array notation for supported_scopes should not contain spaces in array items. Either use full array notation or use the string notation for supported_scopes. See https://git.io/vx1X0 for more informations.');
+            }
+        }
+
+        return implode(' ', $supportedScopes);
+    }
 }

Resources/doc/dealing_with_scopes.md

@@ -13,6 +13,19 @@ That's why the `scope` column in the model layer is a string, not an array for i
 
 To configure allowed scopes in your application, you have to edit your `app/config/config.yml` file:
 
+``` yaml
+# app/config/config.yml
+fos_oauth_server:
+    service:
+        options:
+            supported_scopes:
+              - scope1
+              - scope2
+              - scope3
+              - scope4
+```
+
+If you have a short list of scopes, you can define them as a simple string:
 ``` yaml
 # app/config/config.yml
 fos_oauth_server:
@@ -21,6 +34,7 @@ fos_oauth_server:
             supported_scopes: scope1 scope2
 ```
 
+
 Now, clients will be able to pass a `scope` parameter when they request an access token.
 
 

Tests/DependencyInjection/FOSOAuthServerExtensionTest.php

@@ -13,11 +13,25 @@
 
 namespace FOS\OAuthServerBundle\Tests\DependencyInjection;
 
+use FOS\OAuthServerBundle\DependencyInjection\FOSOAuthServerExtension;
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\FileLocator;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag;
 use Symfony\Component\Routing\Loader\XmlFileLoader;
 
 class FOSOAuthServerExtensionTest extends \PHPUnit\Framework\TestCase
 {
+    private $container;
+
+    public function setUp()
+    {
+        $parameterBag = new ParameterBag();
+        $this->container = new ContainerBuilder($parameterBag);
+
+        parent::setUp();
+    }
+
     public function testLoadAuthorizeRouting()
     {
         $locator = new FileLocator();
@@ -39,4 +53,103 @@ public function testLoadTokenRouting()
         $this->assertSame('/oauth/v2/token', $tokenRoute->getPath());
         $this->assertSame(['GET', 'POST'], $tokenRoute->getMethods());
     }
+
+    public function testWithoutService()
+    {
+        $config = [
+            'db_driver' => 'orm',
+            'client_class' => 'dumb_class',
+            'access_token_class' => 'dumb_access_token_class',
+            'refresh_token_class' => 'dumb_refresh_token_class',
+            'auth_code_class' => 'dumb_auth_code_class',
+        ];
+        $instance = new FOSOAuthServerExtension();
+        $instance->load([$config], $this->container);
+
+        $this->assertSame(
+            $this->container->getParameter('fos_oauth_server.server.options'),
+            []
+        );
+    }
+
+    public function testStringSupportedScopes()
+    {
+        $scopes = 'scope1 scope2 scope3 scope4';
+
+        $config = [
+            'db_driver' => 'orm',
+            'client_class' => 'dumb_class',
+            'access_token_class' => 'dumb_access_token_class',
+            'refresh_token_class' => 'dumb_refresh_token_class',
+            'auth_code_class' => 'dumb_auth_code_class',
+            'service' => [
+                'options' => [
+                    'supported_scopes' => $scopes,
+                ],
+            ],
+        ];
+
+        $instance = new FOSOAuthServerExtension();
+        $instance->load([$config], $this->container);
+
+        $this->assertSame(
+            $this->container->getParameter('fos_oauth_server.server.options'),
+            [
+                'supported_scopes' => 'scope1 scope2 scope3 scope4',
+            ]
+        );
+    }
+
+    public function testArraySupportedScopes()
+    {
+        $scopes = ['scope1', 'scope2', 'scope3', 'scope4'];
+
+        $config = [
+            'db_driver' => 'orm',
+            'client_class' => 'dumb_class',
+            'access_token_class' => 'dumb_access_token_class',
+            'refresh_token_class' => 'dumb_refresh_token_class',
+            'auth_code_class' => 'dumb_auth_code_class',
+            'service' => [
+                'options' => [
+                    'supported_scopes' => $scopes,
+                    'enforce_redirect' => true,
+                ],
+            ],
+        ];
+        $instance = new FOSOAuthServerExtension();
+        $instance->load([$config], $this->container);
+
+        $this->assertSame(
+            $this->container->getParameter('fos_oauth_server.server.options'),
+            [
+                'supported_scopes' => 'scope1 scope2 scope3 scope4',
+                'enforce_redirect' => true,
+            ]
+        );
+    }
+
+    public function testArraySupportedScopesWithSpace()
+    {
+        $scopes = ['scope1 scope2', 'scope3', 'scope4'];
+
+        $config = [
+            'db_driver' => 'orm',
+            'client_class' => 'dumb_class',
+            'access_token_class' => 'dumb_access_token_class',
+            'refresh_token_class' => 'dumb_refresh_token_class',
+            'auth_code_class' => 'dumb_auth_code_class',
+            'service' => [
+                'options' => [
+                    'supported_scopes' => $scopes,
+                    'enforce_redirect' => true,
+                ],
+            ],
+        ];
+        $instance = new FOSOAuthServerExtension();
+
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('The array notation for supported_scopes should not contain spaces in array items. Either use full array notation or use the string notation for supported_scopes. See https://git.io/vx1X0 for more informations.');
+        $instance->load([$config], $this->container);
+    }
 }