The auth storage should always check if the HTTP request is valid

zf-fr · Apr 26, 2014 · b57259f · b57259f
1 parent 7b74b7d
commit b57259f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/ZfrOAuth2Module/Server/Authentication/Storage/AccessTokenStorage.php b/src/ZfrOAuth2Module/Server/Authentication/Storage/AccessTokenStorage.php
@@ -82,6 +82,10 @@ private function getCurrentRequest()
     {
         $request = $this->application->getMvcEvent()->getRequest();
 
-        return $request instanceof Request ? $request : null;
+        if (! $request instanceof Request || ! $this->resourceServer->isRequestValid($request)) {
+            return null;
+        }
+
+        return $request;
     }
 }