The auth storage should always check if the HTTP request is valid

Ocramius · Ocramius · commit b57259fd2869 · 2014-04-26T20:02:54.000+02:00
diff --git a/src/ZfrOAuth2Module/Server/Authentication/Storage/AccessTokenStorage.php b/src/ZfrOAuth2Module/Server/Authentication/Storage/AccessTokenStorage.php
@@ -82,6 +82,10 @@ private function getCurrentRequest()
     {
         $request = $this->application->getMvcEvent()->getRequest();
 
-        return $request instanceof Request ? $request : null;
+        if (! $request instanceof Request || ! $this->resourceServer->isRequestValid($request)) {
+            return null;
+        }
+
+        return $request;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,10 @@ private function getCurrentRequest()`
`82`	`82`	`{`
`83`	`83`	`$request = $this->application->getMvcEvent()->getRequest();`
`84`	`84`
`85`		`- return $request instanceof Request ? $request : null;`
	`85`	`+ if (! $request instanceof Request \|\| ! $this->resourceServer->isRequestValid($request)) {`
	`86`	`+ return null;`
	`87`	`+ }`
	`88`	`+`
	`89`	`+ return $request;`
`86`	`90`	`}`
`87`	`91`	`}`