Fix breaking change introduced by #1682 (#1686)

laravel · Sep 1, 2023 · 93bb9c3 · 93bb9c3
1 parent e225960
commit 93bb9c3
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 8 deletions.
diff --git a/src/Bridge/ScopeRepository.php b/src/Bridge/ScopeRepository.php
@@ -12,17 +12,17 @@ class ScopeRepository implements ScopeRepositoryInterface
     /**
      * The client repository.
      *
-     * @var \Laravel\Passport\ClientRepository
+     * @var \Laravel\Passport\ClientRepository|null
      */
-    protected ClientRepository $clients;
+    protected ?ClientRepository $clients;
 
     /**
      * Create a new scope repository.
      *
-     * @param  \Laravel\Passport\ClientRepository  $clients
+     * @param  \Laravel\Passport\ClientRepository|null  $clients
      * @return void
      */
-    public function __construct(ClientRepository $clients)
+    public function __construct(?ClientRepository $clients = null)
     {
         $this->clients = $clients;
     }
@@ -50,11 +50,12 @@ public function finalizeScopes(
             })->values()->all();
         }
 
-        $client = $this->clients->findActive($clientEntity->getIdentifier());
+        $client = $this->clients?->findActive($clientEntity->getIdentifier());
 
-        return collect($scopes)->filter(function ($scope) use ($client) {
-            return Passport::hasScope($scope->getIdentifier())
-                && $client->hasScope($scope->getIdentifier());
+        return collect($scopes)->filter(function ($scope) {
+            return Passport::hasScope($scope->getIdentifier());
+        })->when($client, function ($scopes, $client) {
+            return $scopes->filter(fn ($scope) => $client->hasScope($scope->getIdentifier()));
         })->values()->all();
     }
 }
diff --git a/tests/Unit/BridgeScopeRepositoryTest.php b/tests/Unit/BridgeScopeRepositoryTest.php
@@ -38,6 +38,21 @@ public function test_invalid_scopes_are_removed()
         $this->assertEquals([$scope1], $scopes);
     }
 
+    public function test_invalid_scopes_are_removed_without_a_client_repository()
+    {
+        Passport::tokensCan([
+            'scope-1' => 'description',
+        ]);
+
+        $repository = new ScopeRepository();
+
+        $scopes = $repository->finalizeScopes(
+            [$scope1 = new Scope('scope-1'), new Scope('scope-2')], 'client_credentials', new Client('id', 'name', 'http://localhost'), 1
+        );
+
+        $this->assertEquals([$scope1], $scopes);
+    }
+
     public function test_clients_do_not_restrict_scopes_by_default()
     {
         Passport::tokensCan([
@@ -126,4 +141,19 @@ public function test_superuser_scope_cant_be_applied_if_wrong_grant()
 
         $this->assertEquals([], $scopes);
     }
+
+    public function test_superuser_scope_cant_be_applied_if_wrong_grant_without_a_client_repository()
+    {
+        Passport::tokensCan([
+            'scope-1' => 'description',
+        ]);
+
+        $repository = new ScopeRepository();
+
+        $scopes = $repository->finalizeScopes(
+            [$scope1 = new Scope('*')], 'refresh_token', new Client('id', 'name', 'http://localhost'), 1
+        );
+
+        $this->assertEquals([], $scopes);
+    }
 }