Merge pull request #72 from akrabat/hotfix/63-event-listener-priority

Ensure event listeners have a valid priority when added via the AuthorizationServerFactory
mezzio · Aug 7, 2024 · 1199de7 · 1199de7
2 parents f37ef8b + 39363a7
commit 1199de7
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 1 deletion.
diff --git a/src/AuthorizationServerFactory.php b/src/AuthorizationServerFactory.php
@@ -8,6 +8,7 @@
 use League\OAuth2\Server\AuthorizationServer;
 use Psr\Container\ContainerInterface;
 
+use function is_int;
 use function is_string;
 use function sprintf;
 
@@ -78,7 +79,7 @@ private function addListeners(
         foreach ($listeners as $idx => $listenerConfig) {
             $event    = $listenerConfig[0];
             $listener = $listenerConfig[1];
-            $priority = $listenerConfig[2] ?? null;
+            $priority = $listenerConfig[2] ?? 0;
             if (is_string($listener)) {
                 if (! $container->has($listener)) {
                     throw new Exception\InvalidConfigException(sprintf(
@@ -92,6 +93,14 @@ private function addListeners(
                 }
                 $listener = $container->get($listener);
             }
+            if (! is_int($priority)) {
+                throw new Exception\InvalidConfigException(sprintf(
+                    'The third element of event_listeners config at index "%s" (priority) '
+                        . 'is expected to be an integer, received "%s"',
+                    $idx,
+                    $priority
+                ));
+            }
             $authServer->getEmitter()
                 ->addListener($event, $listener, $priority);
         }

diff --git a/test/AuthorizationServerFactoryTest.php b/test/AuthorizationServerFactoryTest.php
@@ -4,6 +4,7 @@
 
 namespace MezzioTest\Authentication\OAuth2;
 
+use Laminas\Diactoros\ServerRequest;
 use League\Event\ListenerInterface;
 use League\Event\ListenerProviderInterface;
 use League\OAuth2\Server\AuthorizationServer;
@@ -133,6 +134,43 @@ static function (RequestEvent $event): void {
         $result = $factory($mockContainer);
 
         self::assertInstanceOf(AuthorizationServer::class, $result);
+
+        // Ensure listeners have been registered correctly. If they have not, then emitting an event will fail
+        $request = $this->createMock(ServerRequest::class);
+        $result->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
+    }
+
+    public function testInvokeWithListenerConfigFailsIfPriorityIsNotAnInteger(): void
+    {
+        $mockContainer = $this->getContainerMock();
+        $mockListener  = $this->createMock(ListenerInterface::class);
+        $mockContainer->set(ListenerInterface::class, $mockListener);
+
+        $config = [
+            'authentication' => [
+                'private_key'         => __DIR__ . '/TestAsset/private.key',
+                'encryption_key'      => 'iALlwJ1sH77dmFCJFo+pMdM6Af4bF/hCca1EDDx7MwE=',
+                'access_token_expire' => 'P1D',
+                'grants'              => [
+                    ClientCredentialsGrant::class => ClientCredentialsGrant::class,
+                ],
+                'event_listeners'     => [
+                    [
+                        RequestEvent::CLIENT_AUTHENTICATION_FAILED,
+                        ListenerInterface::class,
+                        'one',
+                    ],
+                ],
+            ],
+        ];
+
+        $mockContainer->set('config', $config);
+
+        $factory = new AuthorizationServerFactory();
+
+        $this->expectException(InvalidConfigException::class);
+
+        $factory($mockContainer);
     }
 
     public function testInvokeWithListenerConfigMissingServiceThrowsException(): void