Allow user override on auth request resolve event

X-Coder264 · X-Coder264 · commit 2487d502a9a8 · 2025-11-27T16:34:39.000+01:00
diff --git a/src/Event/AuthorizationRequestResolveEvent.php b/src/Event/AuthorizationRequestResolveEvent.php
@@ -99,6 +99,13 @@ public function getUser(): UserInterface
         return $this->user;
     }
 
+    public function setUser(UserInterface $user): self
+    {
+        $this->user = $user;
+
+        return $this;
+    }
+
     /**
      * @return Scope[]
      */
diff --git a/tests/Acceptance/AuthorizationEndpointTest.php b/tests/Acceptance/AuthorizationEndpointTest.php
@@ -138,6 +138,77 @@ public function testSuccessfulPKCEAuthCodeRequest(): void
 
         $this->assertInstanceOf(AuthorizationCode::class, $authCode);
         $this->assertSame(FixtureFactory::FIXTURE_PUBLIC_CLIENT, $authCode->getClient()->getIdentifier());
+        $this->assertSame(FixtureFactory::FIXTURE_USER, $authCode->getUserIdentifier());
+    }
+
+    public function testSuccessfulAuthCodeRequestWhenTheLoggedUserIsOverriddenInTheAuthorizationRequestResolveEvent(): void
+    {
+        $state = bin2hex(random_bytes(20));
+        $codeVerifier = bin2hex(random_bytes(64));
+        $codeChallengeMethod = 'S256';
+
+        $codeChallenge = strtr(
+            rtrim(base64_encode(hash('sha256', $codeVerifier, true)), '='),
+            '+/',
+            '-_'
+        );
+
+        $this->loginUser();
+
+        $this->client
+            ->getContainer()
+            ->get('event_dispatcher')
+            ->addListener(OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE, function (AuthorizationRequestResolveEvent $event) use ($state, $codeChallenge, $codeChallengeMethod): void {
+                $this->assertSame($state, $event->getState());
+                $this->assertSame($codeChallenge, $event->getCodeChallenge());
+                $this->assertSame($codeChallengeMethod, $event->getCodeChallengeMethod());
+
+                $event->setUser(FixtureFactory::createUser([], FixtureFactory::FIXTURE_USER_TWO));
+                $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
+            });
+
+        $this->client->request(
+            'GET',
+            '/authorize',
+            [
+                'client_id' => FixtureFactory::FIXTURE_PUBLIC_CLIENT,
+                'response_type' => 'code',
+                'scope' => '',
+                'state' => $state,
+                'code_challenge' => $codeChallenge,
+                'code_challenge_method' => $codeChallengeMethod,
+            ]
+        );
+
+        $response = $this->client->getResponse();
+
+        $this->assertSame(302, $response->getStatusCode());
+        $redirectUri = $response->headers->get('Location');
+
+        $this->assertStringStartsWith(FixtureFactory::FIXTURE_CLIENT_FIRST_REDIRECT_URI, $redirectUri);
+        $query = [];
+        parse_str(parse_url($redirectUri, \PHP_URL_QUERY), $query);
+        $this->assertArrayHasKey('state', $query);
+        $this->assertSame($state, $query['state']);
+
+        $this->assertArrayHasKey('code', $query);
+        $payload = json_decode(TestHelper::decryptPayload($query['code']), true);
+
+        $this->assertArrayHasKey('code_challenge', $payload);
+        $this->assertArrayHasKey('code_challenge_method', $payload);
+        $this->assertSame($codeChallenge, $payload['code_challenge']);
+        $this->assertSame($codeChallengeMethod, $payload['code_challenge_method']);
+
+        /** @var AuthorizationCode|null $authCode */
+        $authCode = $this->client
+            ->getContainer()
+            ->get('doctrine.orm.entity_manager')
+            ->getRepository(AuthorizationCode::class)
+            ->findOneBy(['identifier' => $payload['auth_code_id']]);
+
+        $this->assertInstanceOf(AuthorizationCode::class, $authCode);
+        $this->assertSame(FixtureFactory::FIXTURE_PUBLIC_CLIENT, $authCode->getClient()->getIdentifier());
+        $this->assertSame(FixtureFactory::FIXTURE_USER_TWO, $authCode->getUserIdentifier());
     }
 
     public function testAuthCodeRequestWithPublicClientWithoutCodeChallengeWhenTheChallengeIsRequiredForPublicClients(): void
diff --git a/tests/Fixtures/FixtureFactory.php b/tests/Fixtures/FixtureFactory.php
@@ -61,11 +61,12 @@ final class FixtureFactory
     public const FIXTURE_SCOPE_SECOND = 'rock';
 
     public const FIXTURE_USER = 'user';
+    public const FIXTURE_USER_TWO = 'user_two';
     public const FIXTURE_PASSWORD = 'password';
 
-    public static function createUser(array $roles = []): User
+    public static function createUser(array $roles = [], ?string $userIdentifier = null): User
     {
-        $user = new User();
+        $user = new User($userIdentifier);
         $user['roles'] = $roles;
 
         return $user;
diff --git a/tests/Fixtures/User.php b/tests/Fixtures/User.php
@@ -8,6 +8,11 @@
 
 class User extends \ArrayObject implements UserInterface
 {
+    public function __construct(private readonly ?string $userIdentifier = null)
+    {
+        parent::__construct();
+    }
+
     public function getRoles(): array
     {
         return $this['roles'] ?? [];
@@ -25,7 +30,7 @@ public function getSalt(): ?string
 
     public function getUserIdentifier(): string
     {
-        return FixtureFactory::FIXTURE_USER;
+        return $this->userIdentifier ?? FixtureFactory::FIXTURE_USER;
     }
 
     public function eraseCredentials(): void
diff --git a/tests/TestKernel.php b/tests/TestKernel.php
@@ -139,6 +139,9 @@ public function registerContainerConfiguration(LoaderInterface $loader): void
                                 FixtureFactory::FIXTURE_USER => [
                                     'roles' => ['ROLE_USER'],
                                 ],
+                                FixtureFactory::FIXTURE_USER_TWO => [
+                                    'roles' => ['ROLE_USER'],
+                                ],
                             ],
                         ],
                     ],
@@ -148,6 +151,9 @@ public function registerContainerConfiguration(LoaderInterface $loader): void
                                 FixtureFactory::FIXTURE_USER => [
                                     'roles' => ['ROLE_USER'],
                                 ],
+                                FixtureFactory::FIXTURE_USER_TWO => [
+                                    'roles' => ['ROLE_USER'],
+                                ],
                             ],
                         ],
                     ],

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,11 @@`
`8`	`8`
`9`	`9`	`class User extends \ArrayObject implements UserInterface`
`10`	`10`	`{`
	`11`	`+ public function __construct(private readonly ?string $userIdentifier = null)`
	`12`	`+ {`
	`13`	`+ parent::__construct();`
	`14`	`+ }`
	`15`	`+`
`11`	`16`	`public function getRoles(): array`
`12`	`17`	`{`
`13`	`18`	`return $this['roles'] ?? [];`
`@@ -25,7 +30,7 @@ public function getSalt(): ?string`
`25`	`30`
`26`	`31`	`public function getUserIdentifier(): string`
`27`	`32`	`{`
`28`		`- return FixtureFactory::FIXTURE_USER;`
	`33`	`+ return $this->userIdentifier ?? FixtureFactory::FIXTURE_USER;`
`29`	`34`	`}`
`30`	`35`
`31`	`36`	`public function eraseCredentials(): void`