If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
/**
* @ORM\Table("oauth2_clients")
- * @ORM\Entity
+ * @ORM\Entity(repositoryClass="Wallabag\ApiBundle\Repository\ClientRepository")
*/
class Client extends BaseClient
{
--- /dev/null
+<?php
+
+namespace Wallabag\ApiBundle\Repository;
+
+use Doctrine\ORM\EntityRepository;
+
+class ClientRepository extends EntityRepository
+{
+ public function findOneBy(array $criteria, array $orderBy = null)
+ {
+ if (!empty($criteria['id'])) {
+ // cast client id to be an integer to avoid postgres error:
+ // "invalid input syntax for integer"
+ $criteria['id'] = (int) $criteria['id'];
+ }
+
+ return parent::findOneBy($criteria, $orderBy);
+ }
+}
$this->assertArrayHasKey('refresh_token', $data);
}
+ public function testCreateTokenWithBadClientId()
+ {
+ $client = $this->getClient();
+ $client->request('POST', '/oauth/v2/token', [
+ 'grant_type' => 'password',
+ 'client_id' => '$WALLABAG_CLIENT_ID',
+ 'client_secret' => 'secret',
+ 'username' => 'admin',
+ 'password' => 'mypassword',
+ ]);
+
+ $this->assertSame(400, $client->getResponse()->getStatusCode());
+ }
+
public function testListingClient()
{
$this->logInAs('admin');
projects / github / wallabag / wallabag.git / commitdiff
