Merge pull request #75 from Spomky/ExtraHeaders

alanbem · alanbem · commit b0e57e17c841 · 2014-12-29T14:12:03.000+01:00
Extra headers support
diff --git a/lib/OAuth2.php b/lib/OAuth2.php
@@ -130,6 +130,7 @@ class OAuth2
     const CONFIG_WWW_REALM = 'realm';
     const CONFIG_ENFORCE_INPUT_REDIRECT = 'enforce_redirect'; // Set to true to enforce redirect_uri on input for both authorize and token steps.
     const CONFIG_ENFORCE_STATE = 'enforce_state'; // Set to true to enforce state to be passed in authorization (see http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.12)
+    const CONFIG_RESPONSE_EXTRA_HEADERS = 'response_extra_headers'; // Add extra headers to the response
 
     /**
      * Regex to filter out the client identifier (described in Section 2 of IETF draft).
@@ -422,6 +423,7 @@ protected function setDefaultOptions()
             self::CONFIG_ENFORCE_STATE => false,
             self::CONFIG_SUPPORTED_SCOPES => null,
             // This is expected to be passed in on construction. Scopes can be an aribitrary string.
+            self::CONFIG_RESPONSE_EXTRA_HEADERS => array(),
         );
     }
 
@@ -1475,11 +1477,13 @@ protected function getAuthorizationHeader(Request $request)
      */
     private function getJsonHeaders()
     {
-        return array(
+        $headers = $this->getVariable(self::CONFIG_RESPONSE_EXTRA_HEADERS, array());
+        $headers += array(
             'Content-Type' => 'application/json',
             'Cache-Control' => 'no-store',
             'Pragma' => 'no-cache',
         );
+        return $headers;
     }
 
     /**
diff --git a/tests/ExtraHeadersTest.php b/tests/ExtraHeadersTest.php
@@ -0,0 +1,38 @@
+<?php
+
+use OAuth2\OAuth2;
+use OAuth2\Model\OAuth2Client;
+use Symfony\Component\HttpFoundation\Request;
+use OAuth2\Tests\Fixtures\OAuth2GrantUserStub;
+
+/**
+ * Extra Headers test case.
+ */
+class ExtraHeadersTest extends PHPUnit_Framework_TestCase
+{
+    public function testErrorResponseContainsExtraHeaders()
+    {
+        $config = array(
+            OAuth2::CONFIG_RESPONSE_EXTRA_HEADERS => array(
+                "Access-Control-Allow-Origin" => "http://www.foo.com",
+                "X-Extra-Header-1" => "Foo-Bar",
+            ),
+        );
+        $stub = new OAuth2GrantUserStub();
+        $stub->addClient(new OAuth2Client('cid', 'cpass'));
+        $stub->addUser('foo', 'bar');
+        $stub->setAllowedGrantTypes(array('authorization_code', 'password'));
+
+        $oauth2 = new OAuth2($stub, $config);
+
+        $response = $oauth2->grantAccessToken(new Request(array(
+            'grant_type' => 'password',
+            'client_id' => 'cid',
+            'client_secret' => 'cpass',
+            'username' => 'foo',
+            'password' => 'bar',
+        )));
+        $this->assertSame("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
+        $this->assertSame("Foo-Bar", $response->headers->get("X-Extra-Header-1"));
+    }
+}
