From 4d81207941d6efc198857847d9e4c17520f28d75 Mon Sep 17 00:00:00 2001
From: Choraimy Kroonstuiver <3661474+axlon@users.noreply.github.com>
Date: Fri, 9 Feb 2024 17:27:49 +0100
Subject: [PATCH] Fix getting/setting client scopes and grant types (#1717)

---
 src/Bridge/ClientRepository.php           |  2 +-
 src/Client.php                            | 48 +++++--------
 tests/Feature/ClientTest.php              | 88 +++++++++++++++++++++++
 tests/Unit/BridgeClientRepositoryTest.php |  9 +++
 4 files changed, 114 insertions(+), 33 deletions(-)
 create mode 100644 tests/Feature/ClientTest.php

diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php
index 325fdf55f..c3c9c2a78 100644
--- a/src/Bridge/ClientRepository.php
+++ b/src/Bridge/ClientRepository.php
@@ -72,7 +72,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType)
      */
     protected function handlesGrant($record, $grantType)
     {
-        if (is_array($record->grant_types) && ! in_array($grantType, $record->grant_types)) {
+        if (! $record->hasGrantType($grantType)) {
             return false;
         }
 
diff --git a/src/Client.php b/src/Client.php
index a04c91221..78f9009e9 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -105,37 +105,6 @@ public function tokens()
         return $this->hasMany(Passport::tokenModel(), 'client_id');
     }
 
-    /**
-     * Get the grant types the client can use.
-     *
-     * @return array|null
-     */
-    public function getGrantTypesAttribute()
-    {
-        return $this->attributes['grant_types'] ?? null;
-    }
-
-    /**
-     * Get the scopes for the client.
-     *
-     * @return array|null
-     */
-    public function getScopesAttribute()
-    {
-        return $this->attributes['scopes'] ?? null;
-    }
-
-    /**
-     * Set the scopes for the client.
-     *
-     * @param  array|null  $scopes
-     * @return void
-     */
-    public function setScopesAttribute(?array $scopes)
-    {
-        $this->attributes['scopes'] = $scopes;
-    }
-
     /**
      * The temporary non-hashed client secret.
      *
@@ -187,6 +156,21 @@ public function skipsAuthorization()
         return false;
     }
 
+    /**
+     * Determine if the client has the given grant type.
+     *
+     * @param  string  $grantType
+     * @return bool
+     */
+    public function hasGrantType($grantType)
+    {
+        if (! isset($this->grant_types) || ! is_array($this->grant_types)) {
+            return true;
+        }
+
+        return in_array($grantType, $this->grant_types);
+    }
+
     /**
      * Determine whether the client has the given scope.
      *
@@ -195,7 +179,7 @@ public function skipsAuthorization()
      */
     public function hasScope($scope)
     {
-        if (! is_array($this->scopes)) {
+        if (! isset($this->scopes) || ! is_array($this->scopes)) {
             return true;
         }
 
diff --git a/tests/Feature/ClientTest.php b/tests/Feature/ClientTest.php
new file mode 100644
index 000000000..38fb93e14
--- /dev/null
+++ b/tests/Feature/ClientTest.php
@@ -0,0 +1,88 @@
+<?php
+
+namespace Laravel\Passport\Tests\Feature;
+
+use Illuminate\Database\Eloquent\Model;
+use Laravel\Passport\Client;
+use Orchestra\Testbench\TestCase;
+
+final class ClientTest extends TestCase
+{
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        Model::preventAccessingMissingAttributes();
+    }
+
+    protected function tearDown(): void
+    {
+        Model::preventAccessingMissingAttributes(false);
+
+        parent::tearDown();
+    }
+
+    public function testScopesWhenClientDoesNotHaveScope(): void
+    {
+        $client = new Client(['scopes' => ['bar']]);
+        $client->exists = true;
+
+        $this->assertFalse($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenClientHasScope(): void
+    {
+        $client = new Client(['scopes' => ['foo', 'bar']]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenColumnDoesNotExist(): void
+    {
+        $client = new Client();
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testScopesWhenColumnIsNull(): void
+    {
+        $client = new Client(['scopes' => null]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasScope('foo'));
+    }
+
+    public function testGrantTypesWhenClientDoesNotHaveGrantType(): void
+    {
+        $client = new Client(['grant_types' => ['bar']]);
+        $client->exists = true;
+
+        $this->assertFalse($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenClientHasGrantType(): void
+    {
+        $client = new Client(['grant_types' => ['foo', 'bar']]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenColumnDoesNotExist(): void
+    {
+        $client = new Client();
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+
+    public function testGrantTypesWhenColumnIsNull(): void
+    {
+        $client = new Client(['scopes' => null]);
+        $client->exists = true;
+
+        $this->assertTrue($client->hasGrantType('foo'));
+    }
+}
diff --git a/tests/Unit/BridgeClientRepositoryTest.php b/tests/Unit/BridgeClientRepositoryTest.php
index c20503407..7c46fd73f 100644
--- a/tests/Unit/BridgeClientRepositoryTest.php
+++ b/tests/Unit/BridgeClientRepositoryTest.php
@@ -207,4 +207,13 @@ public function confidential()
     {
         return ! empty($this->secret);
     }
+
+    public function hasGrantType($grantType)
+    {
+        if (! isset($this->grant_types) || ! is_array($this->grant_types)) {
+            return true;
+        }
+
+        return in_array($grantType, $this->grant_types);
+    }
 }