diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php index 325fdf55f..6afa0e637 100644 --- a/src/Bridge/ClientRepository.php +++ b/src/Bridge/ClientRepository.php @@ -60,7 +60,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType) return false; } - return ! $record->confidential() || $this->verifySecret((string) $clientSecret, $record->secret); + return ! $record->confidential() || $this->verifySecret((string) $clientSecret, $record->secret, $grantType); } /** @@ -95,11 +95,12 @@ protected function handlesGrant($record, $grantType) * * @param string $clientSecret * @param string $storedHash + * @param string $grantType * @return bool */ - protected function verifySecret($clientSecret, $storedHash) + protected function verifySecret($clientSecret, $storedHash, $grantType) { - return Passport::$hashesClientSecrets + return Passport::$hashesClientSecrets && $grantType !== 'personal_access' ? password_verify($clientSecret, $storedHash) : hash_equals($storedHash, $clientSecret); } diff --git a/tests/BridgeClientRepositoryHashedSecretsTest.php b/tests/BridgeClientRepositoryHashedSecretsTest.php index 39aec9634..63109df72 100644 --- a/tests/BridgeClientRepositoryHashedSecretsTest.php +++ b/tests/BridgeClientRepositoryHashedSecretsTest.php @@ -21,6 +21,14 @@ protected function setUp(): void $this->clientModelRepository = $clientModelRepository; $this->repository = new BridgeClientRepository($clientModelRepository); } + + public function test_personal_access_grant_is_permitted() + { + $client = $this->clientModelRepository->findActive(1); + $client->personal_access_client = true; + + $this->assertTrue($this->repository->validateClient(1, $client->secret, 'personal_access')); + } } class BridgeClientRepositoryHashedTestClientStub extends BridgeClientRepositoryTestClientStub