Merge pull request #726 from schmengler/json-parse-error

Throw exception on Non-JSON response from access token request

Author: ramsey

src/Provider/AbstractProvider.php

@@ -527,6 +527,11 @@ public function getAccessToken($grant, array $options = [])
         $params   = $grant->prepareRequestParameters($params, $options);
         $request  = $this->getAccessTokenRequest($params);
         $response = $this->getParsedResponse($request);
+        if (false === is_array($response)) {
+            throw new UnexpectedValueException(
+                'Invalid response received from Authorization Server. Expected JSON.'
+            );
+        }
         $prepared = $this->prepareAccessTokenResponse($response);
         $token    = $this->createAccessToken($prepared, $grant);
 

test/src/Provider/AbstractProviderTest.php

@@ -548,6 +548,24 @@ public function testGetAccessToken($method)
         );
     }
 
+    public function testGetAccessTokenWithNonJsonResponse()
+    {
+        $stream = Phony::mock(StreamInterface::class);
+        $stream->__toString->returns('');
+
+        $response = Phony::mock(ResponseInterface::class);
+        $response->getBody->returns($stream->get());
+        $response->getHeader->with('content-type')->returns('text/plain');
+
+        $client = Phony::mock(ClientInterface::class);
+        $client->send->returns($response->get());
+        $this->provider->setHttpClient($client->get());
+
+        $this->expectException(\UnexpectedValueException::class);
+        $this->expectExceptionMessage('Invalid response received from Authorization Server. Expected JSON.');
+        $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
+    }
+
     private function getMethod($class, $name)
     {
         $class = new \ReflectionClass($class);