From 52d300124e2c3dcf512a9c47f1cb5183515dea41 Mon Sep 17 00:00:00 2001
From: Florent Morselli <spomky+git@gmail.com>
Date: Mon, 29 Dec 2014 11:06:30 +0100
Subject: [PATCH] Extra headers support

Fix #72
---
 lib/OAuth2.php             |  6 +++++-
 tests/ExtraHeadersTest.php | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 tests/ExtraHeadersTest.php

diff --git a/lib/OAuth2.php b/lib/OAuth2.php
index 73d97aa..3ec287a 100644
--- a/lib/OAuth2.php
+++ b/lib/OAuth2.php
@@ -130,6 +130,7 @@ class OAuth2
     const CONFIG_WWW_REALM = 'realm';
     const CONFIG_ENFORCE_INPUT_REDIRECT = 'enforce_redirect'; // Set to true to enforce redirect_uri on input for both authorize and token steps.
     const CONFIG_ENFORCE_STATE = 'enforce_state'; // Set to true to enforce state to be passed in authorization (see http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.12)
+    const CONFIG_RESPONSE_EXTRA_HEADERS = 'response_extra_headers'; // Add extra headers to the response
 
     /**
      * Regex to filter out the client identifier (described in Section 2 of IETF draft).
@@ -413,6 +414,7 @@ protected function setDefaultOptions()
             self::CONFIG_ENFORCE_STATE => false,
             self::CONFIG_SUPPORTED_SCOPES => null,
             // This is expected to be passed in on construction. Scopes can be an aribitrary string.
+            self::CONFIG_RESPONSE_EXTRA_HEADERS => array(),
         );
     }
 
@@ -1466,11 +1468,13 @@ protected function getAuthorizationHeader(Request $request)
      */
     private function getJsonHeaders()
     {
-        return array(
+        $headers = $this->getVariable(self::CONFIG_RESPONSE_EXTRA_HEADERS, array());
+        $headers += array(
             'Content-Type' => 'application/json',
             'Cache-Control' => 'no-store',
             'Pragma' => 'no-cache',
         );
+        return $headers;
     }
 
     /**
diff --git a/tests/ExtraHeadersTest.php b/tests/ExtraHeadersTest.php
new file mode 100644
index 0000000..52030d4
--- /dev/null
+++ b/tests/ExtraHeadersTest.php
@@ -0,0 +1,38 @@
+<?php
+
+use OAuth2\OAuth2;
+use OAuth2\Model\OAuth2Client;
+use Symfony\Component\HttpFoundation\Request;
+use OAuth2\Tests\Fixtures\OAuth2GrantUserStub;
+
+/**
+ * Extra Headers test case.
+ */
+class ExtraHeadersTest extends PHPUnit_Framework_TestCase
+{
+    public function testErrorResponseContainsExtraHeaders()
+    {
+        $config = array(
+            OAuth2::CONFIG_RESPONSE_EXTRA_HEADERS => array(
+                "Access-Control-Allow-Origin" => "http://www.foo.com",
+                "X-Extra-Header-1" => "Foo-Bar",
+            ),
+        );
+        $stub = new OAuth2GrantUserStub();
+        $stub->addClient(new OAuth2Client('cid', 'cpass'));
+        $stub->addUser('foo', 'bar');
+        $stub->setAllowedGrantTypes(array('authorization_code', 'password'));
+
+        $oauth2 = new OAuth2($stub, $config);
+
+        $response = $oauth2->grantAccessToken(new Request(array(
+            'grant_type' => 'password',
+            'client_id' => 'cid',
+            'client_secret' => 'cpass',
+            'username' => 'foo',
+            'password' => 'bar',
+        )));
+        $this->assertSame("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
+        $this->assertSame("Foo-Bar", $response->headers->get("X-Extra-Header-1"));
+    }
+}