2016-03-10 22:52:48 +05:30
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace LeagueTests\Middleware;
|
|
|
|
|
|
2016-04-17 17:36:17 +05:30
|
|
|
use League\OAuth2\Server\AuthorizationServer;
|
2016-04-10 20:28:01 +05:30
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
2016-03-10 22:52:48 +05:30
|
|
|
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
|
2016-04-17 17:24:25 +05:30
|
|
|
use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware;
|
2016-03-10 22:52:48 +05:30
|
|
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
|
|
|
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
|
|
|
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
2016-04-09 20:16:40 +05:30
|
|
|
use LeagueTests\Stubs\AccessTokenEntity;
|
2016-03-15 05:40:47 +05:30
|
|
|
use LeagueTests\Stubs\ClientEntity;
|
2016-03-10 22:52:48 +05:30
|
|
|
use LeagueTests\Stubs\StubResponseType;
|
|
|
|
|
use Zend\Diactoros\Response;
|
|
|
|
|
use Zend\Diactoros\ServerRequestFactory;
|
|
|
|
|
|
2016-04-17 17:24:25 +05:30
|
|
|
class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
|
2016-03-10 22:52:48 +05:30
|
|
|
{
|
|
|
|
|
public function testValidResponse()
|
|
|
|
|
{
|
2016-07-08 18:59:21 +05:30
|
|
|
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
2016-03-10 22:52:48 +05:30
|
|
|
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
|
|
|
|
|
2016-03-24 00:20:14 +05:30
|
|
|
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
|
|
|
|
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
|
|
|
|
|
2016-07-08 18:59:21 +05:30
|
|
|
$accessRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
2016-03-25 18:39:26 +05:30
|
|
|
$accessRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
|
|
|
|
|
2016-04-17 17:24:25 +05:30
|
|
|
$server = new AuthorizationServer(
|
2016-03-10 22:52:48 +05:30
|
|
|
$clientRepository,
|
2016-03-25 18:39:26 +05:30
|
|
|
$accessRepositoryMock,
|
2016-03-24 00:20:14 +05:30
|
|
|
$scopeRepositoryMock,
|
2016-03-28 20:40:41 +05:30
|
|
|
'file://' . __DIR__ . '/../Stubs/private.key',
|
|
|
|
|
'file://' . __DIR__ . '/../Stubs/public.key',
|
2016-03-10 22:52:48 +05:30
|
|
|
new StubResponseType()
|
|
|
|
|
);
|
|
|
|
|
|
2016-04-10 20:28:01 +05:30
|
|
|
$server->enableGrantType(new ClientCredentialsGrant());
|
2016-03-10 22:52:48 +05:30
|
|
|
|
|
|
|
|
$_POST['grant_type'] = 'client_credentials';
|
|
|
|
|
$_POST['client_id'] = 'foo';
|
|
|
|
|
$_POST['client_secret'] = 'bar';
|
|
|
|
|
|
|
|
|
|
$request = ServerRequestFactory::fromGlobals();
|
|
|
|
|
|
2016-04-17 17:24:25 +05:30
|
|
|
$middleware = new AuthorizationServerMiddleware($server);
|
2016-03-10 22:52:48 +05:30
|
|
|
$response = $middleware->__invoke(
|
|
|
|
|
$request,
|
|
|
|
|
new Response(),
|
|
|
|
|
function () {
|
|
|
|
|
return func_get_args()[1];
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testOAuthErrorResponse()
|
|
|
|
|
{
|
2016-07-08 18:59:21 +05:30
|
|
|
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
2016-03-10 22:52:48 +05:30
|
|
|
$clientRepository->method('getClientEntity')->willReturn(null);
|
|
|
|
|
|
2016-04-17 17:24:25 +05:30
|
|
|
$server = new AuthorizationServer(
|
2016-03-10 22:52:48 +05:30
|
|
|
$clientRepository,
|
2016-07-08 18:59:21 +05:30
|
|
|
$this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(),
|
|
|
|
|
$this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(),
|
2016-03-28 20:40:41 +05:30
|
|
|
'file://' . __DIR__ . '/../Stubs/private.key',
|
|
|
|
|
'file://' . __DIR__ . '/../Stubs/public.key',
|
2016-03-10 22:52:48 +05:30
|
|
|
new StubResponseType()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$server->enableGrantType(new ClientCredentialsGrant(), new \DateInterval('PT1M'));
|
|
|
|
|
|
|
|
|
|
$_POST['grant_type'] = 'client_credentials';
|
|
|
|
|
$_POST['client_id'] = 'foo';
|
|
|
|
|
$_POST['client_secret'] = 'bar';
|
|
|
|
|
|
|
|
|
|
$request = ServerRequestFactory::fromGlobals();
|
|
|
|
|
|
2016-04-17 17:24:25 +05:30
|
|
|
$middleware = new AuthorizationServerMiddleware($server);
|
2016-03-10 22:52:48 +05:30
|
|
|
|
|
|
|
|
$response = $middleware->__invoke(
|
|
|
|
|
$request,
|
|
|
|
|
new Response(),
|
|
|
|
|
function () {
|
|
|
|
|
return func_get_args()[1];
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(401, $response->getStatusCode());
|
|
|
|
|
}
|
2016-04-10 20:28:01 +05:30
|
|
|
|
|
|
|
|
public function testOAuthErrorResponseRedirectUri()
|
|
|
|
|
{
|
|
|
|
|
$exception = OAuthServerException::invalidScope('test', 'http://foo/bar');
|
|
|
|
|
$response = $exception->generateHttpResponse(new Response());
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(302, $response->getStatusCode());
|
|
|
|
|
$this->assertEquals('http://foo/bar?error=invalid_scope&message=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed&hint=Check+the+%60test%60+scope', $response->getHeader('location')[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testOAuthErrorResponseRedirectUriFragment()
|
|
|
|
|
{
|
|
|
|
|
$exception = OAuthServerException::invalidScope('test', 'http://foo/bar');
|
|
|
|
|
$response = $exception->generateHttpResponse(new Response(), true);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(302, $response->getStatusCode());
|
|
|
|
|
$this->assertEquals('http://foo/bar#error=invalid_scope&message=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed&hint=Check+the+%60test%60+scope', $response->getHeader('location')[0]);
|
|
|
|
|
}
|
2016-03-10 22:52:48 +05:30
|
|
|
}
|
