Merge master into version 8 branch

2025-05-31 14:12:07 +05:30 · 2018-06-24 01:10:02 +01:00
parent ca6be0577c 8184f771d4
commit 369c7005a3
11 changed files with 108 additions and 52 deletions
--- a/tests/AuthorizationValidators/BearerTokenValidatorTest.php
+++ b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace LeagueTests\AuthorizationValidators;
+
+use Lcobucci\JWT\Builder;
+use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
+use League\OAuth2\Server\CryptKey;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use PHPUnit\Framework\TestCase;
+use Zend\Diactoros\ServerRequest;
+
+class BearerTokenValidatorTest extends TestCase
+{
+    /**
+     * @expectedException League\OAuth2\Server\Exception\OAuthServerException
+     * @expectedExceptionCode 9
+     */
+    public function testThrowExceptionWhenAccessTokenIsNotSigned()
+    {
+        $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
+
+        $bearerTokenValidator = new BearerTokenValidator($accessTokenRepositoryMock);
+        $bearerTokenValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
+
+        $unsignedJwt = (new Builder())
+            ->setAudience('client-id')
+            ->setId('token-id', true)
+            ->setIssuedAt(time())
+            ->setNotBefore(time())
+            ->setExpiration(time())
+            ->setSubject('user-id')
+            ->set('scopes', 'scope1 scope2 scope3 scope4')
+            ->getToken();
+
+        $request = new ServerRequest();
+        $request = $request->withHeader('authorization', sprintf('Bearer %s', $unsignedJwt));
+
+        $bearerTokenValidator->validateAuthorization($request);
+    }
+}
--- a/tests/Exception/OAuthServerExceptionTest.php
+++ b/tests/Exception/OAuthServerExceptionTest.php
@@ -64,4 +64,18 @@ class OAuthServerExceptionTest extends TestCase

        $validateClientMethod->invoke($grantMock, $serverRequest);
    }
+
+    public function testHasRedirect()
+    {
+        $exceptionWithRedirect = OAuthServerException::accessDenied('some hint', 'https://example.com/error');
+
+        $this->assertTrue($exceptionWithRedirect->hasRedirect());
+    }
+
+    public function testDoesNotHaveRedirect()
+    {
+        $exceptionWithoutRedirect = OAuthServerException::accessDenied('Some hint');
+
+        $this->assertFalse($exceptionWithoutRedirect->hasRedirect());
+    }
 }