From 4e37d9bb611a9874b22349b38b9843daeb7c0785 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 9 Mar 2014 19:35:23 +0000 Subject: [PATCH] Updated Refresh Token and Password grants --- src/League/OAuth2/Server/Grant/Password.php | 12 +- .../OAuth2/Server/Grant/RefreshToken.php | 5 +- tests/Grant/PasswordTest.php | 474 ++++++++++++++++++ tests/Grant/RefreshTokenTest.php | 359 +++++++++++++ 4 files changed, 841 insertions(+), 9 deletions(-) create mode 100644 tests/Grant/PasswordTest.php create mode 100644 tests/Grant/RefreshTokenTest.php diff --git a/src/League/OAuth2/Server/Grant/Password.php b/src/League/OAuth2/Server/Grant/Password.php index 1f265081..e87da146 100644 --- a/src/League/OAuth2/Server/Grant/Password.php +++ b/src/League/OAuth2/Server/Grant/Password.php @@ -11,7 +11,7 @@ namespace League\OAuth2\Server\Grant; -use League\OAuth2\Server\Authorization; +use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\Entity\AccessToken; use League\OAuth2\Server\Entity\Client; use League\OAuth2\Server\Entity\RefreshToken; @@ -87,7 +87,7 @@ class Password extends AbstractGrant $clientId = $this->server->getRequest()->request->get('client_id', null); if (is_null($clientId)) { throw new ClientException( - sprintf(Authorization::getExceptionMessage('invalid_request'), 'client_id'), + sprintf(AuthorizationServer::getExceptionMessage('invalid_request'), 'client_id'), 0 ); } @@ -95,7 +95,7 @@ class Password extends AbstractGrant $clientSecret = $this->server->getRequest()->request->get('client_secret', null); if (is_null($clientSecret)) { throw new ClientException( - sprintf(Authorization::getExceptionMessage('invalid_request'), 'client_secret'), + sprintf(AuthorizationServer::getExceptionMessage('invalid_request'), 'client_secret'), 0 ); } @@ -109,13 +109,13 @@ class Password extends AbstractGrant ); if (($client instanceof Client) === false) { - throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); + throw new ClientException(AuthorizationServer::getExceptionMessage('invalid_client'), 8); } $username = $this->server->getRequest()->request->get('username', null); if (is_null($username)) { throw new ClientException( - sprintf(Authorization::getExceptionMessage('invalid_request'), 'username'), + sprintf(AuthorizationServer::getExceptionMessage('invalid_request'), 'username'), 0 ); } @@ -123,7 +123,7 @@ class Password extends AbstractGrant $password = $this->server->getRequest()->request->get('password', null); if (is_null($password)) { throw new ClientException( - sprintf(Authorization::getExceptionMessage('invalid_request'), 'password'), + sprintf(AuthorizationServer::getExceptionMessage('invalid_request'), 'password'), 0 ); } diff --git a/src/League/OAuth2/Server/Grant/RefreshToken.php b/src/League/OAuth2/Server/Grant/RefreshToken.php index d1415b1a..87f2563e 100644 --- a/src/League/OAuth2/Server/Grant/RefreshToken.php +++ b/src/League/OAuth2/Server/Grant/RefreshToken.php @@ -12,7 +12,7 @@ namespace League\OAuth2\Server\Grant; use League\OAuth2\Server\Request; -use League\OAuth2\Server\Authorization; +use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\Exception; use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Storage\SessionInterface; @@ -88,7 +88,7 @@ class RefreshToken extends AbstractGrant ); if ($client === null) { - throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); + throw new ClientException(AuthorizationServer::getExceptionMessage('invalid_client'), 8); } $oldRefreshTokenParam = $this->server->getRequest()->request->get('refresh_token', null); @@ -122,7 +122,6 @@ class RefreshToken extends AbstractGrant } else { // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure // the request doesn't include any new scopes - foreach ($requestedScopes as $requestedScope) { if (!isset($scopes[$requestedScope->getId()])) { throw new Exception\ClientException( diff --git a/tests/Grant/PasswordTest.php b/tests/Grant/PasswordTest.php new file mode 100644 index 00000000..38b33b32 --- /dev/null +++ b/tests/Grant/PasswordTest.php @@ -0,0 +1,474 @@ +setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST['grant_type'] = 'password'; + + $server = new AuthorizationServer; + $grant = new Password; + + $server->addGrantType($grant); + $server->issueAccessToken(); + + } + + function testCompleteFlowMissingClientSecret() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowInvalidClient() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn(null); + + $server->setClientStorage($clientStorage); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testNoUsername() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create'); + $sessionStorage->shouldReceive('getScopes')->andReturn([]); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([]); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn(null); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testNoPassword() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'username' => 'foo' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create'); + $sessionStorage->shouldReceive('getScopes')->andReturn([]); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([]); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn(null); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testNoCallable() + { + $this->setExpectedException('League\OAuth2\Server\Exception\InvalidGrantTypeException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'username' => 'foo', + 'password' => 'foobar' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create'); + $sessionStorage->shouldReceive('getScopes')->andReturn([]); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([]); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn(null); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowInvalidScope() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'scope' => 'foo' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create'); + $sessionStorage->shouldReceive('getScopes')->andReturn([]); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([]); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn(null); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $grant->setVerifyCredentialsCallback(function () { + return 123; + }); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowNoScopes() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'username' => 'username', + 'password' => 'password' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create')->andreturn(123); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]); + $sessionStorage->shouldReceive('associateScope'); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([]); + $accessTokenStorage->shouldReceive('associateScope'); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $server->requireScopeParam(true); + $grant->setVerifyCredentialsCallback(function () { + return 123; + }); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowInvalidCredentials() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'scope' => 'foo', + 'username' => 'username', + 'password' => 'password' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create')->andreturn(123); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $sessionStorage->shouldReceive('associateScope'); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $accessTokenStorage->shouldReceive('associateScope'); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn( + (new Scope($server))->setId('foo') + ); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $grant->setVerifyCredentialsCallback(function () { + return false; + }); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlow() + { + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'scope' => 'foo', + 'username' => 'username', + 'password' => 'password' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create')->andreturn(123); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $sessionStorage->shouldReceive('associateScope'); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $accessTokenStorage->shouldReceive('associateScope'); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn( + (new Scope($server))->setId('foo') + ); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $grant->setVerifyCredentialsCallback(function () { + return 123; + }); + + $server->addGrantType($grant); + $response = $server->issueAccessToken(); + + $this->assertTrue(isset($response['access_token'])); + $this->assertTrue(isset($response['token_type'])); + $this->assertTrue(isset($response['expires_in'])); + $this->assertTrue(isset($response['expires'])); + } + + function testCompleteFlowRefreshToken() + { + $_POST = [ + 'grant_type' => 'password', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'scope' => 'foo', + 'username' => 'username', + 'password' => 'password' + ]; + + $server = new AuthorizationServer; + $grant = new Password; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('create')->andreturn(123); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $sessionStorage->shouldReceive('associateScope'); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $accessTokenStorage->shouldReceive('associateScope'); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn( + (new Scope($server))->setId('foo') + ); + + $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface'); + $refreshTokenStorage->shouldReceive('setServer'); + $refreshTokenStorage->shouldReceive('create'); + $refreshTokenStorage->shouldReceive('associateScope'); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $server->setRefreshTokenStorage($refreshTokenStorage); + + $grant->setVerifyCredentialsCallback(function () { + return 123; + }); + + $server->addGrantType($grant); + $server->addGrantType(new RefreshToken); + $response = $server->issueAccessToken(); + + $this->assertTrue(isset($response['access_token'])); + $this->assertTrue(isset($response['refresh_token'])); + $this->assertTrue(isset($response['token_type'])); + $this->assertTrue(isset($response['expires_in'])); + $this->assertTrue(isset($response['expires'])); + } +} \ No newline at end of file diff --git a/tests/Grant/RefreshTokenTest.php b/tests/Grant/RefreshTokenTest.php new file mode 100644 index 00000000..d0c2785e --- /dev/null +++ b/tests/Grant/RefreshTokenTest.php @@ -0,0 +1,359 @@ +setRefreshTokenTTL(86400); + + $property = new \ReflectionProperty($grant, 'refreshTokenTTL'); + $property->setAccessible(true); + + $this->assertEquals(86400, $property->getValue($grant)); + } + + function testCompleteFlowMissingClientId() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST['grant_type'] = 'refresh_token'; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowMissingClientSecret() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp' + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowInvalidClient() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp', + 'client_secret' => 'foobar' + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn(null); + + $server->setClientStorage($clientStorage); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowMissingRefreshToken() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->requireScopeParam(true); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowInvalidRefreshToken() + { + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'refresh_token' => 'meh' + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface'); + $refreshTokenStorage->shouldReceive('get'); + $refreshTokenStorage->shouldReceive('setServer'); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setRefreshTokenStorage($refreshTokenStorage); + $server->requireScopeParam(true); + + $server->addGrantType($grant); + $server->issueAccessToken(); + } + + function testCompleteFlowExistingScopes() + { + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'refresh_token' => 'refresh_token' + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]); + $sessionStorage->shouldReceive('associateScope'); + $sessionStorage->shouldReceive('getByAccessToken')->andReturn( + (new Session($server)) + ); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('getByRefreshToken')->andReturn( + (new AccessToken($server)) + ); + $accessTokenStorage->shouldReceive('delete'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $accessTokenStorage->shouldReceive('associateScope'); + + $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface'); + $refreshTokenStorage->shouldReceive('setServer'); + $refreshTokenStorage->shouldReceive('associateScope'); + $refreshTokenStorage->shouldReceive('delete'); + $refreshTokenStorage->shouldReceive('create'); + $refreshTokenStorage->shouldReceive('get')->andReturn( + (new RT($server)) + ); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn( + (new Scope($server))->setId('foo') + ); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $server->setRefreshTokenStorage($refreshTokenStorage); + + $server->addGrantType($grant); + $response = $server->issueAccessToken(); + + $this->assertTrue(isset($response['access_token'])); + $this->assertTrue(isset($response['refresh_token'])); + $this->assertTrue(isset($response['token_type'])); + $this->assertTrue(isset($response['expires_in'])); + $this->assertTrue(isset($response['expires'])); + } + + function testCompleteFlowRequestScopes() + { + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'refresh_token' => 'refresh_token', + 'scope' => 'foo' + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $oldSession = (new Session($server))->associateScope((new Scope($server))->setId('foo')); + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]); + $sessionStorage->shouldReceive('associateScope'); + $sessionStorage->shouldReceive('getByAccessToken')->andReturn( + $oldSession + ); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('getByRefreshToken')->andReturn( + (new AccessToken($server)) + ); + $accessTokenStorage->shouldReceive('delete'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $accessTokenStorage->shouldReceive('associateScope'); + + $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface'); + $refreshTokenStorage->shouldReceive('setServer'); + $refreshTokenStorage->shouldReceive('associateScope'); + $refreshTokenStorage->shouldReceive('delete'); + $refreshTokenStorage->shouldReceive('create'); + $refreshTokenStorage->shouldReceive('get')->andReturn( + (new RT($server)) + ); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn( + (new Scope($server))->setId('foo') + ); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $server->setRefreshTokenStorage($refreshTokenStorage); + + $server->addGrantType($grant); + $response = $server->issueAccessToken(); + + $this->assertTrue(isset($response['access_token'])); + $this->assertTrue(isset($response['refresh_token'])); + $this->assertTrue(isset($response['token_type'])); + $this->assertTrue(isset($response['expires_in'])); + $this->assertTrue(isset($response['expires'])); + } + + function testCompleteFlowRequestScopesInvalid() + { + $_POST = [ + 'grant_type' => 'refresh_token', + 'client_id' => 'testapp', + 'client_secret' => 'foobar', + 'refresh_token' => 'refresh_token', + 'scope' => 'blah' + ]; + + $server = new AuthorizationServer; + $grant = new RefreshToken; + + $oldSession = (new Session($server))->associateScope((new Scope($server))->setId('foo')); + + $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface'); + $clientStorage->shouldReceive('setServer'); + $clientStorage->shouldReceive('get')->andReturn( + (new Client($server))->setId('testapp') + ); + + $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface'); + $sessionStorage->shouldReceive('setServer'); + $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]); + $sessionStorage->shouldReceive('associateScope'); + $sessionStorage->shouldReceive('getByAccessToken')->andReturn( + $oldSession + ); + + $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface'); + $accessTokenStorage->shouldReceive('setServer'); + $accessTokenStorage->shouldReceive('getByRefreshToken')->andReturn( + (new AccessToken($server)) + ); + $accessTokenStorage->shouldReceive('delete'); + $accessTokenStorage->shouldReceive('create'); + $accessTokenStorage->shouldReceive('getScopes')->andReturn([ + (new Scope($server))->setId('foo') + ]); + $accessTokenStorage->shouldReceive('associateScope'); + + $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface'); + $refreshTokenStorage->shouldReceive('setServer'); + $refreshTokenStorage->shouldReceive('associateScope'); + $refreshTokenStorage->shouldReceive('delete'); + $refreshTokenStorage->shouldReceive('create'); + $refreshTokenStorage->shouldReceive('get')->andReturn( + (new RT($server)) + ); + + $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface'); + $scopeStorage->shouldReceive('setServer'); + $scopeStorage->shouldReceive('get')->andReturn( + (new Scope($server))->setId('blah') + ); + + $server->setClientStorage($clientStorage); + $server->setScopeStorage($scopeStorage); + $server->setSessionStorage($sessionStorage); + $server->setAccessTokenStorage($accessTokenStorage); + $server->setRefreshTokenStorage($refreshTokenStorage); + + $server->addGrantType($grant); + + $this->setExpectedException('League\OAuth2\Server\Exception\ClientException'); + + $server->issueAccessToken(); + } +} \ No newline at end of file