diff --git a/.travis.yml b/.travis.yml index 083f290d..454b8284 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,7 @@ php: - 5.6 - 7.0 - 7.1 + - 7.2 install: - travis_retry composer install --no-interaction --prefer-source diff --git a/README.md b/README.md index e3d88169..7f421104 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ### :warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning: ### Security Notice -### Please upgrade to version `>=5.1.4` (backwards compatible) or `6.x` (one tiny breaking change) to fix some potential security vulnerabilities - [visit this page for more information](https://oauth2.thephpleague.com/v5-security-improvements/) +### Please upgrade to version `>=5.1.6` (backwards compatible) or `6.x` (one tiny breaking change) to fix some potential security vulnerabilities - [visit this page for more information](https://oauth2.thephpleague.com/v5-security-improvements/) ### :warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning: [![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases) @@ -39,6 +39,7 @@ The following versions of PHP are supported: * PHP 5.6 * PHP 7.0 * PHP 7.1 +* PHP 7.2 The `openssl` extension is also required. @@ -61,6 +62,10 @@ Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague If you have any questions about OAuth _please_ open a ticket here; please **don't** email the address below. + + Sponsor + + ## Commercial Support If you would like help implementing this library into your existing platform, or would be interested in OAuth advice or training for you and your team please get in touch with [Glynde Labs](https://glyndelabs.com). @@ -75,7 +80,10 @@ This package is released under the MIT License. See the bundled [LICENSE](https: ## Credits -This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie). +This code is principally developed and maintained by [Andy Millington](https://twitter.com/Sephster), [Brian +Retterer](https://twitter.com/bretterer), and [Simon Hamp](https://twitter.com/simonhamp). + +Between 2012 and 2017 this library was developed and maintained by [Alex Bilbie](https://alexbilbie.com/). Special thanks to [all of these awesome contributors](https://github.com/thephpleague/oauth2-server/contributors). diff --git a/composer.json b/composer.json index d6740aa4..d8d11125 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ "defuse/php-encryption": "^2.1" }, "require-dev": { - "phpunit/phpunit": "^4.8 || ^5.0", + "phpunit/phpunit": "^4.8.38 || ^5.7.21", "zendframework/zend-diactoros": "^1.0" }, "repositories": [ diff --git a/examples/composer.json b/examples/composer.json index 79ab47cd..ec7387cf 100644 --- a/examples/composer.json +++ b/examples/composer.json @@ -7,7 +7,8 @@ "lcobucci/jwt": "^3.1", "paragonie/random_compat": "^2.0", "psr/http-message": "^1.0", - "defuse/php-encryption": "^2.1" + "defuse/php-encryption": "^2.1", + "zendframework/zend-diactoros": "^1.0" }, "autoload": { "psr-4": { diff --git a/src/AuthorizationServer.php b/src/AuthorizationServer.php index 46a9b27a..69c16954 100644 --- a/src/AuthorizationServer.php +++ b/src/AuthorizationServer.php @@ -3,6 +3,7 @@ * @author Alex Bilbie * @copyright Copyright (c) Alex Bilbie * @license http://mit-license.org/ + * * @link https://github.com/thephpleague/oauth2-server */ @@ -70,6 +71,11 @@ class AuthorizationServer implements EmitterAwareInterface */ private $encryptionKey; + /** + * @var string + */ + private $defaultScope = ''; + /** * New server instance. * @@ -96,7 +102,6 @@ class AuthorizationServer implements EmitterAwareInterface $privateKey = new CryptKey($privateKey); } $this->privateKey = $privateKey; - $this->encryptionKey = $encryptionKey; $this->responseType = $responseType; } @@ -116,6 +121,7 @@ class AuthorizationServer implements EmitterAwareInterface $grantType->setAccessTokenRepository($this->accessTokenRepository); $grantType->setClientRepository($this->clientRepository); $grantType->setScopeRepository($this->scopeRepository); + $grantType->setDefaultScope($this->defaultScope); $grantType->setPrivateKey($this->privateKey); $grantType->setEmitter($this->getEmitter()); $grantType->setEncryptionKey($this->encryptionKey); @@ -172,17 +178,19 @@ class AuthorizationServer implements EmitterAwareInterface public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response) { foreach ($this->enabledGrantTypes as $grantType) { - if ($grantType->canRespondToAccessTokenRequest($request)) { - $tokenResponse = $grantType->respondToAccessTokenRequest( - $request, - $this->getResponseType(), - $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] - ); - - if ($tokenResponse instanceof ResponseTypeInterface) { - return $tokenResponse->generateHttpResponse($response); - } + if (!$grantType->canRespondToAccessTokenRequest($request)) { + continue; } + $tokenResponse = $grantType->respondToAccessTokenRequest( + $request, + $this->getResponseType(), + $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] + ); + + if ($tokenResponse instanceof ResponseTypeInterface) { + return $tokenResponse->generateHttpResponse($response); + } + } throw OAuthServerException::unsupportedGrantType(); @@ -204,4 +212,14 @@ class AuthorizationServer implements EmitterAwareInterface return $this->responseType; } + + /** + * Set the default scope for the authorization server. + * + * @param string $defaultScope + */ + public function setDefaultScope($defaultScope) + { + $this->defaultScope = $defaultScope; + } } diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index 1547f6bf..6f299ce4 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -41,7 +41,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface } /** - * Set the private key + * Set the public key * * @param \League\OAuth2\Server\CryptKey $key */ diff --git a/src/CryptTrait.php b/src/CryptTrait.php index 805969b0..125a757e 100644 --- a/src/CryptTrait.php +++ b/src/CryptTrait.php @@ -1,9 +1,11 @@ * @copyright Copyright (c) Alex Bilbie * @license http://mit-license.org/ + * * @link https://github.com/thephpleague/oauth2-server */ @@ -24,6 +26,7 @@ trait CryptTrait * @param string $unencryptedData * * @throws \LogicException + * * @return string */ protected function encrypt($unencryptedData) @@ -41,6 +44,7 @@ trait CryptTrait * @param string $encryptedData * * @throws \LogicException + * * @return string */ protected function decrypt($encryptedData) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 45e03c07..8d101c4c 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -105,10 +105,15 @@ class OAuthServerException extends \Exception public static function invalidScope($scope, $redirectUri = null) { $errorMessage = 'The requested scope is invalid, unknown, or malformed'; - $hint = sprintf( - 'Check the `%s` scope', - htmlspecialchars($scope, ENT_QUOTES, 'UTF-8', false) - ); + + if (empty($scope)) { + $hint = 'Specify a scope in the request or set a default scope'; + } else { + $hint = sprintf( + 'Check the `%s` scope', + htmlspecialchars($scope, ENT_QUOTES, 'UTF-8', false) + ); + } return new static($errorMessage, 5, 'invalid_scope', 400, $hint, $redirectUri); } diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 3ac98cf4..25378955 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -81,6 +81,11 @@ abstract class AbstractGrant implements GrantTypeInterface */ protected $privateKey; + /** + * @string + */ + protected $defaultScope; + /** * @param ClientRepositoryInterface $clientRepository */ @@ -147,6 +152,14 @@ abstract class AbstractGrant implements GrantTypeInterface $this->privateKey = $key; } + /** + * @param string $scope + */ + public function setDefaultScope($scope) + { + $this->defaultScope = $scope; + } + /** * Validate the client. * @@ -211,18 +224,14 @@ abstract class AbstractGrant implements GrantTypeInterface * * @return ScopeEntityInterface[] */ - public function validateScopes( - $scopes, - $redirectUri = null - ) { - $scopesList = array_filter( - explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), - function ($scope) { - return !empty($scope); - } - ); + public function validateScopes($scopes, $redirectUri = null) + { + $scopesList = array_filter(explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), function ($scope) { + return !empty($scope); + }); + + $validScopes = []; - $scopes = []; foreach ($scopesList as $scopeItem) { $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem); @@ -230,10 +239,10 @@ abstract class AbstractGrant implements GrantTypeInterface throw OAuthServerException::invalidScope($scopeItem, $redirectUri); } - $scopes[] = $scope; + $validScopes[] = $scope; } - return $scopes; + return $validScopes; } /** diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index e5621055..e974ded1 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -153,7 +153,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant case 'S256': if ( hash_equals( - rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '='), + hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')), $authCodePayload->code_challenge ) === false ) { @@ -249,10 +249,15 @@ class AuthCodeGrant extends AbstractAuthorizeGrant $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } + } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 + || empty($client->getRedirectUri()) + ) { + $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); + throw OAuthServerException::invalidClient(); } $scopes = $this->validateScopes( - $this->getQueryStringParameter('scope', $request), + $this->getQueryStringParameter('scope', $request, $this->defaultScope), is_array($client->getRedirectUri()) ? $client->getRedirectUri()[0] : $client->getRedirectUri() diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index b5b968d4..ed157aaf 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -29,13 +29,13 @@ class ClientCredentialsGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request)); + $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope)); // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client); + $finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client); // Issue and persist access token - $accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $scopes); + $accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $finalizedScopes); // Inject access token into response type $responseType->setAccessToken($accessToken); diff --git a/src/Grant/GrantTypeInterface.php b/src/Grant/GrantTypeInterface.php index 7aa98242..0e721435 100644 --- a/src/Grant/GrantTypeInterface.php +++ b/src/Grant/GrantTypeInterface.php @@ -119,6 +119,13 @@ interface GrantTypeInterface extends EmitterAwareInterface */ public function setScopeRepository(ScopeRepositoryInterface $scopeRepository); + /** + * Set the default scope. + * + * @param string $scope + */ + public function setDefaultScope($scope); + /** * Set the path to the private key. * diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index 466f32ce..f3c9e694 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -27,11 +27,18 @@ class ImplicitGrant extends AbstractAuthorizeGrant private $accessTokenTTL; /** - * @param \DateInterval $accessTokenTTL + * @var string */ - public function __construct(\DateInterval $accessTokenTTL) + private $queryDelimiter; + + /** + * @param \DateInterval $accessTokenTTL + * @param string $queryDelimiter + */ + public function __construct(\DateInterval $accessTokenTTL, $queryDelimiter = '#') { $this->accessTokenTTL = $accessTokenTTL; + $this->queryDelimiter = $queryDelimiter; } /** @@ -95,7 +102,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant public function canRespondToAuthorizationRequest(ServerRequestInterface $request) { return ( - array_key_exists('response_type', $request->getQueryParams()) + isset($request->getQueryParams()['response_type']) && $request->getQueryParams()['response_type'] === 'token' && isset($request->getQueryParams()['client_id']) ); @@ -142,17 +149,22 @@ class ImplicitGrant extends AbstractAuthorizeGrant $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } + } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 + || empty($client->getRedirectUri()) + ) { + $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); + throw OAuthServerException::invalidClient(); } $scopes = $this->validateScopes( - $this->getQueryStringParameter('scope', $request), + $this->getQueryStringParameter('scope', $request, $this->defaultScope), is_array($client->getRedirectUri()) ? $client->getRedirectUri()[0] : $client->getRedirectUri() ); // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes( + $finalizedScopes = $this->scopeRepository->finalizeScopes( $scopes, $this->getIdentifier(), $client @@ -165,7 +177,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant $authorizationRequest->setClient($client); $authorizationRequest->setRedirectUri($redirectUri); $authorizationRequest->setState($stateParameter); - $authorizationRequest->setScopes($scopes); + $authorizationRequest->setScopes($finalizedScopes); return $authorizationRequest; } @@ -204,7 +216,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant 'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp(), 'state' => $authorizationRequest->getState(), ], - '#' + $this->queryDelimiter ) ); diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index 31755613..cfd7e9fe 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -49,14 +49,14 @@ class PasswordGrant extends AbstractGrant ) { // Validate request $client = $this->validateClient($request); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request)); + $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope)); $user = $this->validateUser($request, $client); // Finalize the requested scopes - $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier()); + $finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier()); // Issue and persist new tokens - $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); + $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $finalizedScopes); $refreshToken = $this->issueRefreshToken($accessToken); // Inject tokens into response diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 53dfdf7d..66a3b266 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -44,28 +44,17 @@ class RefreshTokenGrant extends AbstractGrant // Validate request $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); - $scopes = $this->validateScopes($this->getRequestParameter('scope', $request)); + $scopes = $this->validateScopes($this->getRequestParameter( + 'scope', + $request, + implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes'])) + ); - // If no new scopes are requested then give the access token the original session scopes - if (count($scopes) === 0) { - $scopes = array_map(function ($scopeId) use ($client) { - $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId); - - if ($scope instanceof ScopeEntityInterface === false) { - // @codeCoverageIgnoreStart - throw OAuthServerException::invalidScope($scopeId); - // @codeCoverageIgnoreEnd - } - - return $scope; - }, $oldRefreshToken['scopes']); - } else { - // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure - // the request doesn't include any new scopes - foreach ($scopes as $scope) { - if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) { - throw OAuthServerException::invalidScope($scope->getIdentifier()); - } + // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure + // the request doesn't include any new scopes + foreach ($scopes as $scope) { + if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) { + throw OAuthServerException::invalidScope($scope->getIdentifier()); } } diff --git a/src/ResponseTypes/AbstractResponseType.php b/src/ResponseTypes/AbstractResponseType.php index 0c256f17..d013bab0 100644 --- a/src/ResponseTypes/AbstractResponseType.php +++ b/src/ResponseTypes/AbstractResponseType.php @@ -60,5 +60,4 @@ abstract class AbstractResponseType implements ResponseTypeInterface { $this->privateKey = $key; } - } diff --git a/tests/AuthorizationServerTest.php b/tests/AuthorizationServerTest.php index 91ca9e4b..068b914d 100644 --- a/tests/AuthorizationServerTest.php +++ b/tests/AuthorizationServerTest.php @@ -3,7 +3,6 @@ namespace LeagueTests; use League\OAuth2\Server\AuthorizationServer; -use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Grant\ClientCredentialsGrant; @@ -17,15 +16,20 @@ use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\AuthCodeEntity; use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; use Psr\Http\Message\ResponseInterface; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; use Zend\Diactoros\ServerRequestFactory; -class AuthorizationServerTest extends \PHPUnit_Framework_TestCase +class AuthorizationServerTest extends TestCase { + + const DEFAULT_SCOPE = 'basic'; + public function setUp() { // Make sure the keys have the correct permissions. @@ -59,7 +63,9 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase $clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepository->method('getClientEntity')->willReturn(new ClientEntity()); + $scope = new ScopeEntity(); $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0); $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); @@ -74,6 +80,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase new StubResponseType() ); + $server->setDefaultScope(self::DEFAULT_SCOPE); $server->enableGrantType(new ClientCredentialsGrant(), new \DateInterval('PT1M')); $_POST['grant_type'] = 'client_credentials'; @@ -99,7 +106,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase $method = $abstractGrantReflection->getMethod('getResponseType'); $method->setAccessible(true); - $this->assertTrue($method->invoke($server) instanceof BearerTokenResponse); + $this->assertInstanceOf(BearerTokenResponse::class, $method->invoke($server)); } public function testCompleteAuthorizationRequest() @@ -131,17 +138,23 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase $authRequest->setGrantTypeId('authorization_code'); $authRequest->setUser(new UserEntity()); - $this->assertTrue( - $server->completeAuthorizationRequest($authRequest, new Response) instanceof ResponseInterface + $this->assertInstanceOf( + ResponseInterface::class, + $server->completeAuthorizationRequest($authRequest, new Response) ); } public function testValidateAuthorizationRequest() { $client = new ClientEntity(); + $client->setRedirectUri('http://foo/bar'); $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scope = new ScopeEntity(); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $grant = new AuthCodeGrant( $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), @@ -152,7 +165,48 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase $server = new AuthorizationServer( $clientRepositoryMock, $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(), - $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(), + $scopeRepositoryMock, + 'file://' . __DIR__ . '/Stubs/private.key', + 'file://' . __DIR__ . '/Stubs/public.key' + ); + + $server->setDefaultScope(self::DEFAULT_SCOPE); + $server->enableGrantType($grant); + + $request = new ServerRequest( + [], + [], + null, + null, + 'php://input', + $headers = [], + $cookies = [], + $queryParams = [ + 'response_type' => 'code', + 'client_id' => 'foo', + ] + ); + + $this->assertInstanceOf(AuthorizationRequest::class, $server->validateAuthorizationRequest($request)); + } + + public function testValidateAuthorizationRequestWithMissingRedirectUri() + { + $client = new ClientEntity(); + $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); + $clientRepositoryMock->method('getClientEntity')->willReturn($client); + + $grant = new AuthCodeGrant( + $this->getMock(AuthCodeRepositoryInterface::class), + $this->getMock(RefreshTokenRepositoryInterface::class), + new \DateInterval('PT10M') + ); + $grant->setClientRepository($clientRepositoryMock); + + $server = new AuthorizationServer( + $clientRepositoryMock, + $this->getMock(AccessTokenRepositoryInterface::class), + $this->getMock(ScopeRepositoryInterface::class), 'file://' . __DIR__ . '/Stubs/private.key', 'file://' . __DIR__ . '/Stubs/public.key' ); @@ -172,7 +226,12 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase ] ); - $this->assertTrue($server->validateAuthorizationRequest($request) instanceof AuthorizationRequest); + try { + $server->validateAuthorizationRequest($request); + } catch (OAuthServerException $e) { + $this->assertEquals('invalid_client', $e->getErrorType()); + $this->assertEquals(401, $e->getHttpStatusCode()); + } } /** diff --git a/tests/CryptKeyTest.php b/tests/CryptKeyTest.php index c7f7f4a0..f4fd0659 100644 --- a/tests/CryptKeyTest.php +++ b/tests/CryptKeyTest.php @@ -3,8 +3,9 @@ namespace LeagueTests\Utils; use League\OAuth2\Server\CryptKey; +use PHPUnit\Framework\TestCase; -class CryptKeyTest extends \PHPUnit_Framework_TestCase +class CryptKeyTest extends TestCase { /** * @expectedException \LogicException diff --git a/tests/CryptTraitTest.php b/tests/CryptTraitTest.php index 8c7d2642..26427e59 100644 --- a/tests/CryptTraitTest.php +++ b/tests/CryptTraitTest.php @@ -2,10 +2,10 @@ namespace LeagueTests\Utils; -use League\OAuth2\Server\CryptKey; use LeagueTests\Stubs\CryptTraitStub; +use PHPUnit\Framework\TestCase; -class CryptTraitTest extends \PHPUnit_Framework_TestCase +class CryptTraitTest extends TestCase { /** * @var \LeagueTests\Stubs\CryptTraitStub diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php index 542c78dc..6266df0a 100644 --- a/tests/Grant/AbstractGrantTest.php +++ b/tests/Grant/AbstractGrantTest.php @@ -3,7 +3,6 @@ namespace LeagueTests\Grant; use League\Event\Emitter; -use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\AuthCodeEntityInterface; use League\OAuth2\Server\Entities\RefreshTokenEntityInterface; @@ -19,9 +18,10 @@ use LeagueTests\Stubs\AuthCodeEntity; use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\RefreshTokenEntity; use LeagueTests\Stubs\ScopeEntity; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequest; -class AbstractGrantTest extends \PHPUnit_Framework_TestCase +class AbstractGrantTest extends TestCase { public function testGetSet() { @@ -342,7 +342,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase $accessToken = new AccessTokenEntity(); /** @var RefreshTokenEntityInterface $refreshToken */ $refreshToken = $issueRefreshTokenMethod->invoke($grantMock, $accessToken); - $this->assertTrue($refreshToken instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $refreshToken); $this->assertEquals($accessToken, $refreshToken->getAccessToken()); } @@ -367,7 +367,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase 123, [new ScopeEntity()] ); - $this->assertTrue($accessToken instanceof AccessTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $accessToken); } public function testIssueAuthCode() @@ -383,7 +383,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase $issueAuthCodeMethod = $abstractGrantReflection->getMethod('issueAuthCode'); $issueAuthCodeMethod->setAccessible(true); - $this->assertTrue( + $this->assertInstanceOf( + AuthCodeEntityInterface::class, $issueAuthCodeMethod->invoke( $grantMock, new \DateInterval('PT1H'), @@ -391,7 +392,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase 123, 'http://foo/bar', [new ScopeEntity()] - ) instanceof AuthCodeEntityInterface + ) ); } @@ -467,7 +468,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase $method = $abstractGrantReflection->getMethod('generateUniqueIdentifier'); $method->setAccessible(true); - $this->assertTrue(is_string($method->invoke($grantMock))); + $this->assertInternalType('string', $method->invoke($grantMock)); } public function testCanRespondToAuthorizationRequest() diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php index 48fde6cc..a858871a 100644 --- a/tests/Grant/AuthCodeGrantTest.php +++ b/tests/Grant/AuthCodeGrantTest.php @@ -2,7 +2,6 @@ namespace LeagueTests\Grant; -use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\RefreshTokenEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; @@ -23,10 +22,13 @@ use LeagueTests\Stubs\RefreshTokenEntity; use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequest; -class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase +class AuthCodeGrantTest extends TestCase { + const DEFAULT_SCOPE = 'basic'; + /** * @var CryptTraitStub */ @@ -89,15 +91,22 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase { $client = new ClientEntity(); $client->setRedirectUri('http://foo/bar'); + $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scope = new ScopeEntity(); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $grant = new AuthCodeGrant( $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), new \DateInterval('PT10M') ); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -114,7 +123,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ] ); - $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest); + $this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request)); } public function testValidateAuthorizationRequestRedirectUriArray() @@ -124,12 +133,18 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scope = new ScopeEntity(); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $grant = new AuthCodeGrant( $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), new \DateInterval('PT10M') ); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -146,7 +161,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ] ); - $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest); + $this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request)); } public function testValidateAuthorizationRequestCodeChallenge() @@ -156,6 +171,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scope = new ScopeEntity(); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $grant = new AuthCodeGrant( $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), @@ -163,6 +182,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ); $grant->enableCodeExchangeProof(); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -180,7 +201,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ] ); - $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest); + $this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request)); } /** @@ -441,6 +462,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scope = new ScopeEntity(); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $grant = new AuthCodeGrant( $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), @@ -448,6 +473,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ); $grant->enableCodeExchangeProof(); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -478,6 +505,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $scope = new ScopeEntity(); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); + $grant = new AuthCodeGrant( $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), @@ -485,6 +516,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ); $grant->enableCodeExchangeProof(); $grant->setClientRepository($clientRepositoryMock); + $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -524,7 +557,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ); $grant->setEncryptionKey($this->cryptStub->getKey()); - $this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse); + $this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest)); } /** @@ -615,8 +648,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase /** @var StubResponseType $response */ $response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M')); - $this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); } public function testRespondToAccessTokenRequestCodeChallengePlain() @@ -686,8 +719,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase /** @var StubResponseType $response */ $response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M')); - $this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); } public function testRespondToAccessTokenRequestCodeChallengeS256() @@ -757,8 +790,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase /** @var StubResponseType $response */ $response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M')); - $this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); } /** @@ -1513,7 +1546,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ); $grant->setEncryptionKey($this->cryptStub->getKey()); - $this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse); + $this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest)); } /** @@ -1539,7 +1572,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase ); $grant->setEncryptionKey($this->cryptStub->getKey()); - $this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse); + $this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest)); } /** @@ -1564,7 +1597,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase new \DateInterval('PT10M') ); - $this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse); + $this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest)); } public function testRefreshTokenRepositoryUniqueConstraintCheck() @@ -1631,8 +1664,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase /** @var StubResponseType $response */ $response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M')); - $this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); } /** @@ -1702,8 +1735,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase /** @var StubResponseType $response */ $response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M')); - $this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); } /** @@ -1773,8 +1806,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase /** @var StubResponseType $response */ $response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M')); - $this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken()); } /** diff --git a/tests/Grant/ClientCredentialsGrantTest.php b/tests/Grant/ClientCredentialsGrantTest.php index a1665831..6c7b5a36 100644 --- a/tests/Grant/ClientCredentialsGrantTest.php +++ b/tests/Grant/ClientCredentialsGrantTest.php @@ -9,11 +9,15 @@ use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequest; -class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase +class ClientCredentialsGrantTest extends TestCase { + const DEFAULT_SCOPE = 'basic'; + public function testGetIdentifier() { $grant = new ClientCredentialsGrant(); @@ -30,13 +34,16 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity()); $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf(); + $scope = new ScopeEntity(); $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0); $grant = new ClientCredentialsGrant(); $grant->setClientRepository($clientRepositoryMock); $grant->setAccessTokenRepository($accessTokenRepositoryMock); $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $serverRequest = new ServerRequest(); $serverRequest = $serverRequest->withParsedBody( @@ -49,6 +56,6 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase $responseType = new StubResponseType(); $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M')); - $this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken()); } } diff --git a/tests/Grant/ImplicitGrantTest.php b/tests/Grant/ImplicitGrantTest.php index 3bfe4b84..0080548f 100644 --- a/tests/Grant/ImplicitGrantTest.php +++ b/tests/Grant/ImplicitGrantTest.php @@ -18,10 +18,13 @@ use LeagueTests\Stubs\CryptTraitStub; use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequest; -class ImplicitGrantTest extends \PHPUnit_Framework_TestCase +class ImplicitGrantTest extends TestCase { + const DEFAULT_SCOPE = 'basic'; + /** * CryptTrait stub */ @@ -96,6 +99,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase $grant = new ImplicitGrant(new \DateInterval('PT10M')); $grant->setClientRepository($clientRepositoryMock); $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -112,7 +116,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase ] ); - $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest); + $this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request)); } public function testValidateAuthorizationRequestRedirectUriArray() @@ -130,6 +134,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase $grant = new ImplicitGrant(new \DateInterval('PT10M')); $grant->setClientRepository($clientRepositoryMock); $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $request = new ServerRequest( [], @@ -146,7 +151,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase ] ); - $this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest); + $this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request)); } /** @@ -285,7 +290,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase $grant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $grant->setAccessTokenRepository($accessTokenRepositoryMock); - $this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse); + $this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest)); } /** @@ -329,7 +334,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase $grant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $grant->setAccessTokenRepository($accessTokenRepositoryMock); - $this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse); + $this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest)); } /** diff --git a/tests/Grant/PasswordGrantTest.php b/tests/Grant/PasswordGrantTest.php index b380bfb2..2ee700f8 100644 --- a/tests/Grant/PasswordGrantTest.php +++ b/tests/Grant/PasswordGrantTest.php @@ -13,12 +13,16 @@ use League\OAuth2\Server\Repositories\UserRepositoryInterface; use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\RefreshTokenEntity; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequest; -class PasswordGrantTest extends \PHPUnit_Framework_TestCase +class PasswordGrantTest extends TestCase { + const DEFAULT_SCOPE = 'basic'; + public function testGetIdentifier() { $userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock(); @@ -46,13 +50,16 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase $refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf(); $refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity()); + $scope = new ScopeEntity(); $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope); $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0); $grant = new PasswordGrant($userRepositoryMock, $refreshTokenRepositoryMock); $grant->setClientRepository($clientRepositoryMock); $grant->setAccessTokenRepository($accessTokenRepositoryMock); $grant->setScopeRepository($scopeRepositoryMock); + $grant->setDefaultScope(self::DEFAULT_SCOPE); $serverRequest = new ServerRequest(); $serverRequest = $serverRequest->withParsedBody( @@ -67,8 +74,8 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase $responseType = new StubResponseType(); $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M')); - $this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $responseType->getRefreshToken()); } /** diff --git a/tests/Grant/RefreshTokenGrantTest.php b/tests/Grant/RefreshTokenGrantTest.php index 47d7ad17..89598115 100644 --- a/tests/Grant/RefreshTokenGrantTest.php +++ b/tests/Grant/RefreshTokenGrantTest.php @@ -16,9 +16,10 @@ use LeagueTests\Stubs\CryptTraitStub; use LeagueTests\Stubs\RefreshTokenEntity; use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequest; -class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase +class RefreshTokenGrantTest extends TestCase { /** * @var CryptTraitStub @@ -45,21 +46,18 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepositoryMock->method('getClientEntity')->willReturn($client); - $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); $scopeEntity = new ScopeEntity(); + $scopeEntity->setIdentifier('foo'); + $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity); $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity()); - $accessTokenRepositoryMock - ->expects($this->once()) - ->method('persistNewAccessToken')->willReturnSelf(); + $accessTokenRepositoryMock->expects($this->once())->method('persistNewAccessToken')->willReturnSelf(); $refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(); $refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity()); - $refreshTokenRepositoryMock - ->expects($this->once()) - ->method('persistNewRefreshToken')->willReturnSelf(); + $refreshTokenRepositoryMock->expects($this->once())->method('persistNewRefreshToken')->willReturnSelf(); $grant = new RefreshTokenGrant($refreshTokenRepositoryMock); $grant->setClientRepository($clientRepositoryMock); @@ -82,19 +80,18 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase ); $serverRequest = new ServerRequest(); - $serverRequest = $serverRequest->withParsedBody( - [ - 'client_id' => 'foo', - 'client_secret' => 'bar', - 'refresh_token' => $oldRefreshToken, - ] - ); + $serverRequest = $serverRequest->withParsedBody([ + 'client_id' => 'foo', + 'client_secret' => 'bar', + 'refresh_token' => $oldRefreshToken, + 'scopes' => ['foo'], + ]); $responseType = new StubResponseType(); $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M')); - $this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $responseType->getRefreshToken()); } public function testRespondToReducedScopes() @@ -150,8 +147,8 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase $responseType = new StubResponseType(); $grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M')); - $this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface); - $this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface); + $this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken()); + $this->assertInstanceOf(RefreshTokenEntityInterface::class, $responseType->getRefreshToken()); } /** diff --git a/tests/Middleware/AuthorizationServerMiddlewareTest.php b/tests/Middleware/AuthorizationServerMiddlewareTest.php index 74dffbf7..99118736 100644 --- a/tests/Middleware/AuthorizationServerMiddlewareTest.php +++ b/tests/Middleware/AuthorizationServerMiddlewareTest.php @@ -11,18 +11,24 @@ use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\ClientEntity; +use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequestFactory; -class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase +class AuthorizationServerMiddlewareTest extends TestCase { + const DEFAULT_SCOPE = 'basic'; + public function testValidResponse() { $clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); $clientRepository->method('getClientEntity')->willReturn(new ClientEntity()); + $scopeEntity = new ScopeEntity; $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(); + $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity); $scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0); $accessRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); @@ -37,6 +43,7 @@ class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase new StubResponseType() ); + $server->setDefaultScope(self::DEFAULT_SCOPE); $server->enableGrantType(new ClientCredentialsGrant()); $_POST['grant_type'] = 'client_credentials'; diff --git a/tests/Middleware/ResourceServerMiddlewareTest.php b/tests/Middleware/ResourceServerMiddlewareTest.php index 549c8003..2269c45a 100644 --- a/tests/Middleware/ResourceServerMiddlewareTest.php +++ b/tests/Middleware/ResourceServerMiddlewareTest.php @@ -8,10 +8,11 @@ use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\ResourceServer; use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\ClientEntity; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; -class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase +class ResourceServerMiddlewareTest extends TestCase { public function testValidResponse() { diff --git a/tests/ResourceServerTest.php b/tests/ResourceServerTest.php index 8a3353cc..3120cad2 100644 --- a/tests/ResourceServerTest.php +++ b/tests/ResourceServerTest.php @@ -6,9 +6,10 @@ namespace LeagueTests; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\ResourceServer; +use PHPUnit\Framework\TestCase; use Zend\Diactoros\ServerRequestFactory; -class ResourceServerTest extends \PHPUnit_Framework_TestCase +class ResourceServerTest extends TestCase { public function testValidateAuthenticatedRequest() { diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php index 7f710d92..56ae9e3e 100644 --- a/tests/ResponseTypes/BearerResponseTypeTest.php +++ b/tests/ResponseTypes/BearerResponseTypeTest.php @@ -11,11 +11,12 @@ use LeagueTests\Stubs\AccessTokenEntity; use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\RefreshTokenEntity; use LeagueTests\Stubs\ScopeEntity; +use PHPUnit\Framework\TestCase; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; -class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase +class BearerResponseTypeTest extends TestCase { public function testGenerateHttpResponse() { @@ -47,7 +48,7 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase $response = $responseType->generateHttpResponse(new Response()); - $this->assertTrue($response instanceof ResponseInterface); + $this->assertInstanceOf(ResponseInterface::class, $response); $this->assertEquals(200, $response->getStatusCode()); $this->assertEquals('no-cache', $response->getHeader('pragma')[0]); $this->assertEquals('no-store', $response->getHeader('cache-control')[0]); @@ -55,10 +56,10 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase $response->getBody()->rewind(); $json = json_decode($response->getBody()->getContents()); - $this->assertEquals('Bearer', $json->token_type); - $this->assertTrue(isset($json->expires_in)); - $this->assertTrue(isset($json->access_token)); - $this->assertTrue(isset($json->refresh_token)); + $this->assertAttributeEquals('Bearer', 'token_type', $json); + $this->assertObjectHasAttribute('expires_in', $json); + $this->assertObjectHasAttribute('access_token', $json); + $this->assertObjectHasAttribute('refresh_token', $json); } public function testGenerateHttpResponseWithExtraParams() @@ -91,7 +92,7 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase $response = $responseType->generateHttpResponse(new Response()); - $this->assertTrue($response instanceof ResponseInterface); + $this->assertInstanceOf(ResponseInterface::class, $response); $this->assertEquals(200, $response->getStatusCode()); $this->assertEquals('no-cache', $response->getHeader('pragma')[0]); $this->assertEquals('no-store', $response->getHeader('cache-control')[0]); @@ -99,13 +100,13 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase $response->getBody()->rewind(); $json = json_decode($response->getBody()->getContents()); - $this->assertEquals('Bearer', $json->token_type); - $this->assertTrue(isset($json->expires_in)); - $this->assertTrue(isset($json->access_token)); - $this->assertTrue(isset($json->refresh_token)); + $this->assertAttributeEquals('Bearer', 'token_type', $json); + $this->assertObjectHasAttribute('expires_in', $json); + $this->assertObjectHasAttribute('access_token', $json); + $this->assertObjectHasAttribute('refresh_token', $json); - $this->assertTrue(isset($json->foo)); - $this->assertEquals('bar', $json->foo); + $this->assertObjectHasAttribute('foo', $json); + $this->assertAttributeEquals('bar', 'foo', $json); } public function testDetermineAccessTokenInHeaderValidToken() diff --git a/tests/Stubs/CryptTraitStub.php b/tests/Stubs/CryptTraitStub.php index a481a849..3fe02199 100644 --- a/tests/Stubs/CryptTraitStub.php +++ b/tests/Stubs/CryptTraitStub.php @@ -2,7 +2,6 @@ namespace LeagueTests\Stubs; -use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\CryptTrait; class CryptTraitStub