Fix #231

tests/unit/ResourceServerTest.php

@@ -142,7 +142,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
         });
 
         $accessTokenStorage->shouldReceive('get')->andReturn(
-            (new AccessTokenEntity($server))->setId('abcdef')
+            (new AccessTokenEntity($server))->setId('abcdef')->setExpireTime(time() + 300)
         );
 
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
@@ -167,4 +167,60 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue($server->isValidRequest());
         $this->assertEquals('abcdef', $server->getAccessToken());
     }
+
+    /**
+     * @expectedException League\OAuth2\Server\Exception\AccessDeniedException
+     */
+    public function testIsValidExpiredToken()
+    {
+        $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
+        $sessionStorage->shouldReceive('setServer');
+
+        $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
+        $accessTokenStorage->shouldReceive('setServer');
+
+        $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
+        $clientStorage->shouldReceive('setServer');
+
+        $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
+        $scopeStorage->shouldReceive('setServer');
+
+        $server = new ResourceServer(
+            $sessionStorage,
+            $accessTokenStorage,
+            $clientStorage,
+            $scopeStorage
+        );
+
+        $server->setIdKey('at');
+
+        $server->addEventListener('session.owner', function($event) {
+            $this->assertTrue($event->getSession() instanceof \League\OAuth2\Server\Entity\SessionEntity);
+        });
+
+        $accessTokenStorage->shouldReceive('get')->andReturn(
+            (new AccessTokenEntity($server))->setId('abcdef')->setExpireTime(time() - 300)
+        );
+
+        $accessTokenStorage->shouldReceive('getScopes')->andReturn([
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
+            (new ScopeEntity($server))->hydrate(['id' => 'bar'])
+        ]);
+
+        $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
+            (new SessionEntity($server))->setId('foobar')->setOwner('user', 123)
+        );
+
+        $clientStorage->shouldReceive('getBySession')->andReturn(
+            (new ClientEntity($server))->hydrate(['id' => 'testapp'])
+        );
+
+        $request = new \Symfony\Component\HttpFoundation\Request();
+        $request->headers = new \Symfony\Component\HttpFoundation\ParameterBag([
+            'Authorization' =>  'Bearer abcdef'
+        ]);
+        $server->setRequest($request);
+
+        $server->isValidRequest();
+    }
 }