mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Improved testing
This commit is contained in:
parent
cee4147688
commit
d02437dd73
@ -286,4 +286,12 @@ class OAuthServerException extends \Exception
|
|||||||
{
|
{
|
||||||
return $this->httpStatusCode;
|
return $this->httpStatusCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return null|string
|
||||||
|
*/
|
||||||
|
public function getHint()
|
||||||
|
{
|
||||||
|
return $this->hint;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -16,6 +16,7 @@ use League\Event\Event;
|
|||||||
use League\OAuth2\Server\Entities\AccessTokenEntity;
|
use League\OAuth2\Server\Entities\AccessTokenEntity;
|
||||||
use League\OAuth2\Server\Entities\AuthCodeEntity;
|
use League\OAuth2\Server\Entities\AuthCodeEntity;
|
||||||
use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
|
||||||
|
use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\RefreshTokenEntity;
|
use League\OAuth2\Server\Entities\RefreshTokenEntity;
|
||||||
use League\OAuth2\Server\Entities\ScopeEntity;
|
use League\OAuth2\Server\Entities\ScopeEntity;
|
||||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
@ -344,6 +345,11 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$accessToken->setUserIdentifier($userIdentifier);
|
$accessToken->setUserIdentifier($userIdentifier);
|
||||||
|
|
||||||
foreach ($scopes as $scope) {
|
foreach ($scopes as $scope) {
|
||||||
|
if (is_string($scope)) {
|
||||||
|
$s = new ScopeEntity();
|
||||||
|
$s->setIdentifier($scope);
|
||||||
|
$scope = $s;
|
||||||
|
}
|
||||||
$accessToken->addScope($scope);
|
$accessToken->addScope($scope);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -435,8 +441,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
public function canRespondToRequest(ServerRequestInterface $request)
|
public function canRespondToRequest(ServerRequestInterface $request)
|
||||||
{
|
{
|
||||||
return
|
return isset($request->getParsedBody()['grant_type'])
|
||||||
isset($request->getParsedBody()['grant_type'])
|
|
||||||
&& $request->getParsedBody()['grant_type'] === $this->getIdentifier();
|
&& $request->getParsedBody()['grant_type'] === $this->getIdentifier();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -108,6 +108,11 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$redirectUriParameter = $this->getQueryStringParameter('redirect_uri', $request, $client->getRedirectUri());
|
||||||
|
if ($redirectUriParameter !== $client->getRedirectUri()) {
|
||||||
|
throw OAuthServerException::invalidClient();
|
||||||
|
}
|
||||||
|
|
||||||
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
|
$scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
|
||||||
$queryString = http_build_query($request->getQueryParams());
|
$queryString = http_build_query($request->getQueryParams());
|
||||||
$postbackUri = new Uri(
|
$postbackUri = new Uri(
|
||||||
@ -224,6 +229,7 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
json_encode(
|
json_encode(
|
||||||
[
|
[
|
||||||
'client_id' => $authCode->getClient()->getIdentifier(),
|
'client_id' => $authCode->getClient()->getIdentifier(),
|
||||||
|
'redirect_uri' => $authCode->getRedirectUri(),
|
||||||
'auth_code_id' => $authCode->getIdentifier(),
|
'auth_code_id' => $authCode->getIdentifier(),
|
||||||
'scopes' => $authCode->getScopes(),
|
'scopes' => $authCode->getScopes(),
|
||||||
'user_id' => $authCode->getUserIdentifier(),
|
'user_id' => $authCode->getUserIdentifier(),
|
||||||
@ -258,7 +264,7 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
DateInterval $accessTokenTTL
|
DateInterval $accessTokenTTL
|
||||||
) {
|
) {
|
||||||
// The redirect URI is required in this request
|
// The redirect URI is required in this request
|
||||||
$redirectUri = $this->getQueryStringParameter('redirect_uri', $request, null);
|
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
||||||
if (is_null($redirectUri)) {
|
if (is_null($redirectUri)) {
|
||||||
throw OAuthServerException::invalidRequest('redirect_uri');
|
throw OAuthServerException::invalidRequest('redirect_uri');
|
||||||
}
|
}
|
||||||
@ -285,6 +291,10 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
if ($authCodePayload->client_id !== $client->getIdentifier()) {
|
if ($authCodePayload->client_id !== $client->getIdentifier()) {
|
||||||
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
|
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($authCodePayload->redirect_uri !== $redirectUri) {
|
||||||
|
throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI');
|
||||||
|
}
|
||||||
} catch (\LogicException $e) {
|
} catch (\LogicException $e) {
|
||||||
throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code');
|
throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code');
|
||||||
}
|
}
|
||||||
@ -341,13 +351,8 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
&& $request->getQueryParams()['response_type'] === 'code'
|
&& $request->getQueryParams()['response_type'] === 'code'
|
||||||
) {
|
) {
|
||||||
return $this->respondToAuthorizationRequest($request);
|
return $this->respondToAuthorizationRequest($request);
|
||||||
} elseif (
|
|
||||||
array_key_exists('grant_type', $request->getParsedBody())
|
|
||||||
&& $request->getParsedBody()['grant_type'] === 'authorization_code'
|
|
||||||
) {
|
|
||||||
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
|
||||||
} else {
|
|
||||||
throw OAuthServerException::serverError('respondToRequest() should not have been called');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,10 +3,14 @@
|
|||||||
namespace LeagueTests\Grant;
|
namespace LeagueTests\Grant;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\ClientEntity;
|
use League\OAuth2\Server\Entities\ClientEntity;
|
||||||
|
use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
|
||||||
|
use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
|
||||||
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
use League\OAuth2\Server\Grant\AuthCodeGrant;
|
use League\OAuth2\Server\Grant\AuthCodeGrant;
|
||||||
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
|
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
||||||
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
||||||
use League\OAuth2\Server\Utils\KeyCrypt;
|
use League\OAuth2\Server\Utils\KeyCrypt;
|
||||||
use LeagueTests\Stubs\StubResponseType;
|
use LeagueTests\Stubs\StubResponseType;
|
||||||
@ -24,8 +28,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->getMock(RefreshTokenRepositoryInterface::class),
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
$this->getMock(UserRepositoryInterface::class),
|
$this->getMock(UserRepositoryInterface::class),
|
||||||
new \DateInterval('PT10M'),
|
new \DateInterval('PT10M'),
|
||||||
'',
|
'foo/bar.php',
|
||||||
''
|
'foo/bar.php'
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->assertEquals('authorization_code', $grant->getIdentifier());
|
$this->assertEquals('authorization_code', $grant->getIdentifier());
|
||||||
@ -234,10 +238,6 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($response instanceof ResponseInterface);
|
$this->assertTrue($response instanceof ResponseInterface);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
|
||||||
* @expectedExceptionCode 4
|
|
||||||
*/
|
|
||||||
public function testRespondToAuthorizationRequestBadClient()
|
public function testRespondToAuthorizationRequestBadClient()
|
||||||
{
|
{
|
||||||
$client = null;
|
$client = null;
|
||||||
@ -252,9 +252,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->getMock(AuthCodeRepositoryInterface::class),
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
$this->getMock(RefreshTokenRepositoryInterface::class),
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
$userRepositoryMock,
|
$userRepositoryMock,
|
||||||
new \DateInterval('PT10M'),
|
new \DateInterval('PT10M')
|
||||||
'',
|
|
||||||
''
|
|
||||||
);
|
);
|
||||||
$grant->setClientRepository($clientRepositoryMock);
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
@ -288,9 +286,69 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
$response = $grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
try {
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
} catch (OAuthServerException $e) {
|
||||||
|
$this->assertEquals($e->getMessage(), 'Client authentication failed');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$this->assertTrue($response instanceof ResponseInterface);
|
public function testRespondToAuthorizationRequestBadRedirectUri()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$userEntity = new UserEntity();
|
||||||
|
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[
|
||||||
|
'HTTP_HOST' => 'auth-server.tld',
|
||||||
|
'REQUEST_URI' => '/authorize',
|
||||||
|
],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'oauth_authorize_request' => KeyCrypt::encrypt(
|
||||||
|
json_encode(['user_id' => 123]),
|
||||||
|
'file://' . __DIR__ . '/../Utils/private.key'
|
||||||
|
),
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'response_type' => 'code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'sdfsdf'
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'username' => 'alex',
|
||||||
|
'password' => 'whisky',
|
||||||
|
'action' => 'approve',
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
} catch (OAuthServerException $e) {
|
||||||
|
$this->assertEquals($e->getMessage(), 'Client authentication failed');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -516,4 +574,426 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($response instanceof ResponseInterface);
|
$this->assertTrue($response instanceof ResponseInterface);
|
||||||
$this->assertTrue(strstr($response->getHeader('set-cookie')[0], 'oauth_authorize_request') !== false);
|
$this->assertTrue(strstr($response->getHeader('set-cookie')[0], 'oauth_authorize_request') !== false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testRespondToAccessTokenRequest()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setIdentifier('foo');
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$userEntity = new UserEntity();
|
||||||
|
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||||
|
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
'code' => KeyCrypt::encrypt(
|
||||||
|
json_encode(
|
||||||
|
[
|
||||||
|
'auth_code_id' => uniqid(),
|
||||||
|
'expire_time' => time() + 3600,
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'user_id' => 123,
|
||||||
|
'scopes' => ['foo'],
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
]
|
||||||
|
),
|
||||||
|
'file://' . __DIR__ . '/../Utils/private.key'
|
||||||
|
),
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$response = $grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
|
||||||
|
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||||
|
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||||
|
* @expectedExceptionCode 3
|
||||||
|
*/
|
||||||
|
public function testRespondToAccessTokenRequestMissingRedirectUri()
|
||||||
|
{
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||||
|
* @expectedExceptionCode 3
|
||||||
|
*/
|
||||||
|
public function testRespondToAccessTokenRequestMissingCode()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setSecret('bar');
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'client_secret' => 'bar',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRespondToAccessTokenRequestExpiredCode()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setIdentifier('foo');
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$userEntity = new UserEntity();
|
||||||
|
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||||
|
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
'code' => KeyCrypt::encrypt(
|
||||||
|
json_encode(
|
||||||
|
[
|
||||||
|
'auth_code_id' => uniqid(),
|
||||||
|
'expire_time' => time() - 3600,
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'user_id' => 123,
|
||||||
|
'scopes' => ['foo'],
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
]
|
||||||
|
),
|
||||||
|
'file://' . __DIR__ . '/../Utils/private.key'
|
||||||
|
),
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
} catch (OAuthServerException $e) {
|
||||||
|
$this->assertEquals($e->getHint(), 'Authorization code has expired');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRespondToAccessTokenRequestRevokedCode()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setIdentifier('foo');
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$userEntity = new UserEntity();
|
||||||
|
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||||
|
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$authCodeRepositoryMock = $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock();
|
||||||
|
$authCodeRepositoryMock->method('isAuthCodeRevoked')->willReturn(true);
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$authCodeRepositoryMock,
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
'code' => KeyCrypt::encrypt(
|
||||||
|
json_encode(
|
||||||
|
[
|
||||||
|
'auth_code_id' => uniqid(),
|
||||||
|
'expire_time' => time() + 3600,
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'user_id' => 123,
|
||||||
|
'scopes' => ['foo'],
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
]
|
||||||
|
),
|
||||||
|
'file://' . __DIR__ . '/../Utils/private.key'
|
||||||
|
),
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
} catch (OAuthServerException $e) {
|
||||||
|
$this->assertEquals($e->getHint(), 'Authorization code has been revoked');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRespondToAccessTokenRequestClientMismatch()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setIdentifier('foo');
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$userEntity = new UserEntity();
|
||||||
|
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||||
|
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
'code' => KeyCrypt::encrypt(
|
||||||
|
json_encode(
|
||||||
|
[
|
||||||
|
'auth_code_id' => uniqid(),
|
||||||
|
'expire_time' => time() + 3600,
|
||||||
|
'client_id' => 'bar',
|
||||||
|
'user_id' => 123,
|
||||||
|
'scopes' => ['foo'],
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
]
|
||||||
|
),
|
||||||
|
'file://' . __DIR__ . '/../Utils/private.key'
|
||||||
|
),
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
} catch (OAuthServerException $e) {
|
||||||
|
$this->assertEquals($e->getHint(), 'Authorization code was not issued to this client');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRespondToAccessTokenRequestBadCodeEncryption()
|
||||||
|
{
|
||||||
|
$client = new ClientEntity();
|
||||||
|
$client->setIdentifier('foo');
|
||||||
|
$client->setRedirectUri('http://foo/bar');
|
||||||
|
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||||
|
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||||
|
|
||||||
|
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||||
|
$userEntity = new UserEntity();
|
||||||
|
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||||
|
|
||||||
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||||
|
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||||
|
|
||||||
|
$grant = new AuthCodeGrant(
|
||||||
|
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||||
|
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||||
|
$userRepositoryMock,
|
||||||
|
new \DateInterval('PT10M')
|
||||||
|
);
|
||||||
|
$grant->setClientRepository($clientRepositoryMock);
|
||||||
|
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||||
|
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
|
||||||
|
$grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
|
||||||
|
$grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
|
||||||
|
|
||||||
|
$request = new ServerRequest(
|
||||||
|
[],
|
||||||
|
[]
|
||||||
|
,
|
||||||
|
null,
|
||||||
|
'POST',
|
||||||
|
'php://input',
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[],
|
||||||
|
[
|
||||||
|
'grant_type' => 'authorization_code',
|
||||||
|
'client_id' => 'foo',
|
||||||
|
'redirect_uri' => 'http://foo/bar',
|
||||||
|
'code' => 'sdfsfsd',
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
/** @var StubResponseType $response */
|
||||||
|
$grant->respondToRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||||
|
} catch (OAuthServerException $e) {
|
||||||
|
$this->assertEquals($e->getHint(), 'Cannot decrypt the authorization code');
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user