diff --git a/.travis.yml b/.travis.yml index 454b8284..2684cac3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,19 +5,23 @@ sudo: false cache: directories: - - vendor + - vendor + +env: + - DEPENDENCIES="" + - DEPENDENCIES="--prefer-lowest --prefer-stable" php: - - 5.6 - 7.0 - 7.1 - 7.2 install: - - travis_retry composer install --no-interaction --prefer-source + - composer update --no-interaction --prefer-dist $DEPENDENCIES script: - vendor/bin/phpunit + - vendor/bin/phpstan analyse -l 6 -c phpstan.neon src tests branches: only: diff --git a/composer.json b/composer.json index d8d11125..8e7fd7e6 100644 --- a/composer.json +++ b/composer.json @@ -4,17 +4,20 @@ "homepage": "https://oauth2.thephpleague.com/", "license": "MIT", "require": { - "php": ">=5.6.0", + "php": ">=7.0.0", "ext-openssl": "*", "league/event": "^2.1", - "lcobucci/jwt": "^3.1", + "lcobucci/jwt": "^3.2.2", "paragonie/random_compat": "^2.0", - "psr/http-message": "^1.0", + "psr/http-message": "^1.0.1", "defuse/php-encryption": "^2.1" }, "require-dev": { - "phpunit/phpunit": "^4.8.38 || ^5.7.21", - "zendframework/zend-diactoros": "^1.0" + "phpunit/phpunit": "^6.3 || ^7.0", + "zendframework/zend-diactoros": "^1.3.2", + "phpstan/phpstan": "^0.9.2", + "phpstan/phpstan-phpunit": "^0.9.4", + "phpstan/phpstan-strict-rules": "^0.9.0" }, "repositories": [ { diff --git a/examples/public/api.php b/examples/public/api.php index 3032ffed..2f896434 100644 --- a/examples/public/api.php +++ b/examples/public/api.php @@ -49,16 +49,18 @@ $app->get( ], ]; + $totalUsers = count($users); + // If the access token doesn't have the `basic` scope hide users' names if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) { - for ($i = 0; $i < count($users); $i++) { + for ($i = 0; $i < $totalUsers; $i++) { unset($users[$i]['name']); } } // If the access token doesn't have the `email` scope hide users' email addresses if (in_array('email', $request->getAttribute('oauth_scopes')) === false) { - for ($i = 0; $i < count($users); $i++) { + for ($i = 0; $i < $totalUsers; $i++) { unset($users[$i]['email']); } } diff --git a/examples/public/implicit.php b/examples/public/implicit.php index 73de09ec..73e46e46 100644 --- a/examples/public/implicit.php +++ b/examples/public/implicit.php @@ -41,7 +41,6 @@ $app = new App([ $privateKeyPath, 'lxZFUEsBCJ2Yb14IF2ygAHI5N4+ZAUXXaSeeJm6+twsUmIen' ); - $server->setEncryptionKey('lxZFUEsBCJ2Yb14IF2ygAHI5N4+ZAUXXaSeeJm6+twsUmIen'); // Enable the implicit grant on the server with a token TTL of 1 hour $server->enableGrantType(new ImplicitGrant(new \DateInterval('PT1H'))); diff --git a/phpstan.neon b/phpstan.neon new file mode 100644 index 00000000..88c21d40 --- /dev/null +++ b/phpstan.neon @@ -0,0 +1,5 @@ +includes: + - vendor/phpstan/phpstan-phpunit/extension.neon + - vendor/phpstan/phpstan-phpunit/rules.neon + - vendor/phpstan/phpstan-phpunit/strictRules.neon + - vendor/phpstan/phpstan-strict-rules/rules.neon diff --git a/src/AuthorizationServer.php b/src/AuthorizationServer.php index 69c16954..885776ec 100644 --- a/src/AuthorizationServer.php +++ b/src/AuthorizationServer.php @@ -17,6 +17,7 @@ use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; use League\OAuth2\Server\RequestTypes\AuthorizationRequest; +use League\OAuth2\Server\ResponseTypes\AbstractResponseType; use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use Psr\Http\Message\ResponseInterface; @@ -190,7 +191,6 @@ class AuthorizationServer implements EmitterAwareInterface if ($tokenResponse instanceof ResponseTypeInterface) { return $tokenResponse->generateHttpResponse($response); } - } throw OAuthServerException::unsupportedGrantType(); @@ -207,7 +207,9 @@ class AuthorizationServer implements EmitterAwareInterface $this->responseType = new BearerTokenResponse(); } - $this->responseType->setPrivateKey($this->privateKey); + if ($this->responseType instanceof AbstractResponseType === true) { + $this->responseType->setPrivateKey($this->privateKey); + } $this->responseType->setEncryptionKey($this->encryptionKey); return $this->responseType; diff --git a/src/CryptKey.php b/src/CryptKey.php index 0d5f5cf6..efc5f5e8 100644 --- a/src/CryptKey.php +++ b/src/CryptKey.php @@ -48,9 +48,9 @@ class CryptKey if ($keyPermissionsCheck === true) { // Verify the permissions of the key $keyPathPerms = decoct(fileperms($keyPath) & 0777); - if (in_array($keyPathPerms, ['600', '660'], true) === false) { + if (in_array($keyPathPerms, ['400', '440', '600', '660'], true) === false) { trigger_error(sprintf( - 'Key file "%s" permissions are not correct, should be 600 or 660 instead of %s', + 'Key file "%s" permissions are not correct, recommend changing to 600 or 660 instead of %s', $keyPath, $keyPathPerms ), E_USER_NOTICE); @@ -73,7 +73,11 @@ class CryptKey $tmpDir = sys_get_temp_dir(); $keyPath = $tmpDir . '/' . sha1($key) . '.key'; - if (!file_exists($keyPath) && !touch($keyPath)) { + if (file_exists($keyPath)) { + return 'file://' . $keyPath; + } + + if (!touch($keyPath)) { // @codeCoverageIgnoreStart throw new \RuntimeException(sprintf('"%s" key file could not be created', $keyPath)); // @codeCoverageIgnoreEnd diff --git a/src/Entities/AccessTokenEntityInterface.php b/src/Entities/AccessTokenEntityInterface.php index c297e267..4da7600e 100644 --- a/src/Entities/AccessTokenEntityInterface.php +++ b/src/Entities/AccessTokenEntityInterface.php @@ -9,6 +9,7 @@ namespace League\OAuth2\Server\Entities; +use Lcobucci\JWT\Token; use League\OAuth2\Server\CryptKey; interface AccessTokenEntityInterface extends TokenInterface @@ -18,7 +19,7 @@ interface AccessTokenEntityInterface extends TokenInterface * * @param CryptKey $privateKey * - * @return string + * @return Token */ public function convertToJWT(CryptKey $privateKey); } diff --git a/src/Entities/RefreshTokenEntityInterface.php b/src/Entities/RefreshTokenEntityInterface.php index 05e86e00..e4f10400 100644 --- a/src/Entities/RefreshTokenEntityInterface.php +++ b/src/Entities/RefreshTokenEntityInterface.php @@ -21,7 +21,7 @@ interface RefreshTokenEntityInterface /** * Set the token's identifier. * - * @param $identifier + * @param mixed $identifier */ public function setIdentifier($identifier); diff --git a/src/Entities/TokenInterface.php b/src/Entities/TokenInterface.php index c842b09a..378adbdc 100644 --- a/src/Entities/TokenInterface.php +++ b/src/Entities/TokenInterface.php @@ -21,7 +21,7 @@ interface TokenInterface /** * Set the token's identifier. * - * @param $identifier + * @param mixed $identifier */ public function setIdentifier($identifier); @@ -42,14 +42,14 @@ interface TokenInterface /** * Set the identifier of the user associated with the token. * - * @param string|int $identifier The identifier of the user + * @param string|int|null $identifier The identifier of the user */ public function setUserIdentifier($identifier); /** * Get the token user's identifier. * - * @return string|int + * @return string|int|null */ public function getUserIdentifier(); diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php index 741d6c19..81fc1bfd 100644 --- a/src/Entities/Traits/AccessTokenTrait.php +++ b/src/Entities/Traits/AccessTokenTrait.php @@ -12,6 +12,7 @@ namespace League\OAuth2\Server\Entities\Traits; use Lcobucci\JWT\Builder; use Lcobucci\JWT\Signer\Key; use Lcobucci\JWT\Signer\Rsa\Sha256; +use Lcobucci\JWT\Token; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Entities\ScopeEntityInterface; @@ -23,7 +24,7 @@ trait AccessTokenTrait * * @param CryptKey $privateKey * - * @return string + * @return Token */ public function convertToJWT(CryptKey $privateKey) { diff --git a/src/Entities/Traits/EntityTrait.php b/src/Entities/Traits/EntityTrait.php index 20c86591..05452923 100644 --- a/src/Entities/Traits/EntityTrait.php +++ b/src/Entities/Traits/EntityTrait.php @@ -11,7 +11,7 @@ namespace League\OAuth2\Server\Entities\Traits; trait EntityTrait { - /* + /** * @var string */ protected $identifier; diff --git a/src/Entities/Traits/TokenEntityTrait.php b/src/Entities/Traits/TokenEntityTrait.php index 0b5608cd..c6653cce 100644 --- a/src/Entities/Traits/TokenEntityTrait.php +++ b/src/Entities/Traits/TokenEntityTrait.php @@ -25,7 +25,7 @@ trait TokenEntityTrait protected $expiryDateTime; /** - * @var string|int + * @var string|int|null */ protected $userIdentifier; @@ -77,7 +77,7 @@ trait TokenEntityTrait /** * Set the identifier of the user associated with the token. * - * @param string|int $identifier The identifier of the user + * @param string|int|null $identifier The identifier of the user */ public function setUserIdentifier($identifier) { @@ -87,7 +87,7 @@ trait TokenEntityTrait /** * Get the token user's identifier. * - * @return string|int + * @return string|int|null */ public function getUserIdentifier() { diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 8d101c4c..b67bcf03 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -33,6 +33,11 @@ class OAuthServerException extends \Exception */ private $redirectUri; + /** + * @var array + */ + private $payload; + /** * Throw a new exception. * @@ -50,6 +55,33 @@ class OAuthServerException extends \Exception $this->errorType = $errorType; $this->hint = $hint; $this->redirectUri = $redirectUri; + $this->payload = [ + 'error' => $errorType, + 'message' => $message, + ]; + if ($hint !== null) { + $this->payload['hint'] = $hint; + } + } + + /** + * Returns the current payload. + * + * @return array + */ + public function getPayload() + { + return $this->payload; + } + + /** + * Updates the current payload. + * + * @param array $payload + */ + public function setPayload(array $payload) + { + $this->payload = $payload; } /** @@ -131,7 +163,7 @@ class OAuthServerException extends \Exception /** * Server error. * - * @param $hint + * @param string $hint * * @return static * @@ -213,21 +245,15 @@ class OAuthServerException extends \Exception * * @param ResponseInterface $response * @param bool $useFragment True if errors should be in the URI fragment instead of query string + * @param int $jsonOptions options passed to json_encode * * @return ResponseInterface */ - public function generateHttpResponse(ResponseInterface $response, $useFragment = false) + public function generateHttpResponse(ResponseInterface $response, $useFragment = false, $jsonOptions = 0) { $headers = $this->getHttpHeaders(); - $payload = [ - 'error' => $this->getErrorType(), - 'message' => $this->getMessage(), - ]; - - if ($this->hint !== null) { - $payload['hint'] = $this->hint; - } + $payload = $this->getPayload(); if ($this->redirectUri !== null) { if ($useFragment === true) { @@ -243,7 +269,7 @@ class OAuthServerException extends \Exception $response = $response->withHeader($header, $content); } - $response->getBody()->write(json_encode($payload)); + $response->getBody()->write(json_encode($payload, $jsonOptions)); return $response->withStatus($this->getHttpStatusCode()); } diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 25378955..304ba99b 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -204,7 +204,7 @@ abstract class AbstractGrant implements GrantTypeInterface throw OAuthServerException::invalidClient(); } elseif ( is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri()) === false + && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); @@ -341,7 +341,7 @@ abstract class AbstractGrant implements GrantTypeInterface * * @param \DateInterval $accessTokenTTL * @param ClientEntityInterface $client - * @param string $userIdentifier + * @param string|null $userIdentifier * @param ScopeEntityInterface[] $scopes * * @throws OAuthServerException diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 122edf00..d1669b2f 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -244,23 +244,24 @@ class AuthCodeGrant extends AbstractAuthorizeGrant throw OAuthServerException::invalidClient(); } elseif ( is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri()) === false + && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 - || empty($client->getRedirectUri()) - ) { + || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); + } else { + $redirectUri = is_array($client->getRedirectUri()) + ? $client->getRedirectUri()[0] + : $client->getRedirectUri(); } $scopes = $this->validateScopes( $this->getQueryStringParameter('scope', $request, $this->defaultScope), - is_array($client->getRedirectUri()) - ? $client->getRedirectUri()[0] - : $client->getRedirectUri() + $redirectUri ); $stateParameter = $this->getQueryStringParameter('state', $request); @@ -279,7 +280,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant } $codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain'); - if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) { + if (in_array($codeChallengeMethod, ['plain', 'S256'], true) === false) { throw OAuthServerException::invalidRequest( 'code_challenge_method', 'Code challenge method must be `plain` or `S256`' diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index f3c9e694..19e3e684 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -33,7 +33,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant /** * @param \DateInterval $accessTokenTTL - * @param string $queryDelimiter + * @param string $queryDelimiter */ public function __construct(\DateInterval $accessTokenTTL, $queryDelimiter = '#') { @@ -144,23 +144,24 @@ class ImplicitGrant extends AbstractAuthorizeGrant throw OAuthServerException::invalidClient(); } elseif ( is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri()) === false + && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 - || empty($client->getRedirectUri()) - ) { + || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); + } else { + $redirectUri = is_array($client->getRedirectUri()) + ? $client->getRedirectUri()[0] + : $client->getRedirectUri(); } $scopes = $this->validateScopes( $this->getQueryStringParameter('scope', $request, $this->defaultScope), - is_array($client->getRedirectUri()) - ? $client->getRedirectUri()[0] - : $client->getRedirectUri() + $redirectUri ); // Finalize the requested scopes diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 66a3b266..f8e022b4 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -11,7 +11,6 @@ namespace League\OAuth2\Server\Grant; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\RequestEvent; @@ -53,7 +52,7 @@ class RefreshTokenGrant extends AbstractGrant // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure // the request doesn't include any new scopes foreach ($scopes as $scope) { - if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) { + if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], true) === false) { throw OAuthServerException::invalidScope($scope->getIdentifier()); } } diff --git a/src/Repositories/ClientRepositoryInterface.php b/src/Repositories/ClientRepositoryInterface.php index 34adf56a..ba0610d5 100644 --- a/src/Repositories/ClientRepositoryInterface.php +++ b/src/Repositories/ClientRepositoryInterface.php @@ -20,12 +20,12 @@ interface ClientRepositoryInterface extends RepositoryInterface * Get a client. * * @param string $clientIdentifier The client's identifier - * @param string $grantType The grant type used + * @param null|string $grantType The grant type used (if sent) * @param null|string $clientSecret The client's secret (if sent) * @param bool $mustValidateSecret If true the client must attempt to validate the secret if the client * is confidential * * @return ClientEntityInterface */ - public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null, $mustValidateSecret = true); + public function getClientEntity($clientIdentifier, $grantType = null, $clientSecret = null, $mustValidateSecret = true); } diff --git a/src/RequestTypes/AuthorizationRequest.php b/src/RequestTypes/AuthorizationRequest.php index 41bfb509..ce5a0034 100644 --- a/src/RequestTypes/AuthorizationRequest.php +++ b/src/RequestTypes/AuthorizationRequest.php @@ -53,7 +53,7 @@ class AuthorizationRequest /** * The redirect URI used in the request * - * @var string + * @var string|null */ protected $redirectUri; @@ -159,7 +159,7 @@ class AuthorizationRequest } /** - * @return string + * @return string|null */ public function getRedirectUri() { @@ -167,7 +167,7 @@ class AuthorizationRequest } /** - * @param string $redirectUri + * @param string|null $redirectUri */ public function setRedirectUri($redirectUri) { diff --git a/src/ResourceServer.php b/src/ResourceServer.php index 5e9c13f3..e1f98d6d 100644 --- a/src/ResourceServer.php +++ b/src/ResourceServer.php @@ -63,7 +63,9 @@ class ResourceServer $this->authorizationValidator = new BearerTokenValidator($this->accessTokenRepository); } - $this->authorizationValidator->setPublicKey($this->publicKey); + if ($this->authorizationValidator instanceof BearerTokenValidator === true) { + $this->authorizationValidator->setPublicKey($this->publicKey); + } return $this->authorizationValidator; } diff --git a/tests/AuthorizationServerTest.php b/tests/AuthorizationServerTest.php index 8b409a00..b003c23f 100644 --- a/tests/AuthorizationServerTest.php +++ b/tests/AuthorizationServerTest.php @@ -19,15 +19,14 @@ use LeagueTests\Stubs\ClientEntity; use LeagueTests\Stubs\ScopeEntity; use LeagueTests\Stubs\StubResponseType; use LeagueTests\Stubs\UserEntity; -use Psr\Http\Message\ResponseInterface; use PHPUnit\Framework\TestCase; +use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; use Zend\Diactoros\ServerRequestFactory; class AuthorizationServerTest extends TestCase { - const DEFAULT_SCOPE = 'basic'; public function setUp() @@ -198,16 +197,16 @@ class AuthorizationServerTest extends TestCase $clientRepositoryMock->method('getClientEntity')->willReturn($client); $grant = new AuthCodeGrant( - $this->getMock(AuthCodeRepositoryInterface::class), - $this->getMock(RefreshTokenRepositoryInterface::class), + $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), + $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), new \DateInterval('PT10M') ); $grant->setClientRepository($clientRepositoryMock); $server = new AuthorizationServer( $clientRepositoryMock, - $this->getMock(AccessTokenRepositoryInterface::class), - $this->getMock(ScopeRepositoryInterface::class), + $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(), + $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(), 'file://' . __DIR__ . '/Stubs/private.key', 'file://' . __DIR__ . '/Stubs/public.key' ); diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php index 56ae9e3e..31245b07 100644 --- a/tests/ResponseTypes/BearerResponseTypeTest.php +++ b/tests/ResponseTypes/BearerResponseTypeTest.php @@ -20,9 +20,7 @@ class BearerResponseTypeTest extends TestCase { public function testGenerateHttpResponse() { - $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); - - $responseType = new BearerTokenResponse($accessTokenRepositoryMock); + $responseType = new BearerTokenResponse(); $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $responseType->setEncryptionKey(base64_encode(random_bytes(36))); @@ -64,9 +62,7 @@ class BearerResponseTypeTest extends TestCase public function testGenerateHttpResponseWithExtraParams() { - $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); - - $responseType = new BearerTokenResponseWithParams($accessTokenRepositoryMock); + $responseType = new BearerTokenResponseWithParams(); $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $responseType->setEncryptionKey(base64_encode(random_bytes(36))); @@ -111,10 +107,7 @@ class BearerResponseTypeTest extends TestCase public function testDetermineAccessTokenInHeaderValidToken() { - $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); - $accessTokenRepositoryMock->method('isAccessTokenRevoked')->willReturn(false); - - $responseType = new BearerTokenResponse($accessTokenRepositoryMock); + $responseType = new BearerTokenResponse(); $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $responseType->setEncryptionKey(base64_encode(random_bytes(36))); @@ -158,9 +151,8 @@ class BearerResponseTypeTest extends TestCase public function testDetermineAccessTokenInHeaderInvalidJWT() { $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); - $accessTokenRepositoryMock->method('isAccessTokenRevoked')->willReturn(false); - $responseType = new BearerTokenResponse($accessTokenRepositoryMock); + $responseType = new BearerTokenResponse(); $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $responseType->setEncryptionKey(base64_encode(random_bytes(36))); @@ -247,9 +239,7 @@ class BearerResponseTypeTest extends TestCase public function testDetermineAccessTokenInHeaderInvalidToken() { - $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); - - $responseType = new BearerTokenResponse($accessTokenRepositoryMock); + $responseType = new BearerTokenResponse(); $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $responseType->setEncryptionKey(base64_encode(random_bytes(36))); @@ -273,9 +263,7 @@ class BearerResponseTypeTest extends TestCase public function testDetermineMissingBearerInHeader() { - $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); - - $responseType = new BearerTokenResponse($accessTokenRepositoryMock); + $responseType = new BearerTokenResponse(); $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key')); $responseType->setEncryptionKey(base64_encode(random_bytes(36))); diff --git a/tests/CryptKeyTest.php b/tests/Utils/CryptKeyTest.php similarity index 82% rename from tests/CryptKeyTest.php rename to tests/Utils/CryptKeyTest.php index 70bbc8d7..9f3f337c 100644 --- a/tests/CryptKeyTest.php +++ b/tests/Utils/CryptKeyTest.php @@ -17,7 +17,7 @@ class CryptKeyTest extends TestCase public function testKeyCreation() { - $keyFile = __DIR__ . '/Stubs/public.key'; + $keyFile = __DIR__ . '/../Stubs/public.key'; $key = new CryptKey($keyFile, 'secret'); $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); @@ -26,7 +26,7 @@ class CryptKeyTest extends TestCase public function testKeyFileCreation() { - $keyContent = file_get_contents(__DIR__ . '/Stubs/public.key'); + $keyContent = file_get_contents(__DIR__ . '/../Stubs/public.key'); $key = new CryptKey($keyContent); $this->assertEquals( @@ -34,7 +34,7 @@ class CryptKeyTest extends TestCase $key->getKeyPath() ); - $keyContent = file_get_contents(__DIR__ . '/Stubs/private.key.crlf'); + $keyContent = file_get_contents(__DIR__ . '/../Stubs/private.key.crlf'); $key = new CryptKey($keyContent); $this->assertEquals( diff --git a/tests/CryptTraitTest.php b/tests/Utils/CryptTraitTest.php similarity index 100% rename from tests/CryptTraitTest.php rename to tests/Utils/CryptTraitTest.php