ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Replace custom aud and ely-scopes JWT claims with its public analogues

Browse Source
This commit is contained in:
ErickSkrauch
2019-12-13 13:55:09 +03:00
parent 274d56aa40
commit a8e20a9775
8 changed files with 104 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/tests/unit/components/OAuth2/Entities/AccessTokenEntityTest.php
View File

@@ -24,7 +24,7 @@ class AccessTokenEntityTest extends TestCase {
$token = (string)$entity;
$payloads = json_decode(base64_decode(explode('.', $token)[1]), true);
$this->assertSame('first,second', $payloads['ely-scopes']);
$this->assertSame('first second', $payloads['scope']);
}
private function createScopeEntity(string $id): ScopeEntityInterface {

76
api/tests/unit/components/Tokens/TokenReaderTest.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
declare(strict_types=1);
namespace api\tests\unit\components\Tokens;
use api\components\Tokens\TokenReader;
use api\tests\unit\TestCase;
use Lcobucci\JWT\Claim;
use Lcobucci\JWT\Token;
class TokenReaderTest extends TestCase {
/**
* @dataProvider getAccountIdTestCases
*/
public function testGetAccountId(array $claims, $expectedResult) {
$this->assertSame($expectedResult, $this->createReader($claims)->getAccountId());
}
public function getAccountIdTestCases() {
yield [['sub' => 'ely|1'], 1];
yield [['sub' => '1'], null];
yield [['sub' => 'ely-login|1'], null];
yield [[], null];
}
/**
* @dataProvider getClientIdTestCases
*/
public function testGetClientId(array $claims, $expectedResult) {
$this->assertSame($expectedResult, $this->createReader($claims)->getClientId());
}
public function getClientIdTestCases() {
yield [['client_id' => 'find-me'], 'find-me'];
yield [[], null];
}
/**
* @dataProvider getScopesTestCases
*/
public function testGetScopes(array $claims, $expectedResult) {
$this->assertSame($expectedResult, $this->createReader($claims)->getScopes());
}
public function getScopesTestCases() {
yield [['scope' => 'scope1 scope2'], ['scope1', 'scope2']];
yield [['ely-scopes' => 'scope1,scope2'], ['scope1', 'scope2']];
yield [[], null];
}
/**
* @dataProvider getMinecraftClientTokenTestCases
*/
public function testGetMinecraftClientToken(array $claims, $expectedResult) {
$this->assertSame($expectedResult, $this->createReader($claims)->getMinecraftClientToken());
}
public function getMinecraftClientTokenTestCases() {
yield [['ely-client-token' => 'GPZiBFlJld30KfGTe-E2yITKbfJYmWFA6Ky5CsllnIsVdmswMu_PXNdYnQGexF_CkXiuOQd1smrO3S4'], 'aaaaa-aaa-aaa-aaaaa'];
yield [[], null];
}
private function createReader(array $claims): TokenReader {
$claimsObjects = [];
foreach ($claims as $key => $value) {
$claim = $this->createMock(Claim::class);
$claim->method('getName')->willReturn($key);
$claim->method('getValue')->willReturn($value);
$claimsObjects[$key] = $claim;
}
return new TokenReader(new Token([], $claimsObjects));
}
}

10
api/tests/unit/components/Tokens/TokensFactoryTest.php
View File

@@ -26,7 +26,7 @@ class TokensFactoryTest extends TestCase {
$this->assertEqualsWithDelta(time(), $token->getClaim('iat'), 1);
$this->assertEqualsWithDelta(time() + 60 * 60 * 24 * 7, $token->getClaim('exp'), 2);
$this->assertSame('ely|1', $token->getClaim('sub'));
$this->assertSame('accounts_web_user', $token->getClaim('ely-scopes'));
$this->assertSame('accounts_web_user', $token->getClaim('scope'));
$this->assertArrayNotHasKey('jti', $token->getClaims());
$session = new AccountSession();
@@ -38,7 +38,7 @@ class TokensFactoryTest extends TestCase {
$this->assertEqualsWithDelta(time(), $token->getClaim('iat'), 1);
$this->assertEqualsWithDelta(time() + 3600, $token->getClaim('exp'), 2);
$this->assertSame('ely|1', $token->getClaim('sub'));
$this->assertSame('accounts_web_user', $token->getClaim('ely-scopes'));
$this->assertSame('accounts_web_user', $token->getClaim('scope'));
$this->assertSame(2, $token->getClaim('jti'));
}
@@ -67,8 +67,8 @@ class TokensFactoryTest extends TestCase {
$this->assertEqualsWithDelta(time(), $token->getClaim('iat'), 1);
$this->assertEqualsWithDelta($expiryDateTime->getTimestamp(), $token->getClaim('exp'), 2);
$this->assertSame('ely|1', $token->getClaim('sub'));
$this->assertSame('client|clientId', $token->getClaim('aud'));
$this->assertSame('scope1,scope2', $token->getClaim('ely-scopes'));
$this->assertSame('clientId', $token->getClaim('client_id'));
$this->assertSame('scope1 scope2', $token->getClaim('scope'));
// Create for client credentials grant
@@ -93,7 +93,7 @@ class TokensFactoryTest extends TestCase {
$token = $factory->createForMinecraftAccount($account, $clientToken);
$this->assertEqualsWithDelta(time(), $token->getClaim('iat'), 5);
$this->assertEqualsWithDelta(time() + 60 * 60 * 24 * 2, $token->getClaim('exp'), 5);
$this->assertSame('minecraft_server_session', $token->getClaim('ely-scopes'));
$this->assertSame('minecraft_server_session', $token->getClaim('scope'));
$this->assertNotSame('e44fae79-f80e-4975-952e-47e8a9ed9472', $token->getClaim('ely-client-token'));
$this->assertSame('ely|1', $token->getClaim('sub'));
}

2
api/tests/unit/components/User/JwtIdentityTest.php
View File

@@ -51,7 +51,7 @@ class JwtIdentityTest extends TestCase {
'Incorrect token',
];
yield 'revoked by oauth client' => [
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudF9pbmZvLG1pbmVjcmFmdF9zZXJ2ZXJfc2Vzc2lvbiIsImlhdCI6MTU2NDYxMDUwMCwic3ViIjoiZWx5fDEiLCJhdWQiOiJjbGllbnR8dGxhdW5jaGVyIn0.YzUzvnREEoQPu8CvU6WLdysUU0bC_xzigQPs2LK1su38uysSYgSbPzNOZYkQnvcmVLehHY-ON44x-oA8Os-9ZA',
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudF9pbmZvLG1pbmVjcmFmdF9zZXJ2ZXJfc2Vzc2lvbiIsImlhdCI6MTU2NDYxMDUwMCwic3ViIjoiZWx5fDEiLCJjbGllbnRfaWQiOiJ0bGF1bmNoZXIifQ.qmiPOjI8jGAQdP5LoAVHO8L75Ly7fRcrTB_iYsUgQ4azgsPnLEhvG7dUnQ9utEd3RK5swDpaZ0bXf90vRbvnmg',
'Token has been revoked',
];
yield 'revoked by unauthorized minecraft launcher' => [