mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-26 16:52:04 +05:30
Fixes for RefreshTokenGrant
This commit is contained in:
parent
fc53d636f5
commit
0d8cb0d06f
@ -12,6 +12,7 @@
|
||||
namespace League\OAuth2\Server\Grant;
|
||||
|
||||
use League\Event\Event;
|
||||
use League\OAuth2\Server\Entities\ScopeEntity;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
||||
@ -47,13 +48,17 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
\DateInterval $accessTokenTTL
|
||||
) {
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$client = $this->validateClient($request);
|
||||
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
|
||||
$scopes = $this->validateScopes($request, $client);
|
||||
$scopes = $this->validateScopes($request, $client);
|
||||
|
||||
// If no new scopes are requested then give the access token the original session scopes
|
||||
if (count($scopes) === 0) {
|
||||
$scopes = $oldRefreshToken['scopes'];
|
||||
$scopes = array_map(function ($scopeId) {
|
||||
$scope = new ScopeEntity();
|
||||
$scope->setIdentifier($scopeId);
|
||||
return $scope;
|
||||
}, $oldRefreshToken['scopes']);
|
||||
} else {
|
||||
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
|
||||
// the request doesn't include any new scopes
|
||||
|
82
tests/Grant/RefreshTokenGrantTest.php
Normal file
82
tests/Grant/RefreshTokenGrantTest.php
Normal file
@ -0,0 +1,82 @@
|
||||
<?php
|
||||
|
||||
namespace LeagueTests\Grant;
|
||||
|
||||
use League\OAuth2\Server\Entities\ClientEntity;
|
||||
use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
|
||||
use League\OAuth2\Server\Grant\PasswordGrant;
|
||||
use League\OAuth2\Server\Grant\RefreshTokenGrant;
|
||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
||||
use League\OAuth2\Server\Utils\KeyCrypt;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use LeagueTests\Stubs\UserEntity;
|
||||
use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testGetIdentifier()
|
||||
{
|
||||
$refreshTokenRepositoryMock = $this->getMock(RefreshTokenRepositoryInterface::class);
|
||||
|
||||
$grant = new RefreshTokenGrant($refreshTokenRepositoryMock);
|
||||
$this->assertEquals('refresh_token', $grant->getIdentifier());
|
||||
}
|
||||
|
||||
public function testRespondToRequest()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setIdentifier('foo');
|
||||
$client->setSecret('bar');
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||
|
||||
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||
$userEntity = new UserEntity();
|
||||
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||
|
||||
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||
|
||||
$grant = new RefreshTokenGrant($refreshTokenRepositoryMock);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||
$grant->setPathToPublicKey('file://'.__DIR__.'/../Utils/public.key');
|
||||
$grant->setPathToPrivateKey('file://'.__DIR__.'/../Utils/private.key');
|
||||
|
||||
$oldRefreshToken = KeyCrypt::encrypt(
|
||||
json_encode(
|
||||
[
|
||||
'client_id' => 'foo',
|
||||
'refresh_token_id' => 'zyxwvu',
|
||||
'access_token_id' => 'abcdef',
|
||||
'scopes' => ['foo'],
|
||||
'user_id' => 123,
|
||||
'expire_time' => time() + 3600,
|
||||
]
|
||||
),
|
||||
'file://'.__DIR__.'/../Utils/private.key'
|
||||
);
|
||||
|
||||
$serverRequest = new ServerRequest();
|
||||
$serverRequest = $serverRequest->withParsedBody(
|
||||
[
|
||||
'client_id' => 'foo',
|
||||
'client_secret' => 'bar',
|
||||
'refresh_token' => $oldRefreshToken,
|
||||
]
|
||||
);
|
||||
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
|
||||
$this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user