ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Added support for refresh tokens, user credentials and client credentials grant. 100% unit test code coverage for authentication. Fixes #2

Browse Source
This commit is contained in:
Alex Bilbie
2013-01-02 19:14:22 +00:00
parent 2b8a27ef47
commit 94945ec49e
4 changed files with 805 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/authentication/database_mock.php
View File

@@ -67,7 +67,7 @@ class OAuthdb implements Database
{
$this->sessions[$sessionId]['auth_code'] = $authCode;
$this->sessions[$sessionId]['access_token'] = $accessToken;
$this->sessions[$sessionId]['refresh_token'] = $accessToken;
$this->sessions[$sessionId]['refresh_token'] = $refreshToken;
$this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpire;
$this->sessions[$sessionId]['stage'] = $stage;
@@ -148,4 +148,21 @@ class OAuthdb implements Database
{
die('not implemented accessTokenScopes');
}
public function validateRefreshToken($refreshToken, $clientId)
{
if ($refreshToken !== $this->sessions[0]['refresh_token'])
{
return false;
}
return true;
}
public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires)
{
$this->sessions[$sessionId]['access_token'] = $newAccessToken;
$this->sessions[$sessionId]['refresh_token'] = $newRefreshToken;
$this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpires;
}
}

520
tests/authentication/server_test.php
View File

@@ -15,10 +15,24 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
$this->oauth->registerDbAbstractor($this->oauthdb);
}
public function test_setupWithOptions()
{
$o = new Oauth2\Authentication\Server(array(
'access_token_ttl' => 86400
));
$reflector = new ReflectionClass($o);
$param = $reflector->getProperty('_config');
$param->setAccessible(true);
$array = $param->getValue($o);
$this->assertEquals(86400, $array['access_token_ttl']);
}
public function test_generateCode()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('generateCode');
$method = $reflector->getMethod('_generateCode');
$method->setAccessible(true);
$result = $method->invoke($this->oauth);
@@ -164,6 +178,34 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
$this->oauth->checkClientAuthoriseParams();
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 8
*/
public function test_checkClientAuthoriseParams_invalidClient()
{
$_GET['client_id'] = 'test';
$_GET['redirect_uri'] = 'http://example.com/test2';
$_GET['response_type'] = 'code';
$_GET['scope'] = 'blah';
$this->oauth->checkClientAuthoriseParams();
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 3
*/
public function test_checkClientAuthoriseParams_invalidResponseType()
{
$_GET['client_id'] = 'test';
$_GET['redirect_uri'] = 'http://example.com/test';
$_GET['response_type'] = 'blah';
$_GET['scope'] = 'blah';
$this->oauth->checkClientAuthoriseParams();
}
public function test_newAuthoriseRequest()
{
$result = $this->oauth->newAuthoriseRequest('user', '123', array(
@@ -207,7 +249,11 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
$this->assertNotEquals($result1, $result2);
}
public function test_issueAccessToken_POST()
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 7
*/
public function test_issueAccessTokenNoRegisteredGrant()
{
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
@@ -227,16 +273,38 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
$_POST['code'] = $auth_code;
$result = $this->oauth->issueAccessToken();
}
$this->assertCount(5, $result);
public function test_issueAccessToken_POST_authorization_code()
{
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['redirect_uri'] = 'http://example.com/test';
$_POST['grant_type'] = 'authorization_code';
$_POST['code'] = $auth_code;
$this->oauth->enableGrantType('authorization_code');
$result = $this->oauth->issueAccessToken();
$this->assertCount(4, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
}
public function test_issueAccessToken_PassedParams()
public function test_issueAccessToken_PassedParams_authorization_code()
{
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
@@ -255,6 +323,38 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
$params['grant_type'] = 'authorization_code';
$params['code'] = $auth_code;
$this->oauth->enableGrantType('authorization_code');
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(4, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
}
public function test_issueAccessToken_refresh_token()
{
$this->oauth->enableGrantType('authorization_code');
$this->oauth->enableGrantType('refresh_token');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['redirect_uri'] = 'http://example.com/test';
$params['grant_type'] = 'authorization_code';
$params['code'] = $auth_code;
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(5, $result);
@@ -263,6 +363,404 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
// Wait for a few seconds for the access token to age
sleep(1);
// Refresh the token
$params2['client_id'] = 'test';
$params2['client_secret'] = 'test';
$params2['redirect_uri'] = 'http://example.com/test';
$params2['grant_type'] = 'refresh_token';
$params2['refresh_token'] = $result['refresh_token'];
$result2 = $this->oauth->issueAccessToken($params2);
$this->assertCount(5, $result2);
$this->assertArrayHasKey('access_token', $result2);
$this->assertArrayHasKey('token_type', $result2);
$this->assertArrayHasKey('expires_in', $result2);
$this->assertArrayHasKey('expires', $result2);
$this->assertArrayHasKey('refresh_token', $result2);
$this->assertNotEquals($result['access_token'], $result2['access_token']);
$this->assertNotEquals($result['refresh_token'], $result2['refresh_token']);
$this->assertNotEquals($result['expires'], $result2['expires']);
$this->assertEquals($result['expires_in'], $result2['expires_in']);
$this->assertEquals($result['token_type'], $result2['token_type']);
}
public function test_issueAccessToken_client_credentials()
{
$this->oauth->enableGrantType('client_credentials');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['redirect_uri'] = 'http://example.com/test';
$params['grant_type'] = 'client_credentials';
$params['code'] = $auth_code;
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(4, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
}
public function test_issueAccessToken_client_credentialsPOST()
{
$this->oauth->enableGrantType('client_credentials');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['redirect_uri'] = 'http://example.com/test';
$_POST['grant_type'] = 'client_credentials';
$_POST['code'] = $auth_code;
$result = $this->oauth->issueAccessToken();
$this->assertCount(4, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
}
public function test_issueAccessToken_client_credentials_withRefreshToken()
{
$this->oauth->enableGrantType('client_credentials');
$this->oauth->enableGrantType('refresh_token');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['redirect_uri'] = 'http://example.com/test';
$params['grant_type'] = 'client_credentials';
$params['code'] = $auth_code;
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(5, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
}
public function test_issueAccessToken_refresh_tokenPOST()
{
$this->oauth->enableGrantType('authorization_code');
$this->oauth->enableGrantType('refresh_token');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['redirect_uri'] = 'http://example.com/test';
$_POST['grant_type'] = 'authorization_code';
$_POST['code'] = $auth_code;
$result = $this->oauth->issueAccessToken();
$this->assertCount(5, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
// Wait for a few seconds for the access token to age
sleep(1);
// Refresh the token
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['redirect_uri'] = 'http://example.com/test';
$_POST['grant_type'] = 'refresh_token';
$_POST['refresh_token'] = $result['refresh_token'];
$result2 = $this->oauth->issueAccessToken();
$this->assertCount(5, $result2);
$this->assertArrayHasKey('access_token', $result2);
$this->assertArrayHasKey('token_type', $result2);
$this->assertArrayHasKey('expires_in', $result2);
$this->assertArrayHasKey('expires', $result2);
$this->assertArrayHasKey('refresh_token', $result2);
$this->assertNotEquals($result['access_token'], $result2['access_token']);
$this->assertNotEquals($result['refresh_token'], $result2['refresh_token']);
$this->assertNotEquals($result['expires'], $result2['expires']);
$this->assertEquals($result['expires_in'], $result2['expires_in']);
$this->assertEquals($result['token_type'], $result2['token_type']);
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_refresh_tokenMissingToken()
{
$this->oauth->enableGrantType('authorization_code');
$this->oauth->enableGrantType('refresh_token');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['redirect_uri'] = 'http://example.com/test';
$_POST['grant_type'] = 'authorization_code';
$_POST['code'] = $auth_code;
$result = $this->oauth->issueAccessToken();
$this->assertCount(5, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
// Wait for a few seconds for the access token to age
sleep(1);
// Refresh the token
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['redirect_uri'] = 'http://example.com/test';
$_POST['grant_type'] = 'refresh_token';
$result2 = $this->oauth->issueAccessToken();
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_invalid_refresh_token()
{
$this->oauth->enableGrantType('authorization_code');
$this->oauth->enableGrantType('refresh_token');
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
'client_id' => 'test',
'redirect_uri' => 'http://example.com/test',
'scopes' => array(array(
'id' => 1,
'scope' => 'test',
'name' => 'test',
'description' => 'test'
))
));
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['redirect_uri'] = 'http://example.com/test';
$params['grant_type'] = 'authorization_code';
$params['code'] = $auth_code;
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(5, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
// Wait for a few seconds for the access token to age
sleep(1);
// Refresh the token
$params2['client_id'] = 'test';
$params2['client_secret'] = 'test';
$params2['redirect_uri'] = 'http://example.com/test';
$params2['grant_type'] = 'refresh_token';
$params2['refresh_token'] = 'blah';
$result2 = $this->oauth->issueAccessToken($params2);
}
/**
* @expectedException Oauth2\Authentication\ServerException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_password_grant_Missing_Callback()
{
$this->oauth->enableGrantType('password');
}
public function test_issueAccessToken_password_grant()
{
$this->oauth->enableGrantType('password', function(){
return true;
});
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['grant_type'] = 'password';
$params['username'] = 'alexbilbie';
$params['password'] = 'helloworld';
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(4, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
}
public function test_issueAccessToken_password_grantPOST()
{
$this->oauth->enableGrantType('password', function(){
return true;
});
$_POST['client_id'] = 'test';
$_POST['client_secret'] = 'test';
$_POST['grant_type'] = 'password';
$_POST['username'] = 'alexbilbie';
$_POST['password'] = 'helloworld';
$result = $this->oauth->issueAccessToken();
$this->assertCount(4, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
}
public function test_issueAccessToken_password_grant_withRefreshToken()
{
$this->oauth->enableGrantType('password', function(){
return true;
});
$this->oauth->enableGrantType('refresh_token');
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['grant_type'] = 'password';
$params['username'] = 'alexbilbie';
$params['password'] = 'helloworld';
$result = $this->oauth->issueAccessToken($params);
$this->assertCount(5, $result);
$this->assertArrayHasKey('access_token', $result);
$this->assertArrayHasKey('token_type', $result);
$this->assertArrayHasKey('expires_in', $result);
$this->assertArrayHasKey('expires', $result);
$this->assertArrayHasKey('refresh_token', $result);
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_password_grant_wrongCreds()
{
$this->oauth->enableGrantType('password', function(){
return false;
});
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['grant_type'] = 'password';
$params['username'] = 'alexbilbie';
$params['password'] = 'helloworld';
$result = $this->oauth->issueAccessToken($params);
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_password_grant_missingUsername()
{
$this->oauth->enableGrantType('password', function(){
return true;
});
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['grant_type'] = 'password';
$result = $this->oauth->issueAccessToken($params);
}
/**
* @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_password_grant_missingPassword()
{
$this->oauth->enableGrantType('password', function(){
return true;
});
$params['client_id'] = 'test';
$params['client_secret'] = 'test';
$params['grant_type'] = 'password';
$params['username'] = 'alexbilbie';
$result = $this->oauth->issueAccessToken($params);
}
/**
@@ -292,7 +790,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
public function test_completeAuthCodeGrant_missingClientId()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('completeAuthCodeGrant');
$method = $reflector->getMethod('_completeAuthCodeGrant');
$method->setAccessible(true);
$method->invoke($this->oauth);
@@ -305,7 +803,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
public function test_completeAuthCodeGrant_missingClientSecret()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('completeAuthCodeGrant');
$method = $reflector->getMethod('_completeAuthCodeGrant');
$method->setAccessible(true);
$authParams['client_id'] = 'test';
@@ -320,7 +818,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
public function test_completeAuthCodeGrant_missingRedirectUri()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('completeAuthCodeGrant');
$method = $reflector->getMethod('_completeAuthCodeGrant');
$method->setAccessible(true);
$authParams['client_id'] = 'test';
@@ -336,7 +834,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
public function test_completeAuthCodeGrant_invalidClient()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('completeAuthCodeGrant');
$method = $reflector->getMethod('_completeAuthCodeGrant');
$method->setAccessible(true);
$authParams['client_id'] = 'test';
@@ -353,7 +851,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
public function test_completeAuthCodeGrant_missingCode()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('completeAuthCodeGrant');
$method = $reflector->getMethod('_completeAuthCodeGrant');
$method->setAccessible(true);
$authParams['client_id'] = 'test';
@@ -370,7 +868,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase
public function test_completeAuthCodeGrant_invalidCode()
{
$reflector = new ReflectionClass($this->oauth);
$method = $reflector->getMethod('completeAuthCodeGrant');
$method = $reflector->getMethod('_completeAuthCodeGrant');
$method->setAccessible(true);
$authParams['client_id'] = 'test';