mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-27 23:40:22 +05:30
Merge branch 'develop' of github.com:lncd/OAuth2 into develop
This commit is contained in:
commit
9933bde7d8
19
build.xml
19
build.xml
@ -1,10 +1,11 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project name="PHP OAuth 2.0 Server" default="build">
|
||||
<target name="build" depends="prepare,lint,phploc,pdepend,phpmd-ci,phpcs-ci,phpcpd,phpdox,phpcb"/>
|
||||
|
||||
<target name="build" depends="prepare,lint,phploc,pdepend,phpmd-ci,phpcs-ci,phpcpd,composer,phpunit,phpdox,phpcb"/>
|
||||
|
||||
<target name="build-parallel" depends="prepare,lint,tools-parallel,phpcb"/>
|
||||
|
||||
<target name="minimal" depends="prepare,lint,phploc,pdepend,phpcpd,phpdox,phpcb" />
|
||||
<target name="minimal" depends="prepare,lint,phploc,pdepend,phpcpd,composer,phpunit,phpdox,phpcb" />
|
||||
|
||||
<target name="tools-parallel" description="Run tools in parallel">
|
||||
<parallel threadCount="2">
|
||||
@ -109,6 +110,20 @@
|
||||
<arg path="${basedir}/src" />
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="composer" description="Install Composer requirements">
|
||||
<exec executable="composer.phar" failonerror="true">
|
||||
<arg value="install" />
|
||||
<arg value="--dev" />
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="phpunit" description="Run unit tests with PHPUnit">
|
||||
<exec executable="${basedir}/vendor/bin/phpunit" failonerror="true">
|
||||
<arg value="--configuration" />
|
||||
<arg value="${basedir}/build/phpunit.xml" />
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="phpdox" description="Generate API documentation using phpDox">
|
||||
<exec executable="phpdox"/>
|
||||
|
29
build/phpunit.xml
Normal file
29
build/phpunit.xml
Normal file
@ -0,0 +1,29 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<phpunit
|
||||
colors="true"
|
||||
convertNoticesToExceptions="true"
|
||||
convertWarningsToExceptions="true"
|
||||
stopOnError="false"
|
||||
stopOnFailure="false"
|
||||
stopOnIncomplete="false"
|
||||
stopOnSkipped="false">
|
||||
<testsuites>
|
||||
<testsuite name="Test Suite">
|
||||
<directory suffix="test.php">../tests/authentication</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<filters>
|
||||
<blacklist>
|
||||
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
|
||||
<directory suffix=".php">PHP_LIBDIR</directory>
|
||||
</blacklist>
|
||||
</filters>
|
||||
<logging>
|
||||
<log type="coverage-html" target="coverage" title="lncd/OAuth"
|
||||
charset="UTF-8" yui="true" highlight="true"
|
||||
lowUpperBound="35" highLowerBound="70"/>
|
||||
<log type="coverage-clover" target="logs/clover.xml"/>
|
||||
<log type="junit" target="logs/junit.xml"
|
||||
logIncompleteSkipped="false"/>
|
||||
</logging>
|
||||
</phpunit>
|
@ -7,6 +7,9 @@
|
||||
"require": {
|
||||
"php": ">=5.3.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"EHER/PHPUnit": "*"
|
||||
},
|
||||
"repositories": [
|
||||
{
|
||||
"type": "git",
|
||||
|
@ -23,7 +23,7 @@ class Server
|
||||
* Reference to the database abstractor
|
||||
* @var object
|
||||
*/
|
||||
private $db;
|
||||
private $db = null;
|
||||
|
||||
/**
|
||||
* Server configuration
|
||||
@ -147,12 +147,11 @@ class Server
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = $this->db->validateClient($params['client_id'], null, $params['redirect_uri']);
|
||||
$clientDetails = $this->dbcall('validateClient', $params['client_id'], null, $params['redirect_uri']);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
|
||||
throw new OAuthServerClientException(
|
||||
$this->errors['invalid_client'], 8);
|
||||
throw new OAuthServerClientException($this->errors['invalid_client'], 8);
|
||||
}
|
||||
|
||||
// Response type
|
||||
@ -175,10 +174,7 @@ class Server
|
||||
// Get and validate scopes
|
||||
if (isset($authParams['scope']) || isset($_GET['scope'])) {
|
||||
|
||||
$scopes = $_GET['scope'];
|
||||
if (isset($authParams['client_id'])) {
|
||||
$authParams['scope'];
|
||||
}
|
||||
$scopes = (isset($_GET['scope'])) ? $_GET['scope'] : $authParams['scope'];
|
||||
|
||||
$scopes = explode($this->config['scope_delimeter'], $scopes);
|
||||
|
||||
@ -200,8 +196,8 @@ class Server
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
|
||||
$scopeDetails = $this->db->getScope($scope);
|
||||
|
||||
$scopeDetails = $this->dbcall('getScope', $scope);
|
||||
//die(var_dump($scopeDetails));
|
||||
if ($scopeDetails === false) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
|
||||
@ -227,7 +223,7 @@ class Server
|
||||
public function newAuthoriseRequest($type, $typeId, $authoriseParams)
|
||||
{
|
||||
// Remove any old sessions the user might have
|
||||
$this->db->deleteSession(
|
||||
$this->dbcall('deleteSession',
|
||||
$authoriseParams['client_id'],
|
||||
$type,
|
||||
$typeId
|
||||
@ -276,7 +272,7 @@ class Server
|
||||
// new authorisation code otherwise create a new session
|
||||
if ($accessToken !== null) {
|
||||
|
||||
$this->db->updateSession(
|
||||
$this->dbcall('updateSession',
|
||||
$clientId,
|
||||
$type,
|
||||
$typeId,
|
||||
@ -288,10 +284,10 @@ class Server
|
||||
} else {
|
||||
|
||||
// Delete any existing sessions just to be sure
|
||||
$this->db->deleteSession($clientId, $type, $typeId);
|
||||
$this->dbcall('deleteSession', $clientId, $type, $typeId);
|
||||
|
||||
// Create a new session
|
||||
$sessionId = $this->db->newSession(
|
||||
$sessionId = $this->dbcall('newSession',
|
||||
$clientId,
|
||||
$redirectUri,
|
||||
$type,
|
||||
@ -305,7 +301,7 @@ class Server
|
||||
// Add the scopes
|
||||
foreach ($scopes as $key => $scope) {
|
||||
|
||||
$this->db->addSessionScope($sessionId, $scope['scope']);
|
||||
$this->dbcall('addSessionScope', $sessionId, $scope['scope']);
|
||||
|
||||
}
|
||||
|
||||
@ -405,7 +401,7 @@ class Server
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = $this->db->validateClient(
|
||||
$clientDetails = $this->dbcall('validateClient',
|
||||
$params['client_id'],
|
||||
$params['client_secret'],
|
||||
$params['redirect_uri']
|
||||
@ -430,7 +426,7 @@ class Server
|
||||
|
||||
// Verify the authorization code matches the client_id and the
|
||||
// request_uri
|
||||
$session = $this->db->validateAuthCode(
|
||||
$session = $this->dbcall('validateAuthCode',
|
||||
$params['client_id'],
|
||||
$params['redirect_uri'],
|
||||
$params['code']
|
||||
@ -449,7 +445,7 @@ class Server
|
||||
|
||||
$accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl'];
|
||||
|
||||
$this->db->updateSession(
|
||||
$this->dbcall('updateSession',
|
||||
$session['id'],
|
||||
null,
|
||||
$accessToken,
|
||||
@ -458,7 +454,7 @@ class Server
|
||||
);
|
||||
|
||||
// Update the session's scopes to reference the access token
|
||||
$this->db->updateSessionScopeAccessToken(
|
||||
$this->dbcall('updateSessionScopeAccessToken',
|
||||
$session['id'],
|
||||
$accessToken
|
||||
);
|
||||
@ -496,4 +492,27 @@ class Server
|
||||
return $redirectUri;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Call database methods from the abstractor
|
||||
*
|
||||
* @return mixed The query result
|
||||
*/
|
||||
private function dbcall()
|
||||
{
|
||||
if ($this->db === null) {
|
||||
throw new OAuthServerException('No registered database abstractor');
|
||||
}
|
||||
|
||||
if ( ! $this->db instanceof Database) {
|
||||
throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
|
||||
}
|
||||
|
||||
$args = func_get_args();
|
||||
$method = $args[0];
|
||||
unset($args[0]);
|
||||
$params = array_values($args);
|
||||
|
||||
return call_user_func_array(array($this->db, $method), $args);
|
||||
}
|
||||
}
|
||||
|
1
test
Executable file
1
test
Executable file
@ -0,0 +1 @@
|
||||
vendor/bin/phpunit --coverage-text --configuration build/phpunit.xml
|
191
tests/authentication/database_mock.php
Normal file
191
tests/authentication/database_mock.php
Normal file
@ -0,0 +1,191 @@
|
||||
<?php
|
||||
|
||||
use Oauth2\Authentication\Database;
|
||||
|
||||
class OAuthdb implements Database
|
||||
{
|
||||
private $sessions = array();
|
||||
private $sessions_client_type_id = array();
|
||||
private $sessions_code = array();
|
||||
private $session_scopes = array();
|
||||
|
||||
private $clients = array(0 => array(
|
||||
'client_id' => 'test',
|
||||
'client_secret' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'name' => 'Test Client'
|
||||
));
|
||||
|
||||
private $scopes = array('test' => array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
));
|
||||
|
||||
public function validateClient(
|
||||
$clientId,
|
||||
$clientSecret = null,
|
||||
$redirectUri = null
|
||||
)
|
||||
{
|
||||
if ($clientId !== $this->clients[0]['client_id'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($clientSecret !== null && $clientSecret !== $this->clients[0]['client_secret'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($redirectUri !== null && $redirectUri !== $this->clients[0]['redirect_uri'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->clients[0];
|
||||
}
|
||||
|
||||
public function newSession(
|
||||
$clientId,
|
||||
$redirectUri,
|
||||
$type = 'user',
|
||||
$typeId = null,
|
||||
$authCode = null,
|
||||
$accessToken = null,
|
||||
$accessTokenExpire = null,
|
||||
$stage = 'requested'
|
||||
)
|
||||
{
|
||||
$id = count($this->sessions);
|
||||
|
||||
$this->sessions[$id] = array(
|
||||
'id' => $id,
|
||||
'client_id' => $clientId,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'owner_type' => $type,
|
||||
'owner_id' => $typeId,
|
||||
'auth_code' => $authCode,
|
||||
'access_token' => $accessToken,
|
||||
'access_token_expire' => $accessTokenExpire,
|
||||
'stage' => $stage
|
||||
);
|
||||
|
||||
$this->sessions_client_type_id[$clientId . ':' . $type . ':' . $typeId] = $id;
|
||||
$this->sessions_code[$clientId . ':' . $redirectUri . ':' . $authCode] = $id;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function updateSession(
|
||||
$sessionId,
|
||||
$authCode = null,
|
||||
$accessToken = null,
|
||||
$accessTokenExpire = null,
|
||||
$stage = 'requested'
|
||||
)
|
||||
{
|
||||
$this->sessions[$sessionId]['auth_code'] = $authCode;
|
||||
$this->sessions[$sessionId]['access_token'] = $accessToken;
|
||||
$this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpire;
|
||||
$this->sessions[$sessionId]['stage'] = $stage;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function deleteSession(
|
||||
$clientId,
|
||||
$type,
|
||||
$typeId
|
||||
)
|
||||
{
|
||||
$key = $clientId . ':' . $type . ':' . $typeId;
|
||||
if (isset($this->sessions_client_type_id[$key]))
|
||||
{
|
||||
unset($this->sessions[$this->sessions_client_type_id[$key]]);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function validateAuthCode(
|
||||
$clientId,
|
||||
$redirectUri,
|
||||
$authCode
|
||||
)
|
||||
{
|
||||
$key = $clientId . ':' . $redirectUri . ':' . $authCode;
|
||||
|
||||
if (isset($this->sessions_code[$key]))
|
||||
{
|
||||
return $this->sessions[$this->sessions_code[$key]];
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function hasSession(
|
||||
$type,
|
||||
$typeId,
|
||||
$clientId
|
||||
)
|
||||
{
|
||||
die('not implemented hasSession');
|
||||
}
|
||||
|
||||
public function getAccessToken($sessionId)
|
||||
{
|
||||
die('not implemented getAccessToken');
|
||||
}
|
||||
|
||||
public function removeAuthCode($sessionId)
|
||||
{
|
||||
die('not implemented removeAuthCode');
|
||||
}
|
||||
|
||||
public function setAccessToken(
|
||||
$sessionId,
|
||||
$accessToken
|
||||
)
|
||||
{
|
||||
die('not implemented setAccessToken');
|
||||
}
|
||||
|
||||
public function addSessionScope(
|
||||
$sessionId,
|
||||
$scope
|
||||
)
|
||||
{
|
||||
if ( ! isset($this->session_scopes[$sessionId]))
|
||||
{
|
||||
$this->session_scopes[$sessionId] = array();
|
||||
}
|
||||
|
||||
$this->session_scopes[$sessionId][] = $scope;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getScope($scope)
|
||||
{
|
||||
if ( ! isset($this->scopes[$scope]))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->scopes[$scope];
|
||||
}
|
||||
|
||||
public function updateSessionScopeAccessToken(
|
||||
$sessionId,
|
||||
$accessToken
|
||||
)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function accessTokenScopes($accessToken)
|
||||
{
|
||||
die('not implemented accessTokenScopes');
|
||||
}
|
||||
}
|
161
tests/authentication/server_test.php
Normal file
161
tests/authentication/server_test.php
Normal file
@ -0,0 +1,161 @@
|
||||
<?php
|
||||
|
||||
class Server_test extends PHPUnit_Framework_TestCase {
|
||||
|
||||
function setUp()
|
||||
{
|
||||
$this->oauth = new Oauth2\Authentication\Server();
|
||||
|
||||
require_once('database_mock.php');
|
||||
$this->oauthdb = new OAuthdb();
|
||||
$this->oauth->registerDbAbstractor($this->oauthdb);
|
||||
}
|
||||
|
||||
function test_generateCode()
|
||||
{
|
||||
$reflector = new ReflectionClass($this->oauth);
|
||||
$method = $reflector->getMethod('generateCode');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$result = $method->invoke($this->oauth);
|
||||
$result2 = $method->invoke($this->oauth);
|
||||
|
||||
$this->assertEquals(40, strlen($result));
|
||||
$this->assertNotEquals($result, $result2);
|
||||
}
|
||||
|
||||
function test_redirectUri()
|
||||
{
|
||||
$result1 = $this->oauth->redirectUri('http://example.com/foo');
|
||||
$result2 = $this->oauth->redirectUri('http://example.com/foo', array('foo' => 'bar'));
|
||||
$result3 = $this->oauth->redirectUri('http://example.com/foo', array('foo' => 'bar'), '#');
|
||||
|
||||
$this->assertEquals('http://example.com/foo?', $result1);
|
||||
$this->assertEquals('http://example.com/foo?foo=bar', $result2);
|
||||
$this->assertEquals('http://example.com/foo#foo=bar', $result3);
|
||||
}
|
||||
|
||||
function test_checkClientAuthoriseParams_GET()
|
||||
{
|
||||
$_GET['client_id'] = 'test';
|
||||
$_GET['redirect_uri'] = 'http://example.com/test';
|
||||
$_GET['response_type'] = 'code';
|
||||
$_GET['scope'] = 'test';
|
||||
|
||||
$expect = array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'response_type' => 'code',
|
||||
'scopes' => array(
|
||||
0 => array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
$result = $this->oauth->checkClientAuthoriseParams();
|
||||
|
||||
$this->assertEquals($expect, $result);
|
||||
}
|
||||
|
||||
function test_checkClientAuthoriseParams_PassedParams()
|
||||
{
|
||||
unset($_GET['client_id']);
|
||||
unset($_GET['redirect_uri']);
|
||||
unset($_GET['response_type']);
|
||||
unset($_GET['scope']);
|
||||
|
||||
$params = array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'response_type' => 'code',
|
||||
'scope' => 'test'
|
||||
);
|
||||
|
||||
$this->assertEquals(array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'response_type' => 'code',
|
||||
'scopes' => array(0 => array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
))
|
||||
), $this->oauth->checkClientAuthoriseParams($params));
|
||||
}
|
||||
|
||||
function test_newAuthoriseRequest()
|
||||
{
|
||||
$result = $this->oauth->newAuthoriseRequest('user', '123', array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'scopes' => array(array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
))
|
||||
));
|
||||
|
||||
$this->assertEquals(40, strlen($result));
|
||||
}
|
||||
|
||||
function test_newAuthoriseRequest_isUnique()
|
||||
{
|
||||
$result1 = $this->oauth->newAuthoriseRequest('user', '123', array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'scopes' => array(array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
))
|
||||
));
|
||||
|
||||
$result2 = $this->oauth->newAuthoriseRequest('user', '123', array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'scopes' => array(array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
))
|
||||
));
|
||||
|
||||
$this->assertNotEquals($result1, $result2);
|
||||
}
|
||||
|
||||
function test_issueAccessToken_POST()
|
||||
{
|
||||
$auth_code = $this->oauth->newAuthoriseRequest('user', '123', array(
|
||||
'client_id' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'scopes' => array(array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
))
|
||||
));
|
||||
|
||||
$_POST['client_id'] = 'test';
|
||||
$_POST['client_secret'] = 'test';
|
||||
$_POST['redirect_uri'] = 'http://example.com/test';
|
||||
$_POST['grant_type'] = 'authorization_code';
|
||||
$_POST['code'] = $auth_code;
|
||||
|
||||
$result = $this->oauth->issueAccessToken();
|
||||
|
||||
$this->assertCount(3, $result);
|
||||
$this->assertArrayHasKey('access_token', $result);
|
||||
$this->assertArrayHasKey('token_type', $result);
|
||||
$this->assertArrayHasKey('expires_in', $result);
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user