From ae4ab26aaf078c3933f2602687d1f19adc3ea682 Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Thu, 24 May 2018 12:19:55 +0100
Subject: [PATCH 1/2] Add test for unsigned access token

---
 .../BearerTokenValidatorTest.php              | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 tests/AuthorizationValidators/BearerTokenValidatorTest.php

diff --git a/tests/AuthorizationValidators/BearerTokenValidatorTest.php b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
new file mode 100644
index 00000000..5690c9a9
--- /dev/null
+++ b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace LeagueTests\AuthorizationValidators;
+
+use Lcobucci\JWT\Builder;
+use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
+use League\OAuth2\Server\CryptKey;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use PHPUnit\Framework\TestCase;
+use Zend\Diactoros\ServerRequest;
+
+class BearerTokenValidatorTest extends TestCase
+{
+    /**
+     * @expectedException League\OAuth2\Server\Exception\OAuthServerException
+     * @expectedExceptionCode 9
+     */
+    public function testThrowExceptionWhenAccessTokenIsNotSigned()
+    {
+        $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
+
+        $bearerTokenValidator = new BearerTokenValidator($accessTokenRepositoryMock);
+        $bearerTokenValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
+
+        $unsignedJwt = (new Builder())
+            ->setAudience('client-id')
+            ->setId('token-id', true)
+            ->setIssuedAt(time())
+            ->setNotBefore(time())
+            ->setExpiration(time())
+            ->setSubject('user-id')
+            ->set('scopes', 'scope1 scope2 scope3 scope4')
+            ->getToken();
+
+        $request = new ServerRequest();
+        $request = $request->withHeader('authorization', sprintf('Bearer %s', $unsignedJwt));
+
+        $bearerTokenValidator->validateAuthorization($request);
+    }
+}

From 72ead2e3ce39fbe0055b7b24c572e858193e52eb Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Thu, 24 May 2018 12:23:26 +0100
Subject: [PATCH 2/2] Fix unused use statement

---
 tests/AuthorizationValidators/BearerTokenValidatorTest.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/AuthorizationValidators/BearerTokenValidatorTest.php b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
index 5690c9a9..801846cb 100644
--- a/tests/AuthorizationValidators/BearerTokenValidatorTest.php
+++ b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
@@ -3,7 +3,6 @@
 namespace LeagueTests\AuthorizationValidators;
 
 use Lcobucci\JWT\Builder;
-use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
 use League\OAuth2\Server\CryptKey;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;