Commit Graph

379 Commits

Author SHA1 Message Date
Ron Arts
f79d3f27cf Incorporate https://github.com/thephpleague/oauth2-server/pull/731. Thanks.
Now can handle cr/lf, cr, and lf endings. And on php5 large keys as well.
2017-10-31 10:14:46 +01:00
Andrew Millington
3828f87b19 Fix tests as no longer set the default scope in the constructor
Use new setDefaultScope() method instead. Also changed default scope to
be a blank string instead of null
2017-10-30 23:48:02 +00:00
Andrew Millington
1161ceda0d Fix the authorization server middleware test 2017-10-30 23:26:49 +00:00
Andrew Millington
f9143b5163 Fix the refresh token grant test 2017-10-30 23:26:11 +00:00
Ron Arts
90fec63104 Setup the public.key.crlf with the proper permissions 2017-10-30 16:41:10 +01:00
Ron Arts
4563685375 Also accept an RSA key with crlf 2017-10-30 16:21:17 +01:00
Brian Retterer
23c7138d48 Apply fixes from StyleCI 2017-10-23 15:26:10 +00:00
Andrew Millington
24f29b6382 Fix more tests to support default scope setting 2017-10-19 22:37:19 +01:00
Andrew Millington
8c788e9fc8 Update tests so they don't trigger missing or invalid scope exceptions 2017-10-18 22:11:13 +01:00
Andrew Millington
4d28eadf93 Update tests so they don't trigger missing or invalid scope exceptions 2017-10-18 22:11:02 +01:00
Erick Torres
4270f5bac1 Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation
# Conflicts:
#	src/Grant/AuthCodeGrant.php
2017-09-07 17:24:48 -05:00
Yannick de Lange
2aca909d20 Removed chmod from CryptKey and add toggle to disable checking 2017-08-03 15:57:39 +02:00
Erick Torres
e2f9b73df3 Fix broken tests 2017-07-07 12:19:11 -05:00
Erick Torres
fbb3586cae Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation
# Conflicts:
#	src/Grant/AuthCodeGrant.php
#	tests/Grant/AuthCodeGrantTest.php
2017-07-07 12:06:32 -05:00
Alex Bilbie
aac467e616 Fixed broken tests 2017-07-01 18:11:19 +01:00
Alex Bilbie
1af4012df4 New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 16:45:29 +01:00
Alex Bilbie
57d199b889 Stricter validation of code challenge value to match RFC 7636 requirements 2017-07-01 16:44:43 +01:00
Erick Torres
11ad87b5f5 Update tests / Add missing. 2017-06-16 12:03:14 -05:00
Ian Littman
d8ece093d5 Add hasRedirect() method for OAuthServerException
Resolves #694.
2017-02-04 14:50:46 -05:00
François Kooman
6426e597a3
Fix PKCE code verifier encoding to match specification
The current implementation of PKCE does not follow the specification
correctly regarding the encoding of the code verifier. This patch
correctly encodes the hash of the code verifier according to
Appenix A of RFC 7636.
2017-01-24 11:36:34 +01:00
Alex Bilbie
56e8d374fb Fix broken tests 2016-09-19 10:06:00 +01:00
Alex Bilbie
11ccc305d0 Applied fixes from StyleCI 2016-09-13 14:17:09 +00:00
Alex Bilbie
0ebdcd2ab8 Merge pull request #614 from lookyman/better-tests
Improved tests
2016-07-25 12:17:28 -04:00
Julián Gutiérrez
065ef5db99 CryptKey tests 2016-07-19 17:15:36 +02:00
Ian Littman
090c01d3d1 Allow easy addition of custom fields to Bearer token response 2016-07-16 10:27:33 -05:00
Lukáš Unger
17b6e2a207 tests: Fix missing redirect uri test, add redirect uri mismatch test 2016-07-08 16:04:14 +02:00
Lukáš Unger
54422a244f tests: AuthCodeGrantTest additional tests 2016-07-08 15:31:29 +02:00
Lukáš Unger
9899aa1f99 tests: ImplicitGrantTest additional tests 2016-07-08 15:30:59 +02:00
Lukáš Unger
32efd091a1 tests: use MockBuilder everywhere 2016-07-08 15:29:21 +02:00
Alex Bilbie
66de05a395 Merge pull request #605 from jfilla/master
Added catch Runtime exception when parsing JWT string
2016-06-28 08:49:29 +01:00
Alex Bilbie
df20da1235 Merge pull request #601 from zerkms/ISSUE-596_UNIQUE_ACCESS_TOKEN
Added a check for unique access token constraint violation
2016-06-28 08:48:38 +01:00
Jakub Filla
9eccc40eb6 Added catch Runtime exception when parsing JWT string 2016-06-22 12:38:03 +02:00
Ian Littman
9775c0076b Look at Authorization header directly for HTTP Basic auth check
Should allow for better compatibility with server implementations that aren't sitting on top of a standard SAPI (e.g. persistent web servers building a PSR-7 compatible request from a socket-received message).

One catch here is that I've seen Apache hijack the HTTP Authorization header in the past, though that would probably impact the other aspects of the server just as much as it would this, so I think that risk is manageable.

Added tests to cover all paths through the new code, so the AbstractGrant type still has 100% coverage :)

Did notice that, as of the latest versions of PHPUnit, the mock creation method is deprecated. Maybe that needs to be updated? Haven't checked to see whether the replacements are PHPUnit 4.8 compatible though, so maybe they need to stay in order to test on older PHP versions?
2016-06-21 21:08:38 -05:00
Ivan Kurnosov
b68ef973df Added a check for unique access token constraint violation 2016-06-20 20:19:03 +12:00
Ivan Kurnosov
6b88cbeb13 Removed isExpired() from interfaces and traits 2016-06-17 19:50:04 +12:00
Alex Bilbie
8e8aed1a50 Implemented RFC7636. Fixes #574 2016-05-06 15:23:16 +01:00
İsmail BASKIN
7285ede563
Include redirect_uri check on authorization endpoint 2016-05-04 13:34:37 +03:00
Alex Bilbie
77737e7894 Applied fixes from StyleCI 2016-04-17 08:06:17 -04:00
Alex Bilbie
7c35778316 Added tests for resource server middleware 2016-04-17 12:54:39 +01:00
Alex Bilbie
f6f39698d9 Renamed Server to AuthorizationServer 2016-04-17 12:54:25 +01:00
Alex Bilbie
103b0cc50d Fixed broken test 2016-04-10 17:15:48 +01:00
Alex Bilbie
495b55d1e8 Applied fixes from StyleCI 2016-04-10 11:14:08 -04:00
Alex Bilbie
92a483b3bd Improved tests 2016-04-10 16:14:01 +01:00
Alex Bilbie
5969082963 Fix tests and improve code coverate 2016-04-10 15:58:01 +01:00
Alex Bilbie
7a6d9a4510 Fixed broken AuthCodeGrant tests 2016-04-10 15:15:29 +01:00
Alex Bilbie
a0c4900ee7 Client is not required here because of finalizeScopes method 2016-04-10 13:53:16 +01:00
Alex Bilbie
5d3516c7b4 Applied fixes from StyleCI 2016-04-10 06:48:46 -04:00
Alex Bilbie
5410a42bb6 Fix to broken methods 2016-04-10 10:28:12 +01:00
Alex Bilbie
4689802c30 Renamed server respondToRequest to respondToAccessTokenRequest 2016-04-09 16:20:30 +01:00
Alex Bilbie
0ca2511d1e Applied fixes from StyleCI 2016-04-09 10:46:46 -04:00
Alex Bilbie
2c2ef800d4 Applied fixes from StyleCI 2016-04-09 10:46:40 -04:00
Alex Bilbie
47656cd9b5 Fix broken tests 2016-04-09 15:44:38 +01:00
Alex Bilbie
c6faa228fe Updated references to interfaces 2016-04-09 15:25:45 +01:00
Alex Bilbie
3c0a7f14ab Fixed broken tests 2016-04-09 14:15:10 +01:00
Alex Bilbie
198f4c4b6f Merge branch 'token_from_repo' of https://github.com/frederikbosch/oauth2-server into frederikbosch-token_from_repo
# Conflicts:
#	tests/Grant/AuthCodeGrantTest.php
#	tests/Grant/ImplicitGrantTest.php
#	tests/Grant/RefreshTokenGrantTest.php
2016-04-09 14:12:06 +01:00
Alex Bilbie
fc9e912e06 Fixed broken test 2016-04-09 13:45:38 +01:00
Alex Bilbie
39281a6f38 Merge branch 'repository_on_response' of https://github.com/juliangut/oauth2-server into juliangut-repository_on_response
# Conflicts:
#	tests/ResponseTypes/BearerResponseTypeTest.php
2016-04-09 13:43:33 +01:00
Alex Bilbie
656a8d7a56 Merge pull request #502 from juliangut/passphrase
V5 - Handle RSA key passphrase
2016-04-09 13:40:28 +01:00
Alex Bilbie
8274c56fc2 Allow multiple client redirect URIs. Fixes #511 2016-04-09 13:36:08 +01:00
Frederik Bosch
de8f6ff539 add getNewAccessToken getNewRefreshToken and getNewAuthCode to repositories 2016-04-04 10:37:06 +02:00
Julián Gutiérrez
a38b7f97f9 include keys in Server tests 2016-03-28 17:10:41 +02:00
Julián Gutiérrez
197657f2b9 handle RSA key passphrase 2016-03-28 16:42:34 +02:00
Julián Gutiérrez
e513b42117 remove access token repository from response types 2016-03-28 12:10:51 +02:00
Frederik Bosch
fbf4388b01 prevent double persist of token when doing refresh grant 2016-03-24 17:24:17 +01:00
Alex Bilbie
2b76e2bf6e Fix for broken test which wasn't actually broken but was 2016-03-24 10:07:09 +00:00
Alex Bilbie
a18b8c57b2 Fix broken tests 2016-03-23 18:50:14 +00:00
Alex Bilbie
878afeb9f9 ClientRepository implementations are now responsible for dealing with client secret 2016-03-22 16:29:04 +00:00
Julián Gutiérrez
b629b5e53f styleCI request 2016-03-18 00:38:37 +01:00
Julián Gutiérrez
4b775fe241 include CryptTrait tests, allow Server::respondToRequest trhow exceptions and fix ResposeType tests 2016-03-18 00:25:32 +01:00
Julián Gutiérrez
890fdeba16 CryptTrait tests 2016-03-17 21:18:28 +01:00
Julián Gutiérrez
ee91072455 template renderer holds template related information 2016-03-16 12:32:21 +01:00
Alex Bilbie
9e828f8f3c Updated stub client entity 2016-03-15 21:29:45 +00:00
Julián Gutiérrez
9e04da01de unused use statements 2016-03-15 01:18:54 +01:00
Julián Gutiérrez
592f60de70 allways extract scopes from repository 2016-03-15 01:10:47 +01:00
Julián Gutiérrez
ced63e2051 allow scopes extraction on GET requests for auth_code and implicit grants 2016-03-14 00:12:14 +01:00
Julián Gutiérrez
ecad2b98ae update invalid grant type test 2016-03-11 00:23:29 +01:00
Alex Bilbie
6e74de50e5 Test fixes 2016-03-10 19:01:57 +00:00
Alex Bilbie
c40a10a071 Applied fixes from StyleCI 2016-03-10 12:40:28 -05:00
Alex Bilbie
f7f3cdee24 Use client->setName method 2016-03-10 17:34:36 +00:00
Alex Bilbie
c490cd4ef2 Added middleware tests 2016-03-10 17:22:48 +00:00
Alex Bilbie
a716a08be6 Completed stub response 2016-03-10 17:22:38 +00:00
Alex Bilbie
8f0cb0e78c Updated server test 2016-03-10 16:34:32 +00:00
Alex Bilbie
fb1fa71b5d Improved BearerResponseType test 2016-03-10 16:34:21 +00:00
Alex Bilbie
0216638903 Added BearerResponseType test 2016-03-10 15:50:17 +00:00
Alex Bilbie
721a31534e Added implicit grant test 2016-03-10 15:10:08 +00:00
Alex Bilbie
997d390f3d Applied fixes from StyleCI 2016-02-22 03:00:50 -05:00
Alex Bilbie
d02437dd73 Improved testing 2016-02-21 18:13:39 +00:00
Alex Bilbie
9675dff220 Added AuthCodeGrant tests 2016-02-21 17:08:57 +00:00
Alex Bilbie
bc82f5badd Improved RefreshTokenGrant tests 2016-02-21 16:40:16 +00:00
Alex Bilbie
a4b65241ad Updated PasswordGrant test 2016-02-21 16:09:39 +00:00
Alex Bilbie
8b601d79b9 First commit of AuthCodeGrant test 2016-02-21 14:32:27 +00:00
Alex Bilbie
a2460886f6 Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00
Julián Gutiérrez
a644eacea7 Merge branch 'V5-WIP' into move_identifier_generation 2016-02-18 18:14:59 +01:00
Alex Bilbie
13baa0bb26 Updated tests 2016-02-18 12:07:50 +00:00
Alex Bilbie
ad5b242d10 Updated AbstractGrantTest 2016-02-18 11:36:20 +00:00
Alex Bilbie
73cd377c4b Added client credentials grant test 2016-02-18 10:49:13 +00:00
Alex Bilbie
e808528cc8 Added test stubs 2016-02-18 10:47:59 +00:00
Alex Bilbie
fb77a78fb3 Added Password Grant test 2016-02-18 10:47:52 +00:00
Alex Bilbie
0d8cb0d06f Fixes for RefreshTokenGrant 2016-02-18 10:47:30 +00:00
Julián Gutiérrez
5d6634aa9f Merge branch 'V5-WIP' into move_identifier_generation 2016-02-13 14:11:38 +01:00
Alex Bilbie
de13e14cdd Added test/Utils 2016-02-12 18:08:13 +00:00
Alex Bilbie
08ad67e401 Updated phpunit tests 2016-02-12 17:53:07 +00:00
Alex Bilbie
21e2ccd0fb Removed codeception 2016-02-12 17:51:10 +00:00
Alex Bilbie
9a8b7ec898 Removed old codecept tests 2016-02-12 17:46:30 +00:00
Alex Bilbie
64d4c4a38a Removed old tests 2016-02-12 15:44:34 +00:00
Alex Bilbie
18b104d0ac Run codecept build to generate test files 2015-04-06 08:34:50 +01:00
Alex Bilbie
775d42115a More client credentials test 2015-04-05 18:18:09 +01:00
Alex Bilbie
f3705865a3 Ignore codeception output 2015-04-05 18:17:36 +01:00
Alex Bilbie
7a3670523d First commit of Codeception files 2015-04-05 17:05:49 +01:00
Alex Bilbie
7c57310b67 Removed old fuzz tests 2015-04-04 15:41:31 +01:00
Alex Bilbie
b727be55a2 Merge branch 'master' of https://github.com/Symplicity/oauth2-server into Symplicity-master 2014-12-27 22:57:08 +00:00
Alex Bilbie
707c85b0d6 Fixes and tests 2014-12-27 22:26:31 +00:00
Dave Walker
851c7c0eb1 Per the spec:
The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)
2014-12-21 18:51:52 -05:00
Graham Campbell
a1726903b5 CS fixes 2014-12-10 13:10:35 +00:00
Alex Bilbie
f8b61b47b9 Ensure Refresh Token Entity hasn't expired 2014-12-03 23:22:14 +00:00
Alex Bilbie
f83e5a8731 Learnt how to spell delimiter 2014-11-20 23:52:29 +00:00
Graham Campbell
4c1cd04a24 CS fixes 2014-11-08 18:26:12 +00:00
Alex Bilbie
583c21e7db Updated unit tests 2014-11-08 17:16:17 +00:00
Alex Bilbie
7dc5a8090f Remove old test 2014-11-08 17:03:20 +00:00
Alex Bilbie
b9debaab26 Fix #231 2014-11-08 16:44:39 +00:00
Alex Bilbie
856051bfb3 Fix #232 2014-11-08 16:20:13 +00:00
Alex Bilbie
3815355489 Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 02:20:06 +00:00
Alex Bilbie
db7c42cc91 Fixed broken tests 2014-11-07 00:55:38 +00:00
Alex Bilbie
fbf1535db1 Renamed Adapter to AbstractStorage because it isn't actually an adapter 2014-11-07 00:45:25 +00:00
Alex Bilbie
136edf16c5 Fix #213 2014-09-30 23:55:21 +01:00
pulkit
1ff3d1adda support grant specific access token ttl 2014-09-11 13:58:01 +01:00
Alex Bilbie
d32cea1988 Removed tests that had crept in 2014-08-16 10:53:32 +02:00
Alex Bilbie
522c7478c7 Fix #169 2014-08-06 09:53:47 +01:00
Alex Bilbie
79f15f3855 Merge branch 'v4.0.0-WIP' into develop
Conflicts:
	.gitignore
	.travis.yml
	README.md
	composer.json
	phpunit.xml
	sql/mysql.sql
	src/League/OAuth2/Server/Grant/RefreshToken.php
	src/League/OAuth2/Server/Resource.php
	src/League/OAuth2/Server/Storage/SessionInterface.php
	src/League/OAuth2/Server/Util/Request.php
	src/Util/KeyAlgorithm/DefaultAlgorithm.php
	tests/resource/ResourceServerTest.php
	tests/util/RedirectUriTest.php
	tests/util/RequestTest.php
	tests/util/SecureKeyTest.php
2014-08-06 09:21:56 +01:00
Alex Bilbie
ca1b977786 Added another test 2014-08-06 08:43:25 +01:00
Alex Bilbie
7525fc0884 Bug fixes 2014-08-06 08:43:08 +01:00
Alex Bilbie
07a42f6f43 Added setAccessTokenId method 2014-08-06 08:42:42 +01:00
Alex Bilbie
684a8a269e Updated examples 2014-08-04 18:54:01 +01:00
Alex Bilbie
7e0e337134 Fixed grant password fuzz test 2014-08-04 15:27:08 +01:00
Alex Bilbie
69208fe0ac Added more fizzfuzz tests 2014-08-04 15:18:55 +01:00
Alex Bilbie
806838b8e4 So long codeception, you suck 2014-08-04 15:18:44 +01:00
Alex Bilbie
2637af87ec Merge branch 'v4.0.0-relational-example' of github.com:thephpleague/oauth2-server into v4.0.0-relational-example 2014-08-04 10:54:50 +01:00
Alex Bilbie
ffe59f5a5f Added Fuzz tests 2014-08-04 09:12:00 +01:00
Alex Bilbie
ad12a088cf Renamed auth to authServer 2014-07-28 13:56:00 +01:00
Alex Bilbie
0810be9ce4 Merge branch 'v4.0.0-relational-example' of github.com:thephpleague/oauth2-server into v4.0.0-relational-example 2014-07-28 13:54:46 +01:00
Alex Bilbie
7f75246619 Added auth functional tests 2014-07-27 22:51:00 +01:00
Alex Bilbie
54e6bbd4a6 expires isn't part of the spec 2014-07-27 17:15:55 +01:00
Alex Bilbie
395ee3bf49 Moved existing functional tests into resource server folder 2014-07-22 12:15:41 +01:00
Alex Bilbie
47a5c1ba08 100% unit test coverage 2014-07-22 11:45:19 +01:00
Alex Bilbie
7067a35d3a Fixed broken example tests 2014-07-22 10:58:15 +01:00
Alex Bilbie
f40ada9ac7 Moved unit tests 2014-07-22 09:23:00 +01:00
Alex Bilbie
ca61d5d4e0 Moved functional tests 2014-07-22 09:21:01 +01:00
Alex Bilbie
20032f33a2 More tests 2014-07-12 12:07:46 +01:00
Alex Bilbie
b694cca743 Fix broken test 2014-07-12 08:58:18 +01:00
Alex Bilbie
c6bc1b0cfc Updated tests 2014-07-11 18:19:10 +01:00