mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
76 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
276d5b655b | ||
|
|
00138446b6 | ||
|
|
1c36b70dab | ||
|
|
f11e4c81cd | ||
|
|
f5a1feb67d | ||
|
|
1ad4d2121f | ||
|
|
1660dd0559 | ||
|
9ceafe5dd3 | ||
|
|
d1d68242ea | ||
|
|
a53e753b1a | ||
|
f88961eddd | ||
|
|
8c93fd74c9 | ||
|
|
2765481b9f | ||
|
|
9273936009 | ||
|
|
5f4ec6a154 | ||
|
|
b50c7622db | ||
|
|
dc9c1a1023 | ||
|
|
6e6baf5b75 | ||
|
|
7878cf9c13 | ||
|
|
1bcee9aaba | ||
|
|
1e3a84fc85 | ||
|
|
a5c5929dc9 | ||
|
|
c6bf2e1df0 | ||
|
|
eb645063c7 | ||
|
|
65789e0f39 | ||
|
|
512d4898e2 | ||
|
|
c895885700 | ||
|
|
661a0994c6 | ||
|
|
3871aee48c | ||
|
|
04f3d39b45 | ||
|
|
6bb416ce78 | ||
|
|
ce8248c10f | ||
|
|
13be557825 | ||
|
|
0f08063864 | ||
|
|
cc6eb63dd8 | ||
|
|
093c7755fa | ||
|
|
82b81c7f6f | ||
|
|
9cd86a9154 | ||
|
|
42ea0de9fb | ||
|
|
ab760a805c | ||
|
|
34cb0ba759 | ||
|
|
ac48653bb5 | ||
|
|
bd2cdaf5da | ||
|
|
4806eda45a | ||
|
|
b2fe909a71 | ||
|
|
d0619385b8 | ||
|
|
3828f87b19 | ||
|
|
a49f6ff80d | ||
|
|
1161ceda0d | ||
|
|
f9143b5163 | ||
|
cc98b5ec16 | ||
|
|
4d77aee4a9 | ||
|
b6b0e7c944 | ||
|
|
a4fc05c31e | ||
|
|
606f69e6cd | ||
|
|
825017f27e | ||
|
37645f3244 | ||
|
63c2c21ee6 | ||
|
|
23c7138d48 | ||
|
|
63861704b6 | ||
|
203be5ca20 | ||
|
|
24f29b6382 | ||
|
|
8c788e9fc8 | ||
|
|
4d28eadf93 | ||
|
|
5a28fb8af4 | ||
|
|
c996b66528 | ||
|
|
c70451abd5 | ||
|
|
e7ee483d11 | ||
|
|
5b223a9501 | ||
|
|
3b58ab1df2 | ||
|
|
170ce2fd2d | ||
|
83228bdcd5 | ||
|
6426e597a3 | ||
|
ee8841fe66 | ||
|
9a58bc15f6 | ||
|
|
7285ede563 |
@@ -10,6 +10,7 @@ php:
|
||||
- 5.6
|
||||
- 7.0
|
||||
- 7.1
|
||||
- 7.2
|
||||
|
||||
install:
|
||||
- travis_retry composer install --no-interaction --prefer-source
|
||||
|
||||
12
README.md
12
README.md
@@ -3,7 +3,7 @@
|
||||
### :warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning:
|
||||
### Security Notice
|
||||
|
||||
### Please upgrade to version `>=5.1.4` (backwards compatible) or `6.x` (one tiny breaking change) to fix some potential security vulnerabilities - [visit this page for more information](https://oauth2.thephpleague.com/v5-security-improvements/)
|
||||
### Please upgrade to version `>=5.1.6` (backwards compatible) or `6.x` (one tiny breaking change) to fix some potential security vulnerabilities - [visit this page for more information](https://oauth2.thephpleague.com/v5-security-improvements/)
|
||||
### :warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning:
|
||||
|
||||
[](https://github.com/thephpleague/oauth2-server/releases)
|
||||
@@ -39,6 +39,7 @@ The following versions of PHP are supported:
|
||||
* PHP 5.6
|
||||
* PHP 7.0
|
||||
* PHP 7.1
|
||||
* PHP 7.2
|
||||
|
||||
The `openssl` extension is also required.
|
||||
|
||||
@@ -61,6 +62,10 @@ Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague
|
||||
|
||||
If you have any questions about OAuth _please_ open a ticket here; please **don't** email the address below.
|
||||
|
||||
<a target='_blank' rel='nofollow' href='https://app.codesponsor.io/link/N2YMJcLBppt2Eg9E1jGu4gef/thephpleague/oauth2-server'>
|
||||
<img alt='Sponsor' width='888' height='68' src='https://app.codesponsor.io/embed/N2YMJcLBppt2Eg9E1jGu4gef/thephpleague/oauth2-server.svg' />
|
||||
</a>
|
||||
|
||||
## Commercial Support
|
||||
|
||||
If you would like help implementing this library into your existing platform, or would be interested in OAuth advice or training for you and your team please get in touch with [Glynde Labs](https://glyndelabs.com).
|
||||
@@ -75,7 +80,10 @@ This package is released under the MIT License. See the bundled [LICENSE](https:
|
||||
|
||||
## Credits
|
||||
|
||||
This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).
|
||||
This code is principally developed and maintained by [Andy Millington](https://twitter.com/Sephster), [Brian
|
||||
Retterer](https://twitter.com/bretterer), and [Simon Hamp](https://twitter.com/simonhamp).
|
||||
|
||||
Between 2012 and 2017 this library was developed and maintained by [Alex Bilbie](https://alexbilbie.com/).
|
||||
|
||||
Special thanks to [all of these awesome contributors](https://github.com/thephpleague/oauth2-server/contributors).
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
"defuse/php-encryption": "^2.1"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^4.8 || ^5.0",
|
||||
"phpunit/phpunit": "^4.8.38 || ^5.7.21",
|
||||
"zendframework/zend-diactoros": "^1.0"
|
||||
},
|
||||
"repositories": [
|
||||
|
||||
@@ -7,7 +7,8 @@
|
||||
"lcobucci/jwt": "^3.1",
|
||||
"paragonie/random_compat": "^2.0",
|
||||
"psr/http-message": "^1.0",
|
||||
"defuse/php-encryption": "^2.1"
|
||||
"defuse/php-encryption": "^2.1",
|
||||
"zendframework/zend-diactoros": "^1.0"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) Alex Bilbie
|
||||
* @license http://mit-license.org/
|
||||
*
|
||||
* @link https://github.com/thephpleague/oauth2-server
|
||||
*/
|
||||
|
||||
@@ -70,6 +71,11 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
*/
|
||||
private $encryptionKey;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $defaultScope = '';
|
||||
|
||||
/**
|
||||
* New server instance.
|
||||
*
|
||||
@@ -96,7 +102,6 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
$privateKey = new CryptKey($privateKey);
|
||||
}
|
||||
$this->privateKey = $privateKey;
|
||||
|
||||
$this->encryptionKey = $encryptionKey;
|
||||
$this->responseType = $responseType;
|
||||
}
|
||||
@@ -116,6 +121,7 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
$grantType->setAccessTokenRepository($this->accessTokenRepository);
|
||||
$grantType->setClientRepository($this->clientRepository);
|
||||
$grantType->setScopeRepository($this->scopeRepository);
|
||||
$grantType->setDefaultScope($this->defaultScope);
|
||||
$grantType->setPrivateKey($this->privateKey);
|
||||
$grantType->setEmitter($this->getEmitter());
|
||||
$grantType->setEncryptionKey($this->encryptionKey);
|
||||
@@ -172,17 +178,19 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
|
||||
{
|
||||
foreach ($this->enabledGrantTypes as $grantType) {
|
||||
if ($grantType->canRespondToAccessTokenRequest($request)) {
|
||||
$tokenResponse = $grantType->respondToAccessTokenRequest(
|
||||
$request,
|
||||
$this->getResponseType(),
|
||||
$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
|
||||
);
|
||||
|
||||
if ($tokenResponse instanceof ResponseTypeInterface) {
|
||||
return $tokenResponse->generateHttpResponse($response);
|
||||
}
|
||||
if (!$grantType->canRespondToAccessTokenRequest($request)) {
|
||||
continue;
|
||||
}
|
||||
$tokenResponse = $grantType->respondToAccessTokenRequest(
|
||||
$request,
|
||||
$this->getResponseType(),
|
||||
$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
|
||||
);
|
||||
|
||||
if ($tokenResponse instanceof ResponseTypeInterface) {
|
||||
return $tokenResponse->generateHttpResponse($response);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
throw OAuthServerException::unsupportedGrantType();
|
||||
@@ -204,4 +212,14 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
|
||||
return $this->responseType;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the default scope for the authorization server.
|
||||
*
|
||||
* @param string $defaultScope
|
||||
*/
|
||||
public function setDefaultScope($defaultScope)
|
||||
{
|
||||
$this->defaultScope = $defaultScope;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the private key
|
||||
* Set the public key
|
||||
*
|
||||
* @param \League\OAuth2\Server\CryptKey $key
|
||||
*/
|
||||
|
||||
@@ -1,9 +1,11 @@
|
||||
<?php
|
||||
/**
|
||||
* Public/private key encryption.
|
||||
*
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) Alex Bilbie
|
||||
* @license http://mit-license.org/
|
||||
*
|
||||
* @link https://github.com/thephpleague/oauth2-server
|
||||
*/
|
||||
|
||||
@@ -24,6 +26,7 @@ trait CryptTrait
|
||||
* @param string $unencryptedData
|
||||
*
|
||||
* @throws \LogicException
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function encrypt($unencryptedData)
|
||||
@@ -41,6 +44,7 @@ trait CryptTrait
|
||||
* @param string $encryptedData
|
||||
*
|
||||
* @throws \LogicException
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function decrypt($encryptedData)
|
||||
|
||||
@@ -105,10 +105,15 @@ class OAuthServerException extends \Exception
|
||||
public static function invalidScope($scope, $redirectUri = null)
|
||||
{
|
||||
$errorMessage = 'The requested scope is invalid, unknown, or malformed';
|
||||
$hint = sprintf(
|
||||
'Check the `%s` scope',
|
||||
htmlspecialchars($scope, ENT_QUOTES, 'UTF-8', false)
|
||||
);
|
||||
|
||||
if (empty($scope)) {
|
||||
$hint = 'Specify a scope in the request or set a default scope';
|
||||
} else {
|
||||
$hint = sprintf(
|
||||
'Check the `%s` scope',
|
||||
htmlspecialchars($scope, ENT_QUOTES, 'UTF-8', false)
|
||||
);
|
||||
}
|
||||
|
||||
return new static($errorMessage, 5, 'invalid_scope', 400, $hint, $redirectUri);
|
||||
}
|
||||
|
||||
@@ -81,6 +81,11 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
protected $privateKey;
|
||||
|
||||
/**
|
||||
* @string
|
||||
*/
|
||||
protected $defaultScope;
|
||||
|
||||
/**
|
||||
* @param ClientRepositoryInterface $clientRepository
|
||||
*/
|
||||
@@ -147,6 +152,14 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
$this->privateKey = $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $scope
|
||||
*/
|
||||
public function setDefaultScope($scope)
|
||||
{
|
||||
$this->defaultScope = $scope;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate the client.
|
||||
*
|
||||
@@ -211,18 +224,14 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*
|
||||
* @return ScopeEntityInterface[]
|
||||
*/
|
||||
public function validateScopes(
|
||||
$scopes,
|
||||
$redirectUri = null
|
||||
) {
|
||||
$scopesList = array_filter(
|
||||
explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
|
||||
function ($scope) {
|
||||
return !empty($scope);
|
||||
}
|
||||
);
|
||||
public function validateScopes($scopes, $redirectUri = null)
|
||||
{
|
||||
$scopesList = array_filter(explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), function ($scope) {
|
||||
return !empty($scope);
|
||||
});
|
||||
|
||||
$validScopes = [];
|
||||
|
||||
$scopes = [];
|
||||
foreach ($scopesList as $scopeItem) {
|
||||
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
|
||||
|
||||
@@ -230,10 +239,14 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
|
||||
}
|
||||
|
||||
$scopes[] = $scope;
|
||||
$validScopes[] = $scope;
|
||||
}
|
||||
|
||||
return $scopes;
|
||||
if (empty($validScopes)) {
|
||||
throw OAuthServerException::invalidScope('', $redirectUri);
|
||||
}
|
||||
|
||||
return $validScopes;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
case 'S256':
|
||||
if (
|
||||
hash_equals(
|
||||
urlencode(base64_encode(hash('sha256', $codeVerifier))),
|
||||
hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
|
||||
$authCodePayload->code_challenge
|
||||
) === false
|
||||
) {
|
||||
@@ -240,10 +240,15 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
} elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1
|
||||
|| empty($client->getRedirectUri())
|
||||
) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
|
||||
$scopes = $this->validateScopes(
|
||||
$this->getQueryStringParameter('scope', $request),
|
||||
$this->getQueryStringParameter('scope', $request, $this->defaultScope),
|
||||
is_array($client->getRedirectUri())
|
||||
? $client->getRedirectUri()[0]
|
||||
: $client->getRedirectUri()
|
||||
|
||||
@@ -29,13 +29,13 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
) {
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
|
||||
|
||||
// Finalize the requested scopes
|
||||
$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
|
||||
$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
|
||||
|
||||
// Issue and persist access token
|
||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $scopes);
|
||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $finalizedScopes);
|
||||
|
||||
// Inject access token into response type
|
||||
$responseType->setAccessToken($accessToken);
|
||||
|
||||
@@ -119,6 +119,13 @@ interface GrantTypeInterface extends EmitterAwareInterface
|
||||
*/
|
||||
public function setScopeRepository(ScopeRepositoryInterface $scopeRepository);
|
||||
|
||||
/**
|
||||
* Set the default scope.
|
||||
*
|
||||
* @param string $scope
|
||||
*/
|
||||
public function setDefaultScope($scope);
|
||||
|
||||
/**
|
||||
* Set the path to the private key.
|
||||
*
|
||||
|
||||
@@ -27,11 +27,18 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
||||
private $accessTokenTTL;
|
||||
|
||||
/**
|
||||
* @param \DateInterval $accessTokenTTL
|
||||
* @var string
|
||||
*/
|
||||
public function __construct(\DateInterval $accessTokenTTL)
|
||||
private $queryDelimiter;
|
||||
|
||||
/**
|
||||
* @param \DateInterval $accessTokenTTL
|
||||
* @param string $queryDelimiter
|
||||
*/
|
||||
public function __construct(\DateInterval $accessTokenTTL, $queryDelimiter = '#')
|
||||
{
|
||||
$this->accessTokenTTL = $accessTokenTTL;
|
||||
$this->queryDelimiter = $queryDelimiter;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -95,7 +102,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
||||
public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
|
||||
{
|
||||
return (
|
||||
array_key_exists('response_type', $request->getQueryParams())
|
||||
isset($request->getQueryParams()['response_type'])
|
||||
&& $request->getQueryParams()['response_type'] === 'token'
|
||||
&& isset($request->getQueryParams()['client_id'])
|
||||
);
|
||||
@@ -142,17 +149,22 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
} elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1
|
||||
|| empty($client->getRedirectUri())
|
||||
) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
|
||||
$scopes = $this->validateScopes(
|
||||
$this->getQueryStringParameter('scope', $request),
|
||||
$this->getQueryStringParameter('scope', $request, $this->defaultScope),
|
||||
is_array($client->getRedirectUri())
|
||||
? $client->getRedirectUri()[0]
|
||||
: $client->getRedirectUri()
|
||||
);
|
||||
|
||||
// Finalize the requested scopes
|
||||
$scopes = $this->scopeRepository->finalizeScopes(
|
||||
$finalizedScopes = $this->scopeRepository->finalizeScopes(
|
||||
$scopes,
|
||||
$this->getIdentifier(),
|
||||
$client
|
||||
@@ -165,7 +177,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
||||
$authorizationRequest->setClient($client);
|
||||
$authorizationRequest->setRedirectUri($redirectUri);
|
||||
$authorizationRequest->setState($stateParameter);
|
||||
$authorizationRequest->setScopes($scopes);
|
||||
$authorizationRequest->setScopes($finalizedScopes);
|
||||
|
||||
return $authorizationRequest;
|
||||
}
|
||||
@@ -200,11 +212,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
||||
$finalRedirectUri,
|
||||
[
|
||||
'access_token' => (string) $accessToken->convertToJWT($this->privateKey),
|
||||
'token_type' => 'bearer',
|
||||
'token_type' => 'Bearer',
|
||||
'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp(),
|
||||
'state' => $authorizationRequest->getState(),
|
||||
],
|
||||
'#'
|
||||
$this->queryDelimiter
|
||||
)
|
||||
);
|
||||
|
||||
|
||||
@@ -49,14 +49,14 @@ class PasswordGrant extends AbstractGrant
|
||||
) {
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
|
||||
$user = $this->validateUser($request, $client);
|
||||
|
||||
// Finalize the requested scopes
|
||||
$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier());
|
||||
$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier());
|
||||
|
||||
// Issue and persist new tokens
|
||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
|
||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $finalizedScopes);
|
||||
$refreshToken = $this->issueRefreshToken($accessToken);
|
||||
|
||||
// Inject tokens into response
|
||||
|
||||
@@ -44,28 +44,17 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
|
||||
$scopes = $this->validateScopes($this->getRequestParameter(
|
||||
'scope',
|
||||
$request,
|
||||
implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes']))
|
||||
);
|
||||
|
||||
// If no new scopes are requested then give the access token the original session scopes
|
||||
if (count($scopes) === 0) {
|
||||
$scopes = array_map(function ($scopeId) use ($client) {
|
||||
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
|
||||
|
||||
if ($scope instanceof ScopeEntityInterface === false) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw OAuthServerException::invalidScope($scopeId);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
return $scope;
|
||||
}, $oldRefreshToken['scopes']);
|
||||
} else {
|
||||
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
|
||||
// the request doesn't include any new scopes
|
||||
foreach ($scopes as $scope) {
|
||||
if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) {
|
||||
throw OAuthServerException::invalidScope($scope->getIdentifier());
|
||||
}
|
||||
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
|
||||
// the request doesn't include any new scopes
|
||||
foreach ($scopes as $scope) {
|
||||
if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) {
|
||||
throw OAuthServerException::invalidScope($scope->getIdentifier());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -60,5 +60,4 @@ abstract class AbstractResponseType implements ResponseTypeInterface
|
||||
{
|
||||
$this->privateKey = $key;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
namespace LeagueTests;
|
||||
|
||||
use League\OAuth2\Server\AuthorizationServer;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Grant\AuthCodeGrant;
|
||||
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
|
||||
@@ -17,15 +16,20 @@ use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
|
||||
use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\AuthCodeEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use LeagueTests\Stubs\UserEntity;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\Response;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
use Zend\Diactoros\ServerRequestFactory;
|
||||
|
||||
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
class AuthorizationServerTest extends TestCase
|
||||
{
|
||||
|
||||
const DEFAULT_SCOPE = 'basic';
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
// Make sure the keys have the correct permissions.
|
||||
@@ -59,7 +63,9 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||
@@ -74,6 +80,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
new StubResponseType()
|
||||
);
|
||||
|
||||
$server->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
$server->enableGrantType(new ClientCredentialsGrant(), new \DateInterval('PT1M'));
|
||||
|
||||
$_POST['grant_type'] = 'client_credentials';
|
||||
@@ -99,7 +106,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
$method = $abstractGrantReflection->getMethod('getResponseType');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$this->assertTrue($method->invoke($server) instanceof BearerTokenResponse);
|
||||
$this->assertInstanceOf(BearerTokenResponse::class, $method->invoke($server));
|
||||
}
|
||||
|
||||
public function testCompleteAuthorizationRequest()
|
||||
@@ -131,17 +138,23 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
$authRequest->setGrantTypeId('authorization_code');
|
||||
$authRequest->setUser(new UserEntity());
|
||||
|
||||
$this->assertTrue(
|
||||
$server->completeAuthorizationRequest($authRequest, new Response) instanceof ResponseInterface
|
||||
$this->assertInstanceOf(
|
||||
ResponseInterface::class,
|
||||
$server->completeAuthorizationRequest($authRequest, new Response)
|
||||
);
|
||||
}
|
||||
|
||||
public function testValidateAuthorizationRequest()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setRedirectUri('http://foo/bar');
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
@@ -152,7 +165,48 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
$server = new AuthorizationServer(
|
||||
$clientRepositoryMock,
|
||||
$this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(),
|
||||
$scopeRepositoryMock,
|
||||
'file://' . __DIR__ . '/Stubs/private.key',
|
||||
'file://' . __DIR__ . '/Stubs/public.key'
|
||||
);
|
||||
|
||||
$server->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
$server->enableGrantType($grant);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
[],
|
||||
null,
|
||||
null,
|
||||
'php://input',
|
||||
$headers = [],
|
||||
$cookies = [],
|
||||
$queryParams = [
|
||||
'response_type' => 'code',
|
||||
'client_id' => 'foo',
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $server->validateAuthorizationRequest($request));
|
||||
}
|
||||
|
||||
public function testValidateAuthorizationRequestWithMissingRedirectUri()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMock(AuthCodeRepositoryInterface::class),
|
||||
$this->getMock(RefreshTokenRepositoryInterface::class),
|
||||
new \DateInterval('PT10M')
|
||||
);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
|
||||
$server = new AuthorizationServer(
|
||||
$clientRepositoryMock,
|
||||
$this->getMock(AccessTokenRepositoryInterface::class),
|
||||
$this->getMock(ScopeRepositoryInterface::class),
|
||||
'file://' . __DIR__ . '/Stubs/private.key',
|
||||
'file://' . __DIR__ . '/Stubs/public.key'
|
||||
);
|
||||
@@ -172,7 +226,12 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertTrue($server->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
try {
|
||||
$server->validateAuthorizationRequest($request);
|
||||
} catch (OAuthServerException $e) {
|
||||
$this->assertEquals('invalid_client', $e->getErrorType());
|
||||
$this->assertEquals(401, $e->getHttpStatusCode());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -3,8 +3,9 @@
|
||||
namespace LeagueTests\Utils;
|
||||
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class CryptKeyTest extends \PHPUnit_Framework_TestCase
|
||||
class CryptKeyTest extends TestCase
|
||||
{
|
||||
/**
|
||||
* @expectedException \LogicException
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
|
||||
namespace LeagueTests\Utils;
|
||||
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use LeagueTests\Stubs\CryptTraitStub;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class CryptTraitTest extends \PHPUnit_Framework_TestCase
|
||||
class CryptTraitTest extends TestCase
|
||||
{
|
||||
/**
|
||||
* @var \LeagueTests\Stubs\CryptTraitStub
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
namespace LeagueTests\Grant;
|
||||
|
||||
use League\Event\Emitter;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
||||
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
||||
@@ -19,9 +18,10 @@ use LeagueTests\Stubs\AuthCodeEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\RefreshTokenEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
||||
class AbstractGrantTest extends TestCase
|
||||
{
|
||||
public function testGetSet()
|
||||
{
|
||||
@@ -342,7 +342,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$accessToken = new AccessTokenEntity();
|
||||
/** @var RefreshTokenEntityInterface $refreshToken */
|
||||
$refreshToken = $issueRefreshTokenMethod->invoke($grantMock, $accessToken);
|
||||
$this->assertTrue($refreshToken instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $refreshToken);
|
||||
$this->assertEquals($accessToken, $refreshToken->getAccessToken());
|
||||
}
|
||||
|
||||
@@ -367,7 +367,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
||||
123,
|
||||
[new ScopeEntity()]
|
||||
);
|
||||
$this->assertTrue($accessToken instanceof AccessTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $accessToken);
|
||||
}
|
||||
|
||||
public function testIssueAuthCode()
|
||||
@@ -383,7 +383,8 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$issueAuthCodeMethod = $abstractGrantReflection->getMethod('issueAuthCode');
|
||||
$issueAuthCodeMethod->setAccessible(true);
|
||||
|
||||
$this->assertTrue(
|
||||
$this->assertInstanceOf(
|
||||
AuthCodeEntityInterface::class,
|
||||
$issueAuthCodeMethod->invoke(
|
||||
$grantMock,
|
||||
new \DateInterval('PT1H'),
|
||||
@@ -391,7 +392,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
||||
123,
|
||||
'http://foo/bar',
|
||||
[new ScopeEntity()]
|
||||
) instanceof AuthCodeEntityInterface
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
@@ -467,7 +468,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$method = $abstractGrantReflection->getMethod('generateUniqueIdentifier');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$this->assertTrue(is_string($method->invoke($grantMock)));
|
||||
$this->assertInternalType('string', $method->invoke($grantMock));
|
||||
}
|
||||
|
||||
public function testCanRespondToAuthorizationRequest()
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
namespace LeagueTests\Grant;
|
||||
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
@@ -23,10 +22,13 @@ use LeagueTests\Stubs\RefreshTokenEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use LeagueTests\Stubs\UserEntity;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
class AuthCodeGrantTest extends TestCase
|
||||
{
|
||||
const DEFAULT_SCOPE = 'basic';
|
||||
|
||||
/**
|
||||
* @var CryptTraitStub
|
||||
*/
|
||||
@@ -77,15 +79,22 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setRedirectUri('http://foo/bar');
|
||||
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
new \DateInterval('PT10M')
|
||||
);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -102,7 +111,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||
}
|
||||
|
||||
public function testValidateAuthorizationRequestRedirectUriArray()
|
||||
@@ -112,12 +121,18 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
new \DateInterval('PT10M')
|
||||
);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -134,7 +149,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||
}
|
||||
|
||||
public function testValidateAuthorizationRequestCodeChallenge()
|
||||
@@ -144,6 +159,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
@@ -151,6 +170,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
$grant->enableCodeExchangeProof();
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -168,7 +189,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -429,6 +450,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
@@ -436,6 +461,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
$grant->enableCodeExchangeProof();
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -466,6 +493,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
@@ -473,6 +504,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
$grant->enableCodeExchangeProof();
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -512,7 +545,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
$grant->setEncryptionKey($this->cryptStub->getKey());
|
||||
|
||||
$this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse);
|
||||
$this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -603,8 +636,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
/** @var StubResponseType $response */
|
||||
$response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||
|
||||
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
|
||||
}
|
||||
|
||||
public function testRespondToAccessTokenRequestCodeChallengePlain()
|
||||
@@ -674,8 +707,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
/** @var StubResponseType $response */
|
||||
$response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||
|
||||
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
|
||||
}
|
||||
|
||||
public function testRespondToAccessTokenRequestCodeChallengeS256()
|
||||
@@ -734,7 +767,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
'user_id' => 123,
|
||||
'scopes' => ['foo'],
|
||||
'redirect_uri' => 'http://foo/bar',
|
||||
'code_challenge' => urlencode(base64_encode(hash('sha256', 'foobar'))),
|
||||
'code_challenge' => hash('sha256', strtr(rtrim(base64_encode('foobar'), '='), '+/', '-_')),
|
||||
'code_challenge_method' => 'S256',
|
||||
]
|
||||
)
|
||||
@@ -745,8 +778,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
/** @var StubResponseType $response */
|
||||
$response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||
|
||||
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1357,7 +1390,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
$grant->setEncryptionKey($this->cryptStub->getKey());
|
||||
|
||||
$this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse);
|
||||
$this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1383,7 +1416,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
$grant->setEncryptionKey($this->cryptStub->getKey());
|
||||
|
||||
$this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse);
|
||||
$this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1408,7 +1441,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
new \DateInterval('PT10M')
|
||||
);
|
||||
|
||||
$this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse);
|
||||
$this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest));
|
||||
}
|
||||
|
||||
public function testRefreshTokenRepositoryUniqueConstraintCheck()
|
||||
@@ -1475,8 +1508,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
/** @var StubResponseType $response */
|
||||
$response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||
|
||||
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1546,8 +1579,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
/** @var StubResponseType $response */
|
||||
$response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||
|
||||
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1617,8 +1650,8 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
/** @var StubResponseType $response */
|
||||
$response = $grant->respondToAccessTokenRequest($request, new StubResponseType(), new \DateInterval('PT10M'));
|
||||
|
||||
$this->assertTrue($response->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($response->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $response->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $response->getRefreshToken());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1634,4 +1667,47 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$grant->completeAuthorizationRequest(new AuthorizationRequest());
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||
* @expectedExceptionCode 5
|
||||
*/
|
||||
public function testValidateAuthorizationRequestFailsWithoutScope()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setRedirectUri('http://foo/bar');
|
||||
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
|
||||
$grant = new AuthCodeGrant(
|
||||
$this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(),
|
||||
$this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(),
|
||||
new \DateInterval('PT10M')
|
||||
);
|
||||
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
[],
|
||||
null,
|
||||
null,
|
||||
'php://input',
|
||||
[],
|
||||
[],
|
||||
[
|
||||
'response_type' => 'code',
|
||||
'client_id' => 'foo',
|
||||
'redirect_uri' => 'http://foo/bar',
|
||||
]
|
||||
);
|
||||
|
||||
$grant->validateAuthorizationRequest($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,11 +9,15 @@ use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||
use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
|
||||
class ClientCredentialsGrantTest extends TestCase
|
||||
{
|
||||
const DEFAULT_SCOPE = 'basic';
|
||||
|
||||
public function testGetIdentifier()
|
||||
{
|
||||
$grant = new ClientCredentialsGrant();
|
||||
@@ -30,7 +34,48 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
||||
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new ClientCredentialsGrant();
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$serverRequest = new ServerRequest();
|
||||
$serverRequest = $serverRequest->withParsedBody(
|
||||
[
|
||||
'client_id' => 'foo',
|
||||
'client_secret' => 'bar',
|
||||
]
|
||||
);
|
||||
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken());
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||
* @expectedExceptionCode 5
|
||||
*/
|
||||
public function testRespondToRequestFailsWithoutScope()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
||||
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new ClientCredentialsGrant();
|
||||
@@ -48,7 +93,5 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
|
||||
$this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,10 +18,13 @@ use LeagueTests\Stubs\CryptTraitStub;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use LeagueTests\Stubs\UserEntity;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
class ImplicitGrantTest extends TestCase
|
||||
{
|
||||
const DEFAULT_SCOPE = 'basic';
|
||||
|
||||
/**
|
||||
* CryptTrait stub
|
||||
*/
|
||||
@@ -96,6 +99,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant = new ImplicitGrant(new \DateInterval('PT10M'));
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -112,7 +116,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||
}
|
||||
|
||||
public function testValidateAuthorizationRequestRedirectUriArray()
|
||||
@@ -130,6 +134,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant = new ImplicitGrant(new \DateInterval('PT10M'));
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -146,7 +151,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
$this->assertInstanceOf(AuthorizationRequest::class, $grant->validateAuthorizationRequest($request));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -285,7 +290,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
|
||||
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||
|
||||
$this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse);
|
||||
$this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -329,7 +334,7 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
|
||||
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||
|
||||
$this->assertTrue($grant->completeAuthorizationRequest($authRequest) instanceof RedirectResponse);
|
||||
$this->assertInstanceOf(RedirectResponse::class, $grant->completeAuthorizationRequest($authRequest));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -407,4 +412,42 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$grant = new ImplicitGrant(new \DateInterval('PT10M'));
|
||||
$grant->completeAuthorizationRequest(new AuthorizationRequest());
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||
* @expectedExceptionCode 5
|
||||
*/
|
||||
public function testValidateAuthorizationRequestFailsWithoutScope()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setRedirectUri('http://foo/bar');
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeEntity = new ScopeEntity();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new ImplicitGrant(new \DateInterval('PT10M'));
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
[],
|
||||
null,
|
||||
null,
|
||||
'php://input',
|
||||
$headers = [],
|
||||
$cookies = [],
|
||||
$queryParams = [
|
||||
'response_type' => 'code',
|
||||
'client_id' => 'foo',
|
||||
'redirect_uri' => 'http://foo/bar',
|
||||
]
|
||||
);
|
||||
|
||||
$grant->validateAuthorizationRequest($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,12 +13,16 @@ use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
||||
use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\RefreshTokenEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use LeagueTests\Stubs\UserEntity;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class PasswordGrantTest extends \PHPUnit_Framework_TestCase
|
||||
class PasswordGrantTest extends TestCase
|
||||
{
|
||||
const DEFAULT_SCOPE = 'basic';
|
||||
|
||||
public function testGetIdentifier()
|
||||
{
|
||||
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||
@@ -46,13 +50,16 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||
$refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity());
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new PasswordGrant($userRepositoryMock, $refreshTokenRepositoryMock);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
$grant->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
|
||||
$serverRequest = new ServerRequest();
|
||||
$serverRequest = $serverRequest->withParsedBody(
|
||||
@@ -67,8 +74,8 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
|
||||
$this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $responseType->getRefreshToken());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -167,4 +174,50 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \League\OAuth2\Server\Exception\OAuthServerException
|
||||
* @expectedExceptionCode 5
|
||||
*/
|
||||
public function testRespondToRequestFailsWithoutScope()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
||||
$accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
|
||||
|
||||
$userRepositoryMock = $this->getMockBuilder(UserRepositoryInterface::class)->getMock();
|
||||
$userEntity = new UserEntity();
|
||||
$userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
|
||||
|
||||
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||
$refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf();
|
||||
$refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity());
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scope);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new PasswordGrant($userRepositoryMock, $refreshTokenRepositoryMock);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
|
||||
$serverRequest = new ServerRequest();
|
||||
$serverRequest = $serverRequest->withParsedBody(
|
||||
[
|
||||
'client_id' => 'foo',
|
||||
'client_secret' => 'bar',
|
||||
'username' => 'foo',
|
||||
'password' => 'bar',
|
||||
]
|
||||
);
|
||||
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,9 +16,10 @@ use LeagueTests\Stubs\CryptTraitStub;
|
||||
use LeagueTests\Stubs\RefreshTokenEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
class RefreshTokenGrantTest extends TestCase
|
||||
{
|
||||
/**
|
||||
* @var CryptTraitStub
|
||||
@@ -45,21 +46,18 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeEntity = new ScopeEntity();
|
||||
$scopeEntity->setIdentifier('foo');
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
|
||||
|
||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
||||
$accessTokenRepositoryMock
|
||||
->expects($this->once())
|
||||
->method('persistNewAccessToken')->willReturnSelf();
|
||||
$accessTokenRepositoryMock->expects($this->once())->method('persistNewAccessToken')->willReturnSelf();
|
||||
|
||||
$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
|
||||
$refreshTokenRepositoryMock->method('getNewRefreshToken')->willReturn(new RefreshTokenEntity());
|
||||
$refreshTokenRepositoryMock
|
||||
->expects($this->once())
|
||||
->method('persistNewRefreshToken')->willReturnSelf();
|
||||
$refreshTokenRepositoryMock->expects($this->once())->method('persistNewRefreshToken')->willReturnSelf();
|
||||
|
||||
$grant = new RefreshTokenGrant($refreshTokenRepositoryMock);
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
@@ -82,19 +80,18 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
|
||||
$serverRequest = new ServerRequest();
|
||||
$serverRequest = $serverRequest->withParsedBody(
|
||||
[
|
||||
'client_id' => 'foo',
|
||||
'client_secret' => 'bar',
|
||||
'refresh_token' => $oldRefreshToken,
|
||||
]
|
||||
);
|
||||
$serverRequest = $serverRequest->withParsedBody([
|
||||
'client_id' => 'foo',
|
||||
'client_secret' => 'bar',
|
||||
'refresh_token' => $oldRefreshToken,
|
||||
'scopes' => ['foo'],
|
||||
]);
|
||||
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
|
||||
$this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $responseType->getRefreshToken());
|
||||
}
|
||||
|
||||
public function testRespondToReducedScopes()
|
||||
@@ -150,8 +147,8 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$responseType = new StubResponseType();
|
||||
$grant->respondToAccessTokenRequest($serverRequest, $responseType, new \DateInterval('PT5M'));
|
||||
|
||||
$this->assertTrue($responseType->getAccessToken() instanceof AccessTokenEntityInterface);
|
||||
$this->assertTrue($responseType->getRefreshToken() instanceof RefreshTokenEntityInterface);
|
||||
$this->assertInstanceOf(AccessTokenEntityInterface::class, $responseType->getAccessToken());
|
||||
$this->assertInstanceOf(RefreshTokenEntityInterface::class, $responseType->getRefreshToken());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -11,18 +11,24 @@ use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||
use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\Response;
|
||||
use Zend\Diactoros\ServerRequestFactory;
|
||||
|
||||
class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
|
||||
class AuthorizationServerMiddlewareTest extends TestCase
|
||||
{
|
||||
const DEFAULT_SCOPE = 'basic';
|
||||
|
||||
public function testValidResponse()
|
||||
{
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
||||
|
||||
$scopeEntity = new ScopeEntity;
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$accessRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||
@@ -37,6 +43,7 @@ class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
|
||||
new StubResponseType()
|
||||
);
|
||||
|
||||
$server->setDefaultScope(self::DEFAULT_SCOPE);
|
||||
$server->enableGrantType(new ClientCredentialsGrant());
|
||||
|
||||
$_POST['grant_type'] = 'client_credentials';
|
||||
|
||||
@@ -8,10 +8,11 @@ use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\ResourceServer;
|
||||
use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\Response;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
|
||||
class ResourceServerMiddlewareTest extends TestCase
|
||||
{
|
||||
public function testValidResponse()
|
||||
{
|
||||
|
||||
@@ -6,9 +6,10 @@ namespace LeagueTests;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\ResourceServer;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Zend\Diactoros\ServerRequestFactory;
|
||||
|
||||
class ResourceServerTest extends \PHPUnit_Framework_TestCase
|
||||
class ResourceServerTest extends TestCase
|
||||
{
|
||||
public function testValidateAuthenticatedRequest()
|
||||
{
|
||||
|
||||
@@ -11,11 +11,12 @@ use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\RefreshTokenEntity;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Zend\Diactoros\Response;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
|
||||
class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase
|
||||
class BearerResponseTypeTest extends TestCase
|
||||
{
|
||||
public function testGenerateHttpResponse()
|
||||
{
|
||||
@@ -47,7 +48,7 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$response = $responseType->generateHttpResponse(new Response());
|
||||
|
||||
$this->assertTrue($response instanceof ResponseInterface);
|
||||
$this->assertInstanceOf(ResponseInterface::class, $response);
|
||||
$this->assertEquals(200, $response->getStatusCode());
|
||||
$this->assertEquals('no-cache', $response->getHeader('pragma')[0]);
|
||||
$this->assertEquals('no-store', $response->getHeader('cache-control')[0]);
|
||||
@@ -55,10 +56,10 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$response->getBody()->rewind();
|
||||
$json = json_decode($response->getBody()->getContents());
|
||||
$this->assertEquals('Bearer', $json->token_type);
|
||||
$this->assertTrue(isset($json->expires_in));
|
||||
$this->assertTrue(isset($json->access_token));
|
||||
$this->assertTrue(isset($json->refresh_token));
|
||||
$this->assertAttributeEquals('Bearer', 'token_type', $json);
|
||||
$this->assertObjectHasAttribute('expires_in', $json);
|
||||
$this->assertObjectHasAttribute('access_token', $json);
|
||||
$this->assertObjectHasAttribute('refresh_token', $json);
|
||||
}
|
||||
|
||||
public function testGenerateHttpResponseWithExtraParams()
|
||||
@@ -91,7 +92,7 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$response = $responseType->generateHttpResponse(new Response());
|
||||
|
||||
$this->assertTrue($response instanceof ResponseInterface);
|
||||
$this->assertInstanceOf(ResponseInterface::class, $response);
|
||||
$this->assertEquals(200, $response->getStatusCode());
|
||||
$this->assertEquals('no-cache', $response->getHeader('pragma')[0]);
|
||||
$this->assertEquals('no-store', $response->getHeader('cache-control')[0]);
|
||||
@@ -99,13 +100,13 @@ class BearerResponseTypeTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$response->getBody()->rewind();
|
||||
$json = json_decode($response->getBody()->getContents());
|
||||
$this->assertEquals('Bearer', $json->token_type);
|
||||
$this->assertTrue(isset($json->expires_in));
|
||||
$this->assertTrue(isset($json->access_token));
|
||||
$this->assertTrue(isset($json->refresh_token));
|
||||
$this->assertAttributeEquals('Bearer', 'token_type', $json);
|
||||
$this->assertObjectHasAttribute('expires_in', $json);
|
||||
$this->assertObjectHasAttribute('access_token', $json);
|
||||
$this->assertObjectHasAttribute('refresh_token', $json);
|
||||
|
||||
$this->assertTrue(isset($json->foo));
|
||||
$this->assertEquals('bar', $json->foo);
|
||||
$this->assertObjectHasAttribute('foo', $json);
|
||||
$this->assertAttributeEquals('bar', 'foo', $json);
|
||||
}
|
||||
|
||||
public function testDetermineAccessTokenInHeaderValidToken()
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
namespace LeagueTests\Stubs;
|
||||
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptTrait;
|
||||
|
||||
class CryptTraitStub
|
||||
|
||||
Reference in New Issue
Block a user