Blame - mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/ResourceControllerTest.php - kubeia

blob: cd54d239abd90576f17eac9f4ca16a0199843776 [file] [log] [blame]

Matthias Andreas Benkard	b382b10	2021-01-02 15:32:21 +0100	[diff] [blame^]	1	<?php
				2
				3	namespace OAuth2\Controller;
				4
				5	use OAuth2\Storage\Bootstrap;
				6	use OAuth2\Server;
				7	use OAuth2\GrantType\AuthorizationCode;
				8	use OAuth2\Request;
				9	use OAuth2\Response;
				10	use PHPUnit\Framework\TestCase;
				11
				12	class ResourceControllerTest extends TestCase
				13	{
				14	public function testNoAccessToken()
				15	{
				16	$server = $this->getTestServer();
				17	$request = Request::createFromGlobals();
				18	$allow = $server->verifyResourceRequest($request, $response = new Response());
				19	$this->assertFalse($allow);
				20
				21	$this->assertEquals($response->getStatusCode(), 401);
				22	$this->assertNull($response->getParameter('error'));
				23	$this->assertNull($response->getParameter('error_description'));
				24	$this->assertEquals('', $response->getResponseBody());
				25	}
				26
				27	public function testMalformedHeader()
				28	{
				29	$server = $this->getTestServer();
				30	$request = Request::createFromGlobals();
				31	$request->headers['AUTHORIZATION'] = 'tH1s i5 B0gU5';
				32	$allow = $server->verifyResourceRequest($request, $response = new Response());
				33	$this->assertFalse($allow);
				34
				35	$this->assertEquals($response->getStatusCode(), 400);
				36	$this->assertEquals($response->getParameter('error'), 'invalid_request');
				37	$this->assertEquals($response->getParameter('error_description'), 'Malformed auth header');
				38	}
				39
				40	public function testMultipleTokensSubmitted()
				41	{
				42	$server = $this->getTestServer();
				43	$request = Request::createFromGlobals();
				44	$request->request['access_token'] = 'TEST';
				45	$request->query['access_token'] = 'TEST';
				46	$allow = $server->verifyResourceRequest($request, $response = new Response());
				47	$this->assertFalse($allow);
				48
				49	$this->assertEquals($response->getStatusCode(), 400);
				50	$this->assertEquals($response->getParameter('error'), 'invalid_request');
				51	$this->assertEquals($response->getParameter('error_description'), 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
				52	}
				53
				54	public function testInvalidRequestMethod()
				55	{
				56	$server = $this->getTestServer();
				57	$request = Request::createFromGlobals();
				58	$request->server['REQUEST_METHOD'] = 'GET';
				59	$request->request['access_token'] = 'TEST';
				60	$allow = $server->verifyResourceRequest($request, $response = new Response());
				61	$this->assertFalse($allow);
				62
				63	$this->assertEquals($response->getStatusCode(), 400);
				64	$this->assertEquals($response->getParameter('error'), 'invalid_request');
				65	$this->assertEquals($response->getParameter('error_description'), 'When putting the token in the body, the method must be POST or PUT');
				66	}
				67
				68	public function testInvalidContentType()
				69	{
				70	$server = $this->getTestServer();
				71	$request = Request::createFromGlobals();
				72	$request->server['REQUEST_METHOD'] = 'POST';
				73	$request->server['CONTENT_TYPE'] = 'application/json';
				74	$request->request['access_token'] = 'TEST';
				75	$allow = $server->verifyResourceRequest($request, $response = new Response());
				76	$this->assertFalse($allow);
				77
				78	$this->assertEquals($response->getStatusCode(), 400);
				79	$this->assertEquals($response->getParameter('error'), 'invalid_request');
				80	$this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
				81	}
				82
				83	public function testInvalidToken()
				84	{
				85	$server = $this->getTestServer();
				86	$request = Request::createFromGlobals();
				87	$request->headers['AUTHORIZATION'] = 'Bearer TESTTOKEN';
				88	$allow = $server->verifyResourceRequest($request, $response = new Response());
				89	$this->assertFalse($allow);
				90
				91	$this->assertEquals($response->getStatusCode(), 401);
				92	$this->assertEquals($response->getParameter('error'), 'invalid_token');
				93	$this->assertEquals($response->getParameter('error_description'), 'The access token provided is invalid');
				94	}
				95
				96	public function testExpiredToken()
				97	{
				98	$server = $this->getTestServer();
				99	$request = Request::createFromGlobals();
				100	$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-expired';
				101	$allow = $server->verifyResourceRequest($request, $response = new Response());
				102	$this->assertFalse($allow);
				103
				104	$this->assertEquals($response->getStatusCode(), 401);
				105	$this->assertEquals($response->getParameter('error'), 'invalid_token');
				106	$this->assertEquals($response->getParameter('error_description'), 'The access token provided has expired');
				107	}
				108
				109	public function testOutOfScopeToken()
				110	{
				111	$server = $this->getTestServer();
				112	$request = Request::createFromGlobals();
				113	$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope';
				114	$scope = 'outofscope';
				115	$allow = $server->verifyResourceRequest($request, $response = new Response(), $scope);
				116	$this->assertFalse($allow);
				117
				118	$this->assertEquals($response->getStatusCode(), 403);
				119	$this->assertEquals($response->getParameter('error'), 'insufficient_scope');
				120	$this->assertEquals($response->getParameter('error_description'), 'The request requires higher privileges than provided by the access token');
				121
				122	// verify the "scope" has been set in the "WWW-Authenticate" header
				123	preg_match('/scope="(.*?)"/', $response->getHttpHeader('WWW-Authenticate'), $matches);
				124	$this->assertEquals(2, count($matches));
				125	$this->assertEquals($matches[1], 'outofscope');
				126	}
				127
				128	public function testMalformedToken()
				129	{
				130	$server = $this->getTestServer();
				131	$request = Request::createFromGlobals();
				132	$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-malformed';
				133	$allow = $server->verifyResourceRequest($request, $response = new Response());
				134	$this->assertFalse($allow);
				135
				136	$this->assertEquals($response->getStatusCode(), 401);
				137	$this->assertEquals($response->getParameter('error'), 'malformed_token');
				138	$this->assertEquals($response->getParameter('error_description'), 'Malformed token (missing "expires")');
				139	}
				140
				141	public function testValidToken()
				142	{
				143	$server = $this->getTestServer();
				144	$request = Request::createFromGlobals();
				145	$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope';
				146	$allow = $server->verifyResourceRequest($request, $response = new Response());
				147	$this->assertTrue($allow);
				148	}
				149
				150	public function testValidTokenWithScopeParam()
				151	{
				152	$server = $this->getTestServer();
				153	$request = Request::createFromGlobals();
				154	$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope';
				155	$request->query['scope'] = 'testscope';
				156	$allow = $server->verifyResourceRequest($request, $response = new Response());
				157	$this->assertTrue($allow);
				158	}
				159
				160	public function testCreateController()
				161	{
				162	$storage = Bootstrap::getInstance()->getMemoryStorage();
				163	$tokenType = new \OAuth2\TokenType\Bearer();
				164	$controller = new ResourceController($tokenType, $storage);
				165	}
				166
				167	private function getTestServer($config = array())
				168	{
				169	$storage = Bootstrap::getInstance()->getMemoryStorage();
				170	$server = new Server($storage, $config);
				171
				172	// Add the two types supported for authorization grant
				173	$server->addGrantType(new AuthorizationCode($storage));
				174
				175	return $server;
				176	}
				177	}