Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame^] | 1 | <?php |
| 2 | |
| 3 | namespace OAuth2; |
| 4 | |
| 5 | use OAuth2\Request\TestRequest; |
| 6 | use OAuth2\ResponseType\AuthorizationCode; |
| 7 | use OAuth2\Storage\Bootstrap; |
| 8 | use PHPUnit\Framework\TestCase; |
| 9 | |
| 10 | class ServerTest extends TestCase |
| 11 | { |
| 12 | /** |
| 13 | * @expectedException LogicException OAuth2\Storage\ClientInterface |
| 14 | **/ |
| 15 | public function testGetAuthorizeControllerWithNoClientStorageThrowsException() |
| 16 | { |
| 17 | // must set Client Storage |
| 18 | $server = new Server(); |
| 19 | $server->getAuthorizeController(); |
| 20 | } |
| 21 | |
| 22 | /** |
| 23 | * @expectedException LogicException OAuth2\Storage\AccessTokenInterface |
| 24 | **/ |
| 25 | public function testGetAuthorizeControllerWithNoAccessTokenStorageThrowsException() |
| 26 | { |
| 27 | // must set AccessToken or AuthorizationCode |
| 28 | $server = new Server(); |
| 29 | $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); |
| 30 | $server->getAuthorizeController(); |
| 31 | } |
| 32 | |
| 33 | public function testGetAuthorizeControllerWithClientStorageAndAccessTokenResponseType() |
| 34 | { |
| 35 | // must set AccessToken or AuthorizationCode |
| 36 | $server = new Server(); |
| 37 | $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); |
| 38 | $server->addResponseType($this->getMock('OAuth2\ResponseType\AccessTokenInterface')); |
| 39 | |
| 40 | $this->assertNotNull($server->getAuthorizeController()); |
| 41 | } |
| 42 | |
| 43 | public function testGetAuthorizeControllerWithClientStorageAndAuthorizationCodeResponseType() |
| 44 | { |
| 45 | // must set AccessToken or AuthorizationCode |
| 46 | $server = new Server(); |
| 47 | $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); |
| 48 | $server->addResponseType($this->getMock('OAuth2\ResponseType\AuthorizationCodeInterface')); |
| 49 | |
| 50 | $this->assertNotNull($server->getAuthorizeController()); |
| 51 | } |
| 52 | |
| 53 | /** |
| 54 | * @expectedException LogicException allow_implicit |
| 55 | **/ |
| 56 | public function testGetAuthorizeControllerWithClientStorageAndAccessTokenStorageThrowsException() |
| 57 | { |
| 58 | // must set AuthorizationCode or AccessToken / implicit |
| 59 | $server = new Server(); |
| 60 | $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); |
| 61 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); |
| 62 | |
| 63 | $this->assertNotNull($server->getAuthorizeController()); |
| 64 | } |
| 65 | |
| 66 | public function testGetAuthorizeControllerWithClientStorageAndAccessTokenStorage() |
| 67 | { |
| 68 | // must set AuthorizationCode or AccessToken / implicit |
| 69 | $server = new Server(array(), array('allow_implicit' => true)); |
| 70 | $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); |
| 71 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); |
| 72 | |
| 73 | $this->assertNotNull($server->getAuthorizeController()); |
| 74 | } |
| 75 | |
| 76 | public function testGetAuthorizeControllerWithClientStorageAndAuthorizationCodeStorage() |
| 77 | { |
| 78 | // must set AccessToken or AuthorizationCode |
| 79 | $server = new Server(); |
| 80 | $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); |
| 81 | $server->addStorage($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')); |
| 82 | |
| 83 | $this->assertNotNull($server->getAuthorizeController()); |
| 84 | } |
| 85 | |
| 86 | /** |
| 87 | * @expectedException LogicException grant_types |
| 88 | **/ |
| 89 | public function testGetTokenControllerWithGrantTypeStorageThrowsException() |
| 90 | { |
| 91 | $server = new Server(); |
| 92 | $server->getTokenController(); |
| 93 | } |
| 94 | |
| 95 | /** |
| 96 | * @expectedException LogicException OAuth2\Storage\ClientCredentialsInterface |
| 97 | **/ |
| 98 | public function testGetTokenControllerWithNoClientCredentialsStorageThrowsException() |
| 99 | { |
| 100 | $server = new Server(); |
| 101 | $server->addStorage($this->getMock('OAuth2\Storage\UserCredentialsInterface')); |
| 102 | $server->getTokenController(); |
| 103 | } |
| 104 | |
| 105 | /** |
| 106 | * @expectedException LogicException OAuth2\Storage\AccessTokenInterface |
| 107 | **/ |
| 108 | public function testGetTokenControllerWithNoAccessTokenStorageThrowsException() |
| 109 | { |
| 110 | $server = new Server(); |
| 111 | $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); |
| 112 | $server->getTokenController(); |
| 113 | } |
| 114 | |
| 115 | public function testGetTokenControllerWithAccessTokenAndClientCredentialsStorage() |
| 116 | { |
| 117 | $server = new Server(); |
| 118 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); |
| 119 | $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); |
| 120 | $server->getTokenController(); |
| 121 | } |
| 122 | |
| 123 | public function testGetTokenControllerAccessTokenStorageAndClientCredentialsStorageAndGrantTypes() |
| 124 | { |
| 125 | $server = new Server(); |
| 126 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); |
| 127 | $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); |
| 128 | $server->addGrantType($this->getMockBuilder('OAuth2\GrantType\AuthorizationCode')->disableOriginalConstructor()->getMock()); |
| 129 | $server->getTokenController(); |
| 130 | } |
| 131 | |
| 132 | /** |
| 133 | * @expectedException LogicException OAuth2\Storage\AccessTokenInterface |
| 134 | **/ |
| 135 | public function testGetResourceControllerWithNoAccessTokenStorageThrowsException() |
| 136 | { |
| 137 | $server = new Server(); |
| 138 | $server->getResourceController(); |
| 139 | } |
| 140 | |
| 141 | public function testGetResourceControllerWithAccessTokenStorage() |
| 142 | { |
| 143 | $server = new Server(); |
| 144 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); |
| 145 | $server->getResourceController(); |
| 146 | } |
| 147 | |
| 148 | /** |
| 149 | * @expectedException InvalidArgumentException OAuth2\Storage\AccessTokenInterface |
| 150 | **/ |
| 151 | public function testAddingStorageWithInvalidClass() |
| 152 | { |
| 153 | $server = new Server(); |
| 154 | $server->addStorage(new \StdClass()); |
| 155 | } |
| 156 | |
| 157 | /** |
| 158 | * @expectedException InvalidArgumentException access_token |
| 159 | **/ |
| 160 | public function testAddingStorageWithInvalidKey() |
| 161 | { |
| 162 | $server = new Server(); |
| 163 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'), 'nonexistant_storage'); |
| 164 | } |
| 165 | |
| 166 | /** |
| 167 | * @expectedException InvalidArgumentException OAuth2\Storage\AuthorizationCodeInterface |
| 168 | **/ |
| 169 | public function testAddingStorageWithInvalidKeyStorageCombination() |
| 170 | { |
| 171 | $server = new Server(); |
| 172 | $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'), 'authorization_code'); |
| 173 | } |
| 174 | |
| 175 | public function testAddingStorageWithValidKeyOnlySetsThatKey() |
| 176 | { |
| 177 | $server = new Server(); |
| 178 | $server->addStorage($this->getMock('OAuth2\Storage\Memory'), 'access_token'); |
| 179 | |
| 180 | $reflection = new \ReflectionClass($server); |
| 181 | $prop = $reflection->getProperty('storages'); |
| 182 | $prop->setAccessible(true); |
| 183 | |
| 184 | $storages = $prop->getValue($server); // get the private "storages" property |
| 185 | |
| 186 | $this->assertEquals(1, count($storages)); |
| 187 | $this->assertTrue(isset($storages['access_token'])); |
| 188 | $this->assertFalse(isset($storages['authorization_code'])); |
| 189 | } |
| 190 | |
| 191 | public function testAddingClientStorageSetsClientCredentialsStorageByDefault() |
| 192 | { |
| 193 | $server = new Server(); |
| 194 | $memory = $this->getMock('OAuth2\Storage\Memory'); |
| 195 | $server->addStorage($memory, 'client'); |
| 196 | |
| 197 | $client_credentials = $server->getStorage('client_credentials'); |
| 198 | |
| 199 | $this->assertNotNull($client_credentials); |
| 200 | $this->assertEquals($client_credentials, $memory); |
| 201 | } |
| 202 | |
| 203 | public function testAddStorageWithNullValue() |
| 204 | { |
| 205 | $memory = $this->getMock('OAuth2\Storage\Memory'); |
| 206 | $server = new Server($memory); |
| 207 | $server->addStorage(null, 'refresh_token'); |
| 208 | |
| 209 | $client_credentials = $server->getStorage('client_credentials'); |
| 210 | |
| 211 | $this->assertNotNull($client_credentials); |
| 212 | $this->assertEquals($client_credentials, $memory); |
| 213 | |
| 214 | $refresh_token = $server->getStorage('refresh_token'); |
| 215 | |
| 216 | $this->assertNull($refresh_token); |
| 217 | } |
| 218 | |
| 219 | public function testNewServerWithNullStorageValue() |
| 220 | { |
| 221 | $memory = $this->getMock('OAuth2\Storage\Memory'); |
| 222 | $server = new Server(array( |
| 223 | 'client_credentials' => $memory, |
| 224 | 'refresh_token' => null, |
| 225 | )); |
| 226 | |
| 227 | $client_credentials = $server->getStorage('client_credentials'); |
| 228 | |
| 229 | $this->assertNotNull($client_credentials); |
| 230 | $this->assertEquals($client_credentials, $memory); |
| 231 | |
| 232 | $refresh_token = $server->getStorage('refresh_token'); |
| 233 | |
| 234 | $this->assertNull($refresh_token); |
| 235 | } |
| 236 | |
| 237 | public function testAddingClientCredentialsStorageSetsClientStorageByDefault() |
| 238 | { |
| 239 | $server = new Server(); |
| 240 | $memory = $this->getMock('OAuth2\Storage\Memory'); |
| 241 | $server->addStorage($memory, 'client_credentials'); |
| 242 | |
| 243 | $client = $server->getStorage('client'); |
| 244 | |
| 245 | $this->assertNotNull($client); |
| 246 | $this->assertEquals($client, $memory); |
| 247 | } |
| 248 | |
| 249 | public function testSettingClientStorageByDefaultDoesNotOverrideSetStorage() |
| 250 | { |
| 251 | $server = new Server(); |
| 252 | $pdo = $this->getMockBuilder('OAuth2\Storage\Pdo') |
| 253 | ->disableOriginalConstructor()->getMock(); |
| 254 | |
| 255 | $memory = $this->getMock('OAuth2\Storage\Memory'); |
| 256 | |
| 257 | $server->addStorage($pdo, 'client'); |
| 258 | $server->addStorage($memory, 'client_credentials'); |
| 259 | |
| 260 | $client = $server->getStorage('client'); |
| 261 | $client_credentials = $server->getStorage('client_credentials'); |
| 262 | |
| 263 | $this->assertEquals($client, $pdo); |
| 264 | $this->assertEquals($client_credentials, $memory); |
| 265 | } |
| 266 | |
| 267 | public function testAddingResponseType() |
| 268 | { |
| 269 | $storage = $this->getMock('OAuth2\Storage\Memory'); |
| 270 | $storage |
| 271 | ->expects($this->any()) |
| 272 | ->method('getClientDetails') |
| 273 | ->will($this->returnValue(array('client_id' => 'some_client'))); |
| 274 | $storage |
| 275 | ->expects($this->any()) |
| 276 | ->method('checkRestrictedGrantType') |
| 277 | ->will($this->returnValue(true)); |
| 278 | |
| 279 | // add with the "code" key explicitly set |
| 280 | $codeType = new AuthorizationCode($storage); |
| 281 | $server = new Server(); |
| 282 | $server->addStorage($storage); |
| 283 | $server->addResponseType($codeType); |
| 284 | $request = new Request(array( |
| 285 | 'response_type' => 'code', |
| 286 | 'client_id' => 'some_client', |
| 287 | 'redirect_uri' => 'http://example.com', |
| 288 | 'state' => 'xyx', |
| 289 | )); |
| 290 | $server->handleAuthorizeRequest($request, $response = new Response(), true); |
| 291 | |
| 292 | // the response is successful |
| 293 | $this->assertEquals($response->getStatusCode(), 302); |
| 294 | $parts = parse_url($response->getHttpHeader('Location')); |
| 295 | parse_str($parts['query'], $query); |
| 296 | $this->assertTrue(isset($query['code'])); |
| 297 | $this->assertFalse(isset($query['error'])); |
| 298 | |
| 299 | // add with the "code" key not set |
| 300 | $codeType = new AuthorizationCode($storage); |
| 301 | $server = new Server(array($storage), array(), array(), array($codeType)); |
| 302 | $request = new Request(array( |
| 303 | 'response_type' => 'code', |
| 304 | 'client_id' => 'some_client', |
| 305 | 'redirect_uri' => 'http://example.com', |
| 306 | 'state' => 'xyx', |
| 307 | )); |
| 308 | $server->handleAuthorizeRequest($request, $response = new Response(), true); |
| 309 | |
| 310 | // the response is successful |
| 311 | $this->assertEquals($response->getStatusCode(), 302); |
| 312 | $parts = parse_url($response->getHttpHeader('Location')); |
| 313 | parse_str($parts['query'], $query); |
| 314 | $this->assertTrue(isset($query['code'])); |
| 315 | $this->assertFalse(isset($query['error'])); |
| 316 | } |
| 317 | |
| 318 | public function testCustomClientAssertionType() |
| 319 | { |
| 320 | $request = TestRequest::createPost(array( |
| 321 | 'grant_type' => 'authorization_code', |
| 322 | 'client_id' =>'Test Client ID', |
| 323 | 'code' => 'testcode', |
| 324 | )); |
| 325 | // verify the mock clientAssertionType was called as expected |
| 326 | $clientAssertionType = $this->getMock('OAuth2\ClientAssertionType\ClientAssertionTypeInterface', array('validateRequest', 'getClientId')); |
| 327 | $clientAssertionType |
| 328 | ->expects($this->once()) |
| 329 | ->method('validateRequest') |
| 330 | ->will($this->returnValue(true)); |
| 331 | $clientAssertionType |
| 332 | ->expects($this->once()) |
| 333 | ->method('getClientId') |
| 334 | ->will($this->returnValue('Test Client ID')); |
| 335 | |
| 336 | // create mock storage |
| 337 | $storage = Bootstrap::getInstance()->getMemoryStorage(); |
| 338 | $server = new Server(array($storage), array(), array(), array(), null, null, $clientAssertionType); |
| 339 | $server->handleTokenRequest($request, $response = new Response()); |
| 340 | } |
| 341 | |
| 342 | public function testHttpBasicConfig() |
| 343 | { |
| 344 | // create mock storage |
| 345 | $storage = Bootstrap::getInstance()->getMemoryStorage(); |
| 346 | $server = new Server(array($storage), array( |
| 347 | 'allow_credentials_in_request_body' => false, |
| 348 | 'allow_public_clients' => false |
| 349 | )); |
| 350 | $server->getTokenController(); |
| 351 | $httpBasic = $server->getClientAssertionType(); |
| 352 | |
| 353 | $reflection = new \ReflectionClass($httpBasic); |
| 354 | $prop = $reflection->getProperty('config'); |
| 355 | $prop->setAccessible(true); |
| 356 | |
| 357 | $config = $prop->getValue($httpBasic); // get the private "config" property |
| 358 | |
| 359 | $this->assertEquals($config['allow_credentials_in_request_body'], false); |
| 360 | $this->assertEquals($config['allow_public_clients'], false); |
| 361 | } |
| 362 | |
| 363 | public function testRefreshTokenConfig() |
| 364 | { |
| 365 | // create mock storage |
| 366 | $storage = Bootstrap::getInstance()->getMemoryStorage(); |
| 367 | $server1 = new Server(array($storage)); |
| 368 | $server2 = new Server(array($storage), array('always_issue_new_refresh_token' => true, 'unset_refresh_token_after_use' => false)); |
| 369 | |
| 370 | $server1->getTokenController(); |
| 371 | $refreshToken1 = $server1->getGrantType('refresh_token'); |
| 372 | |
| 373 | $server2->getTokenController(); |
| 374 | $refreshToken2 = $server2->getGrantType('refresh_token'); |
| 375 | |
| 376 | $reflection1 = new \ReflectionClass($refreshToken1); |
| 377 | $prop1 = $reflection1->getProperty('config'); |
| 378 | $prop1->setAccessible(true); |
| 379 | |
| 380 | $reflection2 = new \ReflectionClass($refreshToken2); |
| 381 | $prop2 = $reflection2->getProperty('config'); |
| 382 | $prop2->setAccessible(true); |
| 383 | |
| 384 | // get the private "config" property |
| 385 | $config1 = $prop1->getValue($refreshToken1); |
| 386 | $config2 = $prop2->getValue($refreshToken2); |
| 387 | |
| 388 | $this->assertEquals($config1['always_issue_new_refresh_token'], false); |
| 389 | $this->assertEquals($config2['always_issue_new_refresh_token'], true); |
| 390 | |
| 391 | $this->assertEquals($config1['unset_refresh_token_after_use'], true); |
| 392 | $this->assertEquals($config2['unset_refresh_token_after_use'], false); |
| 393 | } |
| 394 | |
| 395 | /** |
| 396 | * Test setting "always_issue_new_refresh_token" on a server level |
| 397 | * |
| 398 | * @see test/OAuth2/GrantType/RefreshTokenTest::testValidRefreshTokenWithNewRefreshTokenInResponse |
| 399 | **/ |
| 400 | public function testValidRefreshTokenWithNewRefreshTokenInResponse() |
| 401 | { |
| 402 | $storage = Bootstrap::getInstance()->getMemoryStorage(); |
| 403 | $server = new Server($storage, array('always_issue_new_refresh_token' => true)); |
| 404 | |
| 405 | $request = TestRequest::createPost(array( |
| 406 | 'grant_type' => 'refresh_token', // valid grant type |
| 407 | 'client_id' => 'Test Client ID', // valid client id |
| 408 | 'client_secret' => 'TestSecret', // valid client secret |
| 409 | 'refresh_token' => 'test-refreshtoken', // valid refresh token |
| 410 | )); |
| 411 | $token = $server->grantAccessToken($request, new Response()); |
| 412 | $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh'); |
| 413 | |
| 414 | $refresh_token = $storage->getRefreshToken($token['refresh_token']); |
| 415 | $this->assertNotNull($refresh_token); |
| 416 | $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']); |
| 417 | $this->assertEquals($refresh_token['client_id'], $request->request('client_id')); |
| 418 | $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used'); |
| 419 | $used_token = $storage->getRefreshToken('test-refreshtoken'); |
| 420 | $this->assertFalse($used_token, 'the refresh token used is no longer valid'); |
| 421 | } |
| 422 | |
| 423 | /** |
| 424 | * @expectedException InvalidArgumentException OAuth2\ResponseType\AuthorizationCodeInterface |
| 425 | **/ |
| 426 | public function testAddingUnknownResponseTypeThrowsException() |
| 427 | { |
| 428 | $server = new Server(); |
| 429 | $server->addResponseType($this->getMock('OAuth2\ResponseType\ResponseTypeInterface')); |
| 430 | } |
| 431 | |
| 432 | /** |
| 433 | * @expectedException LogicException OAuth2\Storage\PublicKeyInterface |
| 434 | **/ |
| 435 | public function testUsingJwtAccessTokensWithoutPublicKeyStorageThrowsException() |
| 436 | { |
| 437 | $server = new Server(array(), array('use_jwt_access_tokens' => true)); |
| 438 | $server->addGrantType($this->getMock('OAuth2\GrantType\GrantTypeInterface')); |
| 439 | $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); |
| 440 | $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); |
| 441 | |
| 442 | $server->getTokenController(); |
| 443 | } |
| 444 | |
| 445 | public function testUsingJustJwtAccessTokenStorageWithResourceControllerIsOkay() |
| 446 | { |
| 447 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 448 | $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); |
| 449 | |
| 450 | $this->assertNotNull($server->getResourceController()); |
| 451 | $this->assertInstanceOf('OAuth2\Storage\PublicKeyInterface', $server->getStorage('public_key')); |
| 452 | } |
| 453 | |
| 454 | /** |
| 455 | * @expectedException LogicException OAuth2\Storage\ClientInterface |
| 456 | **/ |
| 457 | public function testUsingJustJwtAccessTokenStorageWithAuthorizeControllerThrowsException() |
| 458 | { |
| 459 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 460 | $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); |
| 461 | $this->assertNotNull($server->getAuthorizeController()); |
| 462 | } |
| 463 | |
| 464 | /** |
| 465 | * @expectedException LogicException grant_types |
| 466 | **/ |
| 467 | public function testUsingJustJwtAccessTokenStorageWithTokenControllerThrowsException() |
| 468 | { |
| 469 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 470 | $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); |
| 471 | $server->getTokenController(); |
| 472 | } |
| 473 | |
| 474 | public function testUsingJwtAccessTokenAndClientStorageWithAuthorizeControllerIsOkay() |
| 475 | { |
| 476 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 477 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 478 | $server = new Server(array($pubkey, $client), array('use_jwt_access_tokens' => true, 'allow_implicit' => true)); |
| 479 | $this->assertNotNull($server->getAuthorizeController()); |
| 480 | |
| 481 | $this->assertInstanceOf('OAuth2\ResponseType\JwtAccessToken', $server->getResponseType('token')); |
| 482 | } |
| 483 | |
| 484 | /** |
| 485 | * @expectedException LogicException UserClaims |
| 486 | **/ |
| 487 | public function testUsingOpenIDConnectWithoutUserClaimsThrowsException() |
| 488 | { |
| 489 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 490 | $server = new Server($client, array('use_openid_connect' => true)); |
| 491 | |
| 492 | $server->getAuthorizeController(); |
| 493 | } |
| 494 | |
| 495 | /** |
| 496 | * @expectedException LogicException PublicKeyInterface |
| 497 | **/ |
| 498 | public function testUsingOpenIDConnectWithoutPublicKeyThrowsException() |
| 499 | { |
| 500 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 501 | $userclaims = $this->getMock('OAuth2\OPenID\Storage\UserClaimsInterface'); |
| 502 | $server = new Server(array($client, $userclaims), array('use_openid_connect' => true)); |
| 503 | |
| 504 | $server->getAuthorizeController(); |
| 505 | } |
| 506 | |
| 507 | /** |
| 508 | * @expectedException LogicException issuer |
| 509 | **/ |
| 510 | public function testUsingOpenIDConnectWithoutIssuerThrowsException() |
| 511 | { |
| 512 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 513 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 514 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 515 | $server = new Server(array($client, $userclaims, $pubkey), array('use_openid_connect' => true)); |
| 516 | |
| 517 | $server->getAuthorizeController(); |
| 518 | } |
| 519 | |
| 520 | public function testUsingOpenIDConnectWithIssuerPublicKeyAndUserClaimsIsOkay() |
| 521 | { |
| 522 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 523 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 524 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 525 | $server = new Server(array($client, $userclaims, $pubkey), array( |
| 526 | 'use_openid_connect' => true, |
| 527 | 'issuer' => 'someguy', |
| 528 | )); |
| 529 | |
| 530 | $server->getAuthorizeController(); |
| 531 | |
| 532 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); |
| 533 | $this->assertNull($server->getResponseType('id_token token')); |
| 534 | } |
| 535 | |
| 536 | /** |
| 537 | * @expectedException LogicException OAuth2\ResponseType\AccessTokenInterface |
| 538 | **/ |
| 539 | public function testUsingOpenIDConnectWithAllowImplicitWithoutTokenStorageThrowsException() |
| 540 | { |
| 541 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 542 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 543 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 544 | $server = new Server(array($client, $userclaims, $pubkey), array( |
| 545 | 'use_openid_connect' => true, |
| 546 | 'issuer' => 'someguy', |
| 547 | 'allow_implicit' => true, |
| 548 | )); |
| 549 | |
| 550 | $server->getAuthorizeController(); |
| 551 | } |
| 552 | |
| 553 | public function testUsingOpenIDConnectWithAllowImplicitAndUseJwtAccessTokensIsOkay() |
| 554 | { |
| 555 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 556 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 557 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 558 | $server = new Server(array($client, $userclaims, $pubkey), array( |
| 559 | 'use_openid_connect' => true, |
| 560 | 'issuer' => 'someguy', |
| 561 | 'allow_implicit' => true, |
| 562 | 'use_jwt_access_tokens' => true, |
| 563 | )); |
| 564 | |
| 565 | $server->getAuthorizeController(); |
| 566 | |
| 567 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); |
| 568 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token')); |
| 569 | } |
| 570 | |
| 571 | public function testUsingOpenIDConnectWithAllowImplicitAndAccessTokenStorageIsOkay() |
| 572 | { |
| 573 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 574 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 575 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 576 | $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); |
| 577 | $server = new Server(array($client, $userclaims, $pubkey, $token), array( |
| 578 | 'use_openid_connect' => true, |
| 579 | 'issuer' => 'someguy', |
| 580 | 'allow_implicit' => true, |
| 581 | )); |
| 582 | |
| 583 | $server->getAuthorizeController(); |
| 584 | |
| 585 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); |
| 586 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token')); |
| 587 | } |
| 588 | |
| 589 | public function testUsingOpenIDConnectWithAllowImplicitAndAccessTokenResponseTypeIsOkay() |
| 590 | { |
| 591 | $client = $this->getMock('OAuth2\Storage\ClientInterface'); |
| 592 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 593 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 594 | // $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); |
| 595 | $server = new Server(array($client, $userclaims, $pubkey), array( |
| 596 | 'use_openid_connect' => true, |
| 597 | 'issuer' => 'someguy', |
| 598 | 'allow_implicit' => true, |
| 599 | )); |
| 600 | |
| 601 | $token = $this->getMock('OAuth2\ResponseType\AccessTokenInterface'); |
| 602 | $server->addResponseType($token, 'token'); |
| 603 | |
| 604 | $server->getAuthorizeController(); |
| 605 | |
| 606 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); |
| 607 | $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token')); |
| 608 | } |
| 609 | |
| 610 | /** |
| 611 | * @expectedException LogicException OAuth2\OpenID\Storage\AuthorizationCodeInterface |
| 612 | **/ |
| 613 | public function testUsingOpenIDConnectWithAuthorizationCodeStorageThrowsException() |
| 614 | { |
| 615 | $client = $this->getMock('OAuth2\Storage\ClientCredentialsInterface'); |
| 616 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 617 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 618 | $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); |
| 619 | $authcode = $this->getMock('OAuth2\Storage\AuthorizationCodeInterface'); |
| 620 | |
| 621 | $server = new Server(array($client, $userclaims, $pubkey, $token, $authcode), array( |
| 622 | 'use_openid_connect' => true, |
| 623 | 'issuer' => 'someguy' |
| 624 | )); |
| 625 | |
| 626 | $server->getTokenController(); |
| 627 | |
| 628 | $this->assertInstanceOf('OAuth2\OpenID\GrantType\AuthorizationCode', $server->getGrantType('authorization_code')); |
| 629 | } |
| 630 | |
| 631 | public function testUsingOpenIDConnectWithOpenIDAuthorizationCodeStorageCreatesOpenIDAuthorizationCodeGrantType() |
| 632 | { |
| 633 | $client = $this->getMock('OAuth2\Storage\ClientCredentialsInterface'); |
| 634 | $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); |
| 635 | $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); |
| 636 | $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); |
| 637 | $authcode = $this->getMock('OAuth2\OpenID\Storage\AuthorizationCodeInterface'); |
| 638 | |
| 639 | $server = new Server(array($client, $userclaims, $pubkey, $token, $authcode), array( |
| 640 | 'use_openid_connect' => true, |
| 641 | 'issuer' => 'someguy' |
| 642 | )); |
| 643 | |
| 644 | $server->getTokenController(); |
| 645 | |
| 646 | $this->assertInstanceOf('OAuth2\OpenID\GrantType\AuthorizationCode', $server->getGrantType('authorization_code')); |
| 647 | } |
| 648 | |
| 649 | public function testMultipleValuedResponseTypeOrderDoesntMatter() |
| 650 | { |
| 651 | $responseType = $this->getMock('OAuth2\OpenID\ResponseType\IdTokenTokenInterface'); |
| 652 | $server = new Server(array(), array(), array(), array( |
| 653 | 'token id_token' => $responseType, |
| 654 | )); |
| 655 | |
| 656 | $this->assertEquals($responseType, $server->getResponseType('id_token token')); |
| 657 | } |
| 658 | |
| 659 | public function testAddGrantTypeWithoutKey() |
| 660 | { |
| 661 | $server = new Server(); |
| 662 | $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface'))); |
| 663 | |
| 664 | $grantTypes = $server->getGrantTypes(); |
| 665 | $this->assertEquals('authorization_code', key($grantTypes)); |
| 666 | } |
| 667 | |
| 668 | public function testAddGrantTypeWithKey() |
| 669 | { |
| 670 | $server = new Server(); |
| 671 | $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')), 'ac'); |
| 672 | |
| 673 | $grantTypes = $server->getGrantTypes(); |
| 674 | $this->assertEquals('ac', key($grantTypes)); |
| 675 | } |
| 676 | |
| 677 | public function testAddGrantTypeWithKeyNotString() |
| 678 | { |
| 679 | $server = new Server(); |
| 680 | $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')), 42); |
| 681 | |
| 682 | $grantTypes = $server->getGrantTypes(); |
| 683 | $this->assertEquals('authorization_code', key($grantTypes)); |
| 684 | } |
| 685 | } |