add oauth2/oidc lib

1 files changed, 207 insertions, 0 deletions

diff --git a/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php
new file mode 100644
index 000000000..740989635
--- /dev/null
+++ b/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php
@@ -0,0 +1,207 @@
+<?php
+
+namespace OAuth2\GrantType;
+
+use OAuth2\Storage\Bootstrap;
+use OAuth2\Server;
+use OAuth2\Request\TestRequest;
+use OAuth2\Response;
+
+class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
+{
+    public function testNoCode()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'authorization_code', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+        ));
+        $server->handleTokenRequest($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_request');
+        $this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "code" is required');
+    }
+
+    public function testInvalidCode()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'InvalidCode', // invalid authorization code
+        ));
+        $server->handleTokenRequest($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
+    }
+
+    public function testCodeCannotBeUsedTwice()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode', // valid code
+        ));
+        $server->handleTokenRequest($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 200);
+        $this->assertNotNull($response->getParameter('access_token'));
+
+        // try to use the same code again
+        $server->handleTokenRequest($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
+    }
+
+    public function testExpiredCode()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode-expired', // expired authorization code
+        ));
+        $server->handleTokenRequest($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'The authorization code has expired');
+    }
+
+    public function testValidCode()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode', // valid code
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+    }
+
+    public function testValidCodeNoScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode-with-scope', // valid code
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+        $this->assertArrayHasKey('scope', $token);
+        $this->assertEquals($token['scope'], 'scope1 scope2');
+    }
+
+    public function testValidCodeSameScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode-with-scope', // valid code
+            'scope'         => 'scope2 scope1',
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+        $this->assertArrayHasKey('scope', $token);
+        $this->assertEquals($token['scope'], 'scope2 scope1');
+    }
+
+    public function testValidCodeLessScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode-with-scope', // valid code
+            'scope'         => 'scope1',
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+        $this->assertArrayHasKey('scope', $token);
+        $this->assertEquals($token['scope'], 'scope1');
+    }
+
+    public function testValidCodeDifferentScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode-with-scope', // valid code
+            'scope'         => 'scope3',
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_scope');
+        $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
+    }
+
+    public function testValidCodeInvalidScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'code'          => 'testcode-with-scope', // valid code
+            'scope'         => 'invalid-scope',
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_scope');
+        $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
+    }
+
+    public function testValidClientDifferentCode()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'authorization_code', // valid grant type
+            'client_id'     => 'Test Some Other Client', // valid client id
+            'client_secret' => 'TestSecret3', // valid client secret
+            'code'          => 'testcode', // valid code
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client');
+    }
+
+    private function getTestServer()
+    {
+        $storage = Bootstrap::getInstance()->getMemoryStorage();
+        $server = new Server($storage);
+        $server->addGrantType(new AuthorizationCode($storage));
+
+        return $server;
+    }
+}