aboutsummaryrefslogtreecommitdiffstats
path: root/library/oauth2/test/OAuth2/OpenID
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-07-05 15:35:05 -0700
committerzotlabs <mike@macgirvin.com>2017-07-05 15:35:05 -0700
commitfca8e0aa6ac9d4f2084371486e906d7e3726a5a5 (patch)
tree81d27ea002828a42c53541f741bad44684a2c601 /library/oauth2/test/OAuth2/OpenID
parent41111bcdadcd16ebc4f078fc812eb5a290f185e5 (diff)
parent8dd9ab05a97f92f9eca5d527e48272f3a44010a8 (diff)
downloadvolse-hubzilla-fca8e0aa6ac9d4f2084371486e906d7e3726a5a5.tar.gz
volse-hubzilla-fca8e0aa6ac9d4f2084371486e906d7e3726a5a5.tar.bz2
volse-hubzilla-fca8e0aa6ac9d4f2084371486e906d7e3726a5a5.zip
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
Diffstat (limited to 'library/oauth2/test/OAuth2/OpenID')
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php182
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php44
-rw-r--r--library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php57
-rw-r--r--library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php182
-rw-r--r--library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php184
-rw-r--r--library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php91
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php95
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php41
8 files changed, 0 insertions, 876 deletions
diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
deleted file mode 100644
index 46de936d8..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
+++ /dev/null
@@ -1,182 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidateAuthorizeRequest()
- {
- $server = $this->getTestServer();
-
- $response = new Response();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'id_token',
- 'state' => 'af0ifjsldkj',
- 'nonce' => 'n-0S6_WzA2Mj',
- ));
-
- // Test valid id_token request
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('id_token', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayNotHasKey('access_token', $query);
- $this->assertArrayNotHasKey('expires_in', $query);
- $this->assertArrayNotHasKey('token_type', $query);
-
- // Test valid token id_token request
- $request->query['response_type'] = 'id_token token';
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('access_token', $query);
- $this->assertArrayHasKey('expires_in', $query);
- $this->assertArrayHasKey('token_type', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayHasKey('id_token', $query);
-
- // assert that with multiple-valued response types, order does not matter
- $request->query['response_type'] = 'token id_token';
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('access_token', $query);
- $this->assertArrayHasKey('expires_in', $query);
- $this->assertArrayHasKey('token_type', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayHasKey('id_token', $query);
-
- // assert that with multiple-valued response types with extra spaces do not matter
- $request->query['response_type'] = ' token id_token ';
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('access_token', $query);
- $this->assertArrayHasKey('expires_in', $query);
- $this->assertArrayHasKey('token_type', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayHasKey('id_token', $query);
- }
-
- public function testMissingNonce()
- {
- $server = $this->getTestServer();
- $authorize = $server->getAuthorizeController();
-
- $response = new Response();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'id_token',
- 'state' => 'xyz',
- ));
-
- // Test missing nonce for 'id_token' response type
- $server->handleAuthorizeRequest($request, $response, true);
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'invalid_nonce');
- $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter');
-
- // Test missing nonce for 'id_token token' response type
- $request->query['response_type'] = 'id_token token';
- $server->handleAuthorizeRequest($request, $response, true);
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'invalid_nonce');
- $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter');
- }
-
- public function testNotGrantedApplication()
- {
- $server = $this->getTestServer();
-
- $response = new Response();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'id_token',
- 'state' => 'af0ifjsldkj',
- 'nonce' => 'n-0S6_WzA2Mj',
- ));
-
- // Test not approved application
- $server->handleAuthorizeRequest($request, $response, false);
-
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'consent_required');
- $this->assertEquals($params['error_description'], 'The user denied access to your application');
-
- // Test not approved application with prompt parameter
- $request->query['prompt'] = 'none';
- $server->handleAuthorizeRequest($request, $response, false);
-
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'login_required');
- $this->assertEquals($params['error_description'], 'The user must log in');
-
- // Test not approved application with user_id set
- $request->query['prompt'] = 'none';
- $server->handleAuthorizeRequest($request, $response, false, 'some-user-id');
-
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'interaction_required');
- $this->assertEquals($params['error_description'], 'The user must grant access to your application');
- }
-
- public function testNeedsIdToken()
- {
- $server = $this->getTestServer();
- $authorize = $server->getAuthorizeController();
-
- $this->assertTrue($authorize->needsIdToken('openid'));
- $this->assertTrue($authorize->needsIdToken('openid profile'));
- $this->assertFalse($authorize->needsIdToken(''));
- $this->assertFalse($authorize->needsIdToken('some-scope'));
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'phpunit',
- 'allow_implicit' => true
- );
-
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
deleted file mode 100644
index b1b687077..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
+++ /dev/null
@@ -1,44 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class UserInfoControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testCreateController()
- {
- $tokenType = new \OAuth2\TokenType\Bearer();
- $storage = new \OAuth2\Storage\Memory();
- $controller = new UserInfoController($tokenType, $storage, $storage);
-
- $response = new Response();
- $controller->handleUserInfoRequest(new Request(), $response);
- $this->assertEquals(401, $response->getStatusCode());
- }
-
- public function testValidToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-openid-connect';
- $response = new Response();
-
- $server->handleUserInfoRequest($request, $response);
- $parameters = $response->getParameters();
- $this->assertEquals($parameters['sub'], 'testuser');
- $this->assertEquals($parameters['email'], 'testuser@test.com');
- $this->assertEquals($parameters['email_verified'], true);
- }
-
- private function getTestServer($config = array())
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
deleted file mode 100644
index 776002d1e..000000000
--- a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-openid', // valid code
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('id_token', $token);
- $this->assertEquals('test_id_token', $token['id_token']);
-
- // this is only true if "offline_access" was requested
- $this->assertFalse(isset($token['refresh_token']));
- }
-
- public function testOfflineAccess()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-openid', // valid code
- 'scope' => 'offline_access', // valid code
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('id_token', $token);
- $this->assertEquals('test_id_token', $token['id_token']);
- $this->assertTrue(isset($token['refresh_token']));
- }
-
- private function getTestServer()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, array('use_openid_connect' => true));
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
deleted file mode 100644
index b0311434a..000000000
--- a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
+++ /dev/null
@@ -1,182 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\ClientCredentials;
-
-class CodeIdTokenTest extends \PHPUnit_Framework_TestCase
-{
- public function testHandleAuthorizeRequest()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
-
- $request = new Request(array(
- 'response_type' => 'code id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('code', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('iss', $claims);
- $this->assertArrayHasKey('sub', $claims);
- $this->assertArrayHasKey('aud', $claims);
- $this->assertArrayHasKey('iat', $claims);
- $this->assertArrayHasKey('exp', $claims);
- $this->assertArrayHasKey('auth_time', $claims);
- $this->assertArrayHasKey('nonce', $claims);
-
- // only exists if an access token was granted along with the id_token
- $this->assertArrayNotHasKey('at_hash', $claims);
-
- $this->assertEquals($claims['iss'], 'test');
- $this->assertEquals($claims['aud'], 'Test Client ID');
- $this->assertEquals($claims['nonce'], 'test');
- $duration = $claims['exp'] - $claims['iat'];
- $this->assertEquals($duration, 3600);
- }
-
- public function testUserClaimsWithUserId()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
-
- $request = new Request(array(
- 'response_type' => 'code id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $userId = 'testuser';
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('code', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('email', $claims);
- $this->assertArrayHasKey('email_verified', $claims);
- $this->assertNotNull($claims['email']);
- $this->assertNotNull($claims['email_verified']);
- }
-
- public function testUserClaimsWithoutUserId()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
-
- $request = new Request(array(
- 'response_type' => 'code id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $userId = null;
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('code', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayNotHasKey('email', $claims);
- $this->assertArrayNotHasKey('email_verified', $claims);
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'test',
- 'id_lifetime' => 3600,
- 'allow_implicit' => true,
- );
-
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $memoryStorage->supportedScopes[] = 'email';
- $responseTypes = array(
- 'code' => $code = new AuthorizationCode($memoryStorage),
- 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config),
- 'code id_token' => new CodeIdToken($code, $idToken),
- );
-
- $server = new Server($memoryStorage, $config, array(), $responseTypes);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
deleted file mode 100644
index e772f6be4..000000000
--- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\Encryption\Jwt;
-
-class IdTokenTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidateAuthorizeRequest()
- {
- $query = array(
- 'response_type' => 'id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid',
- 'state' => 'test',
- );
-
- // attempt to do the request without a nonce.
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request($query);
- $valid = $server->validateAuthorizeRequest($request, $response = new Response());
-
- // Add a nonce and retry.
- $query['nonce'] = 'test';
- $request = new Request($query);
- $valid = $server->validateAuthorizeRequest($request, $response = new Response());
- $this->assertTrue($valid);
- }
-
- public function testHandleAuthorizeRequest()
- {
- // add the test parameters in memory
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'response_type' => 'id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $user_id = 'testuser';
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayNotHasKey('access_token', $params);
- $this->validateIdToken($params['id_token']);
- }
-
- public function testPassInAuthTime()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'response_type' => 'id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- // test with a scalar user id
- $user_id = 'testuser123';
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id);
-
- list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response);
-
- $this->assertTrue(is_array($payload));
- $this->assertArrayHasKey('sub', $payload);
- $this->assertEquals($user_id, $payload['sub']);
- $this->assertArrayHasKey('auth_time', $payload);
-
- // test with an array of user info
- $userInfo = array(
- 'user_id' => 'testuser1234',
- 'auth_time' => date('Y-m-d H:i:s', strtotime('20 minutes ago')
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $userInfo);
-
- list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response);
-
- $this->assertTrue(is_array($payload));
- $this->assertArrayHasKey('sub', $payload);
- $this->assertEquals($userInfo['user_id'], $payload['sub']);
- $this->assertArrayHasKey('auth_time', $payload);
- $this->assertEquals($userInfo['auth_time'], $payload['auth_time']);
- }
-
- private function extractTokenDataFromResponse(Response $response)
- {
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayNotHasKey('access_token', $params);
-
- list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']);
-
- $jwt = new Jwt();
- $header = json_decode($jwt->urlSafeB64Decode($headb64), true);
- $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true);
-
- return array($header, $payload, $signature);
- }
-
- private function validateIdToken($id_token)
- {
- $parts = explode('.', $id_token);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('iss', $claims);
- $this->assertArrayHasKey('sub', $claims);
- $this->assertArrayHasKey('aud', $claims);
- $this->assertArrayHasKey('iat', $claims);
- $this->assertArrayHasKey('exp', $claims);
- $this->assertArrayHasKey('auth_time', $claims);
- $this->assertArrayHasKey('nonce', $claims);
- $this->assertArrayHasKey('email', $claims);
- $this->assertArrayHasKey('email_verified', $claims);
-
- $this->assertEquals($claims['iss'], 'test');
- $this->assertEquals($claims['aud'], 'Test Client ID');
- $this->assertEquals($claims['nonce'], 'test');
- $this->assertEquals($claims['email'], 'testuser@test.com');
- $duration = $claims['exp'] - $claims['iat'];
- $this->assertEquals($duration, 3600);
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'test',
- 'id_lifetime' => 3600,
- );
-
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $memoryStorage->supportedScopes[] = 'email';
- $storage = array(
- 'client' => $memoryStorage,
- 'scope' => $memoryStorage,
- );
- $responseTypes = array(
- 'id_token' => new IdToken($memoryStorage, $memoryStorage, $config),
- );
-
- $server = new Server($storage, $config, array(), $responseTypes);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
deleted file mode 100644
index bc564d37b..000000000
--- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
+++ /dev/null
@@ -1,91 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\ResponseType\AccessToken;
-
-class IdTokenTokenTest extends \PHPUnit_Framework_TestCase
-{
-
- public function testHandleAuthorizeRequest()
- {
- // add the test parameters in memory
- $server = $this->getTestServer(array('allow_implicit' => true));
-
- $request = new Request(array(
- 'response_type' => 'id_token token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('access_token', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('iss', $claims);
- $this->assertArrayHasKey('sub', $claims);
- $this->assertArrayHasKey('aud', $claims);
- $this->assertArrayHasKey('iat', $claims);
- $this->assertArrayHasKey('exp', $claims);
- $this->assertArrayHasKey('auth_time', $claims);
- $this->assertArrayHasKey('nonce', $claims);
- $this->assertArrayHasKey('at_hash', $claims);
-
- $this->assertEquals($claims['iss'], 'test');
- $this->assertEquals($claims['aud'], 'Test Client ID');
- $this->assertEquals($claims['nonce'], 'test');
- $duration = $claims['exp'] - $claims['iat'];
- $this->assertEquals($duration, 3600);
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'test',
- 'id_lifetime' => 3600,
- );
-
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $responseTypes = array(
- 'token' => $token = new AccessToken($memoryStorage, $memoryStorage),
- 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config),
- 'id_token token' => new IdTokenToken($token, $idToken),
- );
-
- $server = new Server($memoryStorage, $config, array(), $responseTypes);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php
deleted file mode 100644
index bdfb085e3..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Storage;
-
-use OAuth2\Storage\BaseTest;
-use OAuth2\Storage\NullStorage;
-
-class AuthorizationCodeTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testCreateAuthorizationCode($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof AuthorizationCodeInterface) {
- return;
- }
-
- // assert code we are about to add does not exist
- $code = $storage->getAuthorizationCode('new-openid-code');
- $this->assertFalse($code);
-
- // add new code
- $expires = time() + 20;
- $scope = null;
- $id_token = 'fake_id_token';
- $success = $storage->setAuthorizationCode('new-openid-code', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token);
- $this->assertTrue($success);
-
- $code = $storage->getAuthorizationCode('new-openid-code');
- $this->assertNotNull($code);
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertArrayHasKey('client_id', $code);
- $this->assertArrayHasKey('user_id', $code);
- $this->assertArrayHasKey('redirect_uri', $code);
- $this->assertArrayHasKey('expires', $code);
- $this->assertEquals($code['authorization_code'], 'new-openid-code');
- $this->assertEquals($code['client_id'], 'client ID');
- $this->assertEquals($code['user_id'], 'SOMEUSERID');
- $this->assertEquals($code['redirect_uri'], 'http://example.com');
- $this->assertEquals($code['expires'], $expires);
- $this->assertEquals($code['id_token'], $id_token);
-
- // change existing code
- $expires = time() + 42;
- $new_id_token = 'fake_id_token-2';
- $success = $storage->setAuthorizationCode('new-openid-code', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires, $scope, $new_id_token);
- $this->assertTrue($success);
-
- $code = $storage->getAuthorizationCode('new-openid-code');
- $this->assertNotNull($code);
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertArrayHasKey('client_id', $code);
- $this->assertArrayHasKey('user_id', $code);
- $this->assertArrayHasKey('redirect_uri', $code);
- $this->assertArrayHasKey('expires', $code);
- $this->assertEquals($code['authorization_code'], 'new-openid-code');
- $this->assertEquals($code['client_id'], 'client ID2');
- $this->assertEquals($code['user_id'], 'SOMEOTHERID');
- $this->assertEquals($code['redirect_uri'], 'http://example.org');
- $this->assertEquals($code['expires'], $expires);
- $this->assertEquals($code['id_token'], $new_id_token);
- }
-
- /** @dataProvider provideStorage */
- public function testRemoveIdTokenFromAuthorizationCode($storage)
- {
- // add new code
- $expires = time() + 20;
- $scope = null;
- $id_token = 'fake_id_token_to_remove';
- $authcode = 'new-openid-code-'.rand();
- $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token);
- $this->assertTrue($success);
-
- // verify params were set
- $code = $storage->getAuthorizationCode($authcode);
- $this->assertNotNull($code);
- $this->assertArrayHasKey('id_token', $code);
- $this->assertEquals($code['id_token'], $id_token);
-
- // remove the id_token
- $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, null);
-
- // verify the "id_token" is now null
- $code = $storage->getAuthorizationCode($authcode);
- $this->assertNotNull($code);
- $this->assertArrayHasKey('id_token', $code);
- $this->assertEquals($code['id_token'], null);
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php
deleted file mode 100644
index 840f6c566..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Storage;
-
-use OAuth2\Storage\BaseTest;
-use OAuth2\Storage\NullStorage;
-
-class UserClaimsTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testGetUserClaims($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof UserClaimsInterface) {
- // incompatible storage
- return;
- }
-
- // invalid user
- $claims = $storage->getUserClaims('fake-user', '');
- $this->assertFalse($claims);
-
- // valid user (no scope)
- $claims = $storage->getUserClaims('testuser', '');
-
- /* assert the decoded token is the same */
- $this->assertFalse(isset($claims['email']));
-
- // valid user
- $claims = $storage->getUserClaims('testuser', 'email');
-
- /* assert the decoded token is the same */
- $this->assertEquals($claims['email'], "testuser@test.com");
- $this->assertEquals($claims['email_verified'], true);
- }
-}