:arrow_up: Update bshaffer/oauth2-server-php library.

Manage oauth2-server-php library with composer.
Folder ./library/oauth2/ can be removed and includes removed with autoloading.

1 files changed, 204 insertions, 0 deletions

diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php
new file mode 100644
index 000000000..a458aad8a
--- /dev/null
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php
@@ -0,0 +1,204 @@
+<?php
+
+namespace OAuth2\GrantType;
+
+use OAuth2\Storage\Bootstrap;
+use OAuth2\Server;
+use OAuth2\Request\TestRequest;
+use OAuth2\Response;
+
+class RefreshTokenTest extends \PHPUnit_Framework_TestCase
+{
+    private $storage;
+
+    public function testNoRefreshToken()
+    {
+        $server = $this->getTestServer();
+        $server->addGrantType(new RefreshToken($this->storage));
+
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token',  // valid grant type
+            'client_id'  => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret',  // valid client secret
+        ));
+        $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_request');
+        $this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "refresh_token" is required');
+    }
+
+    public function testInvalidRefreshToken()
+    {
+        $server = $this->getTestServer();
+        $server->addGrantType(new RefreshToken($this->storage));
+
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'fake-token', // invalid refresh token
+        ));
+        $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'Invalid refresh token');
+    }
+
+    public function testValidRefreshTokenWithNewRefreshTokenInResponse()
+    {
+        $server = $this->getTestServer();
+        $server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => true)));
+
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken', // valid refresh token
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+        $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
+
+        $refresh_token = $this->storage->getRefreshToken($token['refresh_token']);
+        $this->assertNotNull($refresh_token);
+        $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
+        $this->assertEquals($refresh_token['client_id'], $request->request('client_id'));
+        $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used');
+        $used_token = $this->storage->getRefreshToken('test-refreshtoken');
+        $this->assertFalse($used_token, 'the refresh token used is no longer valid');
+    }
+
+    public function testValidRefreshTokenDoesNotUnsetToken()
+    {
+        $server = $this->getTestServer();
+        $server->addGrantType(new RefreshToken($this->storage, array(
+            'always_issue_new_refresh_token' => true,
+            'unset_refresh_token_after_use'  => false,
+        )));
+
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken', // valid refresh token
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+        $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
+
+        $used_token = $this->storage->getRefreshToken('test-refreshtoken');
+        $this->assertNotNull($used_token, 'the refresh token used is still valid');
+    }
+
+    public function testValidRefreshTokenWithNoRefreshTokenInResponse()
+    {
+        $server = $this->getTestServer();
+        $server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => false)));
+
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken', // valid refresh token
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+        $this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned');
+
+        $used_token = $this->storage->getRefreshToken('test-refreshtoken');
+        $this->assertNotNull($used_token, 'the refresh token used is still valid');
+    }
+
+    public function testValidRefreshTokenSameScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
+            'scope'         => 'scope2 scope1',
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+        $this->assertArrayHasKey('scope', $token);
+        $this->assertEquals($token['scope'], 'scope2 scope1');
+    }
+
+    public function testValidRefreshTokenLessScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
+            'scope'         => 'scope1',
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+        $this->assertArrayHasKey('scope', $token);
+        $this->assertEquals($token['scope'], 'scope1');
+    }
+
+    public function testValidRefreshTokenDifferentScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
+            'scope'         => 'scope3',
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_scope');
+        $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
+    }
+
+    public function testValidRefreshTokenInvalidScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'refresh_token', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
+            'scope'         => 'invalid-scope',
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_scope');
+        $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
+    }
+
+    public function testValidClientDifferentRefreshToken()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type'    => 'refresh_token', // valid grant type
+            'client_id'     => 'Test Some Other Client', // valid client id
+            'client_secret' => 'TestSecret3', // valid client secret
+            'refresh_token' => 'test-refreshtoken', // valid refresh token
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'refresh_token doesn\'t exist or is invalid for the client');
+    }
+
+    private function getTestServer()
+    {
+        $this->storage = Bootstrap::getInstance()->getMemoryStorage();
+        $server = new Server($this->storage);
+
+        return $server;
+    }
+}