diff options
Diffstat (limited to 'library/oauth2/test/OAuth2/OpenID')
8 files changed, 0 insertions, 876 deletions
diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php deleted file mode 100644 index 46de936d8..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php +++ /dev/null @@ -1,182 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Controller; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; - -class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testValidateAuthorizeRequest() - { - $server = $this->getTestServer(); - - $response = new Response(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'id_token', - 'state' => 'af0ifjsldkj', - 'nonce' => 'n-0S6_WzA2Mj', - )); - - // Test valid id_token request - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('id_token', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayNotHasKey('access_token', $query); - $this->assertArrayNotHasKey('expires_in', $query); - $this->assertArrayNotHasKey('token_type', $query); - - // Test valid token id_token request - $request->query['response_type'] = 'id_token token'; - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('access_token', $query); - $this->assertArrayHasKey('expires_in', $query); - $this->assertArrayHasKey('token_type', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayHasKey('id_token', $query); - - // assert that with multiple-valued response types, order does not matter - $request->query['response_type'] = 'token id_token'; - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('access_token', $query); - $this->assertArrayHasKey('expires_in', $query); - $this->assertArrayHasKey('token_type', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayHasKey('id_token', $query); - - // assert that with multiple-valued response types with extra spaces do not matter - $request->query['response_type'] = ' token id_token '; - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('access_token', $query); - $this->assertArrayHasKey('expires_in', $query); - $this->assertArrayHasKey('token_type', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayHasKey('id_token', $query); - } - - public function testMissingNonce() - { - $server = $this->getTestServer(); - $authorize = $server->getAuthorizeController(); - - $response = new Response(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'id_token', - 'state' => 'xyz', - )); - - // Test missing nonce for 'id_token' response type - $server->handleAuthorizeRequest($request, $response, true); - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'invalid_nonce'); - $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter'); - - // Test missing nonce for 'id_token token' response type - $request->query['response_type'] = 'id_token token'; - $server->handleAuthorizeRequest($request, $response, true); - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'invalid_nonce'); - $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter'); - } - - public function testNotGrantedApplication() - { - $server = $this->getTestServer(); - - $response = new Response(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'id_token', - 'state' => 'af0ifjsldkj', - 'nonce' => 'n-0S6_WzA2Mj', - )); - - // Test not approved application - $server->handleAuthorizeRequest($request, $response, false); - - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'consent_required'); - $this->assertEquals($params['error_description'], 'The user denied access to your application'); - - // Test not approved application with prompt parameter - $request->query['prompt'] = 'none'; - $server->handleAuthorizeRequest($request, $response, false); - - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'login_required'); - $this->assertEquals($params['error_description'], 'The user must log in'); - - // Test not approved application with user_id set - $request->query['prompt'] = 'none'; - $server->handleAuthorizeRequest($request, $response, false, 'some-user-id'); - - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'interaction_required'); - $this->assertEquals($params['error_description'], 'The user must grant access to your application'); - } - - public function testNeedsIdToken() - { - $server = $this->getTestServer(); - $authorize = $server->getAuthorizeController(); - - $this->assertTrue($authorize->needsIdToken('openid')); - $this->assertTrue($authorize->needsIdToken('openid profile')); - $this->assertFalse($authorize->needsIdToken('')); - $this->assertFalse($authorize->needsIdToken('some-scope')); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'phpunit', - 'allow_implicit' => true - ); - - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php deleted file mode 100644 index b1b687077..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Controller; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; - -class UserInfoControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testCreateController() - { - $tokenType = new \OAuth2\TokenType\Bearer(); - $storage = new \OAuth2\Storage\Memory(); - $controller = new UserInfoController($tokenType, $storage, $storage); - - $response = new Response(); - $controller->handleUserInfoRequest(new Request(), $response); - $this->assertEquals(401, $response->getStatusCode()); - } - - public function testValidToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-openid-connect'; - $response = new Response(); - - $server->handleUserInfoRequest($request, $response); - $parameters = $response->getParameters(); - $this->assertEquals($parameters['sub'], 'testuser'); - $this->assertEquals($parameters['email'], 'testuser@test.com'); - $this->assertEquals($parameters['email_verified'], true); - } - - private function getTestServer($config = array()) - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php deleted file mode 100644 index 776002d1e..000000000 --- a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php +++ /dev/null @@ -1,57 +0,0 @@ -<?php - -namespace OAuth2\OpenID\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase -{ - public function testValidCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-openid', // valid code - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('id_token', $token); - $this->assertEquals('test_id_token', $token['id_token']); - - // this is only true if "offline_access" was requested - $this->assertFalse(isset($token['refresh_token'])); - } - - public function testOfflineAccess() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-openid', // valid code - 'scope' => 'offline_access', // valid code - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('id_token', $token); - $this->assertEquals('test_id_token', $token['id_token']); - $this->assertTrue(isset($token['refresh_token'])); - } - - private function getTestServer() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, array('use_openid_connect' => true)); - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php deleted file mode 100644 index b0311434a..000000000 --- a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php +++ /dev/null @@ -1,182 +0,0 @@ -<?php - -namespace OAuth2\OpenID\ResponseType; - -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\ClientCredentials; - -class CodeIdTokenTest extends \PHPUnit_Framework_TestCase -{ - public function testHandleAuthorizeRequest() - { - // add the test parameters in memory - $server = $this->getTestServer(); - - $request = new Request(array( - 'response_type' => 'code id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid', - 'state' => 'test', - 'nonce' => 'test', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('code', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('iss', $claims); - $this->assertArrayHasKey('sub', $claims); - $this->assertArrayHasKey('aud', $claims); - $this->assertArrayHasKey('iat', $claims); - $this->assertArrayHasKey('exp', $claims); - $this->assertArrayHasKey('auth_time', $claims); - $this->assertArrayHasKey('nonce', $claims); - - // only exists if an access token was granted along with the id_token - $this->assertArrayNotHasKey('at_hash', $claims); - - $this->assertEquals($claims['iss'], 'test'); - $this->assertEquals($claims['aud'], 'Test Client ID'); - $this->assertEquals($claims['nonce'], 'test'); - $duration = $claims['exp'] - $claims['iat']; - $this->assertEquals($duration, 3600); - } - - public function testUserClaimsWithUserId() - { - // add the test parameters in memory - $server = $this->getTestServer(); - - $request = new Request(array( - 'response_type' => 'code id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - $userId = 'testuser'; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('code', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('email', $claims); - $this->assertArrayHasKey('email_verified', $claims); - $this->assertNotNull($claims['email']); - $this->assertNotNull($claims['email_verified']); - } - - public function testUserClaimsWithoutUserId() - { - // add the test parameters in memory - $server = $this->getTestServer(); - - $request = new Request(array( - 'response_type' => 'code id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - $userId = null; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('code', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayNotHasKey('email', $claims); - $this->assertArrayNotHasKey('email_verified', $claims); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'test', - 'id_lifetime' => 3600, - 'allow_implicit' => true, - ); - - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $memoryStorage->supportedScopes[] = 'email'; - $responseTypes = array( - 'code' => $code = new AuthorizationCode($memoryStorage), - 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config), - 'code id_token' => new CodeIdToken($code, $idToken), - ); - - $server = new Server($memoryStorage, $config, array(), $responseTypes); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php deleted file mode 100644 index e772f6be4..000000000 --- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php +++ /dev/null @@ -1,184 +0,0 @@ -<?php - -namespace OAuth2\OpenID\ResponseType; - -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\ClientCredentials; -use OAuth2\Encryption\Jwt; - -class IdTokenTest extends \PHPUnit_Framework_TestCase -{ - public function testValidateAuthorizeRequest() - { - $query = array( - 'response_type' => 'id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid', - 'state' => 'test', - ); - - // attempt to do the request without a nonce. - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request($query); - $valid = $server->validateAuthorizeRequest($request, $response = new Response()); - - // Add a nonce and retry. - $query['nonce'] = 'test'; - $request = new Request($query); - $valid = $server->validateAuthorizeRequest($request, $response = new Response()); - $this->assertTrue($valid); - } - - public function testHandleAuthorizeRequest() - { - // add the test parameters in memory - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'response_type' => 'id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - $user_id = 'testuser'; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayNotHasKey('access_token', $params); - $this->validateIdToken($params['id_token']); - } - - public function testPassInAuthTime() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'response_type' => 'id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - // test with a scalar user id - $user_id = 'testuser123'; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id); - - list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response); - - $this->assertTrue(is_array($payload)); - $this->assertArrayHasKey('sub', $payload); - $this->assertEquals($user_id, $payload['sub']); - $this->assertArrayHasKey('auth_time', $payload); - - // test with an array of user info - $userInfo = array( - 'user_id' => 'testuser1234', - 'auth_time' => date('Y-m-d H:i:s', strtotime('20 minutes ago') - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true, $userInfo); - - list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response); - - $this->assertTrue(is_array($payload)); - $this->assertArrayHasKey('sub', $payload); - $this->assertEquals($userInfo['user_id'], $payload['sub']); - $this->assertArrayHasKey('auth_time', $payload); - $this->assertEquals($userInfo['auth_time'], $payload['auth_time']); - } - - private function extractTokenDataFromResponse(Response $response) - { - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayNotHasKey('access_token', $params); - - list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']); - - $jwt = new Jwt(); - $header = json_decode($jwt->urlSafeB64Decode($headb64), true); - $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true); - - return array($header, $payload, $signature); - } - - private function validateIdToken($id_token) - { - $parts = explode('.', $id_token); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('iss', $claims); - $this->assertArrayHasKey('sub', $claims); - $this->assertArrayHasKey('aud', $claims); - $this->assertArrayHasKey('iat', $claims); - $this->assertArrayHasKey('exp', $claims); - $this->assertArrayHasKey('auth_time', $claims); - $this->assertArrayHasKey('nonce', $claims); - $this->assertArrayHasKey('email', $claims); - $this->assertArrayHasKey('email_verified', $claims); - - $this->assertEquals($claims['iss'], 'test'); - $this->assertEquals($claims['aud'], 'Test Client ID'); - $this->assertEquals($claims['nonce'], 'test'); - $this->assertEquals($claims['email'], 'testuser@test.com'); - $duration = $claims['exp'] - $claims['iat']; - $this->assertEquals($duration, 3600); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'test', - 'id_lifetime' => 3600, - ); - - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $memoryStorage->supportedScopes[] = 'email'; - $storage = array( - 'client' => $memoryStorage, - 'scope' => $memoryStorage, - ); - $responseTypes = array( - 'id_token' => new IdToken($memoryStorage, $memoryStorage, $config), - ); - - $server = new Server($storage, $config, array(), $responseTypes); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php deleted file mode 100644 index bc564d37b..000000000 --- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php +++ /dev/null @@ -1,91 +0,0 @@ -<?php - -namespace OAuth2\OpenID\ResponseType; - -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\ClientCredentials; -use OAuth2\ResponseType\AccessToken; - -class IdTokenTokenTest extends \PHPUnit_Framework_TestCase -{ - - public function testHandleAuthorizeRequest() - { - // add the test parameters in memory - $server = $this->getTestServer(array('allow_implicit' => true)); - - $request = new Request(array( - 'response_type' => 'id_token token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid', - 'state' => 'test', - 'nonce' => 'test', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('access_token', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('iss', $claims); - $this->assertArrayHasKey('sub', $claims); - $this->assertArrayHasKey('aud', $claims); - $this->assertArrayHasKey('iat', $claims); - $this->assertArrayHasKey('exp', $claims); - $this->assertArrayHasKey('auth_time', $claims); - $this->assertArrayHasKey('nonce', $claims); - $this->assertArrayHasKey('at_hash', $claims); - - $this->assertEquals($claims['iss'], 'test'); - $this->assertEquals($claims['aud'], 'Test Client ID'); - $this->assertEquals($claims['nonce'], 'test'); - $duration = $claims['exp'] - $claims['iat']; - $this->assertEquals($duration, 3600); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'test', - 'id_lifetime' => 3600, - ); - - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $responseTypes = array( - 'token' => $token = new AccessToken($memoryStorage, $memoryStorage), - 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config), - 'id_token token' => new IdTokenToken($token, $idToken), - ); - - $server = new Server($memoryStorage, $config, array(), $responseTypes); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php deleted file mode 100644 index bdfb085e3..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php +++ /dev/null @@ -1,95 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Storage; - -use OAuth2\Storage\BaseTest; -use OAuth2\Storage\NullStorage; - -class AuthorizationCodeTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testCreateAuthorizationCode($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof AuthorizationCodeInterface) { - return; - } - - // assert code we are about to add does not exist - $code = $storage->getAuthorizationCode('new-openid-code'); - $this->assertFalse($code); - - // add new code - $expires = time() + 20; - $scope = null; - $id_token = 'fake_id_token'; - $success = $storage->setAuthorizationCode('new-openid-code', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token); - $this->assertTrue($success); - - $code = $storage->getAuthorizationCode('new-openid-code'); - $this->assertNotNull($code); - $this->assertArrayHasKey('authorization_code', $code); - $this->assertArrayHasKey('client_id', $code); - $this->assertArrayHasKey('user_id', $code); - $this->assertArrayHasKey('redirect_uri', $code); - $this->assertArrayHasKey('expires', $code); - $this->assertEquals($code['authorization_code'], 'new-openid-code'); - $this->assertEquals($code['client_id'], 'client ID'); - $this->assertEquals($code['user_id'], 'SOMEUSERID'); - $this->assertEquals($code['redirect_uri'], 'http://example.com'); - $this->assertEquals($code['expires'], $expires); - $this->assertEquals($code['id_token'], $id_token); - - // change existing code - $expires = time() + 42; - $new_id_token = 'fake_id_token-2'; - $success = $storage->setAuthorizationCode('new-openid-code', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires, $scope, $new_id_token); - $this->assertTrue($success); - - $code = $storage->getAuthorizationCode('new-openid-code'); - $this->assertNotNull($code); - $this->assertArrayHasKey('authorization_code', $code); - $this->assertArrayHasKey('client_id', $code); - $this->assertArrayHasKey('user_id', $code); - $this->assertArrayHasKey('redirect_uri', $code); - $this->assertArrayHasKey('expires', $code); - $this->assertEquals($code['authorization_code'], 'new-openid-code'); - $this->assertEquals($code['client_id'], 'client ID2'); - $this->assertEquals($code['user_id'], 'SOMEOTHERID'); - $this->assertEquals($code['redirect_uri'], 'http://example.org'); - $this->assertEquals($code['expires'], $expires); - $this->assertEquals($code['id_token'], $new_id_token); - } - - /** @dataProvider provideStorage */ - public function testRemoveIdTokenFromAuthorizationCode($storage) - { - // add new code - $expires = time() + 20; - $scope = null; - $id_token = 'fake_id_token_to_remove'; - $authcode = 'new-openid-code-'.rand(); - $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token); - $this->assertTrue($success); - - // verify params were set - $code = $storage->getAuthorizationCode($authcode); - $this->assertNotNull($code); - $this->assertArrayHasKey('id_token', $code); - $this->assertEquals($code['id_token'], $id_token); - - // remove the id_token - $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, null); - - // verify the "id_token" is now null - $code = $storage->getAuthorizationCode($authcode); - $this->assertNotNull($code); - $this->assertArrayHasKey('id_token', $code); - $this->assertEquals($code['id_token'], null); - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php deleted file mode 100644 index 840f6c566..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Storage; - -use OAuth2\Storage\BaseTest; -use OAuth2\Storage\NullStorage; - -class UserClaimsTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testGetUserClaims($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof UserClaimsInterface) { - // incompatible storage - return; - } - - // invalid user - $claims = $storage->getUserClaims('fake-user', ''); - $this->assertFalse($claims); - - // valid user (no scope) - $claims = $storage->getUserClaims('testuser', ''); - - /* assert the decoded token is the same */ - $this->assertFalse(isset($claims['email'])); - - // valid user - $claims = $storage->getUserClaims('testuser', 'email'); - - /* assert the decoded token is the same */ - $this->assertEquals($claims['email'], "testuser@test.com"); - $this->assertEquals($claims['email_verified'], true); - } -} |