diff options
Diffstat (limited to 'library/oauth2/test')
48 files changed, 0 insertions, 6371 deletions
diff --git a/library/oauth2/test/OAuth2/AutoloadTest.php b/library/oauth2/test/OAuth2/AutoloadTest.php deleted file mode 100644 index 5901bdc42..000000000 --- a/library/oauth2/test/OAuth2/AutoloadTest.php +++ /dev/null @@ -1,16 +0,0 @@ -<?php - -namespace OAuth2; - -class AutoloadTest extends \PHPUnit_Framework_TestCase -{ - public function testClassesExist() - { - // autoloader is called in test/bootstrap.php - $this->assertTrue(class_exists('OAuth2\Server')); - $this->assertTrue(class_exists('OAuth2\Request')); - $this->assertTrue(class_exists('OAuth2\Response')); - $this->assertTrue(class_exists('OAuth2\GrantType\UserCredentials')); - $this->assertTrue(interface_exists('OAuth2\Storage\AccessTokenInterface')); - } -} diff --git a/library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php b/library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php deleted file mode 100644 index 3bfc760e4..000000000 --- a/library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php +++ /dev/null @@ -1,492 +0,0 @@ -<?php - -namespace OAuth2\Controller; - -use OAuth2\Storage\Memory; -use OAuth2\Scope; -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\GrantType\AuthorizationCode; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Request\TestRequest; - -class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testNoClientIdResponse() - { - $server = $this->getTestServer(); - $request = new Request(); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'No client id supplied'); - } - - public function testInvalidClientIdResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Fake Client ID', // invalid client id - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'The client id supplied is invalid'); - } - - public function testNoRedirectUriSuppliedOrStoredResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_uri'); - $this->assertEquals($response->getParameter('error_description'), 'No redirect URI was supplied or stored'); - } - - public function testNoResponseTypeResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'invalid_request'); - $this->assertEquals($query['error_description'], 'Invalid or missing response type'); - } - - public function testInvalidResponseTypeResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'invalid', // invalid response type - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'invalid_request'); - $this->assertEquals($query['error_description'], 'Invalid or missing response type'); - } - - public function testRedirectUriFragmentResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com#fragment', // valid redirect URI - 'response_type' => 'code', // invalid response type - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_uri'); - $this->assertEquals($response->getParameter('error_description'), 'The redirect URI must not contain a fragment'); - } - - public function testEnforceState() - { - $server = $this->getTestServer(array('enforce_state' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'invalid_request'); - $this->assertEquals($query['error_description'], 'The state parameter is required'); - } - - public function testDoNotEnforceState() - { - $server = $this->getTestServer(array('enforce_state' => false)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertNotContains('error', $response->getHttpHeader('Location')); - } - - public function testEnforceScope() - { - $server = $this->getTestServer(); - $scopeStorage = new Memory(array('default_scope' => false, 'supported_scopes' => array('testscope'))); - $server->setScopeUtil(new Scope($scopeStorage)); - - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - 'state' => 'xyz', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'invalid_client'); - $this->assertEquals($query['error_description'], 'This application requires you specify a scope parameter'); - - $request->query['scope'] = 'testscope'; - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertNotContains('error', $response->getHttpHeader('Location')); - } - - public function testInvalidRedirectUri() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID with Redirect Uri', // valid client id - 'redirect_uri' => 'http://adobe.com', // invalid redirect URI - 'response_type' => 'code', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch'); - $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match'); - } - - public function testInvalidRedirectUriApprovedByBuggyRegisteredUri() - { - $server = $this->getTestServer(); - $server->setConfig('require_exact_redirect_uri', false); - $request = new Request(array( - 'client_id' => 'Test Client ID with Buggy Redirect Uri', // valid client id - 'redirect_uri' => 'http://adobe.com', // invalid redirect URI - 'response_type' => 'code', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch'); - $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match'); - } - - public function testNoRedirectUriWithMultipleRedirectUris() - { - $server = $this->getTestServer(); - - // create a request with no "redirect_uri" in querystring - $request = new Request(array( - 'client_id' => 'Test Client ID with Multiple Redirect Uris', // valid client id - 'response_type' => 'code', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_uri'); - $this->assertEquals($response->getParameter('error_description'), 'A redirect URI must be supplied when multiple redirect URIs are registered'); - } - - public function testRedirectUriWithValidRedirectUri() - { - $server = $this->getTestServer(); - - // create a request with no "redirect_uri" in querystring - $request = new Request(array( - 'client_id' => 'Test Client ID with Redirect Uri Parts', // valid client id - 'response_type' => 'code', - 'redirect_uri' => 'http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true', - 'state' => 'xyz', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertContains('code', $response->getHttpHeader('Location')); - } - - public function testRedirectUriWithDifferentQueryAndExactMatchRequired() - { - $server = $this->getTestServer(array('require_exact_redirect_uri' => true)); - - // create a request with no "redirect_uri" in querystring - $request = new Request(array( - 'client_id' => 'Test Client ID with Redirect Uri Parts', // valid client id - 'response_type' => 'code', - 'redirect_uri' => 'http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true&hereisa=querystring', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch'); - $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match'); - } - - public function testRedirectUriWithDifferentQueryAndExactMatchNotRequired() - { - $server = $this->getTestServer(array('require_exact_redirect_uri' => false)); - - // create a request with no "redirect_uri" in querystring - $request = new Request(array( - 'client_id' => 'Test Client ID with Redirect Uri Parts', // valid client id - 'response_type' => 'code', - 'redirect_uri' => 'http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true&hereisa=querystring', - 'state' => 'xyz', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertContains('code', $response->getHttpHeader('Location')); - } - - public function testMultipleRedirectUris() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID with Multiple Redirect Uris', // valid client id - 'redirect_uri' => 'http://brentertainment.com', // valid redirect URI - 'response_type' => 'code', - 'state' => 'xyz' - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - $this->assertEquals($response->getStatusCode(), 302); - $this->assertContains('code', $response->getHttpHeader('Location')); - - // call again with different (but still valid) redirect URI - $request->query['redirect_uri'] = 'http://morehazards.com'; - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - $this->assertEquals($response->getStatusCode(), 302); - $this->assertContains('code', $response->getHttpHeader('Location')); - } - - /** - * @see http://tools.ietf.org/html/rfc6749#section-4.1.3 - * @see https://github.com/bshaffer/oauth2-server-php/issues/163 - */ - public function testNoRedirectUriSuppliedDoesNotRequireTokenRedirectUri() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID with Redirect Uri', // valid client id - 'response_type' => 'code', - 'state' => 'xyz', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - $this->assertEquals($response->getStatusCode(), 302); - $this->assertContains('state', $response->getHttpHeader('Location')); - $this->assertStringStartsWith('http://brentertainment.com?code=', $response->getHttpHeader('Location')); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['query'], $query); - - // call token endpoint with no redirect_uri supplied - $request = TestRequest::createPost(array( - 'client_id' => 'Test Client ID with Redirect Uri', // valid client id - 'client_secret' => 'TestSecret2', - 'grant_type' => 'authorization_code', - 'code' => $query['code'], - )); - - $server->handleTokenRequest($request, $response = new Response(), true); - $this->assertEquals($response->getStatusCode(), 200); - $this->assertNotNull($response->getParameter('access_token')); - } - - public function testUserDeniesAccessResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - 'state' => 'xyz', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'access_denied'); - $this->assertEquals($query['error_description'], 'The user denied access to your application'); - } - - public function testCodeQueryParamIsSet() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - 'state' => 'xyz', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - - $this->assertEquals('http', $parts['scheme']); // same as passed in to redirect_uri - $this->assertEquals('adobe.com', $parts['host']); // same as passed in to redirect_uri - $this->assertArrayHasKey('query', $parts); - $this->assertFalse(isset($parts['fragment'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $query); - $this->assertNotNull($query); - $this->assertArrayHasKey('code', $query); - - // ensure no id_token was saved, since the openid scope wasn't requested - $storage = $server->getStorage('authorization_code'); - $code = $storage->getAuthorizationCode($query['code']); - $this->assertTrue(empty($code['id_token'])); - - // ensure no error was returned - $this->assertFalse(isset($query['error'])); - $this->assertFalse(isset($query['error_description'])); - } - - public function testSuccessfulRequestReturnsStateParameter() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - 'state' => 'test', // valid state string (just needs to be passed back to us) - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - parse_str($parts['query'], $query); - - $this->assertArrayHasKey('state', $query); - $this->assertEquals($query['state'], 'test'); - - // ensure no error was returned - $this->assertFalse(isset($query['error'])); - $this->assertFalse(isset($query['error_description'])); - } - - public function testSuccessfulRequestStripsExtraParameters() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'code', - 'state' => 'test', // valid state string (just needs to be passed back to us) - 'fake' => 'something', // extra query param - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertFalse(isset($parts['fake'])); - $this->assertArrayHasKey('query', $parts); - parse_str($parts['query'], $query); - - $this->assertFalse(isset($parmas['fake'])); - $this->assertArrayHasKey('state', $query); - $this->assertEquals($query['state'], 'test'); - } - - public function testSuccessfulOpenidConnectRequest() - { - $server = $this->getTestServer(array( - 'use_openid_connect' => true, - 'issuer' => 'bojanz', - )); - - $request = new Request(array( - 'client_id' => 'Test Client ID', - 'redirect_uri' => 'http://adobe.com', - 'response_type' => 'code', - 'state' => 'xyz', - 'scope' => 'openid', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - $this->assertFalse(isset($parts['fragment'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $query); - $this->assertNotNull($query); - $this->assertArrayHasKey('code', $query); - - // ensure no error was returned - $this->assertFalse(isset($query['error'])); - $this->assertFalse(isset($query['error_description'])); - - // confirm that the id_token has been created. - $storage = $server->getStorage('authorization_code'); - $code = $storage->getAuthorizationCode($query['code']); - $this->assertTrue(!empty($code['id_token'])); - } - - public function testCreateController() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $controller = new AuthorizeController($storage); - } - - private function getTestServer($config = array()) - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - // Add the two types supported for authorization grant - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php b/library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php deleted file mode 100644 index ee6d96ff8..000000000 --- a/library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php +++ /dev/null @@ -1,175 +0,0 @@ -<?php - -namespace OAuth2\Controller; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\GrantType\AuthorizationCode; -use OAuth2\Request; -use OAuth2\Response; - -class ResourceControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testNoAccessToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 401); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - } - - public function testMalformedHeader() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'tH1s i5 B0gU5'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Malformed auth header'); - } - - public function testMultipleTokensSubmitted() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->request['access_token'] = 'TEST'; - $request->query['access_token'] = 'TEST'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Only one method may be used to authenticate at a time (Auth header, GET or POST)'); - } - - public function testInvalidRequestMethod() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->server['REQUEST_METHOD'] = 'GET'; - $request->request['access_token'] = 'TEST'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'When putting the token in the body, the method must be POST or PUT'); - } - - public function testInvalidContentType() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->server['REQUEST_METHOD'] = 'POST'; - $request->server['CONTENT_TYPE'] = 'application/json'; - $request->request['access_token'] = 'TEST'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"'); - } - - public function testInvalidToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer TESTTOKEN'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 401); - $this->assertEquals($response->getParameter('error'), 'invalid_token'); - $this->assertEquals($response->getParameter('error_description'), 'The access token provided is invalid'); - } - - public function testExpiredToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-expired'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 401); - $this->assertEquals($response->getParameter('error'), 'expired_token'); - $this->assertEquals($response->getParameter('error_description'), 'The access token provided has expired'); - } - - public function testOutOfScopeToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope'; - $scope = 'outofscope'; - $allow = $server->verifyResourceRequest($request, $response = new Response(), $scope); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 403); - $this->assertEquals($response->getParameter('error'), 'insufficient_scope'); - $this->assertEquals($response->getParameter('error_description'), 'The request requires higher privileges than provided by the access token'); - - // verify the "scope" has been set in the "WWW-Authenticate" header - preg_match('/scope="(.*?)"/', $response->getHttpHeader('WWW-Authenticate'), $matches); - $this->assertEquals(2, count($matches)); - $this->assertEquals($matches[1], 'outofscope'); - } - - public function testMalformedToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-malformed'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertFalse($allow); - - $this->assertEquals($response->getStatusCode(), 401); - $this->assertEquals($response->getParameter('error'), 'malformed_token'); - $this->assertEquals($response->getParameter('error_description'), 'Malformed token (missing "expires")'); - } - - public function testValidToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertTrue($allow); - } - - public function testValidTokenWithScopeParam() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope'; - $request->query['scope'] = 'testscope'; - $allow = $server->verifyResourceRequest($request, $response = new Response()); - $this->assertTrue($allow); - } - - public function testCreateController() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $tokenType = new \OAuth2\TokenType\Bearer(); - $controller = new ResourceController($tokenType, $storage); - } - - private function getTestServer($config = array()) - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - // Add the two types supported for authorization grant - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/Controller/TokenControllerTest.php b/library/oauth2/test/OAuth2/Controller/TokenControllerTest.php deleted file mode 100644 index 4a217bd55..000000000 --- a/library/oauth2/test/OAuth2/Controller/TokenControllerTest.php +++ /dev/null @@ -1,289 +0,0 @@ -<?php - -namespace OAuth2\Controller; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\GrantType\AuthorizationCode; -use OAuth2\GrantType\ClientCredentials; -use OAuth2\GrantType\UserCredentials; -use OAuth2\Scope; -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class TokenControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testNoGrantType() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $server->handleTokenRequest(TestRequest::createPost(), $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'The grant type was not specified in the request'); - } - - public function testInvalidGrantType() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'invalid_grant_type', // invalid grant type - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'unsupported_grant_type'); - $this->assertEquals($response->getParameter('error_description'), 'Grant type "invalid_grant_type" not supported'); - } - - public function testNoClientId() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode', - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'Client credentials were not found in the headers or body'); - } - - public function testNoClientSecretWithConfidentialClient() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode', - 'client_id' => 'Test Client ID', // valid client id - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret'); - } - - public function testNoClientSecretWithEmptySecret() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode-empty-secret', - 'client_id' => 'Test Client ID Empty Secret', // valid client id - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 200); - } - - public function testInvalidClientId() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode', - 'client_id' => 'Fake Client ID', // invalid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid'); - } - - public function testInvalidClientSecret() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode', - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'Fake Client Secret', // invalid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid'); - } - - public function testValidTokenResponse() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode', // valid authorization code - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertTrue($response instanceof Response); - $this->assertEquals($response->getStatusCode(), 200); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - $this->assertNotNull($response->getParameter('access_token')); - $this->assertNotNull($response->getParameter('expires_in')); - $this->assertNotNull($response->getParameter('token_type')); - } - - public function testValidClientIdScope() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode', - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'scope' => 'clientscope1 clientscope2' - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 200); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - $this->assertEquals('clientscope1 clientscope2', $response->getParameter('scope')); - } - - public function testInvalidClientIdScope() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'code' => 'testcode-with-scope', - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'scope' => 'clientscope3' - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request'); - } - - public function testEnforceScope() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new ClientCredentials($storage)); - - $scope = new Scope(array( - 'default_scope' => false, - 'supported_scopes' => array('testscope') - )); - $server->setScopeUtil($scope); - - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $response = $server->handleTokenRequest($request); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'This application requires you specify a scope parameter'); - } - - public function testCanReceiveAccessTokenUsingPasswordGrantTypeWithoutClientSecret() - { - // add the test parameters in memory - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new UserCredentials($storage)); - - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID For Password Grant', // valid client id - 'username' => 'johndoe', // valid username - 'password' => 'password', // valid password for username - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertTrue($response instanceof Response); - $this->assertEquals(200, $response->getStatusCode(), var_export($response, 1)); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - $this->assertNotNull($response->getParameter('access_token')); - $this->assertNotNull($response->getParameter('expires_in')); - $this->assertNotNull($response->getParameter('token_type')); - } - - public function testInvalidTokenTypeHintForRevoke() - { - $server = $this->getTestServer(); - - $request = TestRequest::createPost(array( - 'token_type_hint' => 'foo', - 'token' => 'sometoken' - )); - - $server->handleRevokeRequest($request, $response = new Response()); - - $this->assertTrue($response instanceof Response); - $this->assertEquals(400, $response->getStatusCode(), var_export($response, 1)); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Token type hint must be either \'access_token\' or \'refresh_token\''); - } - - public function testMissingTokenForRevoke() - { - $server = $this->getTestServer(); - - $request = TestRequest::createPost(array( - 'token_type_hint' => 'access_token' - )); - - $server->handleRevokeRequest($request, $response = new Response()); - $this->assertTrue($response instanceof Response); - $this->assertEquals(400, $response->getStatusCode(), var_export($response, 1)); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Missing token parameter to revoke'); - } - - public function testInvalidRequestMethodForRevoke() - { - $server = $this->getTestServer(); - - $request = new TestRequest(); - $request->setQuery(array( - 'token_type_hint' => 'access_token' - )); - - $server->handleRevokeRequest($request, $response = new Response()); - $this->assertTrue($response instanceof Response); - $this->assertEquals(405, $response->getStatusCode(), var_export($response, 1)); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'The request method must be POST when revoking an access token'); - } - - public function testCreateController() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $accessToken = new \OAuth2\ResponseType\AccessToken($storage); - $controller = new TokenController($accessToken, $storage); - } - - private function getTestServer() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php b/library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php deleted file mode 100644 index d34136767..000000000 --- a/library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php +++ /dev/null @@ -1,102 +0,0 @@ -<?php - -namespace OAuth2\Encryption; - -use OAuth2\Storage\Bootstrap; - -class FirebaseJwtTest extends \PHPUnit_Framework_TestCase -{ - private $privateKey; - - public function setUp() - { - $this->privateKey = <<<EOD ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC5/SxVlE8gnpFqCxgl2wjhzY7ucEi00s0kUg3xp7lVEvgLgYcA -nHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1owR0p4d9pOaJK07d01+RzoQLO -IQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8UlvdRKBxriRnlP3qJQIDAQAB -AoGAVgJJVU4fhYMu1e5JfYAcTGfF+Gf+h3iQm4JCpoUcxMXf5VpB9ztk3K7LRN5y -kwFuFALpnUAarRcUPs0D8FoP4qBluKksbAtgHkO7bMSH9emN+mH4le4qpFlR7+P1 -3fLE2Y19IBwPwEfClC+TpJvuog6xqUYGPlg6XLq/MxQUB4ECQQDgovP1v+ONSeGS -R+NgJTR47noTkQT3M2izlce/OG7a+O0yw6BOZjNXqH2wx3DshqMcPUFrTjibIClP -l/tEQ3ShAkEA0/TdBYDtXpNNjqg0R9GVH2pw7Kh68ne6mZTuj0kCgFYpUF6L6iMm -zXamIJ51rTDsTyKTAZ1JuAhAsK/M2BbDBQJAKQ5fXEkIA+i+64dsDUR/hKLBeRYG -PFAPENONQGvGBwt7/s02XV3cgGbxIgAxqWkqIp0neb9AJUoJgtyaNe3GQQJANoL4 -QQ0af0NVJAZgg8QEHTNL3aGrFSbzx8IE5Lb7PLRsJa5bP5lQxnDoYuU+EI/Phr62 -niisp/b/ZDGidkTMXQJBALeRsH1I+LmICAvWXpLKa9Gv0zGCwkuIJLiUbV9c6CVh -suocCAteQwL5iW2gA4AnYr5OGeHFsEl7NCQcwfPZpJ0= ------END RSA PRIVATE KEY----- -EOD; - } - - /** @dataProvider provideClientCredentials */ - public function testJwtUtil($client_id, $client_key) - { - $jwtUtil = new FirebaseJwt(); - - $params = array( - 'iss' => $client_id, - 'exp' => time() + 1000, - 'iat' => time(), - 'sub' => 'testuser@ourdomain.com', - 'aud' => 'http://myapp.com/oauth/auth', - 'scope' => null, - ); - - $encoded = $jwtUtil->encode($params, $this->privateKey, 'RS256'); - - // test BC behaviour of trusting the algorithm in the header - $payload = $jwtUtil->decode($encoded, $client_key, array('RS256')); - $this->assertEquals($params, $payload); - - // test BC behaviour of not verifying by passing false - $payload = $jwtUtil->decode($encoded, $client_key, false); - $this->assertEquals($params, $payload); - - // test the new restricted algorithms header - $payload = $jwtUtil->decode($encoded, $client_key, array('RS256')); - $this->assertEquals($params, $payload); - } - - public function testInvalidJwt() - { - $jwtUtil = new FirebaseJwt(); - - $this->assertFalse($jwtUtil->decode('goob')); - $this->assertFalse($jwtUtil->decode('go.o.b')); - } - - /** @dataProvider provideClientCredentials */ - public function testInvalidJwtHeader($client_id, $client_key) - { - $jwtUtil = new FirebaseJwt(); - - $params = array( - 'iss' => $client_id, - 'exp' => time() + 1000, - 'iat' => time(), - 'sub' => 'testuser@ourdomain.com', - 'aud' => 'http://myapp.com/oauth/auth', - 'scope' => null, - ); - - // testing for algorithm tampering when only RSA256 signing is allowed - // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ - $tampered = $jwtUtil->encode($params, $client_key, 'HS256'); - - $payload = $jwtUtil->decode($tampered, $client_key, array('RS256')); - - $this->assertFalse($payload); - } - - public function provideClientCredentials() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $client_id = 'Test Client ID'; - $client_key = $storage->getClientKey($client_id, "testuser@ourdomain.com"); - - return array( - array($client_id, $client_key), - ); - } -} diff --git a/library/oauth2/test/OAuth2/Encryption/JwtTest.php b/library/oauth2/test/OAuth2/Encryption/JwtTest.php deleted file mode 100644 index 214eebac8..000000000 --- a/library/oauth2/test/OAuth2/Encryption/JwtTest.php +++ /dev/null @@ -1,102 +0,0 @@ -<?php - -namespace OAuth2\Encryption; - -use OAuth2\Storage\Bootstrap; - -class JwtTest extends \PHPUnit_Framework_TestCase -{ - private $privateKey; - - public function setUp() - { - $this->privateKey = <<<EOD ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC5/SxVlE8gnpFqCxgl2wjhzY7ucEi00s0kUg3xp7lVEvgLgYcA -nHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1owR0p4d9pOaJK07d01+RzoQLO -IQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8UlvdRKBxriRnlP3qJQIDAQAB -AoGAVgJJVU4fhYMu1e5JfYAcTGfF+Gf+h3iQm4JCpoUcxMXf5VpB9ztk3K7LRN5y -kwFuFALpnUAarRcUPs0D8FoP4qBluKksbAtgHkO7bMSH9emN+mH4le4qpFlR7+P1 -3fLE2Y19IBwPwEfClC+TpJvuog6xqUYGPlg6XLq/MxQUB4ECQQDgovP1v+ONSeGS -R+NgJTR47noTkQT3M2izlce/OG7a+O0yw6BOZjNXqH2wx3DshqMcPUFrTjibIClP -l/tEQ3ShAkEA0/TdBYDtXpNNjqg0R9GVH2pw7Kh68ne6mZTuj0kCgFYpUF6L6iMm -zXamIJ51rTDsTyKTAZ1JuAhAsK/M2BbDBQJAKQ5fXEkIA+i+64dsDUR/hKLBeRYG -PFAPENONQGvGBwt7/s02XV3cgGbxIgAxqWkqIp0neb9AJUoJgtyaNe3GQQJANoL4 -QQ0af0NVJAZgg8QEHTNL3aGrFSbzx8IE5Lb7PLRsJa5bP5lQxnDoYuU+EI/Phr62 -niisp/b/ZDGidkTMXQJBALeRsH1I+LmICAvWXpLKa9Gv0zGCwkuIJLiUbV9c6CVh -suocCAteQwL5iW2gA4AnYr5OGeHFsEl7NCQcwfPZpJ0= ------END RSA PRIVATE KEY----- -EOD; - } - - /** @dataProvider provideClientCredentials */ - public function testJwtUtil($client_id, $client_key) - { - $jwtUtil = new Jwt(); - - $params = array( - 'iss' => $client_id, - 'exp' => time() + 1000, - 'iat' => time(), - 'sub' => 'testuser@ourdomain.com', - 'aud' => 'http://myapp.com/oauth/auth', - 'scope' => null, - ); - - $encoded = $jwtUtil->encode($params, $this->privateKey, 'RS256'); - - // test BC behaviour of trusting the algorithm in the header - $payload = $jwtUtil->decode($encoded, $client_key); - $this->assertEquals($params, $payload); - - // test BC behaviour of not verifying by passing false - $payload = $jwtUtil->decode($encoded, $client_key, false); - $this->assertEquals($params, $payload); - - // test the new restricted algorithms header - $payload = $jwtUtil->decode($encoded, $client_key, array('RS256')); - $this->assertEquals($params, $payload); - } - - public function testInvalidJwt() - { - $jwtUtil = new Jwt(); - - $this->assertFalse($jwtUtil->decode('goob')); - $this->assertFalse($jwtUtil->decode('go.o.b')); - } - - /** @dataProvider provideClientCredentials */ - public function testInvalidJwtHeader($client_id, $client_key) - { - $jwtUtil = new Jwt(); - - $params = array( - 'iss' => $client_id, - 'exp' => time() + 1000, - 'iat' => time(), - 'sub' => 'testuser@ourdomain.com', - 'aud' => 'http://myapp.com/oauth/auth', - 'scope' => null, - ); - - // testing for algorithm tampering when only RSA256 signing is allowed - // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ - $tampered = $jwtUtil->encode($params, $client_key, 'HS256'); - - $payload = $jwtUtil->decode($tampered, $client_key, array('RS256')); - - $this->assertFalse($payload); - } - - public function provideClientCredentials() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $client_id = 'Test Client ID'; - $client_key = $storage->getClientKey($client_id, "testuser@ourdomain.com"); - - return array( - array($client_id, $client_key), - ); - } -} diff --git a/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php deleted file mode 100644 index 740989635..000000000 --- a/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php +++ /dev/null @@ -1,207 +0,0 @@ -<?php - -namespace OAuth2\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase -{ - public function testNoCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "code" is required'); - } - - public function testInvalidCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'InvalidCode', // invalid authorization code - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client'); - } - - public function testCodeCannotBeUsedTwice() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode', // valid code - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 200); - $this->assertNotNull($response->getParameter('access_token')); - - // try to use the same code again - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client'); - } - - public function testExpiredCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-expired', // expired authorization code - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'The authorization code has expired'); - } - - public function testValidCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode', // valid code - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - } - - public function testValidCodeNoScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-with-scope', // valid code - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope1 scope2'); - } - - public function testValidCodeSameScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-with-scope', // valid code - 'scope' => 'scope2 scope1', - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope2 scope1'); - } - - public function testValidCodeLessScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-with-scope', // valid code - 'scope' => 'scope1', - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope1'); - } - - public function testValidCodeDifferentScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-with-scope', // valid code - 'scope' => 'scope3', - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request'); - } - - public function testValidCodeInvalidScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-with-scope', // valid code - 'scope' => 'invalid-scope', - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request'); - } - - public function testValidClientDifferentCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Some Other Client', // valid client id - 'client_secret' => 'TestSecret3', // valid client secret - 'code' => 'testcode', // valid code - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client'); - } - - private function getTestServer() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php b/library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php deleted file mode 100644 index f0d46ccb3..000000000 --- a/library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php +++ /dev/null @@ -1,159 +0,0 @@ -<?php - -namespace OAuth2\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Request; -use OAuth2\Response; - -class ClientCredentialsTest extends \PHPUnit_Framework_TestCase -{ - public function testInvalidCredentials() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'FakeSecret', // valid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid'); - } - - public function testValidCredentials() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('scope', $token); - $this->assertNull($token['scope']); - } - - public function testValidCredentialsWithScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'scope' => 'scope1', - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope1'); - } - - public function testValidCredentialsInvalidScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'scope' => 'invalid-scope', - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested'); - } - - public function testValidCredentialsInHeader() - { - // create with HTTP_AUTHORIZATION in header - $server = $this->getTestServer(); - $headers = array('HTTP_AUTHORIZATION' => 'Basic '.base64_encode('Test Client ID:TestSecret'), 'REQUEST_METHOD' => 'POST'); - $params = array('grant_type' => 'client_credentials'); - $request = new Request(array(), $params, array(), array(), array(), $headers); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertNotNull($token['access_token']); - - // create using PHP Authorization Globals - $headers = array('PHP_AUTH_USER' => 'Test Client ID', 'PHP_AUTH_PW' => 'TestSecret', 'REQUEST_METHOD' => 'POST'); - $params = array('grant_type' => 'client_credentials'); - $request = new Request(array(), $params, array(), array(), array(), $headers); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertNotNull($token['access_token']); - } - - public function testValidCredentialsInRequest() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertNotNull($token['access_token']); - } - - public function testValidCredentialsInQuerystring() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertNotNull($token['access_token']); - } - - public function testClientUserIdIsSetInAccessToken() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Client ID With User ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - - // verify the user_id was associated with the token - $storage = $server->getStorage('client'); - $token = $storage->getAccessToken($token['access_token']); - $this->assertNotNull($token); - $this->assertArrayHasKey('user_id', $token); - $this->assertEquals($token['user_id'], 'brent@brentertainment.com'); - } - - private function getTestServer() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new ClientCredentials($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/GrantType/ImplicitTest.php b/library/oauth2/test/OAuth2/GrantType/ImplicitTest.php deleted file mode 100644 index a47aae3e8..000000000 --- a/library/oauth2/test/OAuth2/GrantType/ImplicitTest.php +++ /dev/null @@ -1,143 +0,0 @@ -<?php - -namespace OAuth2\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; - -class ImplicitTest extends \PHPUnit_Framework_TestCase -{ - public function testImplicitNotAllowedResponse() - { - $server = $this->getTestServer(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'token', // invalid response type - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'unsupported_response_type'); - $this->assertEquals($query['error_description'], 'implicit grant type not supported'); - } - - public function testUserDeniesAccessResponse() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'token', // valid response type - 'state' => 'xyz', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), false); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - parse_str($parts['query'], $query); - - $this->assertEquals($query['error'], 'access_denied'); - $this->assertEquals($query['error_description'], 'The user denied access to your application'); - } - - public function testSuccessfulRequestFragmentParameter() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'token', // valid response type - 'state' => 'xyz', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - - $this->assertEquals('http', $parts['scheme']); // same as passed in to redirect_uri - $this->assertEquals('adobe.com', $parts['host']); // same as passed in to redirect_uri - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('access_token', $params); - $this->assertArrayHasKey('expires_in', $params); - $this->assertArrayHasKey('token_type', $params); - } - - public function testSuccessfulRequestReturnsStateParameter() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'token', // valid response type - 'state' => 'test', // valid state string (just needs to be passed back to us) - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - parse_str($parts['fragment'], $params); - - $this->assertArrayHasKey('state', $params); - $this->assertEquals($params['state'], 'test'); - } - - public function testSuccessfulRequestStripsExtraParameters() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com?fake=something', // valid redirect URI - 'response_type' => 'token', // valid response type - 'state' => 'test', // valid state string (just needs to be passed back to us) - 'fake' => 'something', // add extra param to querystring - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $this->assertNull($response->getParameter('error')); - $this->assertNull($response->getParameter('error_description')); - - $location = $response->getHttpHeader('Location'); - $parts = parse_url($location); - $this->assertFalse(isset($parts['fake'])); - $this->assertArrayHasKey('fragment', $parts); - parse_str($parts['fragment'], $params); - - $this->assertFalse(isset($params['fake'])); - $this->assertArrayHasKey('state', $params); - $this->assertEquals($params['state'], 'test'); - } - - private function getTestServer($config = array()) - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - // Add the two types supported for authorization grant - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php b/library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php deleted file mode 100644 index 0a6c4b827..000000000 --- a/library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php +++ /dev/null @@ -1,360 +0,0 @@ -<?php - -namespace OAuth2\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Response; -use OAuth2\Encryption\Jwt; - -class JwtBearerTest extends \PHPUnit_Framework_TestCase -{ - private $privateKey; - - public function setUp() - { - $this->privateKey = <<<EOD ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC5/SxVlE8gnpFqCxgl2wjhzY7ucEi00s0kUg3xp7lVEvgLgYcA -nHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1owR0p4d9pOaJK07d01+RzoQLO -IQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8UlvdRKBxriRnlP3qJQIDAQAB -AoGAVgJJVU4fhYMu1e5JfYAcTGfF+Gf+h3iQm4JCpoUcxMXf5VpB9ztk3K7LRN5y -kwFuFALpnUAarRcUPs0D8FoP4qBluKksbAtgHkO7bMSH9emN+mH4le4qpFlR7+P1 -3fLE2Y19IBwPwEfClC+TpJvuog6xqUYGPlg6XLq/MxQUB4ECQQDgovP1v+ONSeGS -R+NgJTR47noTkQT3M2izlce/OG7a+O0yw6BOZjNXqH2wx3DshqMcPUFrTjibIClP -l/tEQ3ShAkEA0/TdBYDtXpNNjqg0R9GVH2pw7Kh68ne6mZTuj0kCgFYpUF6L6iMm -zXamIJ51rTDsTyKTAZ1JuAhAsK/M2BbDBQJAKQ5fXEkIA+i+64dsDUR/hKLBeRYG -PFAPENONQGvGBwt7/s02XV3cgGbxIgAxqWkqIp0neb9AJUoJgtyaNe3GQQJANoL4 -QQ0af0NVJAZgg8QEHTNL3aGrFSbzx8IE5Lb7PLRsJa5bP5lQxnDoYuU+EI/Phr62 -niisp/b/ZDGidkTMXQJBALeRsH1I+LmICAvWXpLKa9Gv0zGCwkuIJLiUbV9c6CVh -suocCAteQwL5iW2gA4AnYr5OGeHFsEl7NCQcwfPZpJ0= ------END RSA PRIVATE KEY----- -EOD; - } - - public function testMalformedJWT() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Get the jwt and break it - $jwt = $this->getJWT(); - $jwt = substr_replace($jwt, 'broken', 3, 6); - - $request->request['assertion'] = $jwt; - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'JWT is malformed'); - } - - public function testBrokenSignature() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Get the jwt and break signature - $jwt = $this->getJWT() . 'notSupposeToBeHere'; - $request->request['assertion'] = $jwt; - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'JWT failed signature verification'); - } - - public function testExpiredJWT() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Get an expired JWT - $jwt = $this->getJWT(1234); - $request->request['assertion'] = $jwt; - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'JWT has expired'); - } - - public function testBadExp() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Get an expired JWT - $jwt = $this->getJWT('badtimestamp'); - $request->request['assertion'] = $jwt; - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Expiration (exp) time must be a unix time stamp'); - } - - public function testNoAssert() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Do not pass the assert (JWT) - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "assertion" required'); - } - - public function testNotBefore() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Get a future NBF - $jwt = $this->getJWT(null, time() + 10000); - $request->request['assertion'] = $jwt; - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'JWT cannot be used before the Not Before (nbf) time'); - } - - public function testBadNotBefore() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - )); - - //Get a non timestamp nbf - $jwt = $this->getJWT(null, 'notatimestamp'); - $request->request['assertion'] = $jwt; - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Not Before (nbf) time must be a unix time stamp'); - } - - public function testNonMatchingAudience() - { - $server = $this->getTestServer('http://google.com/oauth/o/auth'); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(), - )); - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid audience (aud)'); - } - - public function testBadClientID() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(null, null, null, 'bad_client_id'), - )); - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided'); - } - - public function testBadSubject() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(null, null, 'anotheruser@ourdomain,com'), - )); - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided'); - } - - public function testMissingKey() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(null, null, null, 'Missing Key Cli,nt'), - )); - - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided'); - } - - public function testValidJwt() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(), // valid assertion - )); - - $token = $server->grantAccessToken($request, new Response()); - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - } - - public function testValidJwtWithScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(null, null, null, 'Test Client ID'), // valid assertion - 'scope' => 'scope1', // valid scope - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope1'); - } - - public function testValidJwtInvalidScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(null, null, null, 'Test Client ID'), // valid assertion - 'scope' => 'invalid-scope', // invalid scope - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested'); - } - - public function testValidJti() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(null, null, 'testuser@ourdomain.com', 'Test Client ID', 'unused_jti'), // valid assertion with invalid scope - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - } - - public function testInvalidJti() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(99999999900, null, 'testuser@ourdomain.com', 'Test Client ID', 'used_jti'), // valid assertion with invalid scope - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used'); - } - - public function testJtiReplayAttack() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type - 'assertion' => $this->getJWT(99999999900, null, 'testuser@ourdomain.com', 'Test Client ID', 'totally_new_jti'), // valid assertion with invalid scope - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - - //Replay the same request - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used'); - } - - /** - * Generates a JWT - * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid. - * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid. - * @param $sub The subject we are acting on behalf of. This could be the email address of the user in the system. - * @param $iss The issuer, usually the client_id. - * @return string - */ - private function getJWT($exp = null, $nbf = null, $sub = null, $iss = 'Test Client ID', $jti = null) - { - if (!$exp) { - $exp = time() + 1000; - } - - if (!$sub) { - $sub = "testuser@ourdomain.com"; - } - - $params = array( - 'iss' => $iss, - 'exp' => $exp, - 'iat' => time(), - 'sub' => $sub, - 'aud' => 'http://myapp.com/oauth/auth', - ); - - if ($nbf) { - $params['nbf'] = $nbf; - } - - if ($jti) { - $params['jti'] = $jti; - } - - $jwtUtil = new Jwt(); - - return $jwtUtil->encode($params, $this->privateKey, 'RS256'); - } - - private function getTestServer($audience = 'http://myapp.com/oauth/auth') - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new JwtBearer($storage, $audience, new Jwt())); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php b/library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php deleted file mode 100644 index a458aad8a..000000000 --- a/library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php +++ /dev/null @@ -1,204 +0,0 @@ -<?php - -namespace OAuth2\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class RefreshTokenTest extends \PHPUnit_Framework_TestCase -{ - private $storage; - - public function testNoRefreshToken() - { - $server = $this->getTestServer(); - $server->addGrantType(new RefreshToken($this->storage)); - - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "refresh_token" is required'); - } - - public function testInvalidRefreshToken() - { - $server = $this->getTestServer(); - $server->addGrantType(new RefreshToken($this->storage)); - - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'fake-token', // invalid refresh token - )); - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid refresh token'); - } - - public function testValidRefreshTokenWithNewRefreshTokenInResponse() - { - $server = $this->getTestServer(); - $server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => true))); - - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken', // valid refresh token - )); - $token = $server->grantAccessToken($request, new Response()); - $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh'); - - $refresh_token = $this->storage->getRefreshToken($token['refresh_token']); - $this->assertNotNull($refresh_token); - $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']); - $this->assertEquals($refresh_token['client_id'], $request->request('client_id')); - $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used'); - $used_token = $this->storage->getRefreshToken('test-refreshtoken'); - $this->assertFalse($used_token, 'the refresh token used is no longer valid'); - } - - public function testValidRefreshTokenDoesNotUnsetToken() - { - $server = $this->getTestServer(); - $server->addGrantType(new RefreshToken($this->storage, array( - 'always_issue_new_refresh_token' => true, - 'unset_refresh_token_after_use' => false, - ))); - - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken', // valid refresh token - )); - $token = $server->grantAccessToken($request, new Response()); - $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh'); - - $used_token = $this->storage->getRefreshToken('test-refreshtoken'); - $this->assertNotNull($used_token, 'the refresh token used is still valid'); - } - - public function testValidRefreshTokenWithNoRefreshTokenInResponse() - { - $server = $this->getTestServer(); - $server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => false))); - - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken', // valid refresh token - )); - $token = $server->grantAccessToken($request, new Response()); - $this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned'); - - $used_token = $this->storage->getRefreshToken('test-refreshtoken'); - $this->assertNotNull($used_token, 'the refresh token used is still valid'); - } - - public function testValidRefreshTokenSameScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope) - 'scope' => 'scope2 scope1', - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope2 scope1'); - } - - public function testValidRefreshTokenLessScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope) - 'scope' => 'scope1', - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope1'); - } - - public function testValidRefreshTokenDifferentScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope) - 'scope' => 'scope3', - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request'); - } - - public function testValidRefreshTokenInvalidScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope) - 'scope' => 'invalid-scope', - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request'); - } - - public function testValidClientDifferentRefreshToken() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Some Other Client', // valid client id - 'client_secret' => 'TestSecret3', // valid client secret - 'refresh_token' => 'test-refreshtoken', // valid refresh token - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'refresh_token doesn\'t exist or is invalid for the client'); - } - - private function getTestServer() - { - $this->storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($this->storage); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php b/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php deleted file mode 100644 index 18943d055..000000000 --- a/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php +++ /dev/null @@ -1,172 +0,0 @@ -<?php - -namespace OAuth2\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class UserCredentialsTest extends \PHPUnit_Framework_TestCase -{ - public function testNoUsername() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'password' => 'testpass', // valid password - )); - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "username" and "password" required'); - } - - public function testNoPassword() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'test-username', // valid username - )); - $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "username" and "password" required'); - } - - public function testInvalidUsername() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'fake-username', // valid username - 'password' => 'testpass', // valid password - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 401); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination'); - } - - public function testInvalidPassword() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'test-username', // valid username - 'password' => 'fakepass', // invalid password - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 401); - $this->assertEquals($response->getParameter('error'), 'invalid_grant'); - $this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination'); - } - - public function testValidCredentials() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'test-username', // valid username - 'password' => 'testpass', // valid password - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - } - - public function testValidCredentialsWithScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'test-username', // valid username - 'password' => 'testpass', // valid password - 'scope' => 'scope1', // valid scope - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('scope', $token); - $this->assertEquals($token['scope'], 'scope1'); - } - - public function testValidCredentialsInvalidScope() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'test-username', // valid username - 'password' => 'testpass', // valid password - 'scope' => 'invalid-scope', - )); - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_scope'); - $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested'); - } - - public function testNoSecretWithPublicClient() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID Empty Secret', // valid public client - 'username' => 'test-username', // valid username - 'password' => 'testpass', // valid password - )); - - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - } - - public function testNoSecretWithConfidentialClient() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid public client - 'username' => 'test-username', // valid username - 'password' => 'testpass', // valid password - )); - - $token = $server->grantAccessToken($request, $response = new Response()); - - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_client'); - $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret'); - } - - private function getTestServer() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage); - $server->addGrantType(new UserCredentials($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php deleted file mode 100644 index 46de936d8..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php +++ /dev/null @@ -1,182 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Controller; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; - -class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testValidateAuthorizeRequest() - { - $server = $this->getTestServer(); - - $response = new Response(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'id_token', - 'state' => 'af0ifjsldkj', - 'nonce' => 'n-0S6_WzA2Mj', - )); - - // Test valid id_token request - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('id_token', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayNotHasKey('access_token', $query); - $this->assertArrayNotHasKey('expires_in', $query); - $this->assertArrayNotHasKey('token_type', $query); - - // Test valid token id_token request - $request->query['response_type'] = 'id_token token'; - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('access_token', $query); - $this->assertArrayHasKey('expires_in', $query); - $this->assertArrayHasKey('token_type', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayHasKey('id_token', $query); - - // assert that with multiple-valued response types, order does not matter - $request->query['response_type'] = 'token id_token'; - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('access_token', $query); - $this->assertArrayHasKey('expires_in', $query); - $this->assertArrayHasKey('token_type', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayHasKey('id_token', $query); - - // assert that with multiple-valued response types with extra spaces do not matter - $request->query['response_type'] = ' token id_token '; - $server->handleAuthorizeRequest($request, $response, true); - - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['fragment'], $query); - - $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); - $this->assertEquals($query['state'], 'af0ifjsldkj'); - - $this->assertArrayHasKey('access_token', $query); - $this->assertArrayHasKey('expires_in', $query); - $this->assertArrayHasKey('token_type', $query); - $this->assertArrayHasKey('state', $query); - $this->assertArrayHasKey('id_token', $query); - } - - public function testMissingNonce() - { - $server = $this->getTestServer(); - $authorize = $server->getAuthorizeController(); - - $response = new Response(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'id_token', - 'state' => 'xyz', - )); - - // Test missing nonce for 'id_token' response type - $server->handleAuthorizeRequest($request, $response, true); - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'invalid_nonce'); - $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter'); - - // Test missing nonce for 'id_token token' response type - $request->query['response_type'] = 'id_token token'; - $server->handleAuthorizeRequest($request, $response, true); - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'invalid_nonce'); - $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter'); - } - - public function testNotGrantedApplication() - { - $server = $this->getTestServer(); - - $response = new Response(); - $request = new Request(array( - 'client_id' => 'Test Client ID', // valid client id - 'redirect_uri' => 'http://adobe.com', // valid redirect URI - 'response_type' => 'id_token', - 'state' => 'af0ifjsldkj', - 'nonce' => 'n-0S6_WzA2Mj', - )); - - // Test not approved application - $server->handleAuthorizeRequest($request, $response, false); - - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'consent_required'); - $this->assertEquals($params['error_description'], 'The user denied access to your application'); - - // Test not approved application with prompt parameter - $request->query['prompt'] = 'none'; - $server->handleAuthorizeRequest($request, $response, false); - - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'login_required'); - $this->assertEquals($params['error_description'], 'The user must log in'); - - // Test not approved application with user_id set - $request->query['prompt'] = 'none'; - $server->handleAuthorizeRequest($request, $response, false, 'some-user-id'); - - $params = $response->getParameters(); - - $this->assertEquals($params['error'], 'interaction_required'); - $this->assertEquals($params['error_description'], 'The user must grant access to your application'); - } - - public function testNeedsIdToken() - { - $server = $this->getTestServer(); - $authorize = $server->getAuthorizeController(); - - $this->assertTrue($authorize->needsIdToken('openid')); - $this->assertTrue($authorize->needsIdToken('openid profile')); - $this->assertFalse($authorize->needsIdToken('')); - $this->assertFalse($authorize->needsIdToken('some-scope')); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'phpunit', - 'allow_implicit' => true - ); - - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php deleted file mode 100644 index b1b687077..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Controller; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; - -class UserInfoControllerTest extends \PHPUnit_Framework_TestCase -{ - public function testCreateController() - { - $tokenType = new \OAuth2\TokenType\Bearer(); - $storage = new \OAuth2\Storage\Memory(); - $controller = new UserInfoController($tokenType, $storage, $storage); - - $response = new Response(); - $controller->handleUserInfoRequest(new Request(), $response); - $this->assertEquals(401, $response->getStatusCode()); - } - - public function testValidToken() - { - $server = $this->getTestServer(); - $request = Request::createFromGlobals(); - $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-openid-connect'; - $response = new Response(); - - $server->handleUserInfoRequest($request, $response); - $parameters = $response->getParameters(); - $this->assertEquals($parameters['sub'], 'testuser'); - $this->assertEquals($parameters['email'], 'testuser@test.com'); - $this->assertEquals($parameters['email_verified'], true); - } - - private function getTestServer($config = array()) - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php deleted file mode 100644 index 776002d1e..000000000 --- a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php +++ /dev/null @@ -1,57 +0,0 @@ -<?php - -namespace OAuth2\OpenID\GrantType; - -use OAuth2\Storage\Bootstrap; -use OAuth2\Server; -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase -{ - public function testValidCode() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-openid', // valid code - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('id_token', $token); - $this->assertEquals('test_id_token', $token['id_token']); - - // this is only true if "offline_access" was requested - $this->assertFalse(isset($token['refresh_token'])); - } - - public function testOfflineAccess() - { - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'code' => 'testcode-openid', // valid code - 'scope' => 'offline_access', // valid code - )); - $token = $server->grantAccessToken($request, new Response()); - - $this->assertNotNull($token); - $this->assertArrayHasKey('id_token', $token); - $this->assertEquals('test_id_token', $token['id_token']); - $this->assertTrue(isset($token['refresh_token'])); - } - - private function getTestServer() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, array('use_openid_connect' => true)); - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php deleted file mode 100644 index b0311434a..000000000 --- a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php +++ /dev/null @@ -1,182 +0,0 @@ -<?php - -namespace OAuth2\OpenID\ResponseType; - -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\ClientCredentials; - -class CodeIdTokenTest extends \PHPUnit_Framework_TestCase -{ - public function testHandleAuthorizeRequest() - { - // add the test parameters in memory - $server = $this->getTestServer(); - - $request = new Request(array( - 'response_type' => 'code id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid', - 'state' => 'test', - 'nonce' => 'test', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('code', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('iss', $claims); - $this->assertArrayHasKey('sub', $claims); - $this->assertArrayHasKey('aud', $claims); - $this->assertArrayHasKey('iat', $claims); - $this->assertArrayHasKey('exp', $claims); - $this->assertArrayHasKey('auth_time', $claims); - $this->assertArrayHasKey('nonce', $claims); - - // only exists if an access token was granted along with the id_token - $this->assertArrayNotHasKey('at_hash', $claims); - - $this->assertEquals($claims['iss'], 'test'); - $this->assertEquals($claims['aud'], 'Test Client ID'); - $this->assertEquals($claims['nonce'], 'test'); - $duration = $claims['exp'] - $claims['iat']; - $this->assertEquals($duration, 3600); - } - - public function testUserClaimsWithUserId() - { - // add the test parameters in memory - $server = $this->getTestServer(); - - $request = new Request(array( - 'response_type' => 'code id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - $userId = 'testuser'; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('code', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('email', $claims); - $this->assertArrayHasKey('email_verified', $claims); - $this->assertNotNull($claims['email']); - $this->assertNotNull($claims['email_verified']); - } - - public function testUserClaimsWithoutUserId() - { - // add the test parameters in memory - $server = $this->getTestServer(); - - $request = new Request(array( - 'response_type' => 'code id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - $userId = null; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('query', $parts); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['query'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('code', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayNotHasKey('email', $claims); - $this->assertArrayNotHasKey('email_verified', $claims); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'test', - 'id_lifetime' => 3600, - 'allow_implicit' => true, - ); - - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $memoryStorage->supportedScopes[] = 'email'; - $responseTypes = array( - 'code' => $code = new AuthorizationCode($memoryStorage), - 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config), - 'code id_token' => new CodeIdToken($code, $idToken), - ); - - $server = new Server($memoryStorage, $config, array(), $responseTypes); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php deleted file mode 100644 index e772f6be4..000000000 --- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php +++ /dev/null @@ -1,184 +0,0 @@ -<?php - -namespace OAuth2\OpenID\ResponseType; - -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\ClientCredentials; -use OAuth2\Encryption\Jwt; - -class IdTokenTest extends \PHPUnit_Framework_TestCase -{ - public function testValidateAuthorizeRequest() - { - $query = array( - 'response_type' => 'id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid', - 'state' => 'test', - ); - - // attempt to do the request without a nonce. - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request($query); - $valid = $server->validateAuthorizeRequest($request, $response = new Response()); - - // Add a nonce and retry. - $query['nonce'] = 'test'; - $request = new Request($query); - $valid = $server->validateAuthorizeRequest($request, $response = new Response()); - $this->assertTrue($valid); - } - - public function testHandleAuthorizeRequest() - { - // add the test parameters in memory - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'response_type' => 'id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - $user_id = 'testuser'; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayNotHasKey('access_token', $params); - $this->validateIdToken($params['id_token']); - } - - public function testPassInAuthTime() - { - $server = $this->getTestServer(array('allow_implicit' => true)); - $request = new Request(array( - 'response_type' => 'id_token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid email', - 'state' => 'test', - 'nonce' => 'test', - )); - - // test with a scalar user id - $user_id = 'testuser123'; - $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id); - - list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response); - - $this->assertTrue(is_array($payload)); - $this->assertArrayHasKey('sub', $payload); - $this->assertEquals($user_id, $payload['sub']); - $this->assertArrayHasKey('auth_time', $payload); - - // test with an array of user info - $userInfo = array( - 'user_id' => 'testuser1234', - 'auth_time' => date('Y-m-d H:i:s', strtotime('20 minutes ago') - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true, $userInfo); - - list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response); - - $this->assertTrue(is_array($payload)); - $this->assertArrayHasKey('sub', $payload); - $this->assertEquals($userInfo['user_id'], $payload['sub']); - $this->assertArrayHasKey('auth_time', $payload); - $this->assertEquals($userInfo['auth_time'], $payload['auth_time']); - } - - private function extractTokenDataFromResponse(Response $response) - { - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayNotHasKey('access_token', $params); - - list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']); - - $jwt = new Jwt(); - $header = json_decode($jwt->urlSafeB64Decode($headb64), true); - $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true); - - return array($header, $payload, $signature); - } - - private function validateIdToken($id_token) - { - $parts = explode('.', $id_token); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('iss', $claims); - $this->assertArrayHasKey('sub', $claims); - $this->assertArrayHasKey('aud', $claims); - $this->assertArrayHasKey('iat', $claims); - $this->assertArrayHasKey('exp', $claims); - $this->assertArrayHasKey('auth_time', $claims); - $this->assertArrayHasKey('nonce', $claims); - $this->assertArrayHasKey('email', $claims); - $this->assertArrayHasKey('email_verified', $claims); - - $this->assertEquals($claims['iss'], 'test'); - $this->assertEquals($claims['aud'], 'Test Client ID'); - $this->assertEquals($claims['nonce'], 'test'); - $this->assertEquals($claims['email'], 'testuser@test.com'); - $duration = $claims['exp'] - $claims['iat']; - $this->assertEquals($duration, 3600); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'test', - 'id_lifetime' => 3600, - ); - - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $memoryStorage->supportedScopes[] = 'email'; - $storage = array( - 'client' => $memoryStorage, - 'scope' => $memoryStorage, - ); - $responseTypes = array( - 'id_token' => new IdToken($memoryStorage, $memoryStorage, $config), - ); - - $server = new Server($storage, $config, array(), $responseTypes); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php deleted file mode 100644 index bc564d37b..000000000 --- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php +++ /dev/null @@ -1,91 +0,0 @@ -<?php - -namespace OAuth2\OpenID\ResponseType; - -use OAuth2\Server; -use OAuth2\Request; -use OAuth2\Response; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\ClientCredentials; -use OAuth2\ResponseType\AccessToken; - -class IdTokenTokenTest extends \PHPUnit_Framework_TestCase -{ - - public function testHandleAuthorizeRequest() - { - // add the test parameters in memory - $server = $this->getTestServer(array('allow_implicit' => true)); - - $request = new Request(array( - 'response_type' => 'id_token token', - 'redirect_uri' => 'http://adobe.com', - 'client_id' => 'Test Client ID', - 'scope' => 'openid', - 'state' => 'test', - 'nonce' => 'test', - )); - - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - $this->assertEquals($response->getStatusCode(), 302); - $location = $response->getHttpHeader('Location'); - $this->assertNotContains('error', $location); - - $parts = parse_url($location); - $this->assertArrayHasKey('fragment', $parts); - $this->assertFalse(isset($parts['query'])); - - // assert fragment is in "application/x-www-form-urlencoded" format - parse_str($parts['fragment'], $params); - $this->assertNotNull($params); - $this->assertArrayHasKey('id_token', $params); - $this->assertArrayHasKey('access_token', $params); - - // validate ID Token - $parts = explode('.', $params['id_token']); - foreach ($parts as &$part) { - // Each part is a base64url encoded json string. - $part = str_replace(array('-', '_'), array('+', '/'), $part); - $part = base64_decode($part); - $part = json_decode($part, true); - } - list($header, $claims, $signature) = $parts; - - $this->assertArrayHasKey('iss', $claims); - $this->assertArrayHasKey('sub', $claims); - $this->assertArrayHasKey('aud', $claims); - $this->assertArrayHasKey('iat', $claims); - $this->assertArrayHasKey('exp', $claims); - $this->assertArrayHasKey('auth_time', $claims); - $this->assertArrayHasKey('nonce', $claims); - $this->assertArrayHasKey('at_hash', $claims); - - $this->assertEquals($claims['iss'], 'test'); - $this->assertEquals($claims['aud'], 'Test Client ID'); - $this->assertEquals($claims['nonce'], 'test'); - $duration = $claims['exp'] - $claims['iat']; - $this->assertEquals($duration, 3600); - } - - private function getTestServer($config = array()) - { - $config += array( - 'use_openid_connect' => true, - 'issuer' => 'test', - 'id_lifetime' => 3600, - ); - - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $responseTypes = array( - 'token' => $token = new AccessToken($memoryStorage, $memoryStorage), - 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config), - 'id_token token' => new IdTokenToken($token, $idToken), - ); - - $server = new Server($memoryStorage, $config, array(), $responseTypes); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php deleted file mode 100644 index bdfb085e3..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php +++ /dev/null @@ -1,95 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Storage; - -use OAuth2\Storage\BaseTest; -use OAuth2\Storage\NullStorage; - -class AuthorizationCodeTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testCreateAuthorizationCode($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof AuthorizationCodeInterface) { - return; - } - - // assert code we are about to add does not exist - $code = $storage->getAuthorizationCode('new-openid-code'); - $this->assertFalse($code); - - // add new code - $expires = time() + 20; - $scope = null; - $id_token = 'fake_id_token'; - $success = $storage->setAuthorizationCode('new-openid-code', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token); - $this->assertTrue($success); - - $code = $storage->getAuthorizationCode('new-openid-code'); - $this->assertNotNull($code); - $this->assertArrayHasKey('authorization_code', $code); - $this->assertArrayHasKey('client_id', $code); - $this->assertArrayHasKey('user_id', $code); - $this->assertArrayHasKey('redirect_uri', $code); - $this->assertArrayHasKey('expires', $code); - $this->assertEquals($code['authorization_code'], 'new-openid-code'); - $this->assertEquals($code['client_id'], 'client ID'); - $this->assertEquals($code['user_id'], 'SOMEUSERID'); - $this->assertEquals($code['redirect_uri'], 'http://example.com'); - $this->assertEquals($code['expires'], $expires); - $this->assertEquals($code['id_token'], $id_token); - - // change existing code - $expires = time() + 42; - $new_id_token = 'fake_id_token-2'; - $success = $storage->setAuthorizationCode('new-openid-code', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires, $scope, $new_id_token); - $this->assertTrue($success); - - $code = $storage->getAuthorizationCode('new-openid-code'); - $this->assertNotNull($code); - $this->assertArrayHasKey('authorization_code', $code); - $this->assertArrayHasKey('client_id', $code); - $this->assertArrayHasKey('user_id', $code); - $this->assertArrayHasKey('redirect_uri', $code); - $this->assertArrayHasKey('expires', $code); - $this->assertEquals($code['authorization_code'], 'new-openid-code'); - $this->assertEquals($code['client_id'], 'client ID2'); - $this->assertEquals($code['user_id'], 'SOMEOTHERID'); - $this->assertEquals($code['redirect_uri'], 'http://example.org'); - $this->assertEquals($code['expires'], $expires); - $this->assertEquals($code['id_token'], $new_id_token); - } - - /** @dataProvider provideStorage */ - public function testRemoveIdTokenFromAuthorizationCode($storage) - { - // add new code - $expires = time() + 20; - $scope = null; - $id_token = 'fake_id_token_to_remove'; - $authcode = 'new-openid-code-'.rand(); - $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token); - $this->assertTrue($success); - - // verify params were set - $code = $storage->getAuthorizationCode($authcode); - $this->assertNotNull($code); - $this->assertArrayHasKey('id_token', $code); - $this->assertEquals($code['id_token'], $id_token); - - // remove the id_token - $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, null); - - // verify the "id_token" is now null - $code = $storage->getAuthorizationCode($authcode); - $this->assertNotNull($code); - $this->assertArrayHasKey('id_token', $code); - $this->assertEquals($code['id_token'], null); - } -} diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php deleted file mode 100644 index 840f6c566..000000000 --- a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php - -namespace OAuth2\OpenID\Storage; - -use OAuth2\Storage\BaseTest; -use OAuth2\Storage\NullStorage; - -class UserClaimsTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testGetUserClaims($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof UserClaimsInterface) { - // incompatible storage - return; - } - - // invalid user - $claims = $storage->getUserClaims('fake-user', ''); - $this->assertFalse($claims); - - // valid user (no scope) - $claims = $storage->getUserClaims('testuser', ''); - - /* assert the decoded token is the same */ - $this->assertFalse(isset($claims['email'])); - - // valid user - $claims = $storage->getUserClaims('testuser', 'email'); - - /* assert the decoded token is the same */ - $this->assertEquals($claims['email'], "testuser@test.com"); - $this->assertEquals($claims['email_verified'], true); - } -} diff --git a/library/oauth2/test/OAuth2/RequestTest.php b/library/oauth2/test/OAuth2/RequestTest.php deleted file mode 100644 index 10db3215c..000000000 --- a/library/oauth2/test/OAuth2/RequestTest.php +++ /dev/null @@ -1,98 +0,0 @@ -<?php - -namespace OAuth2; - -use OAuth2\Request\TestRequest; -use OAuth2\Storage\Bootstrap; -use OAuth2\GrantType\AuthorizationCode; - -class RequestTest extends \PHPUnit_Framework_TestCase -{ - public function testRequestOverride() - { - $request = new TestRequest(); - $server = $this->getTestServer(); - - // Smoke test for override request class - // $server->handleTokenRequest($request, $response = new Response()); - // $this->assertInstanceOf('Response', $response); - // $server->handleAuthorizeRequest($request, $response = new Response(), true); - // $this->assertInstanceOf('Response', $response); - // $response = $server->verifyResourceRequest($request, $response = new Response()); - // $this->assertTrue(is_bool($response)); - - /*** make some valid requests ***/ - - // Valid Token Request - $request->setPost(array( - 'grant_type' => 'authorization_code', - 'client_id' => 'Test Client ID', - 'client_secret' => 'TestSecret', - 'code' => 'testcode', - )); - $server->handleTokenRequest($request, $response = new Response()); - $this->assertEquals($response->getStatusCode(), 200); - $this->assertNull($response->getParameter('error')); - $this->assertNotNUll($response->getParameter('access_token')); - } - - public function testHeadersReturnsValueByKey() - { - $request = new Request( - array(), - array(), - array(), - array(), - array(), - array(), - array(), - array('AUTHORIZATION' => 'Basic secret') - ); - - $this->assertEquals('Basic secret', $request->headers('AUTHORIZATION')); - } - - public function testHeadersReturnsDefaultIfHeaderNotPresent() - { - $request = new Request(); - - $this->assertEquals('Bearer', $request->headers('AUTHORIZATION', 'Bearer')); - } - - public function testHeadersIsCaseInsensitive() - { - $request = new Request( - array(), - array(), - array(), - array(), - array(), - array(), - array(), - array('AUTHORIZATION' => 'Basic secret') - ); - - $this->assertEquals('Basic secret', $request->headers('Authorization')); - } - - public function testRequestReturnsPostParamIfNoQueryParamAvailable() - { - $request = new Request( - array(), - array('client_id' => 'correct') - ); - - $this->assertEquals('correct', $request->query('client_id', $request->request('client_id'))); - } - - private function getTestServer($config = array()) - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, $config); - - // Add the two types supported for authorization grant - $server->addGrantType(new AuthorizationCode($storage)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/ResponseTest.php b/library/oauth2/test/OAuth2/ResponseTest.php deleted file mode 100644 index b8149005d..000000000 --- a/library/oauth2/test/OAuth2/ResponseTest.php +++ /dev/null @@ -1,17 +0,0 @@ -<?php - -namespace OAuth2; - -class ResponseTest extends \PHPUnit_Framework_TestCase -{ - public function testRenderAsXml() - { - $response = new Response(array( - 'foo' => 'bar', - 'halland' => 'oates', - )); - - $string = $response->getResponseBody('xml'); - $this->assertContains('<response><foo>bar</foo><halland>oates</halland></response>', $string); - } -} diff --git a/library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php b/library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php deleted file mode 100644 index 0ed1c82fc..000000000 --- a/library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php +++ /dev/null @@ -1,107 +0,0 @@ -<?php - -namespace OAuth2\ResponseType; - -use OAuth2\Server; -use OAuth2\Storage\Memory; - -class AccessTokenTest extends \PHPUnit_Framework_TestCase -{ - public function testRevokeAccessTokenWithTypeHint() - { - $tokenStorage = new Memory(array( - 'access_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke')); - $accessToken = new AccessToken($tokenStorage); - $accessToken->revokeToken('revoke', 'access_token'); - $this->assertFalse($tokenStorage->getAccessToken('revoke')); - } - - public function testRevokeAccessTokenWithoutTypeHint() - { - $tokenStorage = new Memory(array( - 'access_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke')); - $accessToken = new AccessToken($tokenStorage); - $accessToken->revokeToken('revoke'); - $this->assertFalse($tokenStorage->getAccessToken('revoke')); - } - - public function testRevokeRefreshTokenWithTypeHint() - { - $tokenStorage = new Memory(array( - 'refresh_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getRefreshToken('revoke')); - $accessToken = new AccessToken(new Memory, $tokenStorage); - $accessToken->revokeToken('revoke', 'refresh_token'); - $this->assertFalse($tokenStorage->getRefreshToken('revoke')); - } - - public function testRevokeRefreshTokenWithoutTypeHint() - { - $tokenStorage = new Memory(array( - 'refresh_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getRefreshToken('revoke')); - $accessToken = new AccessToken(new Memory, $tokenStorage); - $accessToken->revokeToken('revoke'); - $this->assertFalse($tokenStorage->getRefreshToken('revoke')); - } - - public function testRevokeAccessTokenWithRefreshTokenTypeHint() - { - $tokenStorage = new Memory(array( - 'access_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke')); - $accessToken = new AccessToken($tokenStorage); - $accessToken->revokeToken('revoke', 'refresh_token'); - $this->assertFalse($tokenStorage->getAccessToken('revoke')); - } - - public function testRevokeAccessTokenWithBogusTypeHint() - { - $tokenStorage = new Memory(array( - 'access_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke')); - $accessToken = new AccessToken($tokenStorage); - $accessToken->revokeToken('revoke', 'foo'); - $this->assertFalse($tokenStorage->getAccessToken('revoke')); - } - - public function testRevokeRefreshTokenWithBogusTypeHint() - { - $tokenStorage = new Memory(array( - 'refresh_tokens' => array( - 'revoke' => array('mytoken'), - ), - )); - - $this->assertEquals(array('mytoken'), $tokenStorage->getRefreshToken('revoke')); - $accessToken = new AccessToken(new Memory, $tokenStorage); - $accessToken->revokeToken('revoke', 'foo'); - $this->assertFalse($tokenStorage->getRefreshToken('revoke')); - } -} diff --git a/library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php b/library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php deleted file mode 100644 index 51b01a927..000000000 --- a/library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php +++ /dev/null @@ -1,160 +0,0 @@ -<?php - -namespace OAuth2\ResponseType; - -use OAuth2\Server; -use OAuth2\Response; -use OAuth2\Request\TestRequest; -use OAuth2\Storage\Bootstrap; -use OAuth2\Storage\JwtAccessToken as JwtAccessTokenStorage; -use OAuth2\GrantType\ClientCredentials; -use OAuth2\GrantType\UserCredentials; -use OAuth2\GrantType\RefreshToken; -use OAuth2\Encryption\Jwt; - -class JwtAccessTokenTest extends \PHPUnit_Framework_TestCase -{ - public function testCreateAccessToken() - { - $server = $this->getTestServer(); - $jwtResponseType = $server->getResponseType('token'); - - $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false); - $jwt = new Jwt; - $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false); - - $this->assertArrayHasKey('id', $decodedAccessToken); - $this->assertArrayHasKey('jti', $decodedAccessToken); - $this->assertArrayHasKey('iss', $decodedAccessToken); - $this->assertArrayHasKey('aud', $decodedAccessToken); - $this->assertArrayHasKey('exp', $decodedAccessToken); - $this->assertArrayHasKey('iat', $decodedAccessToken); - $this->assertArrayHasKey('token_type', $decodedAccessToken); - $this->assertArrayHasKey('scope', $decodedAccessToken); - - $this->assertEquals('https://api.example.com', $decodedAccessToken['iss']); - $this->assertEquals('Test Client ID', $decodedAccessToken['aud']); - $this->assertEquals(123, $decodedAccessToken['sub']); - $delta = $decodedAccessToken['exp'] - $decodedAccessToken['iat']; - $this->assertEquals(3600, $delta); - $this->assertEquals($decodedAccessToken['id'], $decodedAccessToken['jti']); - } - - public function testGrantJwtAccessToken() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - - $this->assertNotNull($response->getParameter('access_token')); - $this->assertEquals(2, substr_count($response->getParameter('access_token'), '.')); - } - - public function testAccessResourceWithJwtAccessToken() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token')); - - // make a call to the resource server using the crypto token - $request = TestRequest::createPost(array( - 'access_token' => $JwtAccessToken, - )); - - $this->assertTrue($server->verifyResourceRequest($request)); - } - - public function testAccessResourceWithJwtAccessTokenUsingSecondaryStorage() - { - // add the test parameters in memory - $server = $this->getTestServer(); - $request = TestRequest::createPost(array( - 'grant_type' => 'client_credentials', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - )); - $server->handleTokenRequest($request, $response = new Response()); - $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token')); - - // make a call to the resource server using the crypto token - $request = TestRequest::createPost(array( - 'access_token' => $JwtAccessToken, - )); - - // create a resource server with the "memory" storage from the grant server - $resourceServer = new Server($server->getStorage('client_credentials')); - - $this->assertTrue($resourceServer->verifyResourceRequest($request)); - } - - public function testJwtAccessTokenWithRefreshToken() - { - $server = $this->getTestServer(); - - // add "UserCredentials" grant type and "JwtAccessToken" response type - // and ensure "JwtAccessToken" response type has "RefreshToken" storage - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - $server->addGrantType(new UserCredentials($memoryStorage)); - $server->addGrantType(new RefreshToken($memoryStorage)); - $server->addResponseType(new JwtAccessToken($memoryStorage, $memoryStorage, $memoryStorage), 'token'); - - $request = TestRequest::createPost(array( - 'grant_type' => 'password', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'username' => 'test-username', // valid username - 'password' => 'testpass', // valid password - )); - - // make the call to grant a crypto token - $server->handleTokenRequest($request, $response = new Response()); - $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token')); - $this->assertNotNull($refreshToken = $response->getParameter('refresh_token')); - - // decode token and make sure refresh_token isn't set - list($header, $payload, $signature) = explode('.', $JwtAccessToken); - $decodedToken = json_decode(base64_decode($payload), true); - $this->assertFalse(array_key_exists('refresh_token', $decodedToken)); - - // use the refresh token to get another access token - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => $refreshToken, - )); - - $server->handleTokenRequest($request, $response = new Response()); - $this->assertNotNull($response->getParameter('access_token')); - } - - private function getTestServer() - { - $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); - - $storage = array( - 'access_token' => new JwtAccessTokenStorage($memoryStorage), - 'client' => $memoryStorage, - 'client_credentials' => $memoryStorage, - ); - $server = new Server($storage); - $server->addGrantType(new ClientCredentials($memoryStorage)); - - // make the "token" response type a JwtAccessToken - $config = array('issuer' => 'https://api.example.com'); - $server->addResponseType(new JwtAccessToken($memoryStorage, $memoryStorage, null, $config)); - - return $server; - } -} diff --git a/library/oauth2/test/OAuth2/ScopeTest.php b/library/oauth2/test/OAuth2/ScopeTest.php deleted file mode 100644 index 99f9cf6eb..000000000 --- a/library/oauth2/test/OAuth2/ScopeTest.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php - -namespace OAuth2; - -use OAuth2\Storage\Memory; - -class ScopeTest extends \PHPUnit_Framework_TestCase -{ - public function testCheckScope() - { - $scopeUtil = new Scope(); - - $this->assertFalse($scopeUtil->checkScope('invalid', 'list of scopes')); - $this->assertTrue($scopeUtil->checkScope('valid', 'valid and-some other-scopes')); - $this->assertTrue($scopeUtil->checkScope('valid another-valid', 'valid another-valid and-some other-scopes')); - // all scopes must match - $this->assertFalse($scopeUtil->checkScope('valid invalid', 'valid and-some other-scopes')); - $this->assertFalse($scopeUtil->checkScope('valid valid2 invalid', 'valid valid2 and-some other-scopes')); - } - - public function testScopeStorage() - { - $scopeUtil = new Scope(); - $this->assertEquals($scopeUtil->getDefaultScope(), null); - - $scopeUtil = new Scope(array( - 'default_scope' => 'default', - 'supported_scopes' => array('this', 'that', 'another'), - )); - $this->assertEquals($scopeUtil->getDefaultScope(), 'default'); - $this->assertTrue($scopeUtil->scopeExists('this that another', 'client_id')); - - $memoryStorage = new Memory(array( - 'default_scope' => 'base', - 'supported_scopes' => array('only-this-one'), - )); - $scopeUtil = new Scope($memoryStorage); - - $this->assertEquals($scopeUtil->getDefaultScope(), 'base'); - $this->assertTrue($scopeUtil->scopeExists('only-this-one', 'client_id')); - } -} diff --git a/library/oauth2/test/OAuth2/ServerTest.php b/library/oauth2/test/OAuth2/ServerTest.php deleted file mode 100644 index 747e120f5..000000000 --- a/library/oauth2/test/OAuth2/ServerTest.php +++ /dev/null @@ -1,684 +0,0 @@ -<?php - -namespace OAuth2; - -use OAuth2\Request\TestRequest; -use OAuth2\ResponseType\AuthorizationCode; -use OAuth2\Storage\Bootstrap; - -class ServerTest extends \PHPUnit_Framework_TestCase -{ - /** - * @expectedException LogicException OAuth2\Storage\ClientInterface - **/ - public function testGetAuthorizeControllerWithNoClientStorageThrowsException() - { - // must set Client Storage - $server = new Server(); - $server->getAuthorizeController(); - } - - /** - * @expectedException LogicException OAuth2\Storage\AccessTokenInterface - **/ - public function testGetAuthorizeControllerWithNoAccessTokenStorageThrowsException() - { - // must set AccessToken or AuthorizationCode - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); - $server->getAuthorizeController(); - } - - public function testGetAuthorizeControllerWithClientStorageAndAccessTokenResponseType() - { - // must set AccessToken or AuthorizationCode - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); - $server->addResponseType($this->getMock('OAuth2\ResponseType\AccessTokenInterface')); - - $this->assertNotNull($server->getAuthorizeController()); - } - - public function testGetAuthorizeControllerWithClientStorageAndAuthorizationCodeResponseType() - { - // must set AccessToken or AuthorizationCode - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); - $server->addResponseType($this->getMock('OAuth2\ResponseType\AuthorizationCodeInterface')); - - $this->assertNotNull($server->getAuthorizeController()); - } - - /** - * @expectedException LogicException allow_implicit - **/ - public function testGetAuthorizeControllerWithClientStorageAndAccessTokenStorageThrowsException() - { - // must set AuthorizationCode or AccessToken / implicit - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); - - $this->assertNotNull($server->getAuthorizeController()); - } - - public function testGetAuthorizeControllerWithClientStorageAndAccessTokenStorage() - { - // must set AuthorizationCode or AccessToken / implicit - $server = new Server(array(), array('allow_implicit' => true)); - $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); - - $this->assertNotNull($server->getAuthorizeController()); - } - - public function testGetAuthorizeControllerWithClientStorageAndAuthorizationCodeStorage() - { - // must set AccessToken or AuthorizationCode - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')); - - $this->assertNotNull($server->getAuthorizeController()); - } - - /** - * @expectedException LogicException grant_types - **/ - public function testGetTokenControllerWithGrantTypeStorageThrowsException() - { - $server = new Server(); - $server->getTokenController(); - } - - /** - * @expectedException LogicException OAuth2\Storage\ClientCredentialsInterface - **/ - public function testGetTokenControllerWithNoClientCredentialsStorageThrowsException() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\UserCredentialsInterface')); - $server->getTokenController(); - } - - /** - * @expectedException LogicException OAuth2\Storage\AccessTokenInterface - **/ - public function testGetTokenControllerWithNoAccessTokenStorageThrowsException() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); - $server->getTokenController(); - } - - public function testGetTokenControllerWithAccessTokenAndClientCredentialsStorage() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); - $server->getTokenController(); - } - - public function testGetTokenControllerAccessTokenStorageAndClientCredentialsStorageAndGrantTypes() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); - $server->addGrantType($this->getMockBuilder('OAuth2\GrantType\AuthorizationCode')->disableOriginalConstructor()->getMock()); - $server->getTokenController(); - } - - /** - * @expectedException LogicException OAuth2\Storage\AccessTokenInterface - **/ - public function testGetResourceControllerWithNoAccessTokenStorageThrowsException() - { - $server = new Server(); - $server->getResourceController(); - } - - public function testGetResourceControllerWithAccessTokenStorage() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface')); - $server->getResourceController(); - } - - /** - * @expectedException InvalidArgumentException OAuth2\Storage\AccessTokenInterface - **/ - public function testAddingStorageWithInvalidClass() - { - $server = new Server(); - $server->addStorage(new \StdClass()); - } - - /** - * @expectedException InvalidArgumentException access_token - **/ - public function testAddingStorageWithInvalidKey() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'), 'nonexistant_storage'); - } - - /** - * @expectedException InvalidArgumentException OAuth2\Storage\AuthorizationCodeInterface - **/ - public function testAddingStorageWithInvalidKeyStorageCombination() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'), 'authorization_code'); - } - - public function testAddingStorageWithValidKeyOnlySetsThatKey() - { - $server = new Server(); - $server->addStorage($this->getMock('OAuth2\Storage\Memory'), 'access_token'); - - $reflection = new \ReflectionClass($server); - $prop = $reflection->getProperty('storages'); - $prop->setAccessible(true); - - $storages = $prop->getValue($server); // get the private "storages" property - - $this->assertEquals(1, count($storages)); - $this->assertTrue(isset($storages['access_token'])); - $this->assertFalse(isset($storages['authorization_code'])); - } - - public function testAddingClientStorageSetsClientCredentialsStorageByDefault() - { - $server = new Server(); - $memory = $this->getMock('OAuth2\Storage\Memory'); - $server->addStorage($memory, 'client'); - - $client_credentials = $server->getStorage('client_credentials'); - - $this->assertNotNull($client_credentials); - $this->assertEquals($client_credentials, $memory); - } - - public function testAddStorageWithNullValue() - { - $memory = $this->getMock('OAuth2\Storage\Memory'); - $server = new Server($memory); - $server->addStorage(null, 'refresh_token'); - - $client_credentials = $server->getStorage('client_credentials'); - - $this->assertNotNull($client_credentials); - $this->assertEquals($client_credentials, $memory); - - $refresh_token = $server->getStorage('refresh_token'); - - $this->assertNull($refresh_token); - } - - public function testNewServerWithNullStorageValue() - { - $memory = $this->getMock('OAuth2\Storage\Memory'); - $server = new Server(array( - 'client_credentials' => $memory, - 'refresh_token' => null, - )); - - $client_credentials = $server->getStorage('client_credentials'); - - $this->assertNotNull($client_credentials); - $this->assertEquals($client_credentials, $memory); - - $refresh_token = $server->getStorage('refresh_token'); - - $this->assertNull($refresh_token); - } - - public function testAddingClientCredentialsStorageSetsClientStorageByDefault() - { - $server = new Server(); - $memory = $this->getMock('OAuth2\Storage\Memory'); - $server->addStorage($memory, 'client_credentials'); - - $client = $server->getStorage('client'); - - $this->assertNotNull($client); - $this->assertEquals($client, $memory); - } - - public function testSettingClientStorageByDefaultDoesNotOverrideSetStorage() - { - $server = new Server(); - $pdo = $this->getMockBuilder('OAuth2\Storage\Pdo') - ->disableOriginalConstructor()->getMock(); - - $memory = $this->getMock('OAuth2\Storage\Memory'); - - $server->addStorage($pdo, 'client'); - $server->addStorage($memory, 'client_credentials'); - - $client = $server->getStorage('client'); - $client_credentials = $server->getStorage('client_credentials'); - - $this->assertEquals($client, $pdo); - $this->assertEquals($client_credentials, $memory); - } - - public function testAddingResponseType() - { - $storage = $this->getMock('OAuth2\Storage\Memory'); - $storage - ->expects($this->any()) - ->method('getClientDetails') - ->will($this->returnValue(array('client_id' => 'some_client'))); - $storage - ->expects($this->any()) - ->method('checkRestrictedGrantType') - ->will($this->returnValue(true)); - - // add with the "code" key explicitly set - $codeType = new AuthorizationCode($storage); - $server = new Server(); - $server->addStorage($storage); - $server->addResponseType($codeType); - $request = new Request(array( - 'response_type' => 'code', - 'client_id' => 'some_client', - 'redirect_uri' => 'http://example.com', - 'state' => 'xyx', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - // the response is successful - $this->assertEquals($response->getStatusCode(), 302); - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['query'], $query); - $this->assertTrue(isset($query['code'])); - $this->assertFalse(isset($query['error'])); - - // add with the "code" key not set - $codeType = new AuthorizationCode($storage); - $server = new Server(array($storage), array(), array(), array($codeType)); - $request = new Request(array( - 'response_type' => 'code', - 'client_id' => 'some_client', - 'redirect_uri' => 'http://example.com', - 'state' => 'xyx', - )); - $server->handleAuthorizeRequest($request, $response = new Response(), true); - - // the response is successful - $this->assertEquals($response->getStatusCode(), 302); - $parts = parse_url($response->getHttpHeader('Location')); - parse_str($parts['query'], $query); - $this->assertTrue(isset($query['code'])); - $this->assertFalse(isset($query['error'])); - } - - public function testCustomClientAssertionType() - { - $request = TestRequest::createPost(array( - 'grant_type' => 'authorization_code', - 'client_id' =>'Test Client ID', - 'code' => 'testcode', - )); - // verify the mock clientAssertionType was called as expected - $clientAssertionType = $this->getMock('OAuth2\ClientAssertionType\ClientAssertionTypeInterface', array('validateRequest', 'getClientId')); - $clientAssertionType - ->expects($this->once()) - ->method('validateRequest') - ->will($this->returnValue(true)); - $clientAssertionType - ->expects($this->once()) - ->method('getClientId') - ->will($this->returnValue('Test Client ID')); - - // create mock storage - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server(array($storage), array(), array(), array(), null, null, $clientAssertionType); - $server->handleTokenRequest($request, $response = new Response()); - } - - public function testHttpBasicConfig() - { - // create mock storage - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server(array($storage), array( - 'allow_credentials_in_request_body' => false, - 'allow_public_clients' => false - )); - $server->getTokenController(); - $httpBasic = $server->getClientAssertionType(); - - $reflection = new \ReflectionClass($httpBasic); - $prop = $reflection->getProperty('config'); - $prop->setAccessible(true); - - $config = $prop->getValue($httpBasic); // get the private "config" property - - $this->assertEquals($config['allow_credentials_in_request_body'], false); - $this->assertEquals($config['allow_public_clients'], false); - } - - public function testRefreshTokenConfig() - { - // create mock storage - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server1 = new Server(array($storage)); - $server2 = new Server(array($storage), array('always_issue_new_refresh_token' => true, 'unset_refresh_token_after_use' => false)); - - $server1->getTokenController(); - $refreshToken1 = $server1->getGrantType('refresh_token'); - - $server2->getTokenController(); - $refreshToken2 = $server2->getGrantType('refresh_token'); - - $reflection1 = new \ReflectionClass($refreshToken1); - $prop1 = $reflection1->getProperty('config'); - $prop1->setAccessible(true); - - $reflection2 = new \ReflectionClass($refreshToken2); - $prop2 = $reflection2->getProperty('config'); - $prop2->setAccessible(true); - - // get the private "config" property - $config1 = $prop1->getValue($refreshToken1); - $config2 = $prop2->getValue($refreshToken2); - - $this->assertEquals($config1['always_issue_new_refresh_token'], false); - $this->assertEquals($config2['always_issue_new_refresh_token'], true); - - $this->assertEquals($config1['unset_refresh_token_after_use'], true); - $this->assertEquals($config2['unset_refresh_token_after_use'], false); - } - - /** - * Test setting "always_issue_new_refresh_token" on a server level - * - * @see test/OAuth2/GrantType/RefreshTokenTest::testValidRefreshTokenWithNewRefreshTokenInResponse - **/ - public function testValidRefreshTokenWithNewRefreshTokenInResponse() - { - $storage = Bootstrap::getInstance()->getMemoryStorage(); - $server = new Server($storage, array('always_issue_new_refresh_token' => true)); - - $request = TestRequest::createPost(array( - 'grant_type' => 'refresh_token', // valid grant type - 'client_id' => 'Test Client ID', // valid client id - 'client_secret' => 'TestSecret', // valid client secret - 'refresh_token' => 'test-refreshtoken', // valid refresh token - )); - $token = $server->grantAccessToken($request, new Response()); - $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh'); - - $refresh_token = $storage->getRefreshToken($token['refresh_token']); - $this->assertNotNull($refresh_token); - $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']); - $this->assertEquals($refresh_token['client_id'], $request->request('client_id')); - $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used'); - $used_token = $storage->getRefreshToken('test-refreshtoken'); - $this->assertFalse($used_token, 'the refresh token used is no longer valid'); - } - - /** - * @expectedException InvalidArgumentException OAuth2\ResponseType\AuthorizationCodeInterface - **/ - public function testAddingUnknownResponseTypeThrowsException() - { - $server = new Server(); - $server->addResponseType($this->getMock('OAuth2\ResponseType\ResponseTypeInterface')); - } - - /** - * @expectedException LogicException OAuth2\Storage\PublicKeyInterface - **/ - public function testUsingJwtAccessTokensWithoutPublicKeyStorageThrowsException() - { - $server = new Server(array(), array('use_jwt_access_tokens' => true)); - $server->addGrantType($this->getMock('OAuth2\GrantType\GrantTypeInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); - $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface')); - - $server->getTokenController(); - } - - public function testUsingJustJwtAccessTokenStorageWithResourceControllerIsOkay() - { - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); - - $this->assertNotNull($server->getResourceController()); - $this->assertInstanceOf('OAuth2\Storage\PublicKeyInterface', $server->getStorage('public_key')); - } - - /** - * @expectedException LogicException OAuth2\Storage\ClientInterface - **/ - public function testUsingJustJwtAccessTokenStorageWithAuthorizeControllerThrowsException() - { - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); - $this->assertNotNull($server->getAuthorizeController()); - } - - /** - * @expectedException LogicException grant_types - **/ - public function testUsingJustJwtAccessTokenStorageWithTokenControllerThrowsException() - { - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); - $server->getTokenController(); - } - - public function testUsingJwtAccessTokenAndClientStorageWithAuthorizeControllerIsOkay() - { - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $server = new Server(array($pubkey, $client), array('use_jwt_access_tokens' => true, 'allow_implicit' => true)); - $this->assertNotNull($server->getAuthorizeController()); - - $this->assertInstanceOf('OAuth2\ResponseType\JwtAccessToken', $server->getResponseType('token')); - } - - /** - * @expectedException LogicException UserClaims - **/ - public function testUsingOpenIDConnectWithoutUserClaimsThrowsException() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $server = new Server($client, array('use_openid_connect' => true)); - - $server->getAuthorizeController(); - } - - /** - * @expectedException LogicException PublicKeyInterface - **/ - public function testUsingOpenIDConnectWithoutPublicKeyThrowsException() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OPenID\Storage\UserClaimsInterface'); - $server = new Server(array($client, $userclaims), array('use_openid_connect' => true)); - - $server->getAuthorizeController(); - } - - /** - * @expectedException LogicException issuer - **/ - public function testUsingOpenIDConnectWithoutIssuerThrowsException() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($client, $userclaims, $pubkey), array('use_openid_connect' => true)); - - $server->getAuthorizeController(); - } - - public function testUsingOpenIDConnectWithIssuerPublicKeyAndUserClaimsIsOkay() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($client, $userclaims, $pubkey), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy', - )); - - $server->getAuthorizeController(); - - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); - $this->assertNull($server->getResponseType('id_token token')); - } - - /** - * @expectedException LogicException OAuth2\ResponseType\AccessTokenInterface - **/ - public function testUsingOpenIDConnectWithAllowImplicitWithoutTokenStorageThrowsException() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($client, $userclaims, $pubkey), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy', - 'allow_implicit' => true, - )); - - $server->getAuthorizeController(); - } - - public function testUsingOpenIDConnectWithAllowImplicitAndUseJwtAccessTokensIsOkay() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $server = new Server(array($client, $userclaims, $pubkey), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy', - 'allow_implicit' => true, - 'use_jwt_access_tokens' => true, - )); - - $server->getAuthorizeController(); - - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token')); - } - - public function testUsingOpenIDConnectWithAllowImplicitAndAccessTokenStorageIsOkay() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); - $server = new Server(array($client, $userclaims, $pubkey, $token), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy', - 'allow_implicit' => true, - )); - - $server->getAuthorizeController(); - - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token')); - } - - public function testUsingOpenIDConnectWithAllowImplicitAndAccessTokenResponseTypeIsOkay() - { - $client = $this->getMock('OAuth2\Storage\ClientInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - // $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); - $server = new Server(array($client, $userclaims, $pubkey), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy', - 'allow_implicit' => true, - )); - - $token = $this->getMock('OAuth2\ResponseType\AccessTokenInterface'); - $server->addResponseType($token, 'token'); - - $server->getAuthorizeController(); - - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token')); - $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token')); - } - - /** - * @expectedException LogicException OAuth2\OpenID\Storage\AuthorizationCodeInterface - **/ - public function testUsingOpenIDConnectWithAuthorizationCodeStorageThrowsException() - { - $client = $this->getMock('OAuth2\Storage\ClientCredentialsInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); - $authcode = $this->getMock('OAuth2\Storage\AuthorizationCodeInterface'); - - $server = new Server(array($client, $userclaims, $pubkey, $token, $authcode), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy' - )); - - $server->getTokenController(); - - $this->assertInstanceOf('OAuth2\OpenID\GrantType\AuthorizationCode', $server->getGrantType('authorization_code')); - } - - public function testUsingOpenIDConnectWithOpenIDAuthorizationCodeStorageCreatesOpenIDAuthorizationCodeGrantType() - { - $client = $this->getMock('OAuth2\Storage\ClientCredentialsInterface'); - $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface'); - $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface'); - $token = $this->getMock('OAuth2\Storage\AccessTokenInterface'); - $authcode = $this->getMock('OAuth2\OpenID\Storage\AuthorizationCodeInterface'); - - $server = new Server(array($client, $userclaims, $pubkey, $token, $authcode), array( - 'use_openid_connect' => true, - 'issuer' => 'someguy' - )); - - $server->getTokenController(); - - $this->assertInstanceOf('OAuth2\OpenID\GrantType\AuthorizationCode', $server->getGrantType('authorization_code')); - } - - public function testMultipleValuedResponseTypeOrderDoesntMatter() - { - $responseType = $this->getMock('OAuth2\OpenID\ResponseType\IdTokenTokenInterface'); - $server = new Server(array(), array(), array(), array( - 'token id_token' => $responseType, - )); - - $this->assertEquals($responseType, $server->getResponseType('id_token token')); - } - - public function testAddGrantTypeWithoutKey() - { - $server = new Server(); - $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface'))); - - $grantTypes = $server->getGrantTypes(); - $this->assertEquals('authorization_code', key($grantTypes)); - } - - public function testAddGrantTypeWithKey() - { - $server = new Server(); - $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')), 'ac'); - - $grantTypes = $server->getGrantTypes(); - $this->assertEquals('ac', key($grantTypes)); - } - - public function testAddGrantTypeWithKeyNotString() - { - $server = new Server(); - $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')), 42); - - $grantTypes = $server->getGrantTypes(); - $this->assertEquals('authorization_code', key($grantTypes)); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/AccessTokenTest.php b/library/oauth2/test/OAuth2/Storage/AccessTokenTest.php deleted file mode 100644 index b34e0bfc0..000000000 --- a/library/oauth2/test/OAuth2/Storage/AccessTokenTest.php +++ /dev/null @@ -1,102 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class AccessTokenTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testSetAccessToken(AccessTokenInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // assert token we are about to add does not exist - $token = $storage->getAccessToken('newtoken'); - $this->assertFalse($token); - - // add new token - $expires = time() + 20; - $success = $storage->setAccessToken('newtoken', 'client ID', 'SOMEUSERID', $expires); - $this->assertTrue($success); - - $token = $storage->getAccessToken('newtoken'); - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('client_id', $token); - $this->assertArrayHasKey('user_id', $token); - $this->assertArrayHasKey('expires', $token); - $this->assertEquals($token['access_token'], 'newtoken'); - $this->assertEquals($token['client_id'], 'client ID'); - $this->assertEquals($token['user_id'], 'SOMEUSERID'); - $this->assertEquals($token['expires'], $expires); - - // change existing token - $expires = time() + 42; - $success = $storage->setAccessToken('newtoken', 'client ID2', 'SOMEOTHERID', $expires); - $this->assertTrue($success); - - $token = $storage->getAccessToken('newtoken'); - $this->assertNotNull($token); - $this->assertArrayHasKey('access_token', $token); - $this->assertArrayHasKey('client_id', $token); - $this->assertArrayHasKey('user_id', $token); - $this->assertArrayHasKey('expires', $token); - $this->assertEquals($token['access_token'], 'newtoken'); - $this->assertEquals($token['client_id'], 'client ID2'); - $this->assertEquals($token['user_id'], 'SOMEOTHERID'); - $this->assertEquals($token['expires'], $expires); - - // add token with scope having an empty string value - $expires = time() + 42; - $success = $storage->setAccessToken('newtoken', 'client ID', 'SOMEOTHERID', $expires, ''); - $this->assertTrue($success); - } - - /** @dataProvider provideStorage */ - public function testUnsetAccessToken(AccessTokenInterface $storage) - { - if ($storage instanceof NullStorage || !method_exists($storage, 'unsetAccessToken')) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // assert token we are about to unset does not exist - $token = $storage->getAccessToken('revokabletoken'); - $this->assertFalse($token); - - // add new token - $expires = time() + 20; - $success = $storage->setAccessToken('revokabletoken', 'client ID', 'SOMEUSERID', $expires); - $this->assertTrue($success); - - // assert unsetAccessToken returns true - $result = $storage->unsetAccessToken('revokabletoken'); - $this->assertTrue($result); - - // assert token we unset does not exist - $token = $storage->getAccessToken('revokabletoken'); - $this->assertFalse($token); - } - - /** @dataProvider provideStorage */ - public function testUnsetAccessTokenReturnsFalse(AccessTokenInterface $storage) - { - if ($storage instanceof NullStorage || !method_exists($storage, 'unsetAccessToken')) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // assert token we are about to unset does not exist - $token = $storage->getAccessToken('nonexistanttoken'); - $this->assertFalse($token); - - // assert unsetAccessToken returns false - $result = $storage->unsetAccessToken('nonexistanttoken'); - $this->assertFalse($result); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php deleted file mode 100644 index 2d901b501..000000000 --- a/library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php +++ /dev/null @@ -1,106 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class AuthorizationCodeTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testGetAuthorizationCode(AuthorizationCodeInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // nonexistant client_id - $details = $storage->getAuthorizationCode('faketoken'); - $this->assertFalse($details); - - // valid client_id - $details = $storage->getAuthorizationCode('testtoken'); - $this->assertNotNull($details); - } - - /** @dataProvider provideStorage */ - public function testSetAuthorizationCode(AuthorizationCodeInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // assert code we are about to add does not exist - $code = $storage->getAuthorizationCode('newcode'); - $this->assertFalse($code); - - // add new code - $expires = time() + 20; - $success = $storage->setAuthorizationCode('newcode', 'client ID', 'SOMEUSERID', 'http://example.com', $expires); - $this->assertTrue($success); - - $code = $storage->getAuthorizationCode('newcode'); - $this->assertNotNull($code); - $this->assertArrayHasKey('authorization_code', $code); - $this->assertArrayHasKey('client_id', $code); - $this->assertArrayHasKey('user_id', $code); - $this->assertArrayHasKey('redirect_uri', $code); - $this->assertArrayHasKey('expires', $code); - $this->assertEquals($code['authorization_code'], 'newcode'); - $this->assertEquals($code['client_id'], 'client ID'); - $this->assertEquals($code['user_id'], 'SOMEUSERID'); - $this->assertEquals($code['redirect_uri'], 'http://example.com'); - $this->assertEquals($code['expires'], $expires); - - // change existing code - $expires = time() + 42; - $success = $storage->setAuthorizationCode('newcode', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires); - $this->assertTrue($success); - - $code = $storage->getAuthorizationCode('newcode'); - $this->assertNotNull($code); - $this->assertArrayHasKey('authorization_code', $code); - $this->assertArrayHasKey('client_id', $code); - $this->assertArrayHasKey('user_id', $code); - $this->assertArrayHasKey('redirect_uri', $code); - $this->assertArrayHasKey('expires', $code); - $this->assertEquals($code['authorization_code'], 'newcode'); - $this->assertEquals($code['client_id'], 'client ID2'); - $this->assertEquals($code['user_id'], 'SOMEOTHERID'); - $this->assertEquals($code['redirect_uri'], 'http://example.org'); - $this->assertEquals($code['expires'], $expires); - - // add new code with scope having an empty string value - $expires = time() + 20; - $success = $storage->setAuthorizationCode('newcode', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, ''); - $this->assertTrue($success); - } - - /** @dataProvider provideStorage */ - public function testExpireAccessToken(AccessTokenInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // create a valid code - $expires = time() + 20; - $success = $storage->setAuthorizationCode('code-to-expire', 'client ID', 'SOMEUSERID', 'http://example.com', time() + 20); - $this->assertTrue($success); - - // verify the new code exists - $code = $storage->getAuthorizationCode('code-to-expire'); - $this->assertNotNull($code); - - $this->assertArrayHasKey('authorization_code', $code); - $this->assertEquals($code['authorization_code'], 'code-to-expire'); - - // now expire the code and ensure it's no longer available - $storage->expireAuthorizationCode('code-to-expire'); - $code = $storage->getAuthorizationCode('code-to-expire'); - $this->assertFalse($code); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php b/library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php deleted file mode 100644 index 15289af30..000000000 --- a/library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php +++ /dev/null @@ -1,28 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class ClientCredentialsTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testCheckClientCredentials(ClientCredentialsInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // nonexistant client_id - $pass = $storage->checkClientCredentials('fakeclient', 'testpass'); - $this->assertFalse($pass); - - // invalid password - $pass = $storage->checkClientCredentials('oauth_test_client', 'invalidcredentials'); - $this->assertFalse($pass); - - // valid credentials - $pass = $storage->checkClientCredentials('oauth_test_client', 'testpass'); - $this->assertTrue($pass); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/ClientTest.php b/library/oauth2/test/OAuth2/Storage/ClientTest.php deleted file mode 100644 index 6a5cc0b49..000000000 --- a/library/oauth2/test/OAuth2/Storage/ClientTest.php +++ /dev/null @@ -1,110 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class ClientTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testGetClientDetails(ClientInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // nonexistant client_id - $details = $storage->getClientDetails('fakeclient'); - $this->assertFalse($details); - - // valid client_id - $details = $storage->getClientDetails('oauth_test_client'); - $this->assertNotNull($details); - $this->assertArrayHasKey('client_id', $details); - $this->assertArrayHasKey('client_secret', $details); - $this->assertArrayHasKey('redirect_uri', $details); - } - - /** @dataProvider provideStorage */ - public function testCheckRestrictedGrantType(ClientInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // Check invalid - $pass = $storage->checkRestrictedGrantType('oauth_test_client', 'authorization_code'); - $this->assertFalse($pass); - - // Check valid - $pass = $storage->checkRestrictedGrantType('oauth_test_client', 'implicit'); - $this->assertTrue($pass); - } - - /** @dataProvider provideStorage */ - public function testGetAccessToken(ClientInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // nonexistant client_id - $details = $storage->getAccessToken('faketoken'); - $this->assertFalse($details); - - // valid client_id - $details = $storage->getAccessToken('testtoken'); - $this->assertNotNull($details); - } - - /** @dataProvider provideStorage */ - public function testIsPublicClient(ClientInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - $publicClientId = 'public-client-'.rand(); - $confidentialClientId = 'confidential-client-'.rand(); - - // create a new client - $success1 = $storage->setClientDetails($publicClientId, ''); - $success2 = $storage->setClientDetails($confidentialClientId, 'some-secret'); - $this->assertTrue($success1); - $this->assertTrue($success2); - - // assert isPublicClient for both - $this->assertTrue($storage->isPublicClient($publicClientId)); - $this->assertFalse($storage->isPublicClient($confidentialClientId)); - } - - /** @dataProvider provideStorage */ - public function testSaveClient(ClientInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - $clientId = 'some-client-'.rand(); - - // create a new client - $success = $storage->setClientDetails($clientId, 'somesecret', 'http://test.com', 'client_credentials', 'clientscope1', 'brent@brentertainment.com'); - $this->assertTrue($success); - - // valid client_id - $details = $storage->getClientDetails($clientId); - $this->assertEquals($details['client_secret'], 'somesecret'); - $this->assertEquals($details['redirect_uri'], 'http://test.com'); - $this->assertEquals($details['grant_types'], 'client_credentials'); - $this->assertEquals($details['scope'], 'clientscope1'); - $this->assertEquals($details['user_id'], 'brent@brentertainment.com'); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/DynamoDBTest.php b/library/oauth2/test/OAuth2/Storage/DynamoDBTest.php deleted file mode 100644 index 2147f0914..000000000 --- a/library/oauth2/test/OAuth2/Storage/DynamoDBTest.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class DynamoDBTest extends BaseTest -{ - public function testGetDefaultScope() - { - $client = $this->getMockBuilder('\Aws\DynamoDb\DynamoDbClient') - ->disableOriginalConstructor() - ->setMethods(array('query')) - ->getMock(); - - $return = $this->getMockBuilder('\Guzzle\Service\Resource\Model') - ->setMethods(array('count', 'toArray')) - ->getMock(); - - $data = array( - 'Items' => array(), - 'Count' => 0, - 'ScannedCount'=> 0 - ); - - $return->expects($this->once()) - ->method('count') - ->will($this->returnValue(count($data))); - - $return->expects($this->once()) - ->method('toArray') - ->will($this->returnValue($data)); - - // should return null default scope if none is set in database - $client->expects($this->once()) - ->method('query') - ->will($this->returnValue($return)); - - $storage = new DynamoDB($client); - $this->assertNull($storage->getDefaultScope()); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php b/library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php deleted file mode 100644 index a6acbea1f..000000000 --- a/library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -use OAuth2\Encryption\Jwt; - -class JwtAccessTokenTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testSetAccessToken($storage) - { - if (!$storage instanceof PublicKey) { - // incompatible storage - return; - } - - $crypto = new jwtAccessToken($storage); - - $publicKeyStorage = Bootstrap::getInstance()->getMemoryStorage(); - $encryptionUtil = new Jwt(); - - $jwtAccessToken = array( - 'access_token' => rand(), - 'expires' => time() + 100, - 'scope' => 'foo', - ); - - $token = $encryptionUtil->encode($jwtAccessToken, $storage->getPrivateKey(), $storage->getEncryptionAlgorithm()); - - $this->assertNotNull($token); - - $tokenData = $crypto->getAccessToken($token); - - $this->assertTrue(is_array($tokenData)); - - /* assert the decoded token is the same */ - $this->assertEquals($tokenData['access_token'], $jwtAccessToken['access_token']); - $this->assertEquals($tokenData['expires'], $jwtAccessToken['expires']); - $this->assertEquals($tokenData['scope'], $jwtAccessToken['scope']); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/JwtBearerTest.php b/library/oauth2/test/OAuth2/Storage/JwtBearerTest.php deleted file mode 100644 index d0ab9b899..000000000 --- a/library/oauth2/test/OAuth2/Storage/JwtBearerTest.php +++ /dev/null @@ -1,25 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class JwtBearerTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testGetClientKey(JwtBearerInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // nonexistant client_id - $key = $storage->getClientKey('this-is-not-real', 'nor-is-this'); - $this->assertFalse($key); - - // valid client_id and subject - $key = $storage->getClientKey('oauth_test_client', 'test_subject'); - $this->assertNotNull($key); - $this->assertEquals($key, Bootstrap::getInstance()->getTestPublicKey()); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/PdoTest.php b/library/oauth2/test/OAuth2/Storage/PdoTest.php deleted file mode 100644 index 57eb39072..000000000 --- a/library/oauth2/test/OAuth2/Storage/PdoTest.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class PdoTest extends BaseTest -{ - public function testCreatePdoStorageUsingPdoClass() - { - $pdo = new \PDO(sprintf('sqlite://%s', Bootstrap::getInstance()->getSqliteDir())); - $storage = new Pdo($pdo); - - $this->assertNotNull($storage->getClientDetails('oauth_test_client')); - } - - public function testCreatePdoStorageUsingDSN() - { - $dsn = sprintf('sqlite://%s', Bootstrap::getInstance()->getSqliteDir()); - $storage = new Pdo($dsn); - - $this->assertNotNull($storage->getClientDetails('oauth_test_client')); - } - - public function testCreatePdoStorageUsingConfig() - { - $config = array('dsn' => sprintf('sqlite://%s', Bootstrap::getInstance()->getSqliteDir())); - $storage = new Pdo($config); - - $this->assertNotNull($storage->getClientDetails('oauth_test_client')); - } - - /** - * @expectedException InvalidArgumentException dsn - */ - public function testCreatePdoStorageWithoutDSNThrowsException() - { - $config = array('username' => 'brent', 'password' => 'brentisaballer'); - $storage = new Pdo($config); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/PublicKeyTest.php b/library/oauth2/test/OAuth2/Storage/PublicKeyTest.php deleted file mode 100644 index f85195870..000000000 --- a/library/oauth2/test/OAuth2/Storage/PublicKeyTest.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class PublicKeyTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testSetAccessToken($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof PublicKeyInterface) { - // incompatible storage - return; - } - - $configDir = Bootstrap::getInstance()->getConfigDir(); - $globalPublicKey = file_get_contents($configDir.'/keys/id_rsa.pub'); - $globalPrivateKey = file_get_contents($configDir.'/keys/id_rsa'); - - /* assert values from storage */ - $this->assertEquals($storage->getPublicKey(), $globalPublicKey); - $this->assertEquals($storage->getPrivateKey(), $globalPrivateKey); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php b/library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php deleted file mode 100644 index 314c93195..000000000 --- a/library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class RefreshTokenTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testSetRefreshToken(RefreshTokenInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // assert token we are about to add does not exist - $token = $storage->getRefreshToken('refreshtoken'); - $this->assertFalse($token); - - // add new token - $expires = time() + 20; - $success = $storage->setRefreshToken('refreshtoken', 'client ID', 'SOMEUSERID', $expires); - $this->assertTrue($success); - - $token = $storage->getRefreshToken('refreshtoken'); - $this->assertNotNull($token); - $this->assertArrayHasKey('refresh_token', $token); - $this->assertArrayHasKey('client_id', $token); - $this->assertArrayHasKey('user_id', $token); - $this->assertArrayHasKey('expires', $token); - $this->assertEquals($token['refresh_token'], 'refreshtoken'); - $this->assertEquals($token['client_id'], 'client ID'); - $this->assertEquals($token['user_id'], 'SOMEUSERID'); - $this->assertEquals($token['expires'], $expires); - - // add token with scope having an empty string value - $expires = time() + 20; - $success = $storage->setRefreshToken('refreshtoken2', 'client ID', 'SOMEUSERID', $expires, ''); - $this->assertTrue($success); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/ScopeTest.php b/library/oauth2/test/OAuth2/Storage/ScopeTest.php deleted file mode 100644 index fd1edeb93..000000000 --- a/library/oauth2/test/OAuth2/Storage/ScopeTest.php +++ /dev/null @@ -1,53 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -use OAuth2\Scope; - -class ScopeTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testScopeExists($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof ScopeInterface) { - // incompatible storage - return; - } - - //Test getting scopes - $scopeUtil = new Scope($storage); - $this->assertTrue($scopeUtil->scopeExists('supportedscope1')); - $this->assertTrue($scopeUtil->scopeExists('supportedscope1 supportedscope2 supportedscope3')); - $this->assertFalse($scopeUtil->scopeExists('fakescope')); - $this->assertFalse($scopeUtil->scopeExists('supportedscope1 supportedscope2 supportedscope3 fakescope')); - } - - /** @dataProvider provideStorage */ - public function testGetDefaultScope($storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - if (!$storage instanceof ScopeInterface) { - // incompatible storage - return; - } - - // test getting default scope - $scopeUtil = new Scope($storage); - $expected = explode(' ', $scopeUtil->getDefaultScope()); - $actual = explode(' ', 'defaultscope1 defaultscope2'); - sort($expected); - sort($actual); - $this->assertEquals($expected, $actual); - } -} diff --git a/library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php b/library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php deleted file mode 100644 index 65655a6b2..000000000 --- a/library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class UserCredentialsTest extends BaseTest -{ - /** @dataProvider provideStorage */ - public function testCheckUserCredentials(UserCredentialsInterface $storage) - { - if ($storage instanceof NullStorage) { - $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage()); - - return; - } - - // create a new user for testing - $success = $storage->setUser('testusername', 'testpass', 'Test', 'User'); - $this->assertTrue($success); - - // correct credentials - $this->assertTrue($storage->checkUserCredentials('testusername', 'testpass')); - // invalid password - $this->assertFalse($storage->checkUserCredentials('testusername', 'fakepass')); - // invalid username - $this->assertFalse($storage->checkUserCredentials('fakeusername', 'testpass')); - - // invalid username - $this->assertFalse($storage->getUserDetails('fakeusername')); - - // ensure all properties are set - $user = $storage->getUserDetails('testusername'); - $this->assertTrue($user !== false); - $this->assertArrayHasKey('user_id', $user); - $this->assertArrayHasKey('first_name', $user); - $this->assertArrayHasKey('last_name', $user); - $this->assertEquals($user['user_id'], 'testusername'); - $this->assertEquals($user['first_name'], 'Test'); - $this->assertEquals($user['last_name'], 'User'); - } -} diff --git a/library/oauth2/test/OAuth2/TokenType/BearerTest.php b/library/oauth2/test/OAuth2/TokenType/BearerTest.php deleted file mode 100644 index a2e000e22..000000000 --- a/library/oauth2/test/OAuth2/TokenType/BearerTest.php +++ /dev/null @@ -1,58 +0,0 @@ -<?php - -namespace OAuth2\TokenType; - -use OAuth2\Request\TestRequest; -use OAuth2\Response; - -class BearerTest extends \PHPUnit_Framework_TestCase -{ - public function testValidContentTypeWithCharset() - { - $bearer = new Bearer(); - $request = TestRequest::createPost(array( - 'access_token' => 'ThisIsMyAccessToken' - )); - $request->server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=UTF-8'; - - $param = $bearer->getAccessTokenParameter($request, $response = new Response()); - $this->assertEquals($param, 'ThisIsMyAccessToken'); - } - - public function testInvalidContentType() - { - $bearer = new Bearer(); - $request = TestRequest::createPost(array( - 'access_token' => 'ThisIsMyAccessToken' - )); - $request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8'; - - $param = $bearer->getAccessTokenParameter($request, $response = new Response()); - $this->assertNull($param); - $this->assertEquals($response->getStatusCode(), 400); - $this->assertEquals($response->getParameter('error'), 'invalid_request'); - $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"'); - } - - public function testValidRequestUsingAuthorizationHeader() - { - $bearer = new Bearer(); - $request = new TestRequest(); - $request->headers['AUTHORIZATION'] = 'Bearer MyToken'; - $request->server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=UTF-8'; - - $param = $bearer->getAccessTokenParameter($request, $response = new Response()); - $this->assertEquals('MyToken', $param); - } - - public function testValidRequestUsingAuthorizationHeaderCaseInsensitive() - { - $bearer = new Bearer(); - $request = new TestRequest(); - $request->server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=UTF-8'; - $request->headers['Authorization'] = 'Bearer MyToken'; - - $param = $bearer->getAccessTokenParameter($request, $response = new Response()); - $this->assertEquals('MyToken', $param); - } -} diff --git a/library/oauth2/test/bootstrap.php b/library/oauth2/test/bootstrap.php deleted file mode 100644 index 0a4af0716..000000000 --- a/library/oauth2/test/bootstrap.php +++ /dev/null @@ -1,12 +0,0 @@ -<?php - -require_once(dirname(__FILE__).'/../src/OAuth2/Autoloader.php'); -OAuth2\Autoloader::register(); - -// register test classes -OAuth2\Autoloader::register(dirname(__FILE__).'/lib'); - -// register vendors if possible -if (file_exists(__DIR__.'/../vendor/autoload.php')) { - require_once(__DIR__.'/../vendor/autoload.php'); -} diff --git a/library/oauth2/test/cleanup.php b/library/oauth2/test/cleanup.php deleted file mode 100644 index 8663a901b..000000000 --- a/library/oauth2/test/cleanup.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php - -require_once(dirname(__FILE__).'/../src/OAuth2/Autoloader.php'); -OAuth2\Autoloader::register(); - -// register test classes -OAuth2\Autoloader::register(dirname(__FILE__).'/lib'); - -// register vendors if possible -if (file_exists(__DIR__.'/../vendor/autoload.php')) { - require_once(__DIR__.'/../vendor/autoload.php'); -} - -// remove the dynamoDB database that was created for this build -OAuth2\Storage\Bootstrap::getInstance()->cleanupTravisDynamoDb(); diff --git a/library/oauth2/test/config/keys/id_rsa b/library/oauth2/test/config/keys/id_rsa deleted file mode 100644 index e8b9eff2d..000000000 --- a/library/oauth2/test/config/keys/id_rsa +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLsNjP+uAt2eO0cc5J9H5XV -8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdwizIum8j0KzpsGYH5qReN -QDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJuBe+FQpZTs8DewwIDAQAB -AoGARfNxNknmtx/n1bskZ/01iZRzAge6BLEE0LV6Q4gS7mkRZu/Oyiv39Sl5vUlA -+WdGxLjkBwKNjxGN8Vxw9/ASd8rSsqeAUYIwAeifXrHhj5DBPQT/pDPkeFnp9B1w -C6jo+3AbBQ4/b0ONSIEnCL2xGGglSIAxO17T1ViXp7lzXPECQQDe63nkRdWM0OCb -oaHQPT3E26224maIstrGFUdt9yw3yJf4bOF7TtiPLlLuHsTTge3z+fG6ntC0xG56 -1cl37C3ZAkEA2HdVcRGugNp/qmVz4LJTpD+WZKi73PLAO47wDOrYh9Pn2I6fcEH0 -CPnggt1ko4ujvGzFTvRH64HXa6aPCv1j+wJBAMQMah3VQPNf/DlDVFEUmw9XeBZg -VHaifX851aEjgXLp6qVj9IYCmLiLsAmVa9rr6P7p8asD418nZlaHUHE0eDkCQQCr -uxis6GMx1Ka971jcJX2X696LoxXPd0KsvXySMupv79yagKPa8mgBiwPjrnK+EPVo -cj6iochA/bSCshP/mwFrAkBHEKPi6V6gb94JinCT7x3weahbdp6bJ6/nzBH/p9VA -HoT1JtwNFhGv9BCjmDydshQHfSWpY9NxlccBKL7ITm8R ------END RSA PRIVATE KEY-----
\ No newline at end of file diff --git a/library/oauth2/test/config/keys/id_rsa.pub b/library/oauth2/test/config/keys/id_rsa.pub deleted file mode 100644 index 1ac15f5eb..000000000 --- a/library/oauth2/test/config/keys/id_rsa.pub +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL -MAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe -Fw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw -CQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs -NjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw -izIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu -Be+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K -vCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG -A1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh -dGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD -lM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl -aViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL -FRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg== ------END CERTIFICATE-----
\ No newline at end of file diff --git a/library/oauth2/test/config/storage.json b/library/oauth2/test/config/storage.json deleted file mode 100644 index a31d3bca2..000000000 --- a/library/oauth2/test/config/storage.json +++ /dev/null @@ -1,181 +0,0 @@ -{ - "authorization_codes": { - "testcode": { - "client_id": "Test Client ID", - "user_id": "", - "redirect_uri": "", - "expires": "9999999999", - "id_token": "IDTOKEN" - }, - "testcode-with-scope": { - "client_id": "Test Client ID", - "user_id": "", - "redirect_uri": "", - "expires": "9999999999", - "scope": "scope1 scope2" - }, - "testcode-expired": { - "client_id": "Test Client ID", - "user_id": "", - "redirect_uri": "", - "expires": "1356998400" - }, - "testcode-empty-secret": { - "client_id": "Test Client ID Empty Secret", - "user_id": "", - "redirect_uri": "", - "expires": "9999999999" - }, - "testcode-openid": { - "client_id": "Test Client ID", - "user_id": "", - "redirect_uri": "", - "expires": "9999999999", - "id_token": "test_id_token" - } - }, - "client_credentials" : { - "Test Client ID": { - "client_secret": "TestSecret" - }, - "Test Client ID with Redirect Uri": { - "client_secret": "TestSecret2", - "redirect_uri": "http://brentertainment.com" - }, - "Test Client ID with Buggy Redirect Uri": { - "client_secret": "TestSecret2", - "redirect_uri": " http://brentertainment.com" - }, - "Test Client ID with Multiple Redirect Uris": { - "client_secret": "TestSecret3", - "redirect_uri": "http://brentertainment.com http://morehazards.com" - }, - "Test Client ID with Redirect Uri Parts": { - "client_secret": "TestSecret4", - "redirect_uri": "http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true" - }, - "Test Some Other Client": { - "client_secret": "TestSecret3" - }, - "Test Client ID Empty Secret": { - "client_secret": "" - }, - "Test Client ID For Password Grant": { - "grant_types": "password", - "client_secret": "" - }, - "Client ID With User ID": { - "client_secret": "TestSecret", - "user_id": "brent@brentertainment.com" - }, - "oauth_test_client": { - "client_secret": "testpass", - "grant_types": "implicit password" - } - }, - "user_credentials" : { - "test-username": { - "password": "testpass" - }, - "testusername": { - "password": "testpass" - }, - "testuser": { - "password": "password", - "email": "testuser@test.com", - "email_verified": true - }, - "johndoe": { - "password": "password" - } - }, - "refresh_tokens" : { - "test-refreshtoken": { - "refresh_token": "test-refreshtoken", - "client_id": "Test Client ID", - "user_id": "test-username", - "expires": 0, - "scope": null - }, - "test-refreshtoken-with-scope": { - "refresh_token": "test-refreshtoken", - "client_id": "Test Client ID", - "user_id": "test-username", - "expires": 0, - "scope": "scope1 scope2" - } - }, - "access_tokens" : { - "accesstoken-expired": { - "access_token": "accesstoken-expired", - "client_id": "Test Client ID", - "expires": 1234567, - "scope": null - }, - "accesstoken-scope": { - "access_token": "accesstoken-scope", - "client_id": "Test Client ID", - "expires": 99999999900, - "scope": "testscope" - }, - "accesstoken-openid-connect": { - "access_token": "accesstoken-openid-connect", - "client_id": "Test Client ID", - "user_id": "testuser", - "expires": 99999999900, - "scope": "openid email" - }, - "accesstoken-malformed": { - "access_token": "accesstoken-mallformed", - "expires": 99999999900, - "scope": "testscope" - } - }, - "jwt": { - "Test Client ID": { - "key": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/SxVlE8gnpFqCxgl2wjhzY7u\ncEi00s0kUg3xp7lVEvgLgYcAnHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1o\nwR0p4d9pOaJK07d01+RzoQLOIQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8\nUlvdRKBxriRnlP3qJQIDAQAB\n-----END PUBLIC KEY-----", - "subject": "testuser@ourdomain.com" - }, - "Test Client ID PHP-5.2": { - "key": "mysecretkey", - "subject": "testuser@ourdomain.com" - }, - "Missing Key Client": { - "key": null, - "subject": "testuser@ourdomain.com" - }, - "Missing Key Client PHP-5.2": { - "key": null, - "subject": "testuser@ourdomain.com" - }, - "oauth_test_client": { - "key": "-----BEGIN CERTIFICATE-----\nMIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL\nMAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe\nFw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs\nNjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw\nizIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu\nBe+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K\nvCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh\ndGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD\nlM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl\naViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL\nFRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg==\n-----END CERTIFICATE-----", - "subject": "test_subject" - } - }, - "jti": [ - { - "issuer": "Test Client ID", - "subject": "testuser@ourdomain.com", - "audience": "http://myapp.com/oauth/auth", - "expires": 99999999900, - "jti": "used_jti" - } - ], - "supported_scopes" : [ - "scope1", - "scope2", - "scope3", - "clientscope1", - "clientscope2", - "clientscope3", - "supportedscope1", - "supportedscope2", - "supportedscope3", - "supportedscope4" - ], - "keys": { - "public_key": "-----BEGIN CERTIFICATE-----\nMIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL\nMAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe\nFw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs\nNjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw\nizIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu\nBe+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K\nvCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh\ndGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD\nlM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl\naViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL\nFRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg==\n-----END CERTIFICATE-----", - "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLsNjP+uAt2eO0cc5J9H5XV\n8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdwizIum8j0KzpsGYH5qReN\nQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJuBe+FQpZTs8DewwIDAQAB\nAoGARfNxNknmtx/n1bskZ/01iZRzAge6BLEE0LV6Q4gS7mkRZu/Oyiv39Sl5vUlA\n+WdGxLjkBwKNjxGN8Vxw9/ASd8rSsqeAUYIwAeifXrHhj5DBPQT/pDPkeFnp9B1w\nC6jo+3AbBQ4/b0ONSIEnCL2xGGglSIAxO17T1ViXp7lzXPECQQDe63nkRdWM0OCb\noaHQPT3E26224maIstrGFUdt9yw3yJf4bOF7TtiPLlLuHsTTge3z+fG6ntC0xG56\n1cl37C3ZAkEA2HdVcRGugNp/qmVz4LJTpD+WZKi73PLAO47wDOrYh9Pn2I6fcEH0\nCPnggt1ko4ujvGzFTvRH64HXa6aPCv1j+wJBAMQMah3VQPNf/DlDVFEUmw9XeBZg\nVHaifX851aEjgXLp6qVj9IYCmLiLsAmVa9rr6P7p8asD418nZlaHUHE0eDkCQQCr\nuxis6GMx1Ka971jcJX2X696LoxXPd0KsvXySMupv79yagKPa8mgBiwPjrnK+EPVo\ncj6iochA/bSCshP/mwFrAkBHEKPi6V6gb94JinCT7x3weahbdp6bJ6/nzBH/p9VA\nHoT1JtwNFhGv9BCjmDydshQHfSWpY9NxlccBKL7ITm8R\n-----END RSA PRIVATE KEY-----" - } -} diff --git a/library/oauth2/test/lib/OAuth2/Request/TestRequest.php b/library/oauth2/test/lib/OAuth2/Request/TestRequest.php deleted file mode 100644 index 7bbce28a4..000000000 --- a/library/oauth2/test/lib/OAuth2/Request/TestRequest.php +++ /dev/null @@ -1,61 +0,0 @@ -<?php - -namespace OAuth2\Request; - -use OAuth2\Request; -use OAuth2\RequestInterface; - -/** -* -*/ -class TestRequest extends Request implements RequestInterface -{ - public $query, $request, $server, $headers; - - public function __construct() - { - $this->query = $_GET; - $this->request = $_POST; - $this->server = $_SERVER; - $this->headers = array(); - } - - public function query($name, $default = null) - { - return isset($this->query[$name]) ? $this->query[$name] : $default; - } - - public function request($name, $default = null) - { - return isset($this->request[$name]) ? $this->request[$name] : $default; - } - - public function server($name, $default = null) - { - return isset($this->server[$name]) ? $this->server[$name] : $default; - } - - public function getAllQueryParameters() - { - return $this->query; - } - - public function setQuery(array $query) - { - $this->query = $query; - } - - public function setPost(array $params) - { - $this->server['REQUEST_METHOD'] = 'POST'; - $this->request = $params; - } - - public static function createPost(array $params = array()) - { - $request = new self(); - $request->setPost($params); - - return $request; - } -} diff --git a/library/oauth2/test/lib/OAuth2/Storage/BaseTest.php b/library/oauth2/test/lib/OAuth2/Storage/BaseTest.php deleted file mode 100755 index 921d52500..000000000 --- a/library/oauth2/test/lib/OAuth2/Storage/BaseTest.php +++ /dev/null @@ -1,34 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -abstract class BaseTest extends \PHPUnit_Framework_TestCase -{ - public function provideStorage() - { - $memory = Bootstrap::getInstance()->getMemoryStorage(); - $sqlite = Bootstrap::getInstance()->getSqlitePdo(); - $mysql = Bootstrap::getInstance()->getMysqlPdo(); - $postgres = Bootstrap::getInstance()->getPostgresPdo(); - $mongo = Bootstrap::getInstance()->getMongo(); - $redis = Bootstrap::getInstance()->getRedisStorage(); - $cassandra = Bootstrap::getInstance()->getCassandraStorage(); - $dynamodb = Bootstrap::getInstance()->getDynamoDbStorage(); - $couchbase = Bootstrap::getInstance()->getCouchbase(); - - /* hack until we can fix "default_scope" dependencies in other tests */ - $memory->defaultScope = 'defaultscope1 defaultscope2'; - - return array( - array($memory), - array($sqlite), - array($mysql), - array($postgres), - array($mongo), - array($redis), - array($cassandra), - array($dynamodb), - array($couchbase), - ); - } -} diff --git a/library/oauth2/test/lib/OAuth2/Storage/Bootstrap.php b/library/oauth2/test/lib/OAuth2/Storage/Bootstrap.php deleted file mode 100755 index 4ac9022b1..000000000 --- a/library/oauth2/test/lib/OAuth2/Storage/Bootstrap.php +++ /dev/null @@ -1,888 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -class Bootstrap -{ - const DYNAMODB_PHP_VERSION = 'none'; - - protected static $instance; - private $mysql; - private $sqlite; - private $postgres; - private $mongo; - private $redis; - private $cassandra; - private $configDir; - private $dynamodb; - private $couchbase; - - public function __construct() - { - $this->configDir = __DIR__.'/../../../config'; - } - - public static function getInstance() - { - if (!self::$instance) { - self::$instance = new self(); - } - - return self::$instance; - } - - public function getSqlitePdo() - { - if (!$this->sqlite) { - $this->removeSqliteDb(); - $pdo = new \PDO(sprintf('sqlite://%s', $this->getSqliteDir())); - $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); - $this->createSqliteDb($pdo); - - $this->sqlite = new Pdo($pdo); - } - - return $this->sqlite; - } - - public function getPostgresPdo() - { - if (!$this->postgres) { - if (in_array('pgsql', \PDO::getAvailableDrivers())) { - $this->removePostgresDb(); - $this->createPostgresDb(); - if ($pdo = $this->getPostgresDriver()) { - $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); - $this->populatePostgresDb($pdo); - $this->postgres = new Pdo($pdo); - } - } else { - $this->postgres = new NullStorage('Postgres', 'Missing postgres PDO extension.'); - } - } - - return $this->postgres; - } - - public function getPostgresDriver() - { - try { - $pdo = new \PDO('pgsql:host=localhost;dbname=oauth2_server_php', 'postgres'); - - return $pdo; - } catch (\PDOException $e) { - $this->postgres = new NullStorage('Postgres', $e->getMessage()); - } - } - - public function getMemoryStorage() - { - return new Memory(json_decode(file_get_contents($this->configDir. '/storage.json'), true)); - } - - public function getRedisStorage() - { - if (!$this->redis) { - if (class_exists('Predis\Client')) { - $redis = new \Predis\Client(); - if ($this->testRedisConnection($redis)) { - $redis->flushdb(); - $this->redis = new Redis($redis); - $this->createRedisDb($this->redis); - } else { - $this->redis = new NullStorage('Redis', 'Unable to connect to redis server on port 6379'); - } - } else { - $this->redis = new NullStorage('Redis', 'Missing redis library. Please run "composer.phar require predis/predis:dev-master"'); - } - } - - return $this->redis; - } - - private function testRedisConnection(\Predis\Client $redis) - { - try { - $redis->connect(); - } catch (\Predis\CommunicationException $exception) { - // we were unable to connect to the redis server - return false; - } - - return true; - } - - public function getMysqlPdo() - { - if (!$this->mysql) { - $pdo = null; - try { - $pdo = new \PDO('mysql:host=localhost;', 'root'); - } catch (\PDOException $e) { - $this->mysql = new NullStorage('MySQL', 'Unable to connect to MySQL on root@localhost'); - } - - if ($pdo) { - $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); - $this->removeMysqlDb($pdo); - $this->createMysqlDb($pdo); - - $this->mysql = new Pdo($pdo); - } - } - - return $this->mysql; - } - - public function getMongo() - { - if (!$this->mongo) { - $skipMongo = $this->getEnvVar('SKIP_MONGO_TESTS'); - if (!$skipMongo && class_exists('MongoClient')) { - $mongo = new \MongoClient('mongodb://localhost:27017', array('connect' => false)); - if ($this->testMongoConnection($mongo)) { - $db = $mongo->oauth2_server_php; - $this->removeMongoDb($db); - $this->createMongoDb($db); - - $this->mongo = new Mongo($db); - } else { - $this->mongo = new NullStorage('Mongo', 'Unable to connect to mongo server on "localhost:27017"'); - } - } else { - $this->mongo = new NullStorage('Mongo', 'Missing mongo php extension. Please install mongo.so'); - } - } - - return $this->mongo; - } - - private function testMongoConnection(\MongoClient $mongo) - { - try { - $mongo->connect(); - } catch (\MongoConnectionException $e) { - return false; - } - - return true; - } - - public function getCouchbase() - { - if (!$this->couchbase) { - if ($this->getEnvVar('SKIP_COUCHBASE_TESTS')) { - $this->couchbase = new NullStorage('Couchbase', 'Skipping Couchbase tests'); - } elseif (!class_exists('Couchbase')) { - $this->couchbase = new NullStorage('Couchbase', 'Missing Couchbase php extension. Please install couchbase.so'); - } else { - // round-about way to make sure couchbase is working - // this is required because it throws a "floating point exception" otherwise - $code = "new \Couchbase(array('localhost:8091'), '', '', 'auth', false);"; - $exec = sprintf('php -r "%s"', $code); - $ret = exec($exec, $test, $var); - if ($ret != 0) { - $couchbase = new \Couchbase(array('localhost:8091'), '', '', 'auth', false); - if ($this->testCouchbaseConnection($couchbase)) { - $this->clearCouchbase($couchbase); - $this->createCouchbaseDB($couchbase); - - $this->couchbase = new CouchbaseDB($couchbase); - } else { - $this->couchbase = new NullStorage('Couchbase', 'Unable to connect to Couchbase server on "localhost:8091"'); - } - } else { - $this->couchbase = new NullStorage('Couchbase', 'Error while trying to connect to Couchbase'); - } - } - } - - return $this->couchbase; - } - - private function testCouchbaseConnection(\Couchbase $couchbase) - { - try { - if (count($couchbase->getServers()) > 0) { - return true; - } - } catch (\CouchbaseException $e) { - return false; - } - - return true; - } - - public function getCassandraStorage() - { - if (!$this->cassandra) { - if (class_exists('phpcassa\ColumnFamily')) { - $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_test', array('127.0.0.1:9160')); - if ($this->testCassandraConnection($cassandra)) { - $this->removeCassandraDb(); - $this->cassandra = new Cassandra($cassandra); - $this->createCassandraDb($this->cassandra); - } else { - $this->cassandra = new NullStorage('Cassandra', 'Unable to connect to cassandra server on "127.0.0.1:9160"'); - } - } else { - $this->cassandra = new NullStorage('Cassandra', 'Missing cassandra library. Please run "composer.phar require thobbs/phpcassa:dev-master"'); - } - } - - return $this->cassandra; - } - - private function testCassandraConnection(\phpcassa\Connection\ConnectionPool $cassandra) - { - try { - new \phpcassa\SystemManager('localhost:9160'); - } catch (\Exception $e) { - return false; - } - - return true; - } - - private function removeCassandraDb() - { - $sys = new \phpcassa\SystemManager('localhost:9160'); - - try { - $sys->drop_keyspace('oauth2_test'); - } catch (\cassandra\InvalidRequestException $e) { - - } - } - - private function createCassandraDb(Cassandra $storage) - { - // create the cassandra keyspace and column family - $sys = new \phpcassa\SystemManager('localhost:9160'); - - $sys->create_keyspace('oauth2_test', array( - "strategy_class" => \phpcassa\Schema\StrategyClass::SIMPLE_STRATEGY, - "strategy_options" => array('replication_factor' => '1') - )); - - $sys->create_column_family('oauth2_test', 'auth'); - $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_test', array('127.0.0.1:9160')); - $cf = new \phpcassa\ColumnFamily($cassandra, 'auth'); - - // populate the data - $storage->setClientDetails("oauth_test_client", "testpass", "http://example.com", 'implicit password'); - $storage->setAccessToken("testtoken", "Some Client", '', time() + 1000); - $storage->setAuthorizationCode("testcode", "Some Client", '', '', time() + 1000); - - $storage->setScope('supportedscope1 supportedscope2 supportedscope3 supportedscope4'); - $storage->setScope('defaultscope1 defaultscope2', null, 'default'); - - $storage->setScope('clientscope1 clientscope2', 'Test Client ID'); - $storage->setScope('clientscope1 clientscope2', 'Test Client ID', 'default'); - - $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Client ID 2'); - $storage->setScope('clientscope1 clientscope2', 'Test Client ID 2', 'default'); - - $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID'); - $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID', 'default'); - - $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Default Scope Client ID 2'); - $storage->setScope('clientscope3', 'Test Default Scope Client ID 2', 'default'); - - $storage->setClientKey('oauth_test_client', $this->getTestPublicKey(), 'test_subject'); - - $cf->insert("oauth_public_keys:ClientID_One", array('__data' => json_encode(array("public_key" => "client_1_public", "private_key" => "client_1_private", "encryption_algorithm" => "RS256")))); - $cf->insert("oauth_public_keys:ClientID_Two", array('__data' => json_encode(array("public_key" => "client_2_public", "private_key" => "client_2_private", "encryption_algorithm" => "RS256")))); - $cf->insert("oauth_public_keys:", array('__data' => json_encode(array("public_key" => $this->getTestPublicKey(), "private_key" => $this->getTestPrivateKey(), "encryption_algorithm" => "RS256")))); - - $cf->insert("oauth_users:testuser", array('__data' =>json_encode(array("password" => "password", "email" => "testuser@test.com", "email_verified" => true)))); - - } - - private function createSqliteDb(\PDO $pdo) - { - $this->runPdoSql($pdo); - } - - private function removeSqliteDb() - { - if (file_exists($this->getSqliteDir())) { - unlink($this->getSqliteDir()); - } - } - - private function createMysqlDb(\PDO $pdo) - { - $pdo->exec('CREATE DATABASE oauth2_server_php'); - $pdo->exec('USE oauth2_server_php'); - $this->runPdoSql($pdo); - } - - private function removeMysqlDb(\PDO $pdo) - { - $pdo->exec('DROP DATABASE IF EXISTS oauth2_server_php'); - } - - private function createPostgresDb() - { - if (!`psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='postgres'"`) { - `createuser -s -r postgres`; - } - - `createdb -O postgres oauth2_server_php`; - } - - private function populatePostgresDb(\PDO $pdo) - { - $this->runPdoSql($pdo); - } - - private function removePostgresDb() - { - if (trim(`psql -l | grep oauth2_server_php | wc -l`)) { - `dropdb oauth2_server_php`; - } - } - - public function runPdoSql(\PDO $pdo) - { - $storage = new Pdo($pdo); - foreach (explode(';', $storage->getBuildSql()) as $statement) { - $result = $pdo->exec($statement); - } - - // set up scopes - $sql = 'INSERT INTO oauth_scopes (scope) VALUES (?)'; - foreach (explode(' ', 'supportedscope1 supportedscope2 supportedscope3 supportedscope4 clientscope1 clientscope2 clientscope3') as $supportedScope) { - $pdo->prepare($sql)->execute(array($supportedScope)); - } - - $sql = 'INSERT INTO oauth_scopes (scope, is_default) VALUES (?, ?)'; - foreach (array('defaultscope1', 'defaultscope2') as $defaultScope) { - $pdo->prepare($sql)->execute(array($defaultScope, true)); - } - - // set up clients - $sql = 'INSERT INTO oauth_clients (client_id, client_secret, scope, grant_types) VALUES (?, ?, ?, ?)'; - $pdo->prepare($sql)->execute(array('Test Client ID', 'TestSecret', 'clientscope1 clientscope2', null)); - $pdo->prepare($sql)->execute(array('Test Client ID 2', 'TestSecret', 'clientscope1 clientscope2 clientscope3', null)); - $pdo->prepare($sql)->execute(array('Test Default Scope Client ID', 'TestSecret', 'clientscope1 clientscope2', null)); - $pdo->prepare($sql)->execute(array('oauth_test_client', 'testpass', null, 'implicit password')); - - // set up misc - $sql = 'INSERT INTO oauth_access_tokens (access_token, client_id, expires, user_id) VALUES (?, ?, ?, ?)'; - $pdo->prepare($sql)->execute(array('testtoken', 'Some Client', date('Y-m-d H:i:s', strtotime('+1 hour')), null)); - $pdo->prepare($sql)->execute(array('accesstoken-openid-connect', 'Some Client', date('Y-m-d H:i:s', strtotime('+1 hour')), 'testuser')); - - $sql = 'INSERT INTO oauth_authorization_codes (authorization_code, client_id, expires) VALUES (?, ?, ?)'; - $pdo->prepare($sql)->execute(array('testcode', 'Some Client', date('Y-m-d H:i:s', strtotime('+1 hour')))); - - $sql = 'INSERT INTO oauth_users (username, password, email, email_verified) VALUES (?, ?, ?, ?)'; - $pdo->prepare($sql)->execute(array('testuser', 'password', 'testuser@test.com', true)); - - $sql = 'INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (?, ?, ?, ?)'; - $pdo->prepare($sql)->execute(array('ClientID_One', 'client_1_public', 'client_1_private', 'RS256')); - $pdo->prepare($sql)->execute(array('ClientID_Two', 'client_2_public', 'client_2_private', 'RS256')); - - $sql = 'INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (?, ?, ?, ?)'; - $pdo->prepare($sql)->execute(array(null, $this->getTestPublicKey(), $this->getTestPrivateKey(), 'RS256')); - - $sql = 'INSERT INTO oauth_jwt (client_id, subject, public_key) VALUES (?, ?, ?)'; - $pdo->prepare($sql)->execute(array('oauth_test_client', 'test_subject', $this->getTestPublicKey())); - } - - public function getSqliteDir() - { - return $this->configDir. '/test.sqlite'; - } - - public function getConfigDir() - { - return $this->configDir; - } - - private function createCouchbaseDB(\Couchbase $db) - { - $db->set('oauth_clients-oauth_test_client',json_encode(array( - 'client_id' => "oauth_test_client", - 'client_secret' => "testpass", - 'redirect_uri' => "http://example.com", - 'grant_types' => 'implicit password' - ))); - - $db->set('oauth_access_tokens-testtoken',json_encode(array( - 'access_token' => "testtoken", - 'client_id' => "Some Client" - ))); - - $db->set('oauth_authorization_codes-testcode',json_encode(array( - 'access_token' => "testcode", - 'client_id' => "Some Client" - ))); - - $db->set('oauth_users-testuser',json_encode(array( - 'username' => 'testuser', - 'password' => 'password', - 'email' => 'testuser@test.com', - 'email_verified' => true, - ))); - - $db->set('oauth_jwt-oauth_test_client',json_encode(array( - 'client_id' => 'oauth_test_client', - 'key' => $this->getTestPublicKey(), - 'subject' => 'test_subject', - ))); - } - - private function clearCouchbase(\Couchbase $cb) - { - $cb->delete('oauth_authorization_codes-new-openid-code'); - $cb->delete('oauth_access_tokens-newtoken'); - $cb->delete('oauth_authorization_codes-newcode'); - $cb->delete('oauth_refresh_tokens-refreshtoken'); - } - - private function createMongoDb(\MongoDB $db) - { - $db->oauth_clients->insert(array( - 'client_id' => "oauth_test_client", - 'client_secret' => "testpass", - 'redirect_uri' => "http://example.com", - 'grant_types' => 'implicit password' - )); - - $db->oauth_access_tokens->insert(array( - 'access_token' => "testtoken", - 'client_id' => "Some Client" - )); - - $db->oauth_authorization_codes->insert(array( - 'authorization_code' => "testcode", - 'client_id' => "Some Client" - )); - - $db->oauth_users->insert(array( - 'username' => 'testuser', - 'password' => 'password', - 'email' => 'testuser@test.com', - 'email_verified' => true, - )); - - $db->oauth_jwt->insert(array( - 'client_id' => 'oauth_test_client', - 'key' => $this->getTestPublicKey(), - 'subject' => 'test_subject', - )); - } - - private function createRedisDb(Redis $storage) - { - $storage->setClientDetails("oauth_test_client", "testpass", "http://example.com", 'implicit password'); - $storage->setAccessToken("testtoken", "Some Client", '', time() + 1000); - $storage->setAuthorizationCode("testcode", "Some Client", '', '', time() + 1000); - $storage->setUser("testuser", "password"); - - $storage->setScope('supportedscope1 supportedscope2 supportedscope3 supportedscope4'); - $storage->setScope('defaultscope1 defaultscope2', null, 'default'); - - $storage->setScope('clientscope1 clientscope2', 'Test Client ID'); - $storage->setScope('clientscope1 clientscope2', 'Test Client ID', 'default'); - - $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Client ID 2'); - $storage->setScope('clientscope1 clientscope2', 'Test Client ID 2', 'default'); - - $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID'); - $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID', 'default'); - - $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Default Scope Client ID 2'); - $storage->setScope('clientscope3', 'Test Default Scope Client ID 2', 'default'); - - $storage->setClientKey('oauth_test_client', $this->getTestPublicKey(), 'test_subject'); - } - - public function removeMongoDb(\MongoDB $db) - { - $db->drop(); - } - - public function getTestPublicKey() - { - return file_get_contents(__DIR__.'/../../../config/keys/id_rsa.pub'); - } - - private function getTestPrivateKey() - { - return file_get_contents(__DIR__.'/../../../config/keys/id_rsa'); - } - - public function getDynamoDbStorage() - { - if (!$this->dynamodb) { - // only run once per travis build - if (true == $this->getEnvVar('TRAVIS')) { - if (self::DYNAMODB_PHP_VERSION != $this->getEnvVar('TRAVIS_PHP_VERSION')) { - $this->dynamodb = new NullStorage('DynamoDb', 'Skipping for travis.ci - only run once per build'); - - return; - } - } - if (class_exists('\Aws\DynamoDb\DynamoDbClient')) { - if ($client = $this->getDynamoDbClient()) { - // travis runs a unique set of tables per build, to avoid conflict - $prefix = ''; - if ($build_id = $this->getEnvVar('TRAVIS_JOB_NUMBER')) { - $prefix = sprintf('build_%s_', $build_id); - } else { - if (!$this->deleteDynamoDb($client, $prefix, true)) { - return $this->dynamodb = new NullStorage('DynamoDb', 'Timed out while waiting for DynamoDB deletion (30 seconds)'); - } - } - $this->createDynamoDb($client, $prefix); - $this->populateDynamoDb($client, $prefix); - $config = array( - 'client_table' => $prefix.'oauth_clients', - 'access_token_table' => $prefix.'oauth_access_tokens', - 'refresh_token_table' => $prefix.'oauth_refresh_tokens', - 'code_table' => $prefix.'oauth_authorization_codes', - 'user_table' => $prefix.'oauth_users', - 'jwt_table' => $prefix.'oauth_jwt', - 'scope_table' => $prefix.'oauth_scopes', - 'public_key_table' => $prefix.'oauth_public_keys', - ); - $this->dynamodb = new DynamoDB($client, $config); - } elseif (!$this->dynamodb) { - $this->dynamodb = new NullStorage('DynamoDb', 'unable to connect to DynamoDB'); - } - } else { - $this->dynamodb = new NullStorage('DynamoDb', 'Missing DynamoDB library. Please run "composer.phar require aws/aws-sdk-php:dev-master'); - } - } - - return $this->dynamodb; - } - - private function getDynamoDbClient() - { - $config = array(); - // check for environment variables - if (($key = $this->getEnvVar('AWS_ACCESS_KEY_ID')) && ($secret = $this->getEnvVar('AWS_SECRET_KEY'))) { - $config['key'] = $key; - $config['secret'] = $secret; - } else { - // fall back on ~/.aws/credentials file - // @see http://docs.aws.amazon.com/aws-sdk-php/guide/latest/credentials.html#credential-profiles - if (!file_exists($this->getEnvVar('HOME') . '/.aws/credentials')) { - $this->dynamodb = new NullStorage('DynamoDb', 'No aws credentials file found, and no AWS_ACCESS_KEY_ID or AWS_SECRET_KEY environment variable set'); - - return; - } - - // set profile in AWS_PROFILE environment variable, defaults to "default" - $config['profile'] = $this->getEnvVar('AWS_PROFILE', 'default'); - } - - // set region in AWS_REGION environment variable, defaults to "us-east-1" - $config['region'] = $this->getEnvVar('AWS_REGION', \Aws\Common\Enum\Region::US_EAST_1); - - return \Aws\DynamoDb\DynamoDbClient::factory($config); - } - - private function deleteDynamoDb(\Aws\DynamoDb\DynamoDbClient $client, $prefix = null, $waitForDeletion = false) - { - $tablesList = explode(' ', 'oauth_access_tokens oauth_authorization_codes oauth_clients oauth_jwt oauth_public_keys oauth_refresh_tokens oauth_scopes oauth_users'); - $nbTables = count($tablesList); - - // Delete all table. - foreach ($tablesList as $key => $table) { - try { - $client->deleteTable(array('TableName' => $prefix.$table)); - } catch (\Aws\DynamoDb\Exception\DynamoDbException $e) { - // Table does not exist : nothing to do - } - } - - // Wait for deleting - if ($waitForDeletion) { - $retries = 5; - $nbTableDeleted = 0; - while ($nbTableDeleted != $nbTables) { - $nbTableDeleted = 0; - foreach ($tablesList as $key => $table) { - try { - $result = $client->describeTable(array('TableName' => $prefix.$table)); - } catch (\Aws\DynamoDb\Exception\DynamoDbException $e) { - // Table does not exist : nothing to do - $nbTableDeleted++; - } - } - if ($nbTableDeleted != $nbTables) { - if ($retries < 0) { - // we are tired of waiting - return false; - } - sleep(5); - echo "Sleeping 5 seconds for DynamoDB ($retries more retries)...\n"; - $retries--; - } - } - } - - return true; - } - - private function createDynamoDb(\Aws\DynamoDb\DynamoDbClient $client, $prefix = null) - { - $tablesList = explode(' ', 'oauth_access_tokens oauth_authorization_codes oauth_clients oauth_jwt oauth_public_keys oauth_refresh_tokens oauth_scopes oauth_users'); - $nbTables = count($tablesList); - $client->createTable(array( - 'TableName' => $prefix.'oauth_access_tokens', - 'AttributeDefinitions' => array( - array('AttributeName' => 'access_token','AttributeType' => 'S') - ), - 'KeySchema' => array(array('AttributeName' => 'access_token','KeyType' => 'HASH')), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_authorization_codes', - 'AttributeDefinitions' => array( - array('AttributeName' => 'authorization_code','AttributeType' => 'S') - ), - 'KeySchema' => array(array('AttributeName' => 'authorization_code','KeyType' => 'HASH')), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_clients', - 'AttributeDefinitions' => array( - array('AttributeName' => 'client_id','AttributeType' => 'S') - ), - 'KeySchema' => array(array('AttributeName' => 'client_id','KeyType' => 'HASH')), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_jwt', - 'AttributeDefinitions' => array( - array('AttributeName' => 'client_id','AttributeType' => 'S'), - array('AttributeName' => 'subject','AttributeType' => 'S') - ), - 'KeySchema' => array( - array('AttributeName' => 'client_id','KeyType' => 'HASH'), - array('AttributeName' => 'subject','KeyType' => 'RANGE') - ), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_public_keys', - 'AttributeDefinitions' => array( - array('AttributeName' => 'client_id','AttributeType' => 'S') - ), - 'KeySchema' => array(array('AttributeName' => 'client_id','KeyType' => 'HASH')), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_refresh_tokens', - 'AttributeDefinitions' => array( - array('AttributeName' => 'refresh_token','AttributeType' => 'S') - ), - 'KeySchema' => array(array('AttributeName' => 'refresh_token','KeyType' => 'HASH')), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_scopes', - 'AttributeDefinitions' => array( - array('AttributeName' => 'scope','AttributeType' => 'S'), - array('AttributeName' => 'is_default','AttributeType' => 'S') - ), - 'KeySchema' => array(array('AttributeName' => 'scope','KeyType' => 'HASH')), - 'GlobalSecondaryIndexes' => array( - array( - 'IndexName' => 'is_default-index', - 'KeySchema' => array(array('AttributeName' => 'is_default', 'KeyType' => 'HASH')), - 'Projection' => array('ProjectionType' => 'ALL'), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - ), - ), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - $client->createTable(array( - 'TableName' => $prefix.'oauth_users', - 'AttributeDefinitions' => array(array('AttributeName' => 'username','AttributeType' => 'S')), - 'KeySchema' => array(array('AttributeName' => 'username','KeyType' => 'HASH')), - 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1) - )); - - // Wait for creation - $nbTableCreated = 0; - while ($nbTableCreated != $nbTables) { - $nbTableCreated = 0; - foreach ($tablesList as $key => $table) { - try { - $result = $client->describeTable(array('TableName' => $prefix.$table)); - if ($result['Table']['TableStatus'] == 'ACTIVE') { - $nbTableCreated++; - } - } catch (\Aws\DynamoDb\Exception\DynamoDbException $e) { - // Table does not exist : nothing to do - $nbTableCreated++; - } - } - if ($nbTableCreated != $nbTables) { - sleep(1); - } - } - } - - private function populateDynamoDb($client, $prefix = null) - { - // set up scopes - foreach (explode(' ', 'supportedscope1 supportedscope2 supportedscope3 supportedscope4 clientscope1 clientscope2 clientscope3') as $supportedScope) { - $client->putItem(array( - 'TableName' => $prefix.'oauth_scopes', - 'Item' => array('scope' => array('S' => $supportedScope)) - )); - } - - foreach (array('defaultscope1', 'defaultscope2') as $defaultScope) { - $client->putItem(array( - 'TableName' => $prefix.'oauth_scopes', - 'Item' => array('scope' => array('S' => $defaultScope), 'is_default' => array('S' => "true")) - )); - } - - $client->putItem(array( - 'TableName' => $prefix.'oauth_clients', - 'Item' => array( - 'client_id' => array('S' => 'Test Client ID'), - 'client_secret' => array('S' => 'TestSecret'), - 'scope' => array('S' => 'clientscope1 clientscope2') - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_clients', - 'Item' => array( - 'client_id' => array('S' => 'Test Client ID 2'), - 'client_secret' => array('S' => 'TestSecret'), - 'scope' => array('S' => 'clientscope1 clientscope2 clientscope3') - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_clients', - 'Item' => array( - 'client_id' => array('S' => 'Test Default Scope Client ID'), - 'client_secret' => array('S' => 'TestSecret'), - 'scope' => array('S' => 'clientscope1 clientscope2') - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_clients', - 'Item' => array( - 'client_id' => array('S' => 'oauth_test_client'), - 'client_secret' => array('S' => 'testpass'), - 'grant_types' => array('S' => 'implicit password') - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_access_tokens', - 'Item' => array( - 'access_token' => array('S' => 'testtoken'), - 'client_id' => array('S' => 'Some Client'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_access_tokens', - 'Item' => array( - 'access_token' => array('S' => 'accesstoken-openid-connect'), - 'client_id' => array('S' => 'Some Client'), - 'user_id' => array('S' => 'testuser'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_authorization_codes', - 'Item' => array( - 'authorization_code' => array('S' => 'testcode'), - 'client_id' => array('S' => 'Some Client'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_users', - 'Item' => array( - 'username' => array('S' => 'testuser'), - 'password' => array('S' => 'password'), - 'email' => array('S' => 'testuser@test.com'), - 'email_verified' => array('S' => 'true'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_public_keys', - 'Item' => array( - 'client_id' => array('S' => 'ClientID_One'), - 'public_key' => array('S' => 'client_1_public'), - 'private_key' => array('S' => 'client_1_private'), - 'encryption_algorithm' => array('S' => 'RS256'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_public_keys', - 'Item' => array( - 'client_id' => array('S' => 'ClientID_Two'), - 'public_key' => array('S' => 'client_2_public'), - 'private_key' => array('S' => 'client_2_private'), - 'encryption_algorithm' => array('S' => 'RS256'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_public_keys', - 'Item' => array( - 'client_id' => array('S' => '0'), - 'public_key' => array('S' => $this->getTestPublicKey()), - 'private_key' => array('S' => $this->getTestPrivateKey()), - 'encryption_algorithm' => array('S' => 'RS256'), - ) - )); - - $client->putItem(array( - 'TableName' => $prefix.'oauth_jwt', - 'Item' => array( - 'client_id' => array('S' => 'oauth_test_client'), - 'subject' => array('S' => 'test_subject'), - 'public_key' => array('S' => $this->getTestPublicKey()), - ) - )); - } - - public function cleanupTravisDynamoDb($prefix = null) - { - if (is_null($prefix)) { - // skip this when not applicable - if (!$this->getEnvVar('TRAVIS') || self::DYNAMODB_PHP_VERSION != $this->getEnvVar('TRAVIS_PHP_VERSION')) { - return; - } - - $prefix = sprintf('build_%s_', $this->getEnvVar('TRAVIS_JOB_NUMBER')); - } - - $client = $this->getDynamoDbClient(); - $this->deleteDynamoDb($client, $prefix); - } - - private function getEnvVar($var, $default = null) - { - return isset($_SERVER[$var]) ? $_SERVER[$var] : (getenv($var) ?: $default); - } -} diff --git a/library/oauth2/test/lib/OAuth2/Storage/NullStorage.php b/library/oauth2/test/lib/OAuth2/Storage/NullStorage.php deleted file mode 100644 index 6caa62068..000000000 --- a/library/oauth2/test/lib/OAuth2/Storage/NullStorage.php +++ /dev/null @@ -1,32 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -/** -* -*/ -class NullStorage extends Memory -{ - private $name; - private $description; - - public function __construct($name, $description = null) - { - $this->name = $name; - $this->description = $description; - } - - public function __toString() - { - return $this->name; - } - - public function getMessage() - { - if ($this->description) { - return $this->description; - } - - return $this->name; - } -} |