From 10863a5949cc59771424cb809af5c9f279f78a58 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Fri, 7 Oct 2016 14:11:24 -0700
Subject: add oauth2/oidc lib

---
 .../test/OAuth2/GrantType/UserCredentialsTest.php  | 172 +++++++++++++++++++++
 1 file changed, 172 insertions(+)
 create mode 100644 library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php

(limited to 'library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php')

diff --git a/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php b/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php
new file mode 100644
index 000000000..18943d055
--- /dev/null
+++ b/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php
@@ -0,0 +1,172 @@
+<?php
+
+namespace OAuth2\GrantType;
+
+use OAuth2\Storage\Bootstrap;
+use OAuth2\Server;
+use OAuth2\Request\TestRequest;
+use OAuth2\Response;
+
+class UserCredentialsTest extends \PHPUnit_Framework_TestCase
+{
+    public function testNoUsername()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'password' => 'testpass', // valid password
+        ));
+        $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_request');
+        $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "username" and "password" required');
+    }
+
+    public function testNoPassword()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'username' => 'test-username', // valid username
+        ));
+        $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_request');
+        $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "username" and "password" required');
+    }
+
+    public function testInvalidUsername()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'username' => 'fake-username', // valid username
+            'password' => 'testpass', // valid password
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 401);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination');
+    }
+
+    public function testInvalidPassword()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'username' => 'test-username', // valid username
+            'password' => 'fakepass', // invalid password
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 401);
+        $this->assertEquals($response->getParameter('error'), 'invalid_grant');
+        $this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination');
+    }
+
+    public function testValidCredentials()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'username' => 'test-username', // valid username
+            'password' => 'testpass', // valid password
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+    }
+
+    public function testValidCredentialsWithScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'username' => 'test-username', // valid username
+            'password' => 'testpass', // valid password
+            'scope'    => 'scope1', // valid scope
+        ));
+        $token = $server->grantAccessToken($request, new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+        $this->assertArrayHasKey('scope', $token);
+        $this->assertEquals($token['scope'], 'scope1');
+    }
+
+    public function testValidCredentialsInvalidScope()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid client id
+            'client_secret' => 'TestSecret', // valid client secret
+            'username' => 'test-username', // valid username
+            'password' => 'testpass', // valid password
+            'scope'         => 'invalid-scope',
+        ));
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_scope');
+        $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
+    }
+
+    public function testNoSecretWithPublicClient()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID Empty Secret', // valid public client
+            'username' => 'test-username', // valid username
+            'password' => 'testpass', // valid password
+        ));
+
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertNotNull($token);
+        $this->assertArrayHasKey('access_token', $token);
+    }
+
+    public function testNoSecretWithConfidentialClient()
+    {
+        $server = $this->getTestServer();
+        $request = TestRequest::createPost(array(
+            'grant_type' => 'password', // valid grant type
+            'client_id' => 'Test Client ID', // valid public client
+            'username' => 'test-username', // valid username
+            'password' => 'testpass', // valid password
+        ));
+
+        $token = $server->grantAccessToken($request, $response = new Response());
+
+        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getParameter('error'), 'invalid_client');
+        $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret');
+    }
+
+    private function getTestServer()
+    {
+        $storage = Bootstrap::getInstance()->getMemoryStorage();
+        $server = new Server($storage);
+        $server->addGrantType(new UserCredentials($storage));
+
+        return $server;
+    }
+}
-- 
cgit v1.2.3