/**
* Prepare the actual HttpResponse for the token
*/
protected function prepareTokenResponse(AccessToken $accessToken, RefreshToken $refreshToken = null, bool $useRefreshTokenScopes = false) : ResponseInterface
{
$owner = $accessToken->getOwner();
$scopes = $useRefreshTokenScopes ? $refreshToken->getScopes() : $accessToken->getScopes();
$responseBody = ['access_token' => $accessToken->getToken(), 'token_type' => 'Bearer', 'expires_in' => $accessToken->getExpiresIn(), 'scope' => implode(' ', $scopes), 'owner_id' => $owner ? $owner->getTokenOwnerId() : null];
if (null !== $refreshToken) {
$responseBody['refresh_token'] = $refreshToken->getToken();
}
return new Response\JsonResponse(array_filter($responseBody));
}
/**
* Create a new token (and generate the token)
*
* @param TokenOwnerInterface $owner
* @param Client $client
* @param string|string[]|Scope[] $scopes
* @return AccessToken
* @throws OAuth2Exception
*/
public function createToken($owner, $client, $scopes) : AccessToken
{
if (empty($scopes)) {
$scopes = $this->scopeService->getDefaultScopes();
} else {
$this->validateTokenScopes($scopes);
}
do {
$token = AccessToken::createNewAccessToken($this->serverOptions->getAccessTokenTtl(), $owner, $client, $scopes);
} while ($this->tokenRepository->tokenExists($token->getToken()));
return $this->tokenRepository->save($token);
}
public function testCanCreateTokenResponse()
{
$request = $this->createMock(ServerRequestInterface::class);
$client = Client::createNewClient('name', 'http://www.example.com');
$owner = $this->createMock(TokenOwnerInterface::class);
$owner->expects($this->once())->method('getTokenOwnerId')->will($this->returnValue(1));
$token = AccessToken::reconstitute(['token' => 'azerty', 'owner' => $owner, 'client' => null, 'expiresAt' => (new \DateTimeImmutable())->add(new DateInterval('PT1H')), 'scopes' => []]);
$this->tokenService->expects($this->once())->method('createToken')->will($this->returnValue($token));
$response = $this->grant->createTokenResponse($request, $client, $owner);
$body = json_decode($response->getBody(), true);
$this->assertEquals('azerty', $body['access_token']);
$this->assertEquals('Bearer', $body['token_type']);
$this->assertEquals(3600, $body['expires_in']);
$this->assertEquals(1, $body['owner_id']);
}
/**
* @return AccessToken
*/
private function getValidAccessToken(TokenOwnerInterface $owner = null, array $scopes = null)
{
$validDate = (new \DateTimeImmutable())->add(new DateInterval('PT1H'));
$token = AccessToken::reconstitute(['token' => 'azerty_access', 'owner' => $owner, 'client' => null, 'scopes' => $scopes ?? ['read'], 'expiresAt' => $validDate]);
return $token;
}
public function testDoesCaseSensitiveTest()
{
$token = AccessToken::reconstitute(['token' => 'Token', 'owner' => $this->createMock(TokenOwnerInterface::class), 'client' => $this->createMock(Client::class), 'expiresAt' => new \DateTimeImmutable(), 'scopes' => []]);
$this->tokenRepository->expects($this->once())->method('findByToken')->with('token')->will($this->returnValue($token));
$this->assertNull($this->tokenService->getToken('token'));
}
public function testIsValid()
{
$accessToken = AccessToken::createNewAccessToken(60, null, null, 'read write');
$this->assertTrue($accessToken->isValid('read'));
$accessToken = AccessToken::createNewAccessToken(-60, null, null, 'read write');
$this->assertFalse($accessToken->isValid('read'));
$accessToken = AccessToken::createNewAccessToken(60, null, null, 'read write');
$this->assertFalse($accessToken->isValid('delete'));
}
/**
* @dataProvider requestProvider
*/
public function testCanValidateAccessToResource($expiredToken, $tokenScope, $desiredScope, $match)
{
$request = $this->createMock(ServerRequestInterface::class);
$request->expects($this->once())->method('hasHeader')->with('Authorization')->will($this->returnValue(true));
$request->expects($this->once())->method('getHeaderLine')->will($this->returnValue('Bearer token'));
if ($expiredToken) {
$accessToken = AccessToken::createNewAccessToken(-3600, null, null, $tokenScope);
} else {
$accessToken = AccessToken::createNewAccessToken(3600, null, null, $tokenScope);
}
$this->tokenService->expects($this->once())->method('getToken')->with('token')->will($this->returnValue($accessToken));
if (!$match || $expiredToken) {
$this->expectException(InvalidAccessTokenException::class);
}
$tokenResult = $this->resourceServer->getAccessToken($request, $desiredScope);
$this->assertInstanceOf(AccessToken::class, $tokenResult);
}
/**
* @dataProvider revocationProvider
*/
public function testReturn503IfCannotRevoke($tokenType)
{
$request = $this->createMock(ServerRequestInterface::class);
$request->expects($this->once())->method('getParsedBody')->willReturn(['token' => 'abc', 'token_type_hint' => $tokenType]);
$clientService = $this->createMock(ClientService::class);
$grant = $this->createMock(GrantInterface::class);
$accessTokenService = $this->createMock(AccessTokenService::class);
$refreshTokenService = $this->createMock(RefreshTokenService::class);
$authorizationServer = new AuthorizationServer($clientService, [$grant], $accessTokenService, $refreshTokenService);
if ($tokenType === 'access_token') {
$token = AccessToken::reconstitute(['token' => 'abc', 'owner' => null, 'client' => null, 'scopes' => [], 'expiresAt' => new \DateTimeImmutable()]);
$accessTokenService->expects($this->once())->method('getToken')->with('abc')->will($this->returnValue($token));
$accessTokenService->expects($this->once())->method('deleteToken')->with($token)->will($this->throwException(new \RuntimeException()));
} elseif ($tokenType === 'refresh_token') {
$token = RefreshToken::reconstitute(['token' => 'abc', 'owner' => null, 'client' => null, 'scopes' => [], 'expiresAt' => new \DateTimeImmutable()]);
$refreshTokenService->expects($this->once())->method('getToken')->with('abc')->will($this->returnValue($token));
$refreshTokenService->expects($this->once())->method('deleteToken')->with($token)->will($this->throwException(new \RuntimeException()));
}
$response = $authorizationServer->handleRevocationRequest($request);
$this->assertInstanceOf(ResponseInterface::class, $response);
$this->assertEquals(503, $response->getStatusCode());
}