public function testCSRFAttack()
{
$h = new HttpRequest("https://auth.example.org?client_id=testclient&response_type=token&scope=read&state=xyz", "POST");
$h->setHeader("HTTP_REFERER", "https://evil.site.org/xyz");
$h->setPostParameters(array("approval" => "approve", "scope" => array("read")));
$o = new Authorize($this->_config);
$response = $o->handleRequest($h);
$this->assertEquals(400, $response->getStatusCode());
$this->assertRegexp("|.*csrf protection triggered, referrer does not match request uri.*|", $response->getContent());
}
public function testForHeaderDoesExist()
{
$h = new HttpRequest("http://www.example.com/request");
$h->setHeader("Authorization", "Bla");
$this->assertNotNull($h->getHeader("Authorization"));
}
public function testDeleteAuthorization()
{
$h = new HttpRequest("http://www.example.org/api.php");
$h->setRequestMethod("DELETE");
$h->setPathInfo("/authorizations/testclient");
$h->setHeader("Authorization", "Bearer 12345abc");
// FIXME: test with non existing client_id!
$response = $this->_api->handleRequest($h);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('{"ok":true}', $response->getContent());
}
