public function testCSRFAttack() { $h = new HttpRequest("https://auth.example.org?client_id=testclient&response_type=token&scope=read&state=xyz", "POST"); $h->setHeader("HTTP_REFERER", "https://evil.site.org/xyz"); $h->setPostParameters(array("approval" => "approve", "scope" => array("read"))); $o = new Authorize($this->_config); $response = $o->handleRequest($h); $this->assertEquals(400, $response->getStatusCode()); $this->assertRegexp("|.*csrf protection triggered, referrer does not match request uri.*|", $response->getContent()); }
public function testForHeaderDoesExist() { $h = new HttpRequest("http://www.example.com/request"); $h->setHeader("Authorization", "Bla"); $this->assertNotNull($h->getHeader("Authorization")); }
public function testDeleteAuthorization() { $h = new HttpRequest("http://www.example.org/api.php"); $h->setRequestMethod("DELETE"); $h->setPathInfo("/authorizations/testclient"); $h->setHeader("Authorization", "Bearer 12345abc"); // FIXME: test with non existing client_id! $response = $this->_api->handleRequest($h); $this->assertEquals(200, $response->getStatusCode()); $this->assertEquals('{"ok":true}', $response->getContent()); }