public function testValidCredentialsInQuerystring()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
     $token = $server->grantAccessToken($request, new Response());
     $this->assertNotNull($token);
     $this->assertArrayHasKey('access_token', $token);
     $this->assertNotNull($token['access_token']);
 }
 public function testNoSecretWithConfidentialClient()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'username' => 'test-username', 'password' => 'testpass'));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_client');
     $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret');
 }
 public function testValidCredentialsInvalidScope()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass', 'scope' => 'invalid-scope'));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
 }
 public function testOfflineAccess()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode-openid', 'scope' => 'offline_access'));
     $token = $server->grantAccessToken($request, new Response());
     $this->assertNotNull($token);
     $this->assertArrayHasKey('id_token', $token);
     $this->assertEquals('test_id_token', $token['id_token']);
     $this->assertTrue(isset($token['refresh_token']));
 }
 public function testRequestOverride()
 {
     $request = new TestRequest();
     $server = $this->getTestServer();
     // Smoke test for override request class
     // $server->handleTokenRequest($request, $response = new Response());
     // $this->assertInstanceOf('Response', $response);
     // $server->handleAuthorizeRequest($request, $response = new Response(), true);
     // $this->assertInstanceOf('Response', $response);
     // $response = $server->verifyResourceRequest($request, $response = new Response());
     // $this->assertTrue(is_bool($response));
     /*** make some valid requests ***/
     // Valid Token Request
     $request->setPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 200);
     $this->assertNull($response->getParameter('error'));
     $this->assertNotNUll($response->getParameter('access_token'));
 }
Example #6
0
 public function testInvalidContentType()
 {
     $bearer = new Bearer();
     $request = TestRequest::createPost(array('access_token' => 'ThisIsMyAccessToken'));
     $request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8';
     $param = $bearer->getAccessTokenParameter($request, $response = new Response());
     $this->assertNull($param);
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_request');
     $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
 }
 public function testAccessResourceWithCryptoTokenUsingSecondaryStorage()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($cryptoToken = $response->getParameter('access_token'));
     // make a call to the resource server using the crypto token
     $request = TestRequest::createPost(array('access_token' => $cryptoToken));
     // create a resource server with the "memory" storage from the grant server
     $resourceServer = new Server($server->getStorage('client_credentials'));
     $this->assertTrue($resourceServer->verifyResourceRequest($request));
 }
 public function testCryptoTokenWithRefreshToken()
 {
     $server = $this->getTestServer();
     // add "UserCredentials" grant type and "CryptoToken" response type
     // and ensure "CryptoToken" response type has "RefreshToken" storage
     $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
     $server->addGrantType(new UserCredentials($memoryStorage));
     $server->addGrantType(new RefreshToken($memoryStorage));
     $server->addResponseType(new CryptoToken($memoryStorage, $memoryStorage, $memoryStorage), 'token');
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass'));
     // make the call to grant a crypto token
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($cryptoToken = $response->getParameter('access_token'));
     $this->assertNotNull($refreshToken = $response->getParameter('refresh_token'));
     // decode token and make sure refresh_token isn't set
     list($header, $payload, $signature) = explode('.', $cryptoToken);
     $decodedToken = json_decode(base64_decode($payload), true);
     $this->assertFalse(array_key_exists('refresh_token', $decodedToken));
     // use the refresh token to get another access token
     $request = TestRequest::createPost(array('grant_type' => 'refresh_token', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'refresh_token' => $refreshToken));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($response->getParameter('access_token'));
 }
 public function testGrantCodeAccessTokenOnNewCode()
 {
     $request = TestRequest::createPost(array('grant_type' => 'device_code', 'client_id' => 'test_client_id'));
     $this->server->handleDeviceRequest($request, $response = new Response());
     $this->assertNotNull($response->getParameter('code'));
     $deviceCodeResponse = $response;
     // Get access token when user_id is null
     $request = TestRequest::createPost(array('grant_type' => 'device_token', 'client_id' => 'test_client_id', 'code' => $deviceCodeResponse->getParameter('code')));
     $this->server->handleDeviceRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertArrayHasKey('error', $response->getParameters());
     $this->assertEquals('authorization_pending', $response->getParameter('error'));
     // Update user_id and verify response
     $deviceStorage = $this->server->getStorage('device_code');
     $code = $deviceStorage->getDeviceCode($deviceCodeResponse->getParameter('code'), 'test_client_id');
     $deviceStorage->setDeviceCode($code['device_code'], $code['user_code'], $code['client_id'], 1, $code['expires'], $code['scope']);
     $request = TestRequest::createPost(array('grant_type' => 'device_token', 'client_id' => 'test_client_id', 'code' => $deviceCodeResponse->getParameter('code')));
     $this->server->handleDeviceRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 200);
     $this->assertArrayHasKey('access_token', $response->getParameters());
     //ensure device code was deleted
     $code = $deviceStorage->getDeviceCode($deviceCodeResponse->getParameter('code'), 'test_client_id');
     $this->assertFalse($code);
 }
 public function testCanReceiveAccessTokenUsingPasswordGrantTypeWithoutClientSecret()
 {
     // add the test parameters in memory
     $storage = Bootstrap::getInstance()->getMemoryStorage();
     $server = new Server($storage);
     $server->addGrantType(new UserCredentials($storage));
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID For Password Grant', 'username' => 'johndoe', 'password' => 'password'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertTrue($response instanceof Response);
     $this->assertEquals(200, $response->getStatusCode(), var_export($response, 1));
     $this->assertNull($response->getParameter('error'));
     $this->assertNull($response->getParameter('error_description'));
     $this->assertNotNull($response->getParameter('access_token'));
     $this->assertNotNull($response->getParameter('expires_in'));
     $this->assertNotNull($response->getParameter('token_type'));
 }
Example #11
0
 public function testValidJwtInvalidScope()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(null, null, null, 'Test Client ID', 'invalid-scope')));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
 }
 public function testInvalidRequestMethodForRevoke()
 {
     $server = $this->getTestServer();
     $request = new TestRequest();
     $request->setQuery(array('token_type_hint' => 'access_token'));
     $server->handleRevokeRequest($request, $response = new Response());
     $this->assertTrue($response instanceof Response);
     $this->assertEquals(405, $response->getStatusCode(), var_export($response, 1));
     $this->assertEquals($response->getParameter('error'), 'invalid_request');
     $this->assertEquals($response->getParameter('error_description'), 'The request method must be POST when revoking an access token');
 }
 public function testJtiReplayAttack()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(99999999900, null, '*****@*****.**', 'Test Client ID', 'totally_new_jti')));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertNotNull($token);
     $this->assertArrayHasKey('access_token', $token);
     //Replay the same request
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_grant');
     $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used');
 }
 public function testClientUserIdIsSetInAccessToken()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Client ID With User ID', 'client_secret' => 'TestSecret'));
     $token = $server->grantAccessToken($request, new Response());
     $this->assertNotNull($token);
     $this->assertArrayHasKey('access_token', $token);
     // verify the user_id was associated with the token
     $storage = $server->getStorage('client');
     $token = $storage->getAccessToken($token['access_token']);
     $this->assertNotNull($token);
     $this->assertArrayHasKey('user_id', $token);
     $this->assertEquals($token['user_id'], '*****@*****.**');
 }
Example #15
0
 public function testCustomClientAssertionType()
 {
     $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'code' => 'testcode'));
     // verify the mock clientAssertionType was called as expected
     $clientAssertionType = $this->getMock('OAuth2\\ClientAssertionType\\ClientAssertionTypeInterface', array('validateRequest', 'getClientId'));
     $clientAssertionType->expects($this->once())->method('validateRequest')->will($this->returnValue(true));
     $clientAssertionType->expects($this->once())->method('getClientId')->will($this->returnValue('Test Client ID'));
     // create mock storage
     $storage = Bootstrap::getInstance()->getMemoryStorage();
     $server = new Server(array($storage), array(), array(), array(), null, null, $clientAssertionType);
     $server->handleTokenRequest($request, $response = new Response());
 }
 /**
  * @see http://tools.ietf.org/html/rfc6749#section-4.1.3
  * @see https://github.com/bshaffer/oauth2-server-php/issues/163
  */
 public function testNoRedirectUriSuppliedDoesNotRequireTokenRedirectUri()
 {
     $server = $this->getTestServer();
     $request = new Request(array('client_id' => 'Test Client ID with Redirect Uri', 'response_type' => 'code', 'state' => 'xyz'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     $this->assertEquals($response->getStatusCode(), 302);
     $this->assertContains('state', $response->getHttpHeader('Location'));
     $this->assertStringStartsWith('http://brentertainment.com?code=', $response->getHttpHeader('Location'));
     $parts = parse_url($response->getHttpHeader('Location'));
     parse_str($parts['query'], $query);
     // call token endpoint with no redirect_uri supplied
     $request = TestRequest::createPost(array('client_id' => 'Test Client ID with Redirect Uri', 'client_secret' => 'TestSecret2', 'grant_type' => 'authorization_code', 'code' => $query['code']));
     $server->handleTokenRequest($request, $response = new Response(), true);
     $this->assertEquals($response->getStatusCode(), 200);
     $this->assertNotNull($response->getParameter('access_token'));
 }
 public function testEnforceScope()
 {
     $storage = Bootstrap::getInstance()->getMemoryStorage();
     $server = new Server($storage);
     $server->addGrantType(new ClientCredentials($storage));
     $scope = new Scope(array('default_scope' => false, 'supported_scopes' => array('testscope')));
     $server->setScopeUtil($scope);
     $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
     $response = $server->handleTokenRequest($request);
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'This application requires you specify a scope parameter');
 }
 /**
  * Test setting "always_issue_new_refresh_token" on a server level
  *
  * @see test/OAuth2/GrantType/RefreshTokenTest::testValidRefreshTokenWithNewRefreshTokenInResponse
  **/
 public function testValidRefreshTokenWithNewRefreshTokenInResponse()
 {
     $storage = Bootstrap::getInstance()->getMemoryStorage();
     $server = new Server($storage, array('always_issue_new_refresh_token' => true));
     $request = TestRequest::createPost(array('grant_type' => 'refresh_token', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'refresh_token' => 'test-refreshtoken'));
     $token = $server->grantAccessToken($request, new Response());
     $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
     $refresh_token = $storage->getRefreshToken($token['refresh_token']);
     $this->assertNotNull($refresh_token);
     $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
     $this->assertEquals($refresh_token['client_id'], $request->request('client_id'));
     $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used');
     $used_token = $storage->getRefreshToken('test-refreshtoken');
     $this->assertFalse($used_token, 'the refresh token used is no longer valid');
 }
 public function testValidClientDifferentCode()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Some Other Client', 'client_secret' => 'TestSecret3', 'code' => 'testcode'));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_grant');
     $this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client');
 }
 public function testInvalidClientIdScope()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'code' => 'testcode', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'scope' => 'clientscope3 scope1'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
 }