/**
 * Execute operations before OAuth2 Server sends a token response.
 *
 * @param \OAuth2Server|NULL $server
 * @param \OAuth2\Request $request
 * @param \OAuth2\Response $response
 */
function hook_oauth2_server_token($server, \OAuth2\Request $request, \OAuth2\Response $response)
{
    // Example: if the response is not successful, log a message.
    if ($response->getStatusCode() != 200) {
        watchdog('mymodule', 'Failed token response from server @server: @code @body', array('@server' => $server ? $server->name : NULL, '@code' => $response->getStatusCode(), '@body' => $response->getResponseBody()));
    }
}
 public function __construct(\OAuth2\Response $response)
 {
     $this->response = $response;
     $this->code = $response->getStatusCode();
     $this->description = $response->getStatusText();
     $this->message = $response->getResponseBody();
 }
 protected function getErrorMessage(\OAuth2\Response $response)
 {
     $message = Module::t('common', $response->getParameter('error_description'));
     if ($message === null) {
         $message = Module::t('common', 'An internal server error occurred.');
     }
     return $message;
 }
 public function testValidCredentialsInvalidScope()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass', 'scope' => 'invalid-scope'));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
 }
Example #5
0
 /**
  * Convert the OAuth2 response to a \Zend\Http\Response
  *
  * @param $response OAuth2Response
  * @return \Zend\Http\Response
  */
 private function setHttpResponse(OAuth2Response $response)
 {
     $httpResponse = $this->getResponse();
     $httpResponse->setStatusCode($response->getStatusCode());
     $headers = $httpResponse->getHeaders();
     $headers->addHeaders($response->getHttpHeaders());
     $headers->addHeaderLine('Content-type', 'application/json');
     $httpResponse->setContent($response->getResponseBody());
     return $httpResponse;
 }
Example #6
0
 public function testInvalidContentType()
 {
     $bearer = new Bearer();
     $request = TestRequest::createPost(array('access_token' => 'ThisIsMyAccessToken'));
     $request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8';
     $param = $bearer->getAccessTokenParameter($request, $response = new Response());
     $this->assertNull($param);
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_request');
     $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
 }
Example #7
0
 /**
  * Takes an OAuth2 response and converts it to JSON output via Tonis\Http\Response.
  *
  * @param Response          $oauthResponse
  * @param ResponseInterface $psrResponse
  * @return ResponseInterface
  */
 public static function convertResponseToPsr7(Response $oauthResponse, ResponseInterface $psrResponse)
 {
     $psrResponse = $psrResponse->withStatus($oauthResponse->getStatusCode());
     foreach ($oauthResponse->getHttpHeaders() as $header => $value) {
         $psrResponse = $psrResponse->withHeader($header, $value);
     }
     if (!empty($oauthResponse->getParameters())) {
         $psrResponse = $psrResponse->withHeader('Content-Type', 'application/json');
         $psrResponse->getBody()->write(json_encode($oauthResponse->getParameters()));
     }
     return $psrResponse;
 }
 /**
  * Copies values from the given Oauth2\Response to a PSR-7 Http Response.
  *
  * @param OAuth2\Response $oauth2Response The OAuth2 server response.
  *
  * @return \Psr\Http\Message\ResponseInterface
  */
 public static final function fromOauth2(OAuth2\Response $oauth2Response)
 {
     $headers = [];
     foreach ($oauth2Response->getHttpHeaders() as $key => $value) {
         $headers[$key] = explode(', ', $value);
     }
     $stream = fopen('php://temp', 'r+');
     if (!empty($oauth2Response->getParameters())) {
         fwrite($stream, $oauth2Response->getResponseBody());
         rewind($stream);
     }
     return new Response(new Stream($stream), $oauth2Response->getStatusCode(), $headers);
 }
 public function testAccessResourceWithCryptoTokenUsingSecondaryStorage()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($cryptoToken = $response->getParameter('access_token'));
     // make a call to the resource server using the crypto token
     $request = TestRequest::createPost(array('access_token' => $cryptoToken));
     // create a resource server with the "memory" storage from the grant server
     $resourceServer = new Server($server->getStorage('client_credentials'));
     $this->assertTrue($resourceServer->verifyResourceRequest($request));
 }
 /**
  * Constructor.
  * @param Response $response
  * @param \Exception $previous The previous exception used for the exception chaining.
  */
 public function __construct(Response $response, \Exception $previous = null)
 {
     if ((int) $response->getStatusCode() == 401) {
         $errorCode = $response->getParameter('error', 'required_token');
         $message = $response->getParameter('error_description', 'An Access Token is required.');
     } else {
         $errorCode = $response->getParameter('error', 'unknown');
         $message = $response->getParameter('error_description', $response->getStatusText());
     }
     $this->errorCode = $errorCode;
     $this->errorUri = $response->getParameter('error_uri');
     return parent::__construct($response->getStatusCode(), $message, 0, $previous);
 }
 public function testSuccessfulRequestStripsExtraParameters()
 {
     $server = $this->getTestServer(array('allow_implicit' => true));
     $request = new Request(array('client_id' => 'Test Client ID', 'redirect_uri' => 'http://adobe.com?fake=something', 'response_type' => 'token', 'state' => 'test', 'fake' => 'something'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     $this->assertEquals($response->getStatusCode(), 302);
     $this->assertNull($response->getParameter('error'));
     $this->assertNull($response->getParameter('error_description'));
     $location = $response->getHttpHeader('Location');
     $parts = parse_url($location);
     $this->assertFalse(isset($parts['fake']));
     $this->assertArrayHasKey('fragment', $parts);
     parse_str($parts['fragment'], $params);
     $this->assertFalse(isset($parmas['fake']));
     $this->assertArrayHasKey('state', $params);
     $this->assertEquals($params['state'], 'test');
 }
 public function testNoSecretWithConfidentialClient()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'username' => 'test-username', 'password' => 'testpass'));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_client');
     $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret');
 }
 private function extractTokenDataFromResponse(Response $response)
 {
     $this->assertEquals($response->getStatusCode(), 302);
     $location = $response->getHttpHeader('Location');
     $this->assertNotContains('error', $location);
     $parts = parse_url($location);
     $this->assertArrayHasKey('fragment', $parts);
     $this->assertFalse(isset($parts['query']));
     parse_str($parts['fragment'], $params);
     $this->assertNotNull($params);
     $this->assertArrayHasKey('id_token', $params);
     $this->assertArrayNotHasKey('access_token', $params);
     list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']);
     $jwt = new Jwt();
     $header = json_decode($jwt->urlSafeB64Decode($headb64), true);
     $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true);
     return array($header, $payload, $signature);
 }
 public function testRequestOverride()
 {
     $request = new TestRequest();
     $server = $this->getTestServer();
     // Smoke test for override request class
     // $server->handleTokenRequest($request, $response = new Response());
     // $this->assertInstanceOf('Response', $response);
     // $server->handleAuthorizeRequest($request, $response = new Response(), true);
     // $this->assertInstanceOf('Response', $response);
     // $response = $server->verifyResourceRequest($request, $response = new Response());
     // $this->assertTrue(is_bool($response));
     /*** make some valid requests ***/
     // Valid Token Request
     $request->setPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 200);
     $this->assertNull($response->getParameter('error'));
     $this->assertNotNUll($response->getParameter('access_token'));
 }
 public function testHandleAuthorizeRequest()
 {
     // add the test parameters in memory
     $server = $this->getTestServer(array('allow_implicit' => true));
     $request = new Request(array('response_type' => 'token id_token', 'redirect_uri' => 'http://adobe.com', 'client_id' => 'Test Client ID', 'scope' => 'openid', 'state' => 'test', 'nonce' => 'test'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     $this->assertEquals($response->getStatusCode(), 302);
     $location = $response->getHttpHeader('Location');
     $this->assertNotContains('error', $location);
     $parts = parse_url($location);
     $this->assertArrayHasKey('fragment', $parts);
     $this->assertFalse(isset($parts['query']));
     // assert fragment is in "application/x-www-form-urlencoded" format
     parse_str($parts['fragment'], $params);
     $this->assertNotNull($params);
     $this->assertArrayHasKey('id_token', $params);
     $this->assertArrayHasKey('access_token', $params);
     $this->validateIdToken($params['id_token']);
 }
 public function testHandleAuthorizeRequest()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = new Request(array('response_type' => 'code id_token', 'redirect_uri' => 'http://adobe.com', 'client_id' => 'Test Client ID', 'scope' => 'openid', 'state' => 'test', 'nonce' => 'test'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     $this->assertEquals($response->getStatusCode(), 302);
     $location = $response->getHttpHeader('Location');
     $this->assertNotContains('error', $location);
     $parts = parse_url($location);
     $this->assertArrayHasKey('query', $parts);
     // assert fragment is in "application/x-www-form-urlencoded" format
     parse_str($parts['query'], $params);
     $this->assertNotNull($params);
     $this->assertArrayHasKey('id_token', $params);
     $this->assertArrayHasKey('code', $params);
     // validate ID Token
     $parts = explode('.', $params['id_token']);
     foreach ($parts as &$part) {
         // Each part is a base64url encoded json string.
         $part = str_replace(array('-', '_'), array('+', '/'), $part);
         $part = base64_decode($part);
         $part = json_decode($part, true);
     }
     list($header, $claims, $signature) = $parts;
     $this->assertArrayHasKey('iss', $claims);
     $this->assertArrayHasKey('sub', $claims);
     $this->assertArrayHasKey('aud', $claims);
     $this->assertArrayHasKey('iat', $claims);
     $this->assertArrayHasKey('exp', $claims);
     $this->assertArrayHasKey('auth_time', $claims);
     $this->assertArrayHasKey('nonce', $claims);
     // only exists if an access token was granted along with the id_token
     $this->assertArrayNotHasKey('at_hash', $claims);
     $this->assertEquals($claims['iss'], 'test');
     $this->assertEquals($claims['aud'], 'Test Client ID');
     $this->assertEquals($claims['nonce'], 'test');
     $duration = $claims['exp'] - $claims['iat'];
     $this->assertEquals($duration, 3600);
 }
 public function testCryptoTokenWithRefreshToken()
 {
     $server = $this->getTestServer();
     // add "UserCredentials" grant type and "CryptoToken" response type
     // and ensure "CryptoToken" response type has "RefreshToken" storage
     $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
     $server->addGrantType(new UserCredentials($memoryStorage));
     $server->addGrantType(new RefreshToken($memoryStorage));
     $server->addResponseType(new CryptoToken($memoryStorage, $memoryStorage, $memoryStorage), 'token');
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass'));
     // make the call to grant a crypto token
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($cryptoToken = $response->getParameter('access_token'));
     $this->assertNotNull($refreshToken = $response->getParameter('refresh_token'));
     // decode token and make sure refresh_token isn't set
     list($header, $payload, $signature) = explode('.', $cryptoToken);
     $decodedToken = json_decode(base64_decode($payload), true);
     $this->assertFalse(array_key_exists('refresh_token', $decodedToken));
     // use the refresh token to get another access token
     $request = TestRequest::createPost(array('grant_type' => 'refresh_token', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'refresh_token' => $refreshToken));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($response->getParameter('access_token'));
 }
 public function testGrantCodeAccessTokenOnNewCode()
 {
     $request = TestRequest::createPost(array('grant_type' => 'device_code', 'client_id' => 'test_client_id'));
     $this->server->handleDeviceRequest($request, $response = new Response());
     $this->assertNotNull($response->getParameter('code'));
     $deviceCodeResponse = $response;
     // Get access token when user_id is null
     $request = TestRequest::createPost(array('grant_type' => 'device_token', 'client_id' => 'test_client_id', 'code' => $deviceCodeResponse->getParameter('code')));
     $this->server->handleDeviceRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertArrayHasKey('error', $response->getParameters());
     $this->assertEquals('authorization_pending', $response->getParameter('error'));
     // Update user_id and verify response
     $deviceStorage = $this->server->getStorage('device_code');
     $code = $deviceStorage->getDeviceCode($deviceCodeResponse->getParameter('code'), 'test_client_id');
     $deviceStorage->setDeviceCode($code['device_code'], $code['user_code'], $code['client_id'], 1, $code['expires'], $code['scope']);
     $request = TestRequest::createPost(array('grant_type' => 'device_token', 'client_id' => 'test_client_id', 'code' => $deviceCodeResponse->getParameter('code')));
     $this->server->handleDeviceRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 200);
     $this->assertArrayHasKey('access_token', $response->getParameters());
     //ensure device code was deleted
     $code = $deviceStorage->getDeviceCode($deviceCodeResponse->getParameter('code'), 'test_client_id');
     $this->assertFalse($code);
 }
Example #19
0
 /**
  * Merge the OAuth2\Response instance's status and headers into the current Zend\Http\Response.
  *
  * @param int $status
  * @param Response $response
  * @param OAuth2Response $oauth2Response
  * @return Response
  */
 private function mergeOAuth2Response($status, Response $response, OAuth2Response $oauth2Response)
 {
     $response->setStatusCode($status);
     return $this->mergeOAuth2ResponseHeaders($response, $oauth2Response->getHttpHeaders());
 }
 public function testMalformedToken()
 {
     $server = $this->getTestServer();
     $request = Request::createFromGlobals();
     $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-malformed';
     $allow = $server->verifyResourceRequest($request, $response = new Response());
     $this->assertFalse($allow);
     $this->assertEquals($response->getStatusCode(), 401);
     $this->assertEquals($response->getParameter('error'), 'invalid_token');
     $this->assertEquals($response->getParameter('error_description'), 'Malformed token (missing "expires")');
 }
 public function testValidClientDifferentCode()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Some Other Client', 'client_secret' => 'TestSecret3', 'code' => 'testcode'));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_grant');
     $this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client');
 }
 public function testInvalidRequestMethodForRevoke()
 {
     $server = $this->getTestServer();
     $request = new TestRequest();
     $request->setQuery(array('token_type_hint' => 'access_token'));
     $server->handleRevokeRequest($request, $response = new Response());
     $this->assertTrue($response instanceof Response);
     $this->assertEquals(405, $response->getStatusCode(), var_export($response, 1));
     $this->assertEquals($response->getParameter('error'), 'invalid_request');
     $this->assertEquals($response->getParameter('error_description'), 'The request method must be POST when revoking an access token');
 }
 public function testAddingResponseType()
 {
     $storage = $this->getMock('OAuth2\\Storage\\Memory');
     $storage->expects($this->any())->method('getClientDetails')->will($this->returnValue(array('client_id' => 'some_client')));
     $storage->expects($this->any())->method('checkRestrictedGrantType')->will($this->returnValue(true));
     // add with the "code" key explicitly set
     $codeType = new AuthorizationCode($storage);
     $server = new Server();
     $server->addStorage($storage);
     $server->addResponseType($codeType);
     $request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     // the response is successful
     $this->assertEquals($response->getStatusCode(), 302);
     $parts = parse_url($response->getHttpHeader('Location'));
     parse_str($parts['query'], $query);
     $this->assertTrue(isset($query['code']));
     $this->assertFalse(isset($query['error']));
     // add with the "code" key not set
     $codeType = new AuthorizationCode($storage);
     $server = new Server(array($storage), array(), array(), array($codeType));
     $request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     // the response is successful
     $this->assertEquals($response->getStatusCode(), 302);
     $parts = parse_url($response->getHttpHeader('Location'));
     parse_str($parts['query'], $query);
     $this->assertTrue(isset($query['code']));
     $this->assertFalse(isset($query['error']));
 }
Example #24
0
 public function testValidJwtInvalidScope()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(null, null, null, 'Test Client ID', 'invalid-scope')));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
 }
 public function testSuccessfulOpenidConnectRequest()
 {
     $server = $this->getTestServer(array('use_openid_connect' => true, 'issuer' => 'bojanz'));
     $request = new Request(array('client_id' => 'Test Client ID', 'redirect_uri' => 'http://adobe.com', 'response_type' => 'code', 'state' => 'xyz', 'scope' => 'openid'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     $this->assertEquals($response->getStatusCode(), 302);
     $location = $response->getHttpHeader('Location');
     $parts = parse_url($location);
     parse_str($parts['query'], $query);
     $location = $response->getHttpHeader('Location');
     $parts = parse_url($location);
     $this->assertArrayHasKey('query', $parts);
     $this->assertFalse(isset($parts['fragment']));
     // assert fragment is in "application/x-www-form-urlencoded" format
     parse_str($parts['query'], $query);
     $this->assertNotNull($query);
     $this->assertArrayHasKey('code', $query);
     // ensure no error was returned
     $this->assertFalse(isset($query['error']));
     $this->assertFalse(isset($query['error_description']));
     // confirm that the id_token has been created.
     $storage = $server->getStorage('authorization_code');
     $code = $storage->getAuthorizationCode($query['code']);
     $this->assertTrue(!empty($code['id_token']));
 }
Example #26
0
 function output($a)
 {
     $oReponse = new Response();
     $oReponse->setParameters($a);
     $oReponse->send();
 }
 public function testInvalidClientIdScope()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'code' => 'testcode', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'scope' => 'clientscope3 scope1'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_scope');
     $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
 }
 public function testCanReceiveAccessTokenUsingPasswordGrantTypeWithoutClientSecret()
 {
     // add the test parameters in memory
     $storage = Bootstrap::getInstance()->getMemoryStorage();
     $server = new Server($storage);
     $server->addGrantType(new UserCredentials($storage));
     $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID For Password Grant', 'username' => 'johndoe', 'password' => 'password'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertTrue($response instanceof Response);
     $this->assertEquals(200, $response->getStatusCode(), var_export($response, 1));
     $this->assertNull($response->getParameter('error'));
     $this->assertNull($response->getParameter('error_description'));
     $this->assertNotNull($response->getParameter('access_token'));
     $this->assertNotNull($response->getParameter('expires_in'));
     $this->assertNotNull($response->getParameter('token_type'));
 }
 public function testJtiReplayAttack()
 {
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(99999999900, null, '*****@*****.**', 'Test Client ID', 'totally_new_jti')));
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertNotNull($token);
     $this->assertArrayHasKey('access_token', $token);
     //Replay the same request
     $token = $server->grantAccessToken($request, $response = new Response());
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_grant');
     $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used');
 }
 /**
  * @param Response $response
  */
 public function __construct(Response $response)
 {
     $this->setStatusCode($response->getStatusCode());
     $this->getHeaders()->addHeader(new GenericHeader('Content-type', 'application/json'))->addHeaders($response->getHttpHeaders());
     $this->setContent($response->getResponseBody('json'));
 }