public function getOAuthRequest()
{
if (is_null($this->oauthRequest)) {
$this->oauthRequest = OAuth2_Request::createFromGlobals();
}
return $this->oauthRequest;
}
public function testSuccessfulRequestStripsExtraParameters()
{
$server = $this->getTestServer(array('allow_implicit' => true));
$request = OAuth2_Request::createFromGlobals();
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['redirect_uri'] = 'http://adobe.com';
// valid redirect URI
$request->query['response_type'] = 'code';
$request->query['state'] = 'test';
// valid state string (just needs to be passed back to us)
$request->query['fake'] = 'something';
// extra query param
$response = $server->handleAuthorizeRequest($request, true);
$this->assertEquals($response->getStatusCode(), 302);
$this->assertNull($response->getResponseParameter('error'));
$location = $response->getHttpHeader('Location');
$parts = parse_url($location);
$this->assertFalse(isset($parts['fake']));
$this->assertArrayHasKey('query', $parts);
parse_str($parts['query'], $query);
$this->assertFalse(isset($parmas['fake']));
$this->assertArrayHasKey('state', $query);
$this->assertEquals($query['state'], 'test');
}
public function login()
{
$request = \OAuth2_Request::createFromGlobals();
foreach ($request->query as $key => $value) {
$request->request[$key] = $value;
}
$response = $this->server->handleTokenRequest($request, new \OAuth2_Response());
//$this->app->user_id = 1;
$response->send();
die;
}
public function access_token(OAuth2_Client $client, $code, array $params = NULL)
{
$request = OAuth2_Request::factory('token', 'POST', $this->url_access_token(), array('grant_type' => 'authorization_code', 'code' => $code, 'client_id' => $client->id, 'client_secret' => $client->secret));
if ($client->callback) {
$request->param('redirect_uri', $client->callback);
}
if ($params) {
// Load user parameters
$request->params($params);
}
$response = $request->execute();
return OAuth2_Token::factory('access', array('token' => $response->param('access_token')));
}
public function call()
{
if ($this->app->request->getPathInfo() != "/request-token/") {
$request = \OAuth2_Request::createFromGlobals();
if (isset($request->server["HTTP_ACCESS_TOKEN"])) {
//$request->query["access-token"] = $request->server["HTTP_ACCESS_TOKEN"];
}
//var_dump($request);
if (!$this->server->verifyResourceRequest($request, new \OAuth2_Response())) {
var_dump($this->server->getResponse());
$this->server->getResponse()->send();
die;
}
}
$this->next->call();
}
public function testInvalidCode()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->query['grant_type'] = 'authorization_code';
// valid grant type
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['client_secret'] = 'TestSecret';
// valid client secret
$request->query['code'] = 'InvalidCode';
// invalid authorization code
$response = $server->handleGrantRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
}
public function testValidRefreshTokenWithNoRefreshTokenInResponse()
{
$server = $this->getTestServer();
$server->addGrantType(new OAuth2_GrantType_RefreshToken($this->storage, array('always_issue_new_refresh_token' => false)));
$request = OAuth2_Request::createFromGlobals();
$request->query['grant_type'] = 'refresh_token';
// valid grant type
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['client_secret'] = 'TestSecret';
// valid client secret
$request->query['refresh_token'] = 'test-refreshtoken';
// valid client secret
$token = $server->grantAccessToken($request);
$this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned');
$used_token = $this->storage->getRefreshToken('test-refreshtoken');
$this->assertNotNull($used_token, 'the refresh token used is still valid');
}
public function testValidRefreshToken()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->query['grant_type'] = 'refresh_token';
// valid grant type
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['client_secret'] = 'TestSecret';
// valid client secret
$request->query['refresh_token'] = 'test-refreshtoken';
// valid client secret
$token = $server->grantAccessToken($request);
$this->assertTrue(isset($token['refresh_token']));
$refresh_token = $this->storage->getRefreshToken($token['refresh_token']);
$this->assertNotNull($refresh_token);
$this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
$this->assertEquals($refresh_token['client_id'], $request->query('client_id'));
}
public function testInvalidPassword()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->query['grant_type'] = 'password';
// valid grant type
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['client_secret'] = 'TestSecret';
// valid client secret
$request->query['username'] = '******';
// valid username
$request->query['password'] = '******';
// valid password
$ret = $server->grantAccessToken($request);
$response = $server->getResponse();
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getResponseParameter('error'), 'invalid_grant');
$this->assertEquals($response->getResponseParameter('error_description'), 'Invalid username and password combination');
}
public function testValidTokenResponse()
{
// add the test parameters in memory
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->query['grant_type'] = 'code';
// valid grant type
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['client_secret'] = 'TestSecret';
// valid client secret
$request->query['code'] = 'testcode';
// valid authorization code
$response = $server->handleGrantRequest($request);
$this->assertTrue($response instanceof OAuth2_Response);
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNull($response->getResponseParameter('error'));
$this->assertNull($response->getResponseParameter('error_description'));
$this->assertNotNUll($response->getResponseParameter('access_token'));
$this->assertNotNUll($response->getResponseParameter('expires_in'));
$this->assertNotNUll($response->getResponseParameter('token_type'));
}
public function testEnforceState()
{
$server = $this->getTestServer(array('enforce_state' => true));
$request = OAuth2_Request::createFromGlobals();
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['redirect_uri'] = 'http://adobe.com';
// valid redirect URI
$request->query['response_type'] = 'code';
$response = $server->handleAuthorizeRequest($request, true);
$this->assertEquals($response->getStatusCode(), 302);
$location = $response->getHttpHeader('Location');
$parts = parse_url($location);
parse_str($parts['query'], $query);
$this->assertEquals($query['error'], 'invalid_request');
$this->assertEquals($query['error_description'], 'The state parameter is required');
}
public function testValidTokenWithScopeParam()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->server['AUTHORIZATION'] = 'Bearer accesstoken-scope';
$request->query['scope'] = 'testscope';
$allow = $server->verifyAccessRequest($request);
$this->assertTrue($allow);
}
public function testValidCredentialsInQuerystring()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->query['grant_type'] = 'client_credentials';
// valid grant type
$request->query['client_id'] = 'Test Client ID';
// valid client id
$request->query['client_secret'] = 'TestSecret';
// valid client secret
$token = $server->grantAccessToken($request);
$this->assertNotNull($token);
$this->assertArrayHasKey('access_token', $token);
$this->assertNotNull($token['access_token']);
}
public function execute(array $options = NULL)
{
return OAuth_Response::factory(parent::execute($options));
}
/**
* Get request object
*
* @param string Request type (access, token etc)
* @param string Request method (POST, GET)
* @param string URL
* @param array Request params
* @return OAuth2_Request
*/
public function request($type, $method, $url, array $options = NULL)
{
return OAuth2_Request::factory($type, $method, $url, $options);
}
public function testValidateRedirectUri()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->query['client_id'] = 'Test Client ID with Redirect Uri';
// valid client id
$request->query['redirect_uri'] = 'http://adobe.com';
// invalid redirect URI
$request->query['response_type'] = 'code';
$response = $server->handleAuthorizeRequest($request, true);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch');
$this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match');
}
/**
* This is a convenience function that can be used to get the token, which can then
* be passed to getAccessTokenData(). The constraints specified by the draft are
* attempted to be adheared to in this method.
*
* As per the Bearer spec (draft 8, section 2) - there are three ways for a client
* to specify the bearer token, in order of preference: Authorization Header,
* POST and GET.
*
* NB: Resource servers MUST accept tokens via the Authorization scheme
* (http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2).
*
* @todo Should we enforce TLS/SSL in this function?
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.1
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.2
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.3
*
* Old Android version bug (at least with version 2.2)
* @see http://code.google.com/p/android/issues/detail?id=6684
*
* We don't want to test this functionality as it relies on superglobals and headers:
* @codeCoverageIgnoreStart
*/
public function getBearerToken(OAuth2_Request $request)
{
if (isset($request->server['AUTHORIZATION'])) {
$headers = $request->server['AUTHORIZATION'];
}
// Check that exactly one method was used
$methodsUsed = !empty($headers) + !is_null($request->query($this->config['token_param_name'])) + !is_null($request->request($this->config['token_param_name']));
if ($methodsUsed > 1) {
$this->response = new OAuth2_Response_Error(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
return null;
}
if ($methodsUsed == 0) {
$this->response = new OAuth2_Response_Error(400, 'invalid_request', 'The access token was not found');
return null;
}
// HEADER: Get the access token from the header
if (!empty($headers)) {
if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\\s(\\S+)/', $headers, $matches)) {
$this->response = new OAuth2_Response_Error(400, 'invalid_request', 'Malformed auth header');
return null;
}
return $matches[1];
}
if ($request->request($this->config['token_param_name'])) {
// POST: Get the token from POST data
if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
$this->response = new OAuth2_Response_Error(400, 'invalid_request', 'When putting the token in the body, the method must be POST');
return null;
}
if ($request->server('CONTENT_TYPE') !== null && $request->server('CONTENT_TYPE') != 'application/x-www-form-urlencoded') {
// IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
$this->response = new OAuth2_Response_Error(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
return null;
}
return $request->request($this->config['token_param_name']);
}
// GET method
return $request->query($this->config['token_param_name']);
}
<?php
OAuth2_Autoloader::register();
// create your storage again
$storage = new OAuth2_Storage_Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
// create your server again
$server = new OAuth2_Server($storage);
// Add the "Authorization Code" grant type (this is required for authorization flows)
$server->addGrantType(new OAuth2_GrantType_AuthorizationCode($storage));
$request = OAuth2_Request::createFromGlobals();
$response = new OAuth2_Response();