public function testSupportsShouldReturnTrueForOAuthToken()
{
$this->resourceOwnerMap->expects($this->once())->method('hasResourceOwnerByName')->with($this->equalTo('google'))->will($this->returnValue(true));
$token = new HWIOauthToken('token');
$token->setResourceOwnerName('google');
$this->assertTrue($this->oauthProvider->supports($token));
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
/* @var OAuthToken $token */
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
$userResponse = $resourceOwner->getUserInformation($token->getRawToken());
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setToken($token);
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.');
}
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);
$token = new OAuthToken($token->getRawToken(), $user->getRoles());
$token->setResourceOwnerName($resourceOwner->getName());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
$accessToken = $resourceOwner->getAccessToken($request->query->get('code'), $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
public function testSupportsOAuthToken()
{
$resourceOwnerMapMock = $this->getResourceOwnerMapMock();
$resourceOwnerMapMock->expects($this->once())->method('hasResourceOwnerByName')->with($this->equalTo('owner'))->will($this->returnValue(true));
$oauthProvider = new OAuthProvider($this->getOAuthAwareUserProviderMock(), $resourceOwnerMapMock, $this->getUserCheckerMock());
$token = new OAuthToken('');
$token->setResourceOwnerName('owner');
$this->assertTrue($oauthProvider->supports($token));
}
public function testIsExpired()
{
$expectedToken = array('access_token' => 'access_token', 'refresh_token' => 'refresh_token', 'expires_in' => '666');
$token = new OAuthToken($expectedToken, array('ROLE_TEST'));
$this->assertFalse($token->isExpired());
$expectedToken = array('access_token' => 'access_token', 'refresh_token' => 'refresh_token', 'expires_in' => '29');
$token = new OAuthToken($expectedToken, array('ROLE_TEST'));
$this->assertTrue($token->isExpired());
}
public function testSerializationOfOAuth1Token()
{
$oauth1Token = new OAuthToken(array('oauth_token' => 'oauth1_access_token', 'oauth_token_secret' => 'oauth1_token_secret'), array('ROLE_TEST'));
$oauth1Token->setResourceOwnerName('twitter');
$oauth1Token = unserialize(serialize($oauth1Token));
$this->assertEquals('oauth1_access_token', $oauth1Token->getAccessToken());
$this->assertEquals('oauth1_token_secret', $oauth1Token->getTokenSecret());
$this->assertEquals('twitter', $oauth1Token->getResourceOwnerName());
}
/**
* @param string|null $accessToken
* @return Client
*/
public function createClient($accessToken = null)
{
$client = new Client();
if ($this->token instanceof OAuthToken && null === $accessToken) {
$client->authenticate($this->token->getAccessToken(), null, Client::AUTH_HTTP_TOKEN);
} elseif (null !== $accessToken) {
$client->authenticate($accessToken, null, Client::AUTH_HTTP_TOKEN);
}
return $client;
}
public function testOAuth()
{
$accessToken = array('access_token' => '986d3212c8aca7122993035d82742270f168db5e');
$token = new OAuthToken($accessToken, array('ROLE_ADMIN'));
$this->assertEquals('986d3212c8aca7122993035d82742270f168db5e', $token->getAccessToken());
$user = new OAuthUser('anna_admin');
$this->assertEquals('anna_admin', $user->getUsername());
$token->setUser($user);
$this->assertSame('ROLE_ADMIN', current($token->getRoles()[0]));
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
$this->handleOAuthError($request);
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner->handles($request)) {
throw new AuthenticationException('No oauth code in the request.');
}
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner->handles($request)) {
// Can't use AuthenticationException below, as it leads to infinity loop
throw new \RuntimeException('No oauth code in the request.');
}
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
$userResponse = $resourceOwner->getUserInformation($token->getCredentials());
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setAccessToken($token->getCredentials());
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
$token = new OAuthToken($token->getCredentials(), $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
$this->handleOAuthError($request);
/* @var ResourceOwnerInterface $resourceOwner */
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner) {
throw new AuthenticationException('No resource owner match the request.');
}
if (!$resourceOwner->handles($request)) {
throw new AuthenticationException('No oauth code in the request.');
}
// If resource owner supports only one url authentication, call redirect
if ($request->query->has('authenticated') && $resourceOwner->getOption('auth_with_one_url')) {
$request->attributes->set('service', $resourceOwner->getName());
return new RedirectResponse(sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code')));
}
$resourceOwner->isCsrfTokenValid($request->get('state'));
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
public function testGetSetResourceOwnerName()
{
$this->token->setResourceOwnerName('github');
$this->assertEquals('github', $this->token->getResourceOwnerName());
}
/**
* @When /^I am logged in as "([^"]*)"$/
*/
public function iAmLoggedInAs($username)
{
if (!$this->developers[$username]) {
throw new ExpectationException('User not found');
}
$user = $this->developers[$username];
$token = new OAuthToken(null, $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
$session = $this->getContainer()->get('session');
$session->set('_security_secured_area', serialize($token));
$session->save();
$this->getSession()->setCookie($session->getName(), $session->getId());
}
public function __construct()
{
parent::__construct(array('access_token' => 'access_token_data'), array('ROLE_USER'));
$this->setUser(new User());
}
/**
* {@inheritDoc}
*/
public function unserialize($serialized)
{
$data = unserialize($serialized);
list($this->organization, $parent) = $data;
parent::unserialize($parent);
}
/**
* Authenticate a user with Symfony Security
*
* @param Request $request
* @param UserInterface $user
* @param string $resourceOwnerName
* @param string $accessToken
* @param boolean $fakeLogin
*/
protected function authenticateUser(Request $request, UserInterface $user, $resourceOwnerName, $accessToken, $fakeLogin = true)
{
try {
$this->container->get('hwi_oauth.user_checker')->checkPostAuth($user);
} catch (AccountStatusException $e) {
// Don't authenticate locked, disabled or expired users
return;
}
$token = new OAuthToken($accessToken, $user->getRoles());
$token->setResourceOwnerName($resourceOwnerName);
$token->setUser($user);
$token->setAuthenticated(true);
$this->container->get('security.context')->setToken($token);
if ($fakeLogin) {
// Since we're "faking" normal login, we need to throw our INTERACTIVE_LOGIN event manually
$this->container->get('event_dispatcher')->dispatch(SecurityEvents::INTERACTIVE_LOGIN, new InteractiveLoginEvent($request, $token));
}
}
/**
* {@inheritdoc}
*/
public function getExpiresIn()
{
return $this->oAuthToken->getExpiresIn();
}
/**
* {@inheritdoc}
*/
public function getTokenSecret()
{
return $this->token->getTokenSecret();
}
