/**
* {@inheritDoc}
*/
public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
{
$postParams = $request->getParsedBody();
$refreshToken = $postParams['refresh_token'] ?? null;
if (null === $refreshToken) {
throw OAuth2Exception::invalidRequest('Refresh token is missing');
}
// We can fetch the actual token, and validate it
/** @var RefreshToken $refreshToken */
$refreshToken = $this->refreshTokenService->getToken((string) $refreshToken);
if (null === $refreshToken || $refreshToken->isExpired()) {
throw OAuth2Exception::invalidGrant('Refresh token is expired');
}
// We can now create a new access token! First, we need to make some checks on the asked scopes,
// because according to the spec, a refresh token can create an access token with an equal or lesser
// scope, but not more
$scopes = $postParams['scope'] ?? $refreshToken->getScopes();
if (!$refreshToken->matchScopes($scopes)) {
throw OAuth2Exception::invalidScope('The scope of the new access token exceeds the scope(s) of the refresh token');
}
$owner = $refreshToken->getOwner();
$accessToken = $this->accessTokenService->createToken($owner, $client, $scopes);
// We may want to revoke the old refresh token
if ($this->serverOptions->getRotateRefreshTokens()) {
if ($this->serverOptions->getRevokeRotatedRefreshTokens()) {
$this->refreshTokenService->deleteToken($refreshToken);
}
$refreshToken = $this->refreshTokenService->createToken($owner, $client, $scopes);
}
// We can generate the response!
return $this->prepareTokenResponse($accessToken, $refreshToken, true);
}
public function testCanCreateFromFactory()
{
$container = $this->createMock(ContainerInterface::class);
$container->expects($this->at(0))->method('get')->with(ServerOptions::class)->willReturn(ServerOptions::fromArray());
$container->expects($this->at(1))->method('get')->with(AccessTokenService::class)->willReturn($this->createMock(AccessTokenService::class));
$container->expects($this->at(2))->method('get')->with(RefreshTokenService::class)->willReturn($this->createMock(RefreshTokenService::class));
$factory = new RefreshTokenGrantFactory();
$service = $factory($container);
$this->assertInstanceOf(RefreshTokenGrant::class, $service);
}
public function testCanCreateFromFactory()
{
$container = $this->createMock(ContainerInterface::class);
$serverOptions = ServerOptions::fromArray();
$container->expects($this->at(0))->method('get')->with(ServerOptions::class)->willReturn($serverOptions);
$container->expects($this->at(1))->method('get')->with(AuthorizationCodeRepositoryInterface::class)->willReturn($this->createMock(AuthorizationCodeRepositoryInterface::class));
$container->expects($this->at(2))->method('get')->with(ScopeService::class)->willReturn($this->createMock(ScopeService::class));
$factory = new AuthorizationCodeServiceFactory();
$service = $factory($container);
$this->assertInstanceOf(AuthorizationCodeService::class, $service);
}
public function testCanCreateFromFactory()
{
$container = $this->createMock(ContainerInterface::class);
$serverOptions = ServerOptions::fromArray(['grants' => ['MyGrant']]);
$container->expects($this->at(0))->method('get')->with(ClientService::class)->willReturn($this->createMock(ClientService::class));
$container->expects($this->at(1))->method('get')->with(ServerOptions::class)->willReturn($serverOptions);
$container->expects($this->at(2))->method('get')->with('MyGrant')->willReturn($this->createMock(GrantInterface::class));
$container->expects($this->at(3))->method('get')->with(AccessTokenService::class)->willReturn($this->createMock(AccessTokenService::class));
$container->expects($this->at(4))->method('get')->with(RefreshTokenService::class)->willReturn($this->createMock(RefreshTokenService::class));
$factory = new AuthorizationServerFactory();
$service = $factory($container);
$this->assertInstanceOf(AuthorizationServer::class, $service);
}
public function testGetters()
{
$callable = function () {
};
$options = ServerOptions::fromArray(['authorization_code_ttl' => 300, 'access_token_ttl' => 3000, 'refresh_token_ttl' => 30000, 'rotate_refresh_tokens' => true, 'revoke_rotated_refresh_tokens' => false, 'owner_callable' => $callable, 'grants' => [ClientCredentialsGrant::class]]);
$this->assertEquals(300, $options->getAuthorizationCodeTtl());
$this->assertEquals(3000, $options->getAccessTokenTtl());
$this->assertEquals(30000, $options->getRefreshTokenTtl());
$this->assertEquals(true, $options->getRotateRefreshTokens());
$this->assertEquals(false, $options->getRevokeRotatedRefreshTokens());
$this->assertSame($callable, $options->getOwnerCallable());
$this->assertEquals([ClientCredentialsGrant::class], $options->getGrants());
}
public function testCanCreateFromFactoryOwnerCallableOptionsIsString()
{
$container = $this->createMock(ContainerInterface::class);
$callable = function () {
};
$options = ServerOptions::fromArray(['owner_callable' => 'service_name']);
$container->expects($this->at(0))->method('get')->with(ServerOptions::class)->willReturn($options);
$container->expects($this->at(1))->method('get')->with('service_name')->willReturn($callable);
$container->expects($this->at(2))->method('get')->with(AccessTokenService::class)->willReturn($this->createMock(AccessTokenService::class));
$container->expects($this->at(3))->method('get')->with(RefreshTokenService::class)->willReturn($this->createMock(RefreshTokenService::class));
$factory = new PasswordGrantFactory();
$service = $factory($container);
$this->assertInstanceOf(PasswordGrant::class, $service);
}
public function testSettersAndGetters()
{
$callable = function () {
};
$options = new ServerOptions(['authorization_code_ttl' => 300, 'access_token_ttl' => 3000, 'refresh_token_ttl' => 30000, 'owner_callable' => $callable, 'grants' => [ClientCredentialsGrant::class]]);
$this->assertEquals(300, $options->getAuthorizationCodeTtl());
$this->assertEquals(3000, $options->getAccessTokenTtl());
$this->assertEquals(30000, $options->getRefreshTokenTtl());
$this->assertSame($callable, $options->getOwnerCallable());
$this->assertEquals([ClientCredentialsGrant::class], $options->getGrants());
}
public function testMethodAllowPublicClients()
{
$grant = new RefreshTokenGrant($this->accessTokenService, $this->refreshTokenService, ServerOptions::fromArray());
$this->assertTrue($grant->allowPublicClients());
}
public function setUp()
{
$this->tokenRepository = $this->createMock(AccessTokenRepositoryInterface::class);
$this->scopeService = $this->createMock(ScopeService::class);
$this->tokenService = new AccessTokenService($this->tokenRepository, $this->scopeService, ServerOptions::fromArray());
}
public function __invoke(ContainerInterface $container) : ServerOptions
{
$config = $container->get('config');
$options = $config['zfr_oauth2_server'] ?? [];
return ServerOptions::fromArray($options);
}
