public function testValidCredentialsInvalidScope()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass', 'scope' => 'invalid-scope'));
$token = $server->grantAccessToken($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
}
public function testInvalidContentType()
{
$bearer = new OAuth2_TokenType_Bearer();
$request = OAuth2_Request_TestRequest::createPost(array('access_token' => 'ThisIsMyAccessToken'));
$request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8';
$param = $bearer->getAccessTokenParameter($request, $response = new OAuth2_Response());
$this->assertNull($param);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_request');
$this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
}
public function __construct($url, $statusCode = 302, $error = null, $errorDescription = null, $state = null)
{
if (empty($url)) {
throw new InvalidArgumentException('Cannot redirect to an empty URL.');
}
$query = array();
if (!is_null($error)) {
$query['error'] = $error;
}
if (!is_null($errorDescription)) {
$query['error_description'] = $errorDescription;
}
if (!is_null($state)) {
$query['state'] = $state;
}
if (count($query) > 0) {
$parts = parse_url($url);
$sep = isset($parts['query']) && count($parts['query']) > 0 ? '&' : '?';
$url = $url . $sep . http_build_query($query);
}
$httpHeaders = array('Location' => $url);
parent::__construct(array(), $statusCode, $httpHeaders);
if (!$this->isRedirection()) {
throw new InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $statusCode));
}
}
public function testSuccessfulRequestStripsExtraParameters()
{
$server = $this->getTestServer(array('allow_implicit' => true));
$request = new OAuth2_Request(array('client_id' => 'Test Client ID', 'redirect_uri' => 'http://adobe.com?fake=something', 'response_type' => 'token', 'state' => 'test', 'fake' => 'something'));
$server->handleAuthorizeRequest($request, $response = new OAuth2_Response(), true);
$this->assertEquals($response->getStatusCode(), 302);
$this->assertNull($response->getParameter('error'));
$this->assertNull($response->getParameter('error_description'));
$location = $response->getHttpHeader('Location');
$parts = parse_url($location);
$this->assertFalse(isset($parts['fake']));
$this->assertArrayHasKey('fragment', $parts);
parse_str($parts['fragment'], $params);
$this->assertFalse(isset($parmas['fake']));
$this->assertArrayHasKey('state', $params);
$this->assertEquals($params['state'], 'test');
}
public function __construct($statusCode, $error, $errorDescription)
{
$responseParameters = array('error' => $error, 'error_description' => $errorDescription);
$httpHeaders = array('Cache-Control' => 'no-store');
parent::__construct($responseParameters, $statusCode, $httpHeaders);
if (!$this->isClientError() && !$this->isServerError()) {
throw new InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
}
}
public function testRequestOverride()
{
$request = new OAuth2_Request_TestRequest();
$server = $this->getTestServer();
// Smoke test for override request class
// $server->handleTokenRequest($request, $response = new OAuth2_Response());
// $this->assertInstanceOf('OAuth2_Response', $response);
// $server->handleAuthorizeRequest($request, $response = new OAuth2_Response(), true);
// $this->assertInstanceOf('OAuth2_Response', $response);
// $response = $server->verifyResourceRequest($request, $response = new OAuth2_Response());
// $this->assertTrue(is_bool($response));
/*** make some valid requests ***/
// Valid Token Request
$request->setPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode'));
$server->handleTokenRequest($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNull($response->getParameter('error'));
$this->assertNotNUll($response->getParameter('access_token'));
}
public function __construct($statusCode, $error, $errorDescription, $errorUri = null)
{
$parameters = array('error' => $error, 'error_description' => $errorDescription);
if (!is_null($errorUri)) {
if (strlen($errorUri) > 0 && $errorUri[0] == '#') {
// we are referencing an oauth bookmark (for brevity)
$errorUri = 'http://tools.ietf.org/html/draft-ietf-oauth-v2-31' . $errorUri;
}
$parameters['error_uri'] = $errorUri;
}
$httpHeaders = array('Cache-Control' => 'no-store');
parent::__construct($parameters, $statusCode, $httpHeaders);
if (!$this->isClientError() && !$this->isServerError()) {
throw new InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
}
}
public function testAddingResponseType()
{
$storage = $this->getMock('OAuth2_Storage_Memory');
$storage->expects($this->any())->method('getClientDetails')->will($this->returnValue(array('client_id' => 'some_client')));
$storage->expects($this->any())->method('checkRestrictedGrantType')->will($this->returnValue(true));
// add with the "code" key explicitly set
$codeType = new OAuth2_ResponseType_AuthorizationCode($storage);
$server = new OAuth2_Server();
$server->addStorage($storage);
$server->addResponseType($codeType);
$request = new OAuth2_Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
$server->handleAuthorizeRequest($request, $response = new OAuth2_Response(), true);
// the response is successful
$this->assertEquals($response->getStatusCode(), 302);
$parts = parse_url($response->getHttpHeader('Location'));
parse_str($parts['query'], $query);
$this->assertTrue(isset($query['code']));
$this->assertFalse(isset($query['error']));
// add with the "code" key not set
$codeType = new OAuth2_ResponseType_AuthorizationCode($storage);
$server = new OAuth2_Server(array($storage), array(), array(), array($codeType));
$request = new OAuth2_Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
$server->handleAuthorizeRequest($request, $response = new OAuth2_Response(), true);
// the response is successful
$this->assertEquals($response->getStatusCode(), 302);
$parts = parse_url($response->getHttpHeader('Location'));
parse_str($parts['query'], $query);
$this->assertTrue(isset($query['code']));
$this->assertFalse(isset($query['error']));
}
public function testValidClientDifferentCode()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Some Other Client', 'client_secret' => 'TestSecret3', 'code' => 'testcode'));
$token = $server->grantAccessToken($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client');
}
public function testMalformedToken()
{
$server = $this->getTestServer();
$request = OAuth2_Request::createFromGlobals();
$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-malformed';
$allow = $server->verifyResourceRequest($request, $response = new OAuth2_Response());
$this->assertFalse($allow);
$this->assertEquals($response->getStatusCode(), 401);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'Malformed token (missing "expires" or "client_id")');
}
public function testRenderAsXml()
{
$response = new OAuth2_Response(array('foo' => 'bar', 'halland' => 'oates'));
$string = $response->getResponseBody('xml');
$this->assertContains('<response><bar>foo</bar><oates>halland</oates></response>', $string);
}
public function testInvalidClientIdScope()
{
// add the test parameters in memory
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'code' => 'testcode', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'scope' => 'clientscope3 scope1'));
$server->handleTokenRequest($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
}
public function testValidJwtInvalidScope()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(null, null, null, 'Test Client ID', 'invalid-scope')));
$token = $server->grantAccessToken($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
}
