public function testSuccessfulRequestStripsExtraParameters() { $server = $this->getTestServer(array('allow_implicit' => true)); $request = new Request(array('client_id' => 'Test Client ID', 'redirect_uri' => 'http://adobe.com?fake=something', 'response_type' => 'token', 'state' => 'test', 'fake' => 'something')); $server->handleAuthorizeRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 302); $this->assertNull($response->getParameter('error')); $this->assertNull($response->getParameter('error_description')); $location = $response->getHttpHeader('Location'); $parts = parse_url($location); $this->assertFalse(isset($parts['fake'])); $this->assertArrayHasKey('fragment', $parts); parse_str($parts['fragment'], $params); $this->assertFalse(isset($parmas['fake'])); $this->assertArrayHasKey('state', $params); $this->assertEquals($params['state'], 'test'); }
private function extractTokenDataFromResponse(Response $response) { $this->assertEquals($response->getStatusCode(), 302); $location = $response->getHttpHeader('Location'); $this->assertNotContains('error', $location); $parts = parse_url($location); $this->assertArrayHasKey('fragment', $parts); $this->assertFalse(isset($parts['query'])); parse_str($parts['fragment'], $params); $this->assertNotNull($params); $this->assertArrayHasKey('id_token', $params); $this->assertArrayNotHasKey('access_token', $params); list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']); $jwt = new Jwt(); $header = json_decode($jwt->urlSafeB64Decode($headb64), true); $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true); return array($header, $payload, $signature); }
public function testHandleAuthorizeRequest() { // add the test parameters in memory $server = $this->getTestServer(array('allow_implicit' => true)); $request = new Request(array('response_type' => 'token id_token', 'redirect_uri' => 'http://adobe.com', 'client_id' => 'Test Client ID', 'scope' => 'openid', 'state' => 'test', 'nonce' => 'test')); $server->handleAuthorizeRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 302); $location = $response->getHttpHeader('Location'); $this->assertNotContains('error', $location); $parts = parse_url($location); $this->assertArrayHasKey('fragment', $parts); $this->assertFalse(isset($parts['query'])); // assert fragment is in "application/x-www-form-urlencoded" format parse_str($parts['fragment'], $params); $this->assertNotNull($params); $this->assertArrayHasKey('id_token', $params); $this->assertArrayHasKey('access_token', $params); $this->validateIdToken($params['id_token']); }
public function testHandleAuthorizeRequest() { // add the test parameters in memory $server = $this->getTestServer(); $request = new Request(array('response_type' => 'code id_token', 'redirect_uri' => 'http://adobe.com', 'client_id' => 'Test Client ID', 'scope' => 'openid', 'state' => 'test', 'nonce' => 'test')); $server->handleAuthorizeRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 302); $location = $response->getHttpHeader('Location'); $this->assertNotContains('error', $location); $parts = parse_url($location); $this->assertArrayHasKey('query', $parts); // assert fragment is in "application/x-www-form-urlencoded" format parse_str($parts['query'], $params); $this->assertNotNull($params); $this->assertArrayHasKey('id_token', $params); $this->assertArrayHasKey('code', $params); // validate ID Token $parts = explode('.', $params['id_token']); foreach ($parts as &$part) { // Each part is a base64url encoded json string. $part = str_replace(array('-', '_'), array('+', '/'), $part); $part = base64_decode($part); $part = json_decode($part, true); } list($header, $claims, $signature) = $parts; $this->assertArrayHasKey('iss', $claims); $this->assertArrayHasKey('sub', $claims); $this->assertArrayHasKey('aud', $claims); $this->assertArrayHasKey('iat', $claims); $this->assertArrayHasKey('exp', $claims); $this->assertArrayHasKey('auth_time', $claims); $this->assertArrayHasKey('nonce', $claims); // only exists if an access token was granted along with the id_token $this->assertArrayNotHasKey('at_hash', $claims); $this->assertEquals($claims['iss'], 'test'); $this->assertEquals($claims['aud'], 'Test Client ID'); $this->assertEquals($claims['nonce'], 'test'); $duration = $claims['exp'] - $claims['iat']; $this->assertEquals($duration, 3600); }
public function testOutOfScopeToken() { $server = $this->getTestServer(); $request = Request::createFromGlobals(); $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope'; $scope = 'outofscope'; $allow = $server->verifyResourceRequest($request, $response = new Response(), $scope); $this->assertFalse($allow); $this->assertEquals($response->getStatusCode(), 403); $this->assertEquals($response->getParameter('error'), 'insufficient_scope'); $this->assertEquals($response->getParameter('error_description'), 'The request requires higher privileges than provided by the access token'); // verify the "scope" has been set in the "WWW-Authenticate" header preg_match('/scope="(.*?)"/', $response->getHttpHeader('WWW-Authenticate'), $matches); $this->assertEquals(2, count($matches)); $this->assertEquals($matches[1], 'outofscope'); }
public function testAddingResponseType() { $storage = $this->getMock('OAuth2\\Storage\\Memory'); $storage->expects($this->any())->method('getClientDetails')->will($this->returnValue(array('client_id' => 'some_client'))); $storage->expects($this->any())->method('checkRestrictedGrantType')->will($this->returnValue(true)); // add with the "code" key explicitly set $codeType = new AuthorizationCode($storage); $server = new Server(); $server->addStorage($storage); $server->addResponseType($codeType); $request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx')); $server->handleAuthorizeRequest($request, $response = new Response(), true); // the response is successful $this->assertEquals($response->getStatusCode(), 302); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['query'], $query); $this->assertTrue(isset($query['code'])); $this->assertFalse(isset($query['error'])); // add with the "code" key not set $codeType = new AuthorizationCode($storage); $server = new Server(array($storage), array(), array(), array($codeType)); $request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx')); $server->handleAuthorizeRequest($request, $response = new Response(), true); // the response is successful $this->assertEquals($response->getStatusCode(), 302); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['query'], $query); $this->assertTrue(isset($query['code'])); $this->assertFalse(isset($query['error'])); }
protected function handleResponse(OAuth2Response $response) { $redirect = $response->getHttpHeader('Location'); if (!empty($redirect)) { return $this->redirect()->toUrl($redirect); } $parameters = $response->getParameters(); $errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null; $view = new ViewModel(array('statusCode' => $response->getStatusCode(), 'statusText' => $response->getStatusText(), 'errorDescription' => $parameters['error_description'], 'error' => $parameters['error'], 'errorUri' => $errorUri)); $view->setTemplate('kap-security/oauth-authorize-error'); return $view; }
public function testSuccessfulOpenidConnectRequest() { $server = $this->getTestServer(array('use_openid_connect' => true, 'issuer' => 'bojanz')); $request = new Request(array('client_id' => 'Test Client ID', 'redirect_uri' => 'http://adobe.com', 'response_type' => 'code', 'state' => 'xyz', 'scope' => 'openid')); $server->handleAuthorizeRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 302); $location = $response->getHttpHeader('Location'); $parts = parse_url($location); parse_str($parts['query'], $query); $location = $response->getHttpHeader('Location'); $parts = parse_url($location); $this->assertArrayHasKey('query', $parts); $this->assertFalse(isset($parts['fragment'])); // assert fragment is in "application/x-www-form-urlencoded" format parse_str($parts['query'], $query); $this->assertNotNull($query); $this->assertArrayHasKey('code', $query); // ensure no error was returned $this->assertFalse(isset($query['error'])); $this->assertFalse(isset($query['error_description'])); // confirm that the id_token has been created. $storage = $server->getStorage('authorization_code'); $code = $storage->getAuthorizationCode($query['code']); $this->assertTrue(!empty($code['id_token'])); }