public function testValidCredentialsInvalidScope() { $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass', 'scope' => 'invalid-scope')); $token = $server->grantAccessToken($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_scope'); $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested'); }
public function testInvalidContentType() { $bearer = new Bearer(); $request = TestRequest::createPost(array('access_token' => 'ThisIsMyAccessToken')); $request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8'; $param = $bearer->getAccessTokenParameter($request, $response = new Response()); $this->assertNull($param); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_request'); $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"'); }
/** * Constructor. * @param Response $response * @param \Exception $previous The previous exception used for the exception chaining. */ public function __construct(Response $response, \Exception $previous = null) { if ((int) $response->getStatusCode() == 401) { $errorCode = $response->getParameter('error', 'required_token'); $message = $response->getParameter('error_description', 'An Access Token is required.'); } else { $errorCode = $response->getParameter('error', 'unknown'); $message = $response->getParameter('error_description', $response->getStatusText()); } $this->errorCode = $errorCode; $this->errorUri = $response->getParameter('error_uri'); return parent::__construct($response->getStatusCode(), $message, 0, $previous); }
protected function getErrorMessage(\OAuth2\Response $response) { $message = Module::t('common', $response->getParameter('error_description')); if ($message === null) { $message = Module::t('common', 'An internal server error occurred.'); } return $message; }
public function testSuccessfulRequestStripsExtraParameters() { $server = $this->getTestServer(array('allow_implicit' => true)); $request = new Request(array('client_id' => 'Test Client ID', 'redirect_uri' => 'http://adobe.com?fake=something', 'response_type' => 'token', 'state' => 'test', 'fake' => 'something')); $server->handleAuthorizeRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 302); $this->assertNull($response->getParameter('error')); $this->assertNull($response->getParameter('error_description')); $location = $response->getHttpHeader('Location'); $parts = parse_url($location); $this->assertFalse(isset($parts['fake'])); $this->assertArrayHasKey('fragment', $parts); parse_str($parts['fragment'], $params); $this->assertFalse(isset($parmas['fake'])); $this->assertArrayHasKey('state', $params); $this->assertEquals($params['state'], 'test'); }
public function testRequestOverride() { $request = new TestRequest(); $server = $this->getTestServer(); // Smoke test for override request class // $server->handleTokenRequest($request, $response = new Response()); // $this->assertInstanceOf('Response', $response); // $server->handleAuthorizeRequest($request, $response = new Response(), true); // $this->assertInstanceOf('Response', $response); // $response = $server->verifyResourceRequest($request, $response = new Response()); // $this->assertTrue(is_bool($response)); /*** make some valid requests ***/ // Valid Token Request $request->setPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode')); $server->handleTokenRequest($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 200); $this->assertNull($response->getParameter('error')); $this->assertNotNUll($response->getParameter('access_token')); }
public function testAccessResourceWithCryptoTokenUsingSecondaryStorage() { // add the test parameters in memory $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret')); $server->handleTokenRequest($request, $response = new Response()); $this->assertNotNull($cryptoToken = $response->getParameter('access_token')); // make a call to the resource server using the crypto token $request = TestRequest::createPost(array('access_token' => $cryptoToken)); // create a resource server with the "memory" storage from the grant server $resourceServer = new Server($server->getStorage('client_credentials')); $this->assertTrue($resourceServer->verifyResourceRequest($request)); }
public function testCryptoTokenWithRefreshToken() { $server = $this->getTestServer(); // add "UserCredentials" grant type and "CryptoToken" response type // and ensure "CryptoToken" response type has "RefreshToken" storage $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); $server->addGrantType(new UserCredentials($memoryStorage)); $server->addGrantType(new RefreshToken($memoryStorage)); $server->addResponseType(new CryptoToken($memoryStorage, $memoryStorage, $memoryStorage), 'token'); $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass')); // make the call to grant a crypto token $server->handleTokenRequest($request, $response = new Response()); $this->assertNotNull($cryptoToken = $response->getParameter('access_token')); $this->assertNotNull($refreshToken = $response->getParameter('refresh_token')); // decode token and make sure refresh_token isn't set list($header, $payload, $signature) = explode('.', $cryptoToken); $decodedToken = json_decode(base64_decode($payload), true); $this->assertFalse(array_key_exists('refresh_token', $decodedToken)); // use the refresh token to get another access token $request = TestRequest::createPost(array('grant_type' => 'refresh_token', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'refresh_token' => $refreshToken)); $server->handleTokenRequest($request, $response = new Response()); $this->assertNotNull($response->getParameter('access_token')); }
public function testGrantCodeAccessTokenOnNewCode() { $request = TestRequest::createPost(array('grant_type' => 'device_code', 'client_id' => 'test_client_id')); $this->server->handleDeviceRequest($request, $response = new Response()); $this->assertNotNull($response->getParameter('code')); $deviceCodeResponse = $response; // Get access token when user_id is null $request = TestRequest::createPost(array('grant_type' => 'device_token', 'client_id' => 'test_client_id', 'code' => $deviceCodeResponse->getParameter('code'))); $this->server->handleDeviceRequest($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertArrayHasKey('error', $response->getParameters()); $this->assertEquals('authorization_pending', $response->getParameter('error')); // Update user_id and verify response $deviceStorage = $this->server->getStorage('device_code'); $code = $deviceStorage->getDeviceCode($deviceCodeResponse->getParameter('code'), 'test_client_id'); $deviceStorage->setDeviceCode($code['device_code'], $code['user_code'], $code['client_id'], 1, $code['expires'], $code['scope']); $request = TestRequest::createPost(array('grant_type' => 'device_token', 'client_id' => 'test_client_id', 'code' => $deviceCodeResponse->getParameter('code'))); $this->server->handleDeviceRequest($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 200); $this->assertArrayHasKey('access_token', $response->getParameters()); //ensure device code was deleted $code = $deviceStorage->getDeviceCode($deviceCodeResponse->getParameter('code'), 'test_client_id'); $this->assertFalse($code); }
public function testValidClientDifferentCode() { $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Some Other Client', 'client_secret' => 'TestSecret3', 'code' => 'testcode')); $token = $server->grantAccessToken($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_grant'); $this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client'); }
public function testMalformedToken() { $server = $this->getTestServer(); $request = Request::createFromGlobals(); $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-malformed'; $allow = $server->verifyResourceRequest($request, $response = new Response()); $this->assertFalse($allow); $this->assertEquals($response->getStatusCode(), 401); $this->assertEquals($response->getParameter('error'), 'invalid_token'); $this->assertEquals($response->getParameter('error_description'), 'Malformed token (missing "expires")'); }
public function testInvalidClientIdScope() { // add the test parameters in memory $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'authorization_code', 'code' => 'testcode-with-scope', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'scope' => 'clientscope3')); $server->handleTokenRequest($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_scope'); $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request'); }
public function testJtiReplayAttack() { $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(99999999900, null, '*****@*****.**', 'Test Client ID', 'totally_new_jti'))); $token = $server->grantAccessToken($request, $response = new Response()); $this->assertNotNull($token); $this->assertArrayHasKey('access_token', $token); //Replay the same request $token = $server->grantAccessToken($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_grant'); $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used'); }
public function testNoSecretWithConfidentialClient() { $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'username' => 'test-username', 'password' => 'testpass')); $token = $server->grantAccessToken($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_client'); $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret'); }
/** * @see http://tools.ietf.org/html/rfc6749#section-4.1.3 * @see https://github.com/bshaffer/oauth2-server-php/issues/163 */ public function testNoRedirectUriSuppliedDoesNotRequireTokenRedirectUri() { $server = $this->getTestServer(); $request = new Request(array('client_id' => 'Test Client ID with Redirect Uri', 'response_type' => 'code', 'state' => 'xyz')); $server->handleAuthorizeRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 302); $this->assertContains('state', $response->getHttpHeader('Location')); $this->assertStringStartsWith('http://brentertainment.com?code=', $response->getHttpHeader('Location')); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['query'], $query); // call token endpoint with no redirect_uri supplied $request = TestRequest::createPost(array('client_id' => 'Test Client ID with Redirect Uri', 'client_secret' => 'TestSecret2', 'grant_type' => 'authorization_code', 'code' => $query['code'])); $server->handleTokenRequest($request, $response = new Response(), true); $this->assertEquals($response->getStatusCode(), 200); $this->assertNotNull($response->getParameter('access_token')); }
public function testValidJwtInvalidScope() { $server = $this->getTestServer(); $request = TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(null, null, null, 'Test Client ID', 'invalid-scope'))); $token = $server->grantAccessToken($request, $response = new Response()); $this->assertEquals($response->getStatusCode(), 400); $this->assertEquals($response->getParameter('error'), 'invalid_scope'); $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested'); }