public function testFlow()
{
$testCase = $this;
$http = new Http(new Callback(function ($request) use($testCase) {
$body = new TempStream(fopen('php://memory', 'r+'));
$response = new Response();
$response->setBody($body);
$testCase->loadController($request, $response);
return $response;
}));
$oauth = new Oauth($http);
// request token
$response = $oauth->requestToken(new Url('http://127.0.0.1/request'), OauthTest::CONSUMER_KEY, OauthTest::CONSUMER_SECRET);
$this->assertInstanceOf('PSX\\Oauth\\Provider\\Data\\Response', $response);
$this->assertEquals(OauthTest::TMP_TOKEN, $response->getToken());
$this->assertEquals(OauthTest::TMP_TOKEN_SECRET, $response->getTokenSecret());
// authorize the user gets redirected and approves the application
// access token
$response = $oauth->accessToken(new Url('http://127.0.0.1/access'), OauthTest::CONSUMER_KEY, OauthTest::CONSUMER_SECRET, OauthTest::TMP_TOKEN, OauthTest::TMP_TOKEN_SECRET, OauthTest::VERIFIER);
$this->assertInstanceOf('PSX\\Oauth\\Provider\\Data\\Response', $response);
$this->assertEquals(OauthTest::TOKEN, $response->getToken());
$this->assertEquals(OauthTest::TOKEN_SECRET, $response->getTokenSecret());
// api request
$url = new Url('http://127.0.0.1/api');
$auth = $oauth->getAuthorizationHeader($url, OauthTest::CONSUMER_KEY, OauthTest::CONSUMER_SECRET, OauthTest::TOKEN, OauthTest::TOKEN_SECRET, 'HMAC-SHA1', 'GET');
$request = new GetRequest($url, array('Authorization' => $auth));
$response = $http->request($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('SUCCESS', (string) $response->getBody());
}
public function testFlow()
{
$testCase = $this;
$http = new Http(new Callback(function (RequestInterface $request) use($testCase) {
// request token
if ($request->getUri()->getPath() == '/requestToken') {
$auth = Authentication::decodeParameters((string) $request->getHeader('Authorization'));
$testCase->assertEquals(self::CONSUMER_KEY, $auth['oauth_consumer_key']);
$testCase->assertEquals('HMAC-SHA1', $auth['oauth_signature_method']);
$testCase->assertTrue(isset($auth['oauth_timestamp']));
$testCase->assertTrue(isset($auth['oauth_nonce']));
$testCase->assertEquals('1.0', $auth['oauth_version']);
$testCase->assertEquals('oob', $auth['oauth_callback']);
$testCase->assertTrue(isset($auth['oauth_signature']));
$tmpToken = self::TMP_TOKEN;
$tmpTokenSecret = self::TMP_TOKEN_SECRET;
$response = <<<TEXT
HTTP/1.1 200 OK
Date: Thu, 26 Sep 2013 16:36:25 GMT
Content-Type: application/x-www-form-urlencoded
oauth_token={$tmpToken}&oauth_token_secret={$tmpTokenSecret}&oauth_callback_confirmed=1
TEXT;
} elseif ($request->getUri()->getPath() == '/accessToken') {
$auth = Authentication::decodeParameters((string) $request->getHeader('Authorization'));
$testCase->assertEquals(self::CONSUMER_KEY, $auth['oauth_consumer_key']);
$testCase->assertEquals(self::TMP_TOKEN, $auth['oauth_token']);
$testCase->assertEquals('HMAC-SHA1', $auth['oauth_signature_method']);
$testCase->assertTrue(isset($auth['oauth_timestamp']));
$testCase->assertTrue(isset($auth['oauth_nonce']));
$testCase->assertEquals('1.0', $auth['oauth_version']);
$testCase->assertEquals(self::VERIFIER, $auth['oauth_verifier']);
$testCase->assertTrue(isset($auth['oauth_signature']));
$token = self::TOKEN;
$tokenSecret = self::TOKEN_SECRET;
$response = <<<TEXT
HTTP/1.1 200 OK
Date: Thu, 26 Sep 2013 16:36:26 GMT
Content-Type: application/x-www-form-urlencoded
oauth_token={$token}&oauth_token_secret={$tokenSecret}
TEXT;
} elseif ($request->getUri()->getPath() == '/api') {
$auth = Authentication::decodeParameters((string) $request->getHeader('Authorization'));
$testCase->assertEquals(self::CONSUMER_KEY, $auth['oauth_consumer_key']);
$testCase->assertEquals(self::TOKEN, $auth['oauth_token']);
$testCase->assertEquals('HMAC-SHA1', $auth['oauth_signature_method']);
$testCase->assertTrue(isset($auth['oauth_timestamp']));
$testCase->assertTrue(isset($auth['oauth_nonce']));
$testCase->assertEquals('1.0', $auth['oauth_version']);
$testCase->assertTrue(isset($auth['oauth_signature']));
$response = <<<TEXT
HTTP/1.1 200 OK
Date: Thu, 26 Sep 2013 16:36:26 GMT
Content-Type: text/html; charset=UTF-8
SUCCESS
TEXT;
} else {
throw new \RuntimeException('Invalid path');
}
return ResponseParser::convert($response, ResponseParser::MODE_LOOSE)->toString();
}));
$oauth = new Oauth($http);
// request token
$url = new Url('http://127.0.0.1/requestToken');
$response = $oauth->requestToken($url, self::CONSUMER_KEY, self::CONSUMER_SECRET);
$this->assertInstanceOf('PSX\\Oauth\\Provider\\Data\\Response', $response);
$this->assertEquals(self::TMP_TOKEN, $response->getToken());
$this->assertEquals(self::TMP_TOKEN_SECRET, $response->getTokenSecret());
// if we have optained temporary credentials we can redirect the user
// to grant access to the credentials
// $oauth->userAuthorization($url, array('oauth_token' => $response->getToken()))
// if the user gets redirected back we can exchange the temporary
// credentials to an access token we also get an verifier as GET
// parameter
$url = new Url('http://127.0.0.1/accessToken');
$response = $oauth->accessToken($url, self::CONSUMER_KEY, self::CONSUMER_SECRET, self::TMP_TOKEN, self::TMP_TOKEN, self::VERIFIER);
$this->assertInstanceOf('PSX\\Oauth\\Provider\\Data\\Response', $response);
$this->assertEquals(self::TOKEN, $response->getToken());
$this->assertEquals(self::TOKEN_SECRET, $response->getTokenSecret());
// now we can make an request to the protected api
$url = new Url('http://127.0.0.1/api');
$auth = $oauth->getAuthorizationHeader($url, self::CONSUMER_KEY, self::CONSUMER_SECRET, self::TOKEN, self::TOKEN_SECRET, 'HMAC-SHA1', 'GET');
$request = new GetRequest($url, array('Authorization' => $auth));
$response = $http->request($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('SUCCESS', (string) $response->getBody());
}