/** * {@inheritDoc} */ public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface { $postParams = $request->getParsedBody(); $refreshToken = $postParams['refresh_token'] ?? null; if (null === $refreshToken) { throw OAuth2Exception::invalidRequest('Refresh token is missing'); } // We can fetch the actual token, and validate it /** @var RefreshToken $refreshToken */ $refreshToken = $this->refreshTokenService->getToken((string) $refreshToken); if (null === $refreshToken || $refreshToken->isExpired()) { throw OAuth2Exception::invalidGrant('Refresh token is expired'); } // We can now create a new access token! First, we need to make some checks on the asked scopes, // because according to the spec, a refresh token can create an access token with an equal or lesser // scope, but not more $scopes = $postParams['scope'] ?? $refreshToken->getScopes(); if (!$refreshToken->matchScopes($scopes)) { throw OAuth2Exception::invalidScope('The scope of the new access token exceeds the scope(s) of the refresh token'); } $owner = $refreshToken->getOwner(); $accessToken = $this->accessTokenService->createToken($owner, $client, $scopes); // We may want to revoke the old refresh token if ($this->serverOptions->getRotateRefreshTokens()) { if ($this->serverOptions->getRevokeRotatedRefreshTokens()) { $this->refreshTokenService->deleteToken($refreshToken); } $refreshToken = $this->refreshTokenService->createToken($owner, $client, $scopes); } // We can generate the response! return $this->prepareTokenResponse($accessToken, $refreshToken, true); }
public function testCanCreateFromFactory() { $container = $this->createMock(ContainerInterface::class); $container->expects($this->at(0))->method('get')->with(ServerOptions::class)->willReturn(ServerOptions::fromArray()); $container->expects($this->at(1))->method('get')->with(AccessTokenService::class)->willReturn($this->createMock(AccessTokenService::class)); $container->expects($this->at(2))->method('get')->with(RefreshTokenService::class)->willReturn($this->createMock(RefreshTokenService::class)); $factory = new RefreshTokenGrantFactory(); $service = $factory($container); $this->assertInstanceOf(RefreshTokenGrant::class, $service); }
public function testCanCreateFromFactory() { $container = $this->createMock(ContainerInterface::class); $serverOptions = ServerOptions::fromArray(); $container->expects($this->at(0))->method('get')->with(ServerOptions::class)->willReturn($serverOptions); $container->expects($this->at(1))->method('get')->with(AuthorizationCodeRepositoryInterface::class)->willReturn($this->createMock(AuthorizationCodeRepositoryInterface::class)); $container->expects($this->at(2))->method('get')->with(ScopeService::class)->willReturn($this->createMock(ScopeService::class)); $factory = new AuthorizationCodeServiceFactory(); $service = $factory($container); $this->assertInstanceOf(AuthorizationCodeService::class, $service); }
public function testCanCreateFromFactory() { $container = $this->createMock(ContainerInterface::class); $serverOptions = ServerOptions::fromArray(['grants' => ['MyGrant']]); $container->expects($this->at(0))->method('get')->with(ClientService::class)->willReturn($this->createMock(ClientService::class)); $container->expects($this->at(1))->method('get')->with(ServerOptions::class)->willReturn($serverOptions); $container->expects($this->at(2))->method('get')->with('MyGrant')->willReturn($this->createMock(GrantInterface::class)); $container->expects($this->at(3))->method('get')->with(AccessTokenService::class)->willReturn($this->createMock(AccessTokenService::class)); $container->expects($this->at(4))->method('get')->with(RefreshTokenService::class)->willReturn($this->createMock(RefreshTokenService::class)); $factory = new AuthorizationServerFactory(); $service = $factory($container); $this->assertInstanceOf(AuthorizationServer::class, $service); }
public function testGetters() { $callable = function () { }; $options = ServerOptions::fromArray(['authorization_code_ttl' => 300, 'access_token_ttl' => 3000, 'refresh_token_ttl' => 30000, 'rotate_refresh_tokens' => true, 'revoke_rotated_refresh_tokens' => false, 'owner_callable' => $callable, 'grants' => [ClientCredentialsGrant::class]]); $this->assertEquals(300, $options->getAuthorizationCodeTtl()); $this->assertEquals(3000, $options->getAccessTokenTtl()); $this->assertEquals(30000, $options->getRefreshTokenTtl()); $this->assertEquals(true, $options->getRotateRefreshTokens()); $this->assertEquals(false, $options->getRevokeRotatedRefreshTokens()); $this->assertSame($callable, $options->getOwnerCallable()); $this->assertEquals([ClientCredentialsGrant::class], $options->getGrants()); }
public function testCanCreateFromFactoryOwnerCallableOptionsIsString() { $container = $this->createMock(ContainerInterface::class); $callable = function () { }; $options = ServerOptions::fromArray(['owner_callable' => 'service_name']); $container->expects($this->at(0))->method('get')->with(ServerOptions::class)->willReturn($options); $container->expects($this->at(1))->method('get')->with('service_name')->willReturn($callable); $container->expects($this->at(2))->method('get')->with(AccessTokenService::class)->willReturn($this->createMock(AccessTokenService::class)); $container->expects($this->at(3))->method('get')->with(RefreshTokenService::class)->willReturn($this->createMock(RefreshTokenService::class)); $factory = new PasswordGrantFactory(); $service = $factory($container); $this->assertInstanceOf(PasswordGrant::class, $service); }
public function testSettersAndGetters() { $callable = function () { }; $options = new ServerOptions(['authorization_code_ttl' => 300, 'access_token_ttl' => 3000, 'refresh_token_ttl' => 30000, 'owner_callable' => $callable, 'grants' => [ClientCredentialsGrant::class]]); $this->assertEquals(300, $options->getAuthorizationCodeTtl()); $this->assertEquals(3000, $options->getAccessTokenTtl()); $this->assertEquals(30000, $options->getRefreshTokenTtl()); $this->assertSame($callable, $options->getOwnerCallable()); $this->assertEquals([ClientCredentialsGrant::class], $options->getGrants()); }
public function testMethodAllowPublicClients() { $grant = new RefreshTokenGrant($this->accessTokenService, $this->refreshTokenService, ServerOptions::fromArray()); $this->assertTrue($grant->allowPublicClients()); }
public function setUp() { $this->tokenRepository = $this->createMock(AccessTokenRepositoryInterface::class); $this->scopeService = $this->createMock(ScopeService::class); $this->tokenService = new AccessTokenService($this->tokenRepository, $this->scopeService, ServerOptions::fromArray()); }
public function __invoke(ContainerInterface $container) : ServerOptions { $config = $container->get('config'); $options = $config['zfr_oauth2_server'] ?? []; return ServerOptions::fromArray($options); }