Exemplo n.º 1
0
 public function testSuccessfulRequestStripsExtraParameters()
 {
     $server = $this->getTestServer(array('allow_implicit' => true));
     $request = OAuth2_Request::createFromGlobals();
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['redirect_uri'] = 'http://adobe.com';
     // valid redirect URI
     $request->query['response_type'] = 'code';
     $request->query['state'] = 'test';
     // valid state string (just needs to be passed back to us)
     $request->query['fake'] = 'something';
     // extra query param
     $response = $server->handleAuthorizeRequest($request, true);
     $this->assertEquals($response->getStatusCode(), 302);
     $this->assertNull($response->getResponseParameter('error'));
     $location = $response->getHttpHeader('Location');
     $parts = parse_url($location);
     $this->assertFalse(isset($parts['fake']));
     $this->assertArrayHasKey('query', $parts);
     parse_str($parts['query'], $query);
     $this->assertFalse(isset($parmas['fake']));
     $this->assertArrayHasKey('state', $query);
     $this->assertEquals($query['state'], 'test');
 }
Exemplo n.º 2
0
 public function getOAuthRequest()
 {
     if (is_null($this->oauthRequest)) {
         $this->oauthRequest = OAuth2_Request::createFromGlobals();
     }
     return $this->oauthRequest;
 }
 public function login()
 {
     $request = \OAuth2_Request::createFromGlobals();
     foreach ($request->query as $key => $value) {
         $request->request[$key] = $value;
     }
     $response = $this->server->handleTokenRequest($request, new \OAuth2_Response());
     //$this->app->user_id = 1;
     $response->send();
     die;
 }
 public function call()
 {
     if ($this->app->request->getPathInfo() != "/request-token/") {
         $request = \OAuth2_Request::createFromGlobals();
         if (isset($request->server["HTTP_ACCESS_TOKEN"])) {
             //$request->query["access-token"] = $request->server["HTTP_ACCESS_TOKEN"];
         }
         //var_dump($request);
         if (!$this->server->verifyResourceRequest($request, new \OAuth2_Response())) {
             var_dump($this->server->getResponse());
             $this->server->getResponse()->send();
             die;
         }
     }
     $this->next->call();
 }
 public function testInvalidCode()
 {
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->query['grant_type'] = 'authorization_code';
     // valid grant type
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['client_secret'] = 'TestSecret';
     // valid client secret
     $request->query['code'] = 'InvalidCode';
     // invalid authorization code
     $response = $server->handleGrantRequest($request);
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'invalid_grant');
     $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
 }
 public function testValidRefreshTokenWithNoRefreshTokenInResponse()
 {
     $server = $this->getTestServer();
     $server->addGrantType(new OAuth2_GrantType_RefreshToken($this->storage, array('always_issue_new_refresh_token' => false)));
     $request = OAuth2_Request::createFromGlobals();
     $request->query['grant_type'] = 'refresh_token';
     // valid grant type
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['client_secret'] = 'TestSecret';
     // valid client secret
     $request->query['refresh_token'] = 'test-refreshtoken';
     // valid client secret
     $token = $server->grantAccessToken($request);
     $this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned');
     $used_token = $this->storage->getRefreshToken('test-refreshtoken');
     $this->assertNotNull($used_token, 'the refresh token used is still valid');
 }
 public function testValidRefreshToken()
 {
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->query['grant_type'] = 'refresh_token';
     // valid grant type
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['client_secret'] = 'TestSecret';
     // valid client secret
     $request->query['refresh_token'] = 'test-refreshtoken';
     // valid client secret
     $token = $server->grantAccessToken($request);
     $this->assertTrue(isset($token['refresh_token']));
     $refresh_token = $this->storage->getRefreshToken($token['refresh_token']);
     $this->assertNotNull($refresh_token);
     $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
     $this->assertEquals($refresh_token['client_id'], $request->query('client_id'));
 }
 public function testInvalidPassword()
 {
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->query['grant_type'] = 'password';
     // valid grant type
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['client_secret'] = 'TestSecret';
     // valid client secret
     $request->query['username'] = '******';
     // valid username
     $request->query['password'] = '******';
     // valid password
     $ret = $server->grantAccessToken($request);
     $response = $server->getResponse();
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getResponseParameter('error'), 'invalid_grant');
     $this->assertEquals($response->getResponseParameter('error_description'), 'Invalid username and password combination');
 }
 public function testValidTokenResponse()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->query['grant_type'] = 'code';
     // valid grant type
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['client_secret'] = 'TestSecret';
     // valid client secret
     $request->query['code'] = 'testcode';
     // valid authorization code
     $response = $server->handleGrantRequest($request);
     $this->assertTrue($response instanceof OAuth2_Response);
     $this->assertEquals($response->getStatusCode(), 200);
     $this->assertNull($response->getResponseParameter('error'));
     $this->assertNull($response->getResponseParameter('error_description'));
     $this->assertNotNUll($response->getResponseParameter('access_token'));
     $this->assertNotNUll($response->getResponseParameter('expires_in'));
     $this->assertNotNUll($response->getResponseParameter('token_type'));
 }
 public function testEnforceState()
 {
     $server = $this->getTestServer(array('enforce_state' => true));
     $request = OAuth2_Request::createFromGlobals();
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['redirect_uri'] = 'http://adobe.com';
     // valid redirect URI
     $request->query['response_type'] = 'code';
     $response = $server->handleAuthorizeRequest($request, true);
     $this->assertEquals($response->getStatusCode(), 302);
     $location = $response->getHttpHeader('Location');
     $parts = parse_url($location);
     parse_str($parts['query'], $query);
     $this->assertEquals($query['error'], 'invalid_request');
     $this->assertEquals($query['error_description'], 'The state parameter is required');
 }
 public function testValidTokenWithScopeParam()
 {
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->server['AUTHORIZATION'] = 'Bearer accesstoken-scope';
     $request->query['scope'] = 'testscope';
     $allow = $server->verifyAccessRequest($request);
     $this->assertTrue($allow);
 }
 public function testValidCredentialsInQuerystring()
 {
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->query['grant_type'] = 'client_credentials';
     // valid grant type
     $request->query['client_id'] = 'Test Client ID';
     // valid client id
     $request->query['client_secret'] = 'TestSecret';
     // valid client secret
     $token = $server->grantAccessToken($request);
     $this->assertNotNull($token);
     $this->assertArrayHasKey('access_token', $token);
     $this->assertNotNull($token['access_token']);
 }
 public function testValidateRedirectUri()
 {
     $server = $this->getTestServer();
     $request = OAuth2_Request::createFromGlobals();
     $request->query['client_id'] = 'Test Client ID with Redirect Uri';
     // valid client id
     $request->query['redirect_uri'] = 'http://adobe.com';
     // invalid redirect URI
     $request->query['response_type'] = 'code';
     $response = $server->handleAuthorizeRequest($request, true);
     $this->assertEquals($response->getStatusCode(), 400);
     $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch');
     $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match');
 }
<?php

OAuth2_Autoloader::register();
// create your storage again
$storage = new OAuth2_Storage_Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
// create your server again
$server = new OAuth2_Server($storage);
// Add the "Authorization Code" grant type (this is required for authorization flows)
$server->addGrantType(new OAuth2_GrantType_AuthorizationCode($storage));
$request = OAuth2_Request::createFromGlobals();
$response = new OAuth2_Response();