function it_authenticates_request_and_throws_exception_if_access_token_does_not_exist(IRequest $request, ITokenTypeResolver $tokenTypeResolver, ITokenType $tokenType, IAccessTokenStorage $accessTokenStorage)
{
$tokenTypeResolver->resolve($request)->willReturn($tokenType)->shouldBeCalled();
$tokenType->getAccessToken()->willReturn('abcd')->shouldBeCalled();
$accessTokenStorage->get('abcd')->willReturn(null)->shouldBeCalled();
$this->shouldThrow('OAuth2\\Exception\\NotAuthenticatedException')->during('authenticate', [$request]);
}
/**
* Authenticates current request and returns session
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\NotAuthenticatedException
* @return Session
*/
public function authenticate(IRequest $request)
{
// resolve token type from request
$tokenType = $this->tokenTypeResolver->resolve($request);
$accessToken = $this->accessTokenStorage->get($tokenType->getAccessToken());
if (!$accessToken) {
throw new NotAuthenticatedException();
}
return new Session($accessToken);
}
function it_issues_an_access_token_using_default_scopes(IRequest $request, IClientAuthenticator $clientAuthenticator, IClient $client, IAccessTokenStorage $accessTokenStorage, IAccessToken $accessToken, IScopeResolver $scopeResolver, IScope $scope, IUser $user)
{
$clientAuthenticator->authenticate($request)->willReturn($client)->shouldBeCalled();
$client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled();
$client->getSecret()->willReturn('secret')->shouldBeCalled();
$request->request('scope')->willReturn(null)->shouldBeCalled();
$client->getScopes()->willReturn([])->shouldBeCalled();
$scopeResolver->getDefaultScopes()->willReturn([$scope])->shouldBeCalled();
$scopeResolver->intersect(null, [$scope])->willReturn([$scope])->shouldBeCalled();
$client->getOwner()->willReturn($user)->shouldBeCalled();
$accessTokenStorage->generate($user, $client, [$scope])->willReturn($accessToken)->shouldBeCalled();
$this->grant($request)->shouldReturn($accessToken);
}
/**
* Grants access token for request
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidGrantException
* @throws \OAuth2\Exception\InvalidRequestException
* @throws \OAuth2\Exception\InvalidScopeException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return IAccessToken
*/
public function grant(IRequest $request)
{
$username = $request->request('username');
$password = $request->request('password');
if (empty($username) || empty($password)) {
throw new InvalidRequestException('Username and password are required.');
}
$client = $this->clientAuthenticator->authenticate($request);
if (!$client->isAllowedToUse($this)) {
throw new UnauthorizedClientException('Client can not use this grant type.');
}
$user = $this->userAuthenticator->authenticate($username, $password);
if (!$user) {
throw new InvalidUserCredentialsException('Invalid user credentials.');
}
$requestedScopes = $request->request('scope');
$availableScopes = $user->getScopes();
if (empty($availableScopes)) {
$availableScopes = $this->scopeResolver->getDefaultScopes();
}
if (empty($availableScopes)) {
throw new InvalidScopeException('Scope parameter has to be specified.');
}
// intersection of requested and user scopes
$scopes = $this->scopeResolver->intersect($requestedScopes, $availableScopes);
return $this->accessTokenStorage->generate($user, $client, $scopes);
}
/**
* Grants access token for request
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidGrantException
* @throws \OAuth2\Exception\InvalidRequestException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return IAccessToken
*/
public function grant(IRequest $request)
{
$code = $request->request('code');
if (empty($code)) {
throw new InvalidRequestException("Parameter 'code' is missing.");
}
$client = $this->clientAuthenticator->authenticate($request);
if (!$client->isAllowedToUse($this)) {
throw new UnauthorizedClientException('Client can not use this grant type.');
}
$authorizationCode = $this->authorizationCodeStorage->get($code);
if (!$authorizationCode) {
throw new InvalidGrantException('Authorization code is invalid.');
}
if ($authorizationCode->getExpiresAt() < time()) {
throw new InvalidGrantException('Authorization code has expired.');
}
if ($client->getId() !== $authorizationCode->getClient()->getId()) {
throw new InvalidGrantException('Authorization code is invalid.');
}
$redirectUri = $request->request('redirect_uri');
$codeRedirectUri = $authorizationCode->getRedirectUri();
if (!empty($redirectUri)) {
if (empty($codeRedirectUri) || $redirectUri !== $codeRedirectUri) {
throw new InvalidRequestException('Redirect URI is missing, was not used in authorization or is invalid.');
}
} else {
if (!empty($codeRedirectUri)) {
throw new InvalidRequestException('Redirect URI is missing, was not used in authorization or is invalid.');
}
}
return $this->accessTokenStorage->generate($authorizationCode->getUser(), $authorizationCode->getClient(), $authorizationCode->getScopes());
}
/**
* Grants access token for request
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidGrantException
* @throws \OAuth2\Exception\MissingParameterException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return IAccessToken
*/
public function grant(IRequest $request)
{
if (!($refreshTokenIdentifier = $request->request('refresh_token'))) {
throw new MissingParameterException("Parameter 'refresh_token' is missing.");
}
if (!($refreshToken = $this->refreshTokenStorage->get($refreshTokenIdentifier))) {
throw new InvalidGrantException('Invalid refresh token.');
}
$client = $this->clientAuthenticator->authenticate($request);
// are clients same?
if ($client->getId() !== $refreshToken->getClient()->getId()) {
throw new InvalidGrantException('Invalid refresh token.');
}
// is client allowed to use this grant type?
if (!$client->isAllowedToUse($this)) {
throw new UnauthorizedClientException('Client can not use this grant type.');
}
$expiresAt = $refreshToken->getExpiresAt();
if ($expiresAt instanceof \DateTime) {
$expiresAt = $expiresAt->getTimestamp();
}
// is refresh token expired?
if ($expiresAt < time()) {
throw new InvalidGrantException('Refresh token has expired.');
}
// intersection of refresh token and requested scopes
$scopes = $this->scopeResolver->intersect($request->request('scope'), $refreshToken->getScopes());
return $this->accessTokenStorage->generate($refreshToken->getUser(), $refreshToken->getClient(), $scopes);
}
/**
* Grants access token for request
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidClientException
* @throws \OAuth2\Exception\InvalidScopeException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return IAccessToken
*/
public function grant(IRequest $request)
{
$client = $this->clientAuthenticator->authenticate($request);
if (!$client->isAllowedToUse($this)) {
throw new UnauthorizedClientException('Client can not use this grant type.');
}
if (!$client->getSecret()) {
throw new InvalidClientException('Only confidential clients can use this method.');
}
$requestedScopes = $request->request('scope');
$availableScopes = $client->getScopes();
if (empty($availableScopes)) {
$availableScopes = $this->scopeResolver->getDefaultScopes();
}
if (empty($availableScopes)) {
throw new InvalidScopeException('Scope parameter has to be specified.');
}
$scopes = $this->scopeResolver->intersect($requestedScopes, $availableScopes);
return $this->accessTokenStorage->generate($client->getOwner(), $client, $scopes);
}
function it_issues_an_access_token(IRequest $request, IRefreshToken $refreshToken, IRefreshTokenStorage $refreshTokenStorage, IAccessTokenStorage $accessTokenStorage, IAccessToken $accessToken, IUser $user, IClient $client, IScope $scope1, IScope $scope2, IScopeResolver $scopeResolver, IClientAuthenticator $clientAuthenticator)
{
$scopes = [$scope1, $scope2];
$request->request('refresh_token')->willReturn('pom')->shouldBeCalled();
$refreshTokenStorage->get('pom')->willReturn($refreshToken)->shouldBeCalled();
$refreshToken->getClient()->willReturn($client)->shouldBeCalled();
$clientAuthenticator->authenticate($request)->willReturn($client)->shouldBeCalled();
$client->getId()->willReturn('test')->shouldBeCalled();
$client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled();
$refreshToken->getExpiresAt()->willReturn(time() + 100)->shouldBeCalled();
$refreshToken->getScopes()->willReturn($scopes)->shouldBeCalled();
$request->request('scope')->willReturn(null)->shouldBeCalled();
$scopeResolver->intersect(null, $scopes)->willReturn($scopes)->shouldBeCalled();
$refreshToken->getUser()->willReturn($user)->shouldBeCalled();
$accessTokenStorage->generate($user, $client, $scopes)->willReturn($accessToken)->shouldBeCalled();
$this->grant($request)->shouldReturnAnInstanceOf('OAuth2\\Storage\\IAccessToken');
}
function it_should_issue_access_token_and_return_implicit_authorization_session(IAccessTokenStorage $accessTokenStorage, IScopeResolver $scopeResolver, IClientStorage $clientStorage, IClient $client, IRequest $request, ITokenType $tokenType, IUser $user, IAccessToken $accessToken, IScope $scope)
{
$request->query('client_id')->willReturn('test')->shouldBeCalled();
$clientStorage->get('test')->willReturn($client)->shouldBeCalled();
$client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled();
$request->query('redirect_uri')->willReturn('http://google.com')->shouldBeCalled();
$client->getRedirectUri()->willReturn('http://google.com')->shouldBeCalled();
$request->query('scope')->willReturn('scope1')->shouldBeCalled();
$user->getScopes()->willReturn([])->shouldBeCalled();
$scopeResolver->getDefaultScopes()->willReturn([$scope])->shouldBeCalled();
$scopeResolver->intersect('scope1', [$scope])->willReturn([$scope])->shouldBeCalled();
$request->query('state')->willReturn(null)->shouldBeCalled();
$accessTokenStorage->generate($user, $client, [$scope])->willReturn($accessToken)->shouldBeCalled();
$tokenType->getName()->willReturn('Bearer')->shouldBeCalled();
$this->authorize($request, $user)->shouldReturnAnInstanceOf('OAuth2\\Security\\ImplicitSession');
}
/**
* Authorizes request
*
* @param IRequest $request
* @param IUser $user logged user
*
* @throws \OAuth2\Exception\InvalidClientException
* @throws \OAuth2\Exception\InvalidRequestException
* @throws \OAuth2\Exception\InvalidScopeException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return AuthorizationCodeSession
*/
public function authorize(IRequest $request, IUser $user)
{
$requirements = parent::parseAuthorizationRequest($request, $user);
$accessToken = $this->accessTokenStorage->generate($user, $requirements['client'], $requirements['scopes']);
return new ImplicitSession($accessToken, $this->tokenType->getName(), $requirements['redirect_uri'], $requirements['state']);
}
function it_issues_an_access_token(IRequest $request, IClientAuthenticator $clientAuthenticator, IAuthorizationCodeStorage $authorizationCodeStorage, IAuthorizationCode $authorizationCode, IAccessTokenStorage $accessTokenStorage, IAccessToken $accessToken, IUser $user, IClient $client, IScope $scope)
{
$request->request('code')->willReturn('a')->shouldBeCalled();
$clientAuthenticator->authenticate($request)->willReturn($client)->shouldBeCalled();
$client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled();
$authorizationCodeStorage->get('a')->willReturn($authorizationCode)->shouldBeCalled();
$authorizationCode->getExpiresAt()->willReturn(time() + 100)->shouldBeCalled();
$client->getId()->willReturn('id')->shouldBeCalled();
$authorizationCode->getClient()->willReturn($client)->shouldBeCalled();
$request->request('redirect_uri')->willReturn(null)->shouldBeCalled();
$authorizationCode->getRedirectUri()->willReturn(null)->shouldBeCalled();
$authorizationCode->getScopes()->willReturn([$scope])->shouldBeCalled();
$authorizationCode->getUser()->willReturn($user)->shouldBeCalled();
$authorizationCode->getClient()->willReturn($client)->shouldBeCalled();
$accessTokenStorage->generate($user, $client, [$scope])->willReturn($accessToken)->shouldBeCalled();
$this->grant($request)->shouldReturn($accessToken);
}
