public function testValidCredentialsInvalidScope()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'testpass', 'scope' => 'invalid-scope'));
$token = $server->grantAccessToken($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
}
public function testValidCredentialsInQuerystring()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
$token = $server->grantAccessToken($request);
$this->assertNotNull($token);
$this->assertArrayHasKey('access_token', $token);
$this->assertNotNull($token['access_token']);
}
public function testInvalidPassword()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'password', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'username' => 'test-username', 'password' => 'fakepass'));
$ret = $server->grantAccessToken($request);
$response = $server->getResponse();
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination');
}
public function testRequestOverride()
{
$request = new OAuth2_Request_TestRequest();
$server = $this->getTestServer();
// Smoke test for override request class
// $response = $server->handleTokenRequest($request);
// $this->assertInstanceOf('OAuth2_Response', $response);
// $response = $server->handleAuthorizeRequest($request, true);
// $this->assertInstanceOf('OAuth2_Response', $response);
// $response = $server->verifyResourceRequest($request);
// $this->assertTrue(is_bool($response));
/*** make some valid requests ***/
// Valid Token Request
$request->setPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode'));
$response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNull($response->getParameter('error'));
$this->assertNotNUll($response->getParameter('access_token'));
}
public function testValidRefreshTokenWithNoRefreshTokenInResponse()
{
$server = $this->getTestServer();
$server->addGrantType(new OAuth2_GrantType_RefreshToken($this->storage, array('always_issue_new_refresh_token' => false)));
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'refresh_token', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'refresh_token' => 'test-refreshtoken'));
$token = $server->grantAccessToken($request);
$this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned');
$used_token = $this->storage->getRefreshToken('test-refreshtoken');
$this->assertNotNull($used_token, 'the refresh token used is still valid');
}
public function testInvalidContentType()
{
$bearer = new OAuth2_TokenType_Bearer();
$request = OAuth2_Request_TestRequest::createPost(array('access_token' => 'ThisIsMyAccessToken'));
$request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8';
$param = $bearer->getAccessTokenParameter($request, $response = new OAuth2_Response());
$this->assertNull($param);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_request');
$this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
}
public function testCodeCannotBeUsedTwice()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode'));
$response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNotNull($response->getParameter('access_token'));
// try to use the same code again
$response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
}
public function testValidTokenResponse()
{
// add the test parameters in memory
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'code' => 'testcode'));
$response = $server->handleTokenRequest($request);
$this->assertTrue($response instanceof OAuth2_Response);
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNull($response->getParameter('error'));
$this->assertNull($response->getParameter('error_description'));
$this->assertNotNUll($response->getParameter('access_token'));
$this->assertNotNUll($response->getParameter('expires_in'));
$this->assertNotNUll($response->getParameter('token_type'));
}
public function testCustomClientAssertionType()
{
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Client ID', 'code' => 'testcode'));
// verify the mock clientAssertionType was called as expected
$clientAssertionType = $this->getMock('OAuth2_ClientAssertionTypeInterface', array('validateRequest', 'getClientId'));
$clientAssertionType->expects($this->once())->method('validateRequest')->will($this->returnValue(true));
$clientAssertionType->expects($this->once())->method('getClientId')->will($this->returnValue('Test Client ID'));
// create mock storage
$storage = OAuth2_Storage_Bootstrap::getInstance()->getMemoryStorage();
$server = new OAuth2_Server(array($storage), array(), array(), array(), null, null, $clientAssertionType);
$server->handleTokenRequest($request, $response = new OAuth2_Response());
}
public function testValidClientDifferentCode()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'client_id' => 'Test Some Other Client', 'client_secret' => 'TestSecret3', 'code' => 'testcode'));
$token = $server->grantAccessToken($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client');
}
public function testMissingKey()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(null, null, null, 'Missing Key Cli,nt')));
$server->grantAccessToken($request);
$response = $server->getResponse();
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
$this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided');
}
public function testInvalidClientIdScope()
{
// add the test parameters in memory
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'authorization_code', 'code' => 'testcode', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret', 'scope' => 'clientscope3 scope1'));
$server->handleTokenRequest($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
}
public function testValidJwtInvalidScope()
{
$server = $this->getTestServer();
$request = OAuth2_Request_TestRequest::createPost(array('grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $this->getJWT(null, null, null, 'Test Client ID', 'invalid-scope')));
$token = $server->grantAccessToken($request, $response = new OAuth2_Response());
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
}
