/** * Register a new client and generate a strong secret * * Please note that the secret must be really kept secret, as it is used for some grant type to * authorize the client. It is returned as a result of this method, as it's already encrypted * in the client object * * @param string $name * @param array $redirectUris * @return array [$client, $secret] */ public function registerClient(string $name, array $redirectUris) : array { do { $client = Client::createNewClient($name, $redirectUris); } while ($this->clientRepository->idExists($client->getId())); $secret = $client->generateSecret(); $client = $this->clientRepository->save($client); return [$client, $secret]; }
public function testCanCreateTokenResponse() { $request = $this->createMock(ServerRequestInterface::class); $client = Client::createNewClient('name', 'http://www.example.com'); $owner = $this->createMock(TokenOwnerInterface::class); $owner->expects($this->once())->method('getTokenOwnerId')->will($this->returnValue(1)); $token = AccessToken::reconstitute(['token' => 'azerty', 'owner' => $owner, 'client' => null, 'expiresAt' => (new \DateTimeImmutable())->add(new DateInterval('PT1H')), 'scopes' => []]); $this->tokenService->expects($this->once())->method('createToken')->will($this->returnValue($token)); $response = $this->grant->createTokenResponse($request, $client, $owner); $body = json_decode($response->getBody(), true); $this->assertEquals('azerty', $body['access_token']); $this->assertEquals('Bearer', $body['token_type']); $this->assertEquals(3600, $body['expires_in']); $this->assertEquals(1, $body['owner_id']); }
/** * @dataProvider grantOptions */ public function testCanCreateTokenResponse($rotateRefreshToken, $revokeRotatedRefreshToken) { $grant = new RefreshTokenGrant($this->accessTokenService, $this->refreshTokenService, ServerOptions::fromArray(['rotate_refresh_tokens' => $rotateRefreshToken, 'revoke_rotated_refresh_tokens' => $revokeRotatedRefreshToken])); $request = $this->createMock(ServerRequestInterface::class); $request->expects($this->once())->method('getParsedBody')->willReturn(['refresh_token' => '123', 'scope' => 'read']); $owner = $this->createMock(TokenOwnerInterface::class); $owner->expects($this->once())->method('getTokenOwnerId')->will($this->returnValue(1)); $refreshToken = $this->getValidRefreshToken($owner, ['read']); $this->refreshTokenService->expects($this->once())->method('getToken')->with('123')->will($this->returnValue($refreshToken)); if ($rotateRefreshToken) { $this->refreshTokenService->expects($revokeRotatedRefreshToken ? $this->once() : $this->never())->method('deleteToken')->with($refreshToken); $refreshToken = $this->getValidRefreshToken(); $this->refreshTokenService->expects($this->once())->method('createToken')->will($this->returnValue($refreshToken)); } $accessToken = $this->getValidAccessToken($owner); $this->accessTokenService->expects($this->once())->method('createToken')->will($this->returnValue($accessToken)); $response = $grant->createTokenResponse($request, Client::createNewClient('name', [])); $body = json_decode($response->getBody(), true); $this->assertEquals('azerty_access', $body['access_token']); $this->assertEquals('Bearer', $body['token_type']); $this->assertEquals(3600, $body['expires_in']); $this->assertEquals('read', $body['scope']); $this->assertEquals(1, $body['owner_id']); $this->assertEquals('azerty_refresh', $body['refresh_token']); }
/** * @dataProvider hasRefreshGrant */ public function testCanCreateTokenResponse($hasRefreshGrant) { $request = $this->createMock(ServerRequestInterface::class); $request->expects($this->once())->method('getParsedBody')->willReturn(['username' => 'michael', 'password' => 'azerty', 'scope' => 'read']); $owner = $this->createMock(TokenOwnerInterface::class); $owner->expects($this->once())->method('getTokenOwnerId')->will($this->returnValue(1)); $callable = function ($username, $password) use($owner) { return $owner; }; $accessToken = $this->getValidAccessToken($owner); $this->accessTokenService->expects($this->once())->method('createToken')->will($this->returnValue($accessToken)); if ($hasRefreshGrant) { $refreshToken = $this->getValidRefreshToken(); $this->refreshTokenService->expects($this->once())->method('createToken')->will($this->returnValue($refreshToken)); } $authorizationServer = $this->createMock(AuthorizationServer::class); $authorizationServer->expects($this->once())->method('hasGrant')->with(RefreshTokenGrant::GRANT_TYPE)->will($this->returnValue($hasRefreshGrant)); $this->grant = new PasswordGrant($this->accessTokenService, $this->refreshTokenService, $callable); $this->grant->setAuthorizationServer($authorizationServer); $response = $this->grant->createTokenResponse($request, Client::createNewClient('id', 'http://www.example.com')); $body = json_decode($response->getBody(), true); $this->assertEquals('azerty_access', $body['access_token']); $this->assertEquals('Bearer', $body['token_type']); $this->assertEquals(3600, $body['expires_in']); $this->assertEquals('read', $body['scope']); $this->assertEquals(1, $body['owner_id']); if ($hasRefreshGrant) { $this->assertEquals('azerty_refresh', $body['refresh_token']); } }
public function testGenerateSecret() { $client = Client::createNewClient('name'); $secret = $client->generateSecret(); $this->assertEquals(60, strlen($client->getSecret())); $this->assertEquals(40, strlen($secret)); $this->assertFalse($client->authenticate('azerty')); $this->assertTrue($client->authenticate($secret)); $this->assertFalse($client->authenticate($client->getSecret())); }
public function testAssertInvalidGrantIfCodeIsExpired() { $this->expectException(OAuth2Exception::class, null, 'invalid_grant'); $request = $this->createMock(ServerRequestInterface::class); $request->expects($this->once())->method('getParsedBody')->willReturn(['code' => '123']); $this->authorizationCodeService->expects($this->once())->method('getToken')->with('123')->will($this->returnValue($this->getInvalidAuthorizationCode())); $this->grant->createTokenResponse($request, Client::createNewClient('id', 'http://www.example.com')); }