add composer's vendor directory
This commit is contained in:
Marcel Kapfer (mmk2410)
parent
01a3860d73
commit
60b094d5fa
745 changed files with 56017 additions and 1 deletions
182
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
vendored
Normal file
182
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
vendored
Normal file
|
|
@ -0,0 +1,182 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\Controller;
|
||||
|
||||
use OAuth2\Storage\Bootstrap;
|
||||
use OAuth2\Server;
|
||||
use OAuth2\Request;
|
||||
use OAuth2\Response;
|
||||
|
||||
class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testValidateAuthorizeRequest()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
|
||||
$response = new Response();
|
||||
$request = new Request(array(
|
||||
'client_id' => 'Test Client ID', // valid client id
|
||||
'redirect_uri' => 'http://adobe.com', // valid redirect URI
|
||||
'response_type' => 'id_token',
|
||||
'state' => 'af0ifjsldkj',
|
||||
'nonce' => 'n-0S6_WzA2Mj',
|
||||
));
|
||||
|
||||
// Test valid id_token request
|
||||
$server->handleAuthorizeRequest($request, $response, true);
|
||||
|
||||
$parts = parse_url($response->getHttpHeader('Location'));
|
||||
parse_str($parts['fragment'], $query);
|
||||
|
||||
$this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
|
||||
$this->assertEquals($query['state'], 'af0ifjsldkj');
|
||||
|
||||
$this->assertArrayHasKey('id_token', $query);
|
||||
$this->assertArrayHasKey('state', $query);
|
||||
$this->assertArrayNotHasKey('access_token', $query);
|
||||
$this->assertArrayNotHasKey('expires_in', $query);
|
||||
$this->assertArrayNotHasKey('token_type', $query);
|
||||
|
||||
// Test valid token id_token request
|
||||
$request->query['response_type'] = 'id_token token';
|
||||
$server->handleAuthorizeRequest($request, $response, true);
|
||||
|
||||
$parts = parse_url($response->getHttpHeader('Location'));
|
||||
parse_str($parts['fragment'], $query);
|
||||
|
||||
$this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
|
||||
$this->assertEquals($query['state'], 'af0ifjsldkj');
|
||||
|
||||
$this->assertArrayHasKey('access_token', $query);
|
||||
$this->assertArrayHasKey('expires_in', $query);
|
||||
$this->assertArrayHasKey('token_type', $query);
|
||||
$this->assertArrayHasKey('state', $query);
|
||||
$this->assertArrayHasKey('id_token', $query);
|
||||
|
||||
// assert that with multiple-valued response types, order does not matter
|
||||
$request->query['response_type'] = 'token id_token';
|
||||
$server->handleAuthorizeRequest($request, $response, true);
|
||||
|
||||
$parts = parse_url($response->getHttpHeader('Location'));
|
||||
parse_str($parts['fragment'], $query);
|
||||
|
||||
$this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
|
||||
$this->assertEquals($query['state'], 'af0ifjsldkj');
|
||||
|
||||
$this->assertArrayHasKey('access_token', $query);
|
||||
$this->assertArrayHasKey('expires_in', $query);
|
||||
$this->assertArrayHasKey('token_type', $query);
|
||||
$this->assertArrayHasKey('state', $query);
|
||||
$this->assertArrayHasKey('id_token', $query);
|
||||
|
||||
// assert that with multiple-valued response types with extra spaces do not matter
|
||||
$request->query['response_type'] = ' token id_token ';
|
||||
$server->handleAuthorizeRequest($request, $response, true);
|
||||
|
||||
$parts = parse_url($response->getHttpHeader('Location'));
|
||||
parse_str($parts['fragment'], $query);
|
||||
|
||||
$this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
|
||||
$this->assertEquals($query['state'], 'af0ifjsldkj');
|
||||
|
||||
$this->assertArrayHasKey('access_token', $query);
|
||||
$this->assertArrayHasKey('expires_in', $query);
|
||||
$this->assertArrayHasKey('token_type', $query);
|
||||
$this->assertArrayHasKey('state', $query);
|
||||
$this->assertArrayHasKey('id_token', $query);
|
||||
}
|
||||
|
||||
public function testMissingNonce()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
$authorize = $server->getAuthorizeController();
|
||||
|
||||
$response = new Response();
|
||||
$request = new Request(array(
|
||||
'client_id' => 'Test Client ID', // valid client id
|
||||
'redirect_uri' => 'http://adobe.com', // valid redirect URI
|
||||
'response_type' => 'id_token',
|
||||
'state' => 'xyz',
|
||||
));
|
||||
|
||||
// Test missing nonce for 'id_token' response type
|
||||
$server->handleAuthorizeRequest($request, $response, true);
|
||||
$params = $response->getParameters();
|
||||
|
||||
$this->assertEquals($params['error'], 'invalid_nonce');
|
||||
$this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter');
|
||||
|
||||
// Test missing nonce for 'id_token token' response type
|
||||
$request->query['response_type'] = 'id_token token';
|
||||
$server->handleAuthorizeRequest($request, $response, true);
|
||||
$params = $response->getParameters();
|
||||
|
||||
$this->assertEquals($params['error'], 'invalid_nonce');
|
||||
$this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter');
|
||||
}
|
||||
|
||||
public function testNotGrantedApplication()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
|
||||
$response = new Response();
|
||||
$request = new Request(array(
|
||||
'client_id' => 'Test Client ID', // valid client id
|
||||
'redirect_uri' => 'http://adobe.com', // valid redirect URI
|
||||
'response_type' => 'id_token',
|
||||
'state' => 'af0ifjsldkj',
|
||||
'nonce' => 'n-0S6_WzA2Mj',
|
||||
));
|
||||
|
||||
// Test not approved application
|
||||
$server->handleAuthorizeRequest($request, $response, false);
|
||||
|
||||
$params = $response->getParameters();
|
||||
|
||||
$this->assertEquals($params['error'], 'consent_required');
|
||||
$this->assertEquals($params['error_description'], 'The user denied access to your application');
|
||||
|
||||
// Test not approved application with prompt parameter
|
||||
$request->query['prompt'] = 'none';
|
||||
$server->handleAuthorizeRequest($request, $response, false);
|
||||
|
||||
$params = $response->getParameters();
|
||||
|
||||
$this->assertEquals($params['error'], 'login_required');
|
||||
$this->assertEquals($params['error_description'], 'The user must log in');
|
||||
|
||||
// Test not approved application with user_id set
|
||||
$request->query['prompt'] = 'none';
|
||||
$server->handleAuthorizeRequest($request, $response, false, 'some-user-id');
|
||||
|
||||
$params = $response->getParameters();
|
||||
|
||||
$this->assertEquals($params['error'], 'interaction_required');
|
||||
$this->assertEquals($params['error_description'], 'The user must grant access to your application');
|
||||
}
|
||||
|
||||
public function testNeedsIdToken()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
$authorize = $server->getAuthorizeController();
|
||||
|
||||
$this->assertTrue($authorize->needsIdToken('openid'));
|
||||
$this->assertTrue($authorize->needsIdToken('openid profile'));
|
||||
$this->assertFalse($authorize->needsIdToken(''));
|
||||
$this->assertFalse($authorize->needsIdToken('some-scope'));
|
||||
}
|
||||
|
||||
private function getTestServer($config = array())
|
||||
{
|
||||
$config += array(
|
||||
'use_openid_connect' => true,
|
||||
'issuer' => 'phpunit',
|
||||
'allow_implicit' => true
|
||||
);
|
||||
|
||||
$storage = Bootstrap::getInstance()->getMemoryStorage();
|
||||
$server = new Server($storage, $config);
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
44
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
vendored
Normal file
44
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
vendored
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\Controller;
|
||||
|
||||
use OAuth2\Storage\Bootstrap;
|
||||
use OAuth2\Server;
|
||||
use OAuth2\Request;
|
||||
use OAuth2\Response;
|
||||
|
||||
class UserInfoControllerTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testCreateController()
|
||||
{
|
||||
$tokenType = new \OAuth2\TokenType\Bearer();
|
||||
$storage = new \OAuth2\Storage\Memory();
|
||||
$controller = new UserInfoController($tokenType, $storage, $storage);
|
||||
|
||||
$response = new Response();
|
||||
$controller->handleUserInfoRequest(new Request(), $response);
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
}
|
||||
|
||||
public function testValidToken()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
$request = Request::createFromGlobals();
|
||||
$request->headers['AUTHORIZATION'] = 'Bearer accesstoken-openid-connect';
|
||||
$response = new Response();
|
||||
|
||||
$server->handleUserInfoRequest($request, $response);
|
||||
$parameters = $response->getParameters();
|
||||
$this->assertEquals($parameters['sub'], 'testuser');
|
||||
$this->assertEquals($parameters['email'], 'testuser@test.com');
|
||||
$this->assertEquals($parameters['email_verified'], true);
|
||||
}
|
||||
|
||||
private function getTestServer($config = array())
|
||||
{
|
||||
$storage = Bootstrap::getInstance()->getMemoryStorage();
|
||||
$server = new Server($storage, $config);
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
57
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
vendored
Normal file
57
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
vendored
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\GrantType;
|
||||
|
||||
use OAuth2\Storage\Bootstrap;
|
||||
use OAuth2\Server;
|
||||
use OAuth2\Request\TestRequest;
|
||||
use OAuth2\Response;
|
||||
|
||||
class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testValidCode()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
$request = TestRequest::createPost(array(
|
||||
'grant_type' => 'authorization_code', // valid grant type
|
||||
'client_id' => 'Test Client ID', // valid client id
|
||||
'client_secret' => 'TestSecret', // valid client secret
|
||||
'code' => 'testcode-openid', // valid code
|
||||
));
|
||||
$token = $server->grantAccessToken($request, new Response());
|
||||
|
||||
$this->assertNotNull($token);
|
||||
$this->assertArrayHasKey('id_token', $token);
|
||||
$this->assertEquals('test_id_token', $token['id_token']);
|
||||
|
||||
// this is only true if "offline_access" was requested
|
||||
$this->assertFalse(isset($token['refresh_token']));
|
||||
}
|
||||
|
||||
public function testOfflineAccess()
|
||||
{
|
||||
$server = $this->getTestServer();
|
||||
$request = TestRequest::createPost(array(
|
||||
'grant_type' => 'authorization_code', // valid grant type
|
||||
'client_id' => 'Test Client ID', // valid client id
|
||||
'client_secret' => 'TestSecret', // valid client secret
|
||||
'code' => 'testcode-openid', // valid code
|
||||
'scope' => 'offline_access', // valid code
|
||||
));
|
||||
$token = $server->grantAccessToken($request, new Response());
|
||||
|
||||
$this->assertNotNull($token);
|
||||
$this->assertArrayHasKey('id_token', $token);
|
||||
$this->assertEquals('test_id_token', $token['id_token']);
|
||||
$this->assertTrue(isset($token['refresh_token']));
|
||||
}
|
||||
|
||||
private function getTestServer()
|
||||
{
|
||||
$storage = Bootstrap::getInstance()->getMemoryStorage();
|
||||
$server = new Server($storage, array('use_openid_connect' => true));
|
||||
$server->addGrantType(new AuthorizationCode($storage));
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
91
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
vendored
Normal file
91
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
vendored
Normal file
|
|
@ -0,0 +1,91 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\ResponseType;
|
||||
|
||||
use OAuth2\Server;
|
||||
use OAuth2\Request;
|
||||
use OAuth2\Response;
|
||||
use OAuth2\Storage\Bootstrap;
|
||||
use OAuth2\GrantType\ClientCredentials;
|
||||
|
||||
class CodeIdTokenTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testHandleAuthorizeRequest()
|
||||
{
|
||||
// add the test parameters in memory
|
||||
$server = $this->getTestServer();
|
||||
|
||||
$request = new Request(array(
|
||||
'response_type' => 'code id_token',
|
||||
'redirect_uri' => 'http://adobe.com',
|
||||
'client_id' => 'Test Client ID',
|
||||
'scope' => 'openid',
|
||||
'state' => 'test',
|
||||
'nonce' => 'test',
|
||||
));
|
||||
|
||||
$server->handleAuthorizeRequest($request, $response = new Response(), true);
|
||||
|
||||
$this->assertEquals($response->getStatusCode(), 302);
|
||||
$location = $response->getHttpHeader('Location');
|
||||
$this->assertNotContains('error', $location);
|
||||
|
||||
$parts = parse_url($location);
|
||||
$this->assertArrayHasKey('query', $parts);
|
||||
|
||||
// assert fragment is in "application/x-www-form-urlencoded" format
|
||||
parse_str($parts['query'], $params);
|
||||
$this->assertNotNull($params);
|
||||
$this->assertArrayHasKey('id_token', $params);
|
||||
$this->assertArrayHasKey('code', $params);
|
||||
|
||||
// validate ID Token
|
||||
$parts = explode('.', $params['id_token']);
|
||||
foreach ($parts as &$part) {
|
||||
// Each part is a base64url encoded json string.
|
||||
$part = str_replace(array('-', '_'), array('+', '/'), $part);
|
||||
$part = base64_decode($part);
|
||||
$part = json_decode($part, true);
|
||||
}
|
||||
list($header, $claims, $signature) = $parts;
|
||||
|
||||
$this->assertArrayHasKey('iss', $claims);
|
||||
$this->assertArrayHasKey('sub', $claims);
|
||||
$this->assertArrayHasKey('aud', $claims);
|
||||
$this->assertArrayHasKey('iat', $claims);
|
||||
$this->assertArrayHasKey('exp', $claims);
|
||||
$this->assertArrayHasKey('auth_time', $claims);
|
||||
$this->assertArrayHasKey('nonce', $claims);
|
||||
|
||||
// only exists if an access token was granted along with the id_token
|
||||
$this->assertArrayNotHasKey('at_hash', $claims);
|
||||
|
||||
$this->assertEquals($claims['iss'], 'test');
|
||||
$this->assertEquals($claims['aud'], 'Test Client ID');
|
||||
$this->assertEquals($claims['nonce'], 'test');
|
||||
$duration = $claims['exp'] - $claims['iat'];
|
||||
$this->assertEquals($duration, 3600);
|
||||
}
|
||||
|
||||
private function getTestServer($config = array())
|
||||
{
|
||||
$config += array(
|
||||
'use_openid_connect' => true,
|
||||
'issuer' => 'test',
|
||||
'id_lifetime' => 3600,
|
||||
'allow_implicit' => true,
|
||||
);
|
||||
|
||||
$memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
|
||||
$responseTypes = array(
|
||||
'code' => $code = new AuthorizationCode($memoryStorage),
|
||||
'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config),
|
||||
'code id_token' => new CodeIdToken($code, $idToken),
|
||||
);
|
||||
|
||||
$server = new Server($memoryStorage, $config, array(), $responseTypes);
|
||||
$server->addGrantType(new ClientCredentials($memoryStorage));
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
184
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
vendored
Normal file
184
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
vendored
Normal file
|
|
@ -0,0 +1,184 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\ResponseType;
|
||||
|
||||
use OAuth2\Server;
|
||||
use OAuth2\Request;
|
||||
use OAuth2\Response;
|
||||
use OAuth2\Storage\Bootstrap;
|
||||
use OAuth2\GrantType\ClientCredentials;
|
||||
use OAuth2\Encryption\Jwt;
|
||||
|
||||
class IdTokenTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testValidateAuthorizeRequest()
|
||||
{
|
||||
$query = array(
|
||||
'response_type' => 'id_token',
|
||||
'redirect_uri' => 'http://adobe.com',
|
||||
'client_id' => 'Test Client ID',
|
||||
'scope' => 'openid',
|
||||
'state' => 'test',
|
||||
);
|
||||
|
||||
// attempt to do the request without a nonce.
|
||||
$server = $this->getTestServer(array('allow_implicit' => true));
|
||||
$request = new Request($query);
|
||||
$valid = $server->validateAuthorizeRequest($request, $response = new Response());
|
||||
|
||||
// Add a nonce and retry.
|
||||
$query['nonce'] = 'test';
|
||||
$request = new Request($query);
|
||||
$valid = $server->validateAuthorizeRequest($request, $response = new Response());
|
||||
$this->assertTrue($valid);
|
||||
}
|
||||
|
||||
public function testHandleAuthorizeRequest()
|
||||
{
|
||||
// add the test parameters in memory
|
||||
$server = $this->getTestServer(array('allow_implicit' => true));
|
||||
$request = new Request(array(
|
||||
'response_type' => 'id_token',
|
||||
'redirect_uri' => 'http://adobe.com',
|
||||
'client_id' => 'Test Client ID',
|
||||
'scope' => 'openid email',
|
||||
'state' => 'test',
|
||||
'nonce' => 'test',
|
||||
));
|
||||
|
||||
$user_id = 'testuser';
|
||||
$server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id);
|
||||
|
||||
$this->assertEquals($response->getStatusCode(), 302);
|
||||
$location = $response->getHttpHeader('Location');
|
||||
$this->assertNotContains('error', $location);
|
||||
|
||||
$parts = parse_url($location);
|
||||
$this->assertArrayHasKey('fragment', $parts);
|
||||
$this->assertFalse(isset($parts['query']));
|
||||
|
||||
// assert fragment is in "application/x-www-form-urlencoded" format
|
||||
parse_str($parts['fragment'], $params);
|
||||
$this->assertNotNull($params);
|
||||
$this->assertArrayHasKey('id_token', $params);
|
||||
$this->assertArrayNotHasKey('access_token', $params);
|
||||
$this->validateIdToken($params['id_token']);
|
||||
}
|
||||
|
||||
public function testPassInAuthTime()
|
||||
{
|
||||
$server = $this->getTestServer(array('allow_implicit' => true));
|
||||
$request = new Request(array(
|
||||
'response_type' => 'id_token',
|
||||
'redirect_uri' => 'http://adobe.com',
|
||||
'client_id' => 'Test Client ID',
|
||||
'scope' => 'openid email',
|
||||
'state' => 'test',
|
||||
'nonce' => 'test',
|
||||
));
|
||||
|
||||
// test with a scalar user id
|
||||
$user_id = 'testuser123';
|
||||
$server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id);
|
||||
|
||||
list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response);
|
||||
|
||||
$this->assertTrue(is_array($payload));
|
||||
$this->assertArrayHasKey('sub', $payload);
|
||||
$this->assertEquals($user_id, $payload['sub']);
|
||||
$this->assertArrayHasKey('auth_time', $payload);
|
||||
|
||||
// test with an array of user info
|
||||
$userInfo = array(
|
||||
'user_id' => 'testuser1234',
|
||||
'auth_time' => date('Y-m-d H:i:s', strtotime('20 minutes ago')
|
||||
));
|
||||
|
||||
$server->handleAuthorizeRequest($request, $response = new Response(), true, $userInfo);
|
||||
|
||||
list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response);
|
||||
|
||||
$this->assertTrue(is_array($payload));
|
||||
$this->assertArrayHasKey('sub', $payload);
|
||||
$this->assertEquals($userInfo['user_id'], $payload['sub']);
|
||||
$this->assertArrayHasKey('auth_time', $payload);
|
||||
$this->assertEquals($userInfo['auth_time'], $payload['auth_time']);
|
||||
}
|
||||
|
||||
private function extractTokenDataFromResponse(Response $response)
|
||||
{
|
||||
$this->assertEquals($response->getStatusCode(), 302);
|
||||
$location = $response->getHttpHeader('Location');
|
||||
$this->assertNotContains('error', $location);
|
||||
|
||||
$parts = parse_url($location);
|
||||
$this->assertArrayHasKey('fragment', $parts);
|
||||
$this->assertFalse(isset($parts['query']));
|
||||
|
||||
parse_str($parts['fragment'], $params);
|
||||
$this->assertNotNull($params);
|
||||
$this->assertArrayHasKey('id_token', $params);
|
||||
$this->assertArrayNotHasKey('access_token', $params);
|
||||
|
||||
list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']);
|
||||
|
||||
$jwt = new Jwt();
|
||||
$header = json_decode($jwt->urlSafeB64Decode($headb64), true);
|
||||
$payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true);
|
||||
|
||||
return array($header, $payload, $signature);
|
||||
}
|
||||
|
||||
private function validateIdToken($id_token)
|
||||
{
|
||||
$parts = explode('.', $id_token);
|
||||
foreach ($parts as &$part) {
|
||||
// Each part is a base64url encoded json string.
|
||||
$part = str_replace(array('-', '_'), array('+', '/'), $part);
|
||||
$part = base64_decode($part);
|
||||
$part = json_decode($part, true);
|
||||
}
|
||||
list($header, $claims, $signature) = $parts;
|
||||
|
||||
$this->assertArrayHasKey('iss', $claims);
|
||||
$this->assertArrayHasKey('sub', $claims);
|
||||
$this->assertArrayHasKey('aud', $claims);
|
||||
$this->assertArrayHasKey('iat', $claims);
|
||||
$this->assertArrayHasKey('exp', $claims);
|
||||
$this->assertArrayHasKey('auth_time', $claims);
|
||||
$this->assertArrayHasKey('nonce', $claims);
|
||||
$this->assertArrayHasKey('email', $claims);
|
||||
$this->assertArrayHasKey('email_verified', $claims);
|
||||
|
||||
$this->assertEquals($claims['iss'], 'test');
|
||||
$this->assertEquals($claims['aud'], 'Test Client ID');
|
||||
$this->assertEquals($claims['nonce'], 'test');
|
||||
$this->assertEquals($claims['email'], 'testuser@test.com');
|
||||
$duration = $claims['exp'] - $claims['iat'];
|
||||
$this->assertEquals($duration, 3600);
|
||||
}
|
||||
|
||||
private function getTestServer($config = array())
|
||||
{
|
||||
$config += array(
|
||||
'use_openid_connect' => true,
|
||||
'issuer' => 'test',
|
||||
'id_lifetime' => 3600,
|
||||
);
|
||||
|
||||
$memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
|
||||
$memoryStorage->supportedScopes[] = 'email';
|
||||
$storage = array(
|
||||
'client' => $memoryStorage,
|
||||
'scope' => $memoryStorage,
|
||||
);
|
||||
$responseTypes = array(
|
||||
'id_token' => new IdToken($memoryStorage, $memoryStorage, $config),
|
||||
);
|
||||
|
||||
$server = new Server($storage, $config, array(), $responseTypes);
|
||||
$server->addGrantType(new ClientCredentials($memoryStorage));
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
91
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
vendored
Normal file
91
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
vendored
Normal file
|
|
@ -0,0 +1,91 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\ResponseType;
|
||||
|
||||
use OAuth2\Server;
|
||||
use OAuth2\Request;
|
||||
use OAuth2\Response;
|
||||
use OAuth2\Storage\Bootstrap;
|
||||
use OAuth2\GrantType\ClientCredentials;
|
||||
use OAuth2\ResponseType\AccessToken;
|
||||
|
||||
class IdTokenTokenTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
|
||||
public function testHandleAuthorizeRequest()
|
||||
{
|
||||
// add the test parameters in memory
|
||||
$server = $this->getTestServer(array('allow_implicit' => true));
|
||||
|
||||
$request = new Request(array(
|
||||
'response_type' => 'id_token token',
|
||||
'redirect_uri' => 'http://adobe.com',
|
||||
'client_id' => 'Test Client ID',
|
||||
'scope' => 'openid',
|
||||
'state' => 'test',
|
||||
'nonce' => 'test',
|
||||
));
|
||||
|
||||
$server->handleAuthorizeRequest($request, $response = new Response(), true);
|
||||
|
||||
$this->assertEquals($response->getStatusCode(), 302);
|
||||
$location = $response->getHttpHeader('Location');
|
||||
$this->assertNotContains('error', $location);
|
||||
|
||||
$parts = parse_url($location);
|
||||
$this->assertArrayHasKey('fragment', $parts);
|
||||
$this->assertFalse(isset($parts['query']));
|
||||
|
||||
// assert fragment is in "application/x-www-form-urlencoded" format
|
||||
parse_str($parts['fragment'], $params);
|
||||
$this->assertNotNull($params);
|
||||
$this->assertArrayHasKey('id_token', $params);
|
||||
$this->assertArrayHasKey('access_token', $params);
|
||||
|
||||
// validate ID Token
|
||||
$parts = explode('.', $params['id_token']);
|
||||
foreach ($parts as &$part) {
|
||||
// Each part is a base64url encoded json string.
|
||||
$part = str_replace(array('-', '_'), array('+', '/'), $part);
|
||||
$part = base64_decode($part);
|
||||
$part = json_decode($part, true);
|
||||
}
|
||||
list($header, $claims, $signature) = $parts;
|
||||
|
||||
$this->assertArrayHasKey('iss', $claims);
|
||||
$this->assertArrayHasKey('sub', $claims);
|
||||
$this->assertArrayHasKey('aud', $claims);
|
||||
$this->assertArrayHasKey('iat', $claims);
|
||||
$this->assertArrayHasKey('exp', $claims);
|
||||
$this->assertArrayHasKey('auth_time', $claims);
|
||||
$this->assertArrayHasKey('nonce', $claims);
|
||||
$this->assertArrayHasKey('at_hash', $claims);
|
||||
|
||||
$this->assertEquals($claims['iss'], 'test');
|
||||
$this->assertEquals($claims['aud'], 'Test Client ID');
|
||||
$this->assertEquals($claims['nonce'], 'test');
|
||||
$duration = $claims['exp'] - $claims['iat'];
|
||||
$this->assertEquals($duration, 3600);
|
||||
}
|
||||
|
||||
private function getTestServer($config = array())
|
||||
{
|
||||
$config += array(
|
||||
'use_openid_connect' => true,
|
||||
'issuer' => 'test',
|
||||
'id_lifetime' => 3600,
|
||||
);
|
||||
|
||||
$memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
|
||||
$responseTypes = array(
|
||||
'token' => $token = new AccessToken($memoryStorage, $memoryStorage),
|
||||
'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config),
|
||||
'id_token token' => new IdTokenToken($token, $idToken),
|
||||
);
|
||||
|
||||
$server = new Server($memoryStorage, $config, array(), $responseTypes);
|
||||
$server->addGrantType(new ClientCredentials($memoryStorage));
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
95
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php
vendored
Normal file
95
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php
vendored
Normal file
|
|
@ -0,0 +1,95 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\Storage;
|
||||
|
||||
use OAuth2\Storage\BaseTest;
|
||||
use OAuth2\Storage\NullStorage;
|
||||
|
||||
class AuthorizationCodeTest extends BaseTest
|
||||
{
|
||||
/** @dataProvider provideStorage */
|
||||
public function testCreateAuthorizationCode($storage)
|
||||
{
|
||||
if ($storage instanceof NullStorage) {
|
||||
$this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$storage instanceof AuthorizationCodeInterface) {
|
||||
return;
|
||||
}
|
||||
|
||||
// assert code we are about to add does not exist
|
||||
$code = $storage->getAuthorizationCode('new-openid-code');
|
||||
$this->assertFalse($code);
|
||||
|
||||
// add new code
|
||||
$expires = time() + 20;
|
||||
$scope = null;
|
||||
$id_token = 'fake_id_token';
|
||||
$success = $storage->setAuthorizationCode('new-openid-code', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token);
|
||||
$this->assertTrue($success);
|
||||
|
||||
$code = $storage->getAuthorizationCode('new-openid-code');
|
||||
$this->assertNotNull($code);
|
||||
$this->assertArrayHasKey('authorization_code', $code);
|
||||
$this->assertArrayHasKey('client_id', $code);
|
||||
$this->assertArrayHasKey('user_id', $code);
|
||||
$this->assertArrayHasKey('redirect_uri', $code);
|
||||
$this->assertArrayHasKey('expires', $code);
|
||||
$this->assertEquals($code['authorization_code'], 'new-openid-code');
|
||||
$this->assertEquals($code['client_id'], 'client ID');
|
||||
$this->assertEquals($code['user_id'], 'SOMEUSERID');
|
||||
$this->assertEquals($code['redirect_uri'], 'http://example.com');
|
||||
$this->assertEquals($code['expires'], $expires);
|
||||
$this->assertEquals($code['id_token'], $id_token);
|
||||
|
||||
// change existing code
|
||||
$expires = time() + 42;
|
||||
$new_id_token = 'fake_id_token-2';
|
||||
$success = $storage->setAuthorizationCode('new-openid-code', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires, $scope, $new_id_token);
|
||||
$this->assertTrue($success);
|
||||
|
||||
$code = $storage->getAuthorizationCode('new-openid-code');
|
||||
$this->assertNotNull($code);
|
||||
$this->assertArrayHasKey('authorization_code', $code);
|
||||
$this->assertArrayHasKey('client_id', $code);
|
||||
$this->assertArrayHasKey('user_id', $code);
|
||||
$this->assertArrayHasKey('redirect_uri', $code);
|
||||
$this->assertArrayHasKey('expires', $code);
|
||||
$this->assertEquals($code['authorization_code'], 'new-openid-code');
|
||||
$this->assertEquals($code['client_id'], 'client ID2');
|
||||
$this->assertEquals($code['user_id'], 'SOMEOTHERID');
|
||||
$this->assertEquals($code['redirect_uri'], 'http://example.org');
|
||||
$this->assertEquals($code['expires'], $expires);
|
||||
$this->assertEquals($code['id_token'], $new_id_token);
|
||||
}
|
||||
|
||||
/** @dataProvider provideStorage */
|
||||
public function testRemoveIdTokenFromAuthorizationCode($storage)
|
||||
{
|
||||
// add new code
|
||||
$expires = time() + 20;
|
||||
$scope = null;
|
||||
$id_token = 'fake_id_token_to_remove';
|
||||
$authcode = 'new-openid-code-'.rand();
|
||||
$success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token);
|
||||
$this->assertTrue($success);
|
||||
|
||||
// verify params were set
|
||||
$code = $storage->getAuthorizationCode($authcode);
|
||||
$this->assertNotNull($code);
|
||||
$this->assertArrayHasKey('id_token', $code);
|
||||
$this->assertEquals($code['id_token'], $id_token);
|
||||
|
||||
// remove the id_token
|
||||
$success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, null);
|
||||
|
||||
// verify the "id_token" is now null
|
||||
$code = $storage->getAuthorizationCode($authcode);
|
||||
$this->assertNotNull($code);
|
||||
$this->assertArrayHasKey('id_token', $code);
|
||||
$this->assertEquals($code['id_token'], null);
|
||||
}
|
||||
}
|
||||
41
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Storage/UserClaimsTest.php
vendored
Normal file
41
vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Storage/UserClaimsTest.php
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
|
||||
namespace OAuth2\OpenID\Storage;
|
||||
|
||||
use OAuth2\Storage\BaseTest;
|
||||
use OAuth2\Storage\NullStorage;
|
||||
|
||||
class UserClaimsTest extends BaseTest
|
||||
{
|
||||
/** @dataProvider provideStorage */
|
||||
public function testGetUserClaims($storage)
|
||||
{
|
||||
if ($storage instanceof NullStorage) {
|
||||
$this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$storage instanceof UserClaimsInterface) {
|
||||
// incompatible storage
|
||||
return;
|
||||
}
|
||||
|
||||
// invalid user
|
||||
$claims = $storage->getUserClaims('fake-user', '');
|
||||
$this->assertFalse($claims);
|
||||
|
||||
// valid user (no scope)
|
||||
$claims = $storage->getUserClaims('testuser', '');
|
||||
|
||||
/* assert the decoded token is the same */
|
||||
$this->assertFalse(isset($claims['email']));
|
||||
|
||||
// valid user
|
||||
$claims = $storage->getUserClaims('testuser', 'email');
|
||||
|
||||
/* assert the decoded token is the same */
|
||||
$this->assertEquals($claims['email'], "testuser@test.com");
|
||||
$this->assertEquals($claims['email_verified'], true);
|
||||
}
|
||||
}
|
||||
Reference in a new issue