205 lines
9.1 KiB
PHP
205 lines
9.1 KiB
PHP
<?php
|
|
|
|
namespace OAuth2\GrantType;
|
|
|
|
use OAuth2\Storage\Bootstrap;
|
|
use OAuth2\Server;
|
|
use OAuth2\Request\TestRequest;
|
|
use OAuth2\Response;
|
|
|
|
class RefreshTokenTest extends \PHPUnit_Framework_TestCase
|
|
{
|
|
private $storage;
|
|
|
|
public function testNoRefreshToken()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$server->addGrantType(new RefreshToken($this->storage));
|
|
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
));
|
|
$server->grantAccessToken($request, $response = new Response());
|
|
|
|
$this->assertEquals($response->getStatusCode(), 400);
|
|
$this->assertEquals($response->getParameter('error'), 'invalid_request');
|
|
$this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "refresh_token" is required');
|
|
}
|
|
|
|
public function testInvalidRefreshToken()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$server->addGrantType(new RefreshToken($this->storage));
|
|
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'fake-token', // invalid refresh token
|
|
));
|
|
$server->grantAccessToken($request, $response = new Response());
|
|
|
|
$this->assertEquals($response->getStatusCode(), 400);
|
|
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
|
|
$this->assertEquals($response->getParameter('error_description'), 'Invalid refresh token');
|
|
}
|
|
|
|
public function testValidRefreshTokenWithNewRefreshTokenInResponse()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => true)));
|
|
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken', // valid refresh token
|
|
));
|
|
$token = $server->grantAccessToken($request, new Response());
|
|
$this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
|
|
|
|
$refresh_token = $this->storage->getRefreshToken($token['refresh_token']);
|
|
$this->assertNotNull($refresh_token);
|
|
$this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
|
|
$this->assertEquals($refresh_token['client_id'], $request->request('client_id'));
|
|
$this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used');
|
|
$used_token = $this->storage->getRefreshToken('test-refreshtoken');
|
|
$this->assertFalse($used_token, 'the refresh token used is no longer valid');
|
|
}
|
|
|
|
public function testValidRefreshTokenDoesNotUnsetToken()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$server->addGrantType(new RefreshToken($this->storage, array(
|
|
'always_issue_new_refresh_token' => true,
|
|
'unset_refresh_token_after_use' => false,
|
|
)));
|
|
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken', // valid refresh token
|
|
));
|
|
$token = $server->grantAccessToken($request, new Response());
|
|
$this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
|
|
|
|
$used_token = $this->storage->getRefreshToken('test-refreshtoken');
|
|
$this->assertNotNull($used_token, 'the refresh token used is still valid');
|
|
}
|
|
|
|
public function testValidRefreshTokenWithNoRefreshTokenInResponse()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => false)));
|
|
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken', // valid refresh token
|
|
));
|
|
$token = $server->grantAccessToken($request, new Response());
|
|
$this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned');
|
|
|
|
$used_token = $this->storage->getRefreshToken('test-refreshtoken');
|
|
$this->assertNotNull($used_token, 'the refresh token used is still valid');
|
|
}
|
|
|
|
public function testValidRefreshTokenSameScope()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
|
|
'scope' => 'scope2 scope1',
|
|
));
|
|
$token = $server->grantAccessToken($request, new Response());
|
|
|
|
$this->assertNotNull($token);
|
|
$this->assertArrayHasKey('access_token', $token);
|
|
$this->assertArrayHasKey('scope', $token);
|
|
$this->assertEquals($token['scope'], 'scope2 scope1');
|
|
}
|
|
|
|
public function testValidRefreshTokenLessScope()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
|
|
'scope' => 'scope1',
|
|
));
|
|
$token = $server->grantAccessToken($request, new Response());
|
|
|
|
$this->assertNotNull($token);
|
|
$this->assertArrayHasKey('access_token', $token);
|
|
$this->assertArrayHasKey('scope', $token);
|
|
$this->assertEquals($token['scope'], 'scope1');
|
|
}
|
|
|
|
public function testValidRefreshTokenDifferentScope()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
|
|
'scope' => 'scope3',
|
|
));
|
|
$token = $server->grantAccessToken($request, $response = new Response());
|
|
|
|
$this->assertEquals($response->getStatusCode(), 400);
|
|
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
|
|
$this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
|
|
}
|
|
|
|
public function testValidRefreshTokenInvalidScope()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Client ID', // valid client id
|
|
'client_secret' => 'TestSecret', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
|
|
'scope' => 'invalid-scope',
|
|
));
|
|
$token = $server->grantAccessToken($request, $response = new Response());
|
|
|
|
$this->assertEquals($response->getStatusCode(), 400);
|
|
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
|
|
$this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
|
|
}
|
|
|
|
public function testValidClientDifferentRefreshToken()
|
|
{
|
|
$server = $this->getTestServer();
|
|
$request = TestRequest::createPost(array(
|
|
'grant_type' => 'refresh_token', // valid grant type
|
|
'client_id' => 'Test Some Other Client', // valid client id
|
|
'client_secret' => 'TestSecret3', // valid client secret
|
|
'refresh_token' => 'test-refreshtoken', // valid refresh token
|
|
));
|
|
$token = $server->grantAccessToken($request, $response = new Response());
|
|
|
|
$this->assertEquals($response->getStatusCode(), 400);
|
|
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
|
|
$this->assertEquals($response->getParameter('error_description'), 'refresh_token doesn\'t exist or is invalid for the client');
|
|
}
|
|
|
|
private function getTestServer()
|
|
{
|
|
$this->storage = Bootstrap::getInstance()->getMemoryStorage();
|
|
$server = new Server($this->storage);
|
|
|
|
return $server;
|
|
}
|
|
}
|