From 1454e4704a7744e34e7a00e5ce4b658c3ed29534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20J=2E=20Garc=C3=ADa=20Lagar?= Date: Fri, 18 Jan 2019 15:01:45 +0100 Subject: [PATCH] Add some integration tests --- Tests/Integration/AbstractIntegrationTest.php | 42 ++++++++++- Tests/Integration/AuthorizationServerTest.php | 73 +++++++++++++++++++ 2 files changed, 113 insertions(+), 2 deletions(-) diff --git a/Tests/Integration/AbstractIntegrationTest.php b/Tests/Integration/AbstractIntegrationTest.php index 4e779951..d431ca79 100644 --- a/Tests/Integration/AbstractIntegrationTest.php +++ b/Tests/Integration/AbstractIntegrationTest.php @@ -2,15 +2,18 @@ namespace Trikoder\Bundle\OAuth2Bundle\Tests\Integration; +use DateInterval; use Defuse\Crypto\Crypto; use Defuse\Crypto\Exception\CryptoException; use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Exception\OAuthServerException; +use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Grant\PasswordGrant; use League\OAuth2\Server\Grant\RefreshTokenGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; +use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; @@ -21,7 +24,9 @@ use Symfony\Component\EventDispatcher\EventDispatcher; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Trikoder\Bundle\OAuth2Bundle\Converter\ScopeConverter; +use Trikoder\Bundle\OAuth2Bundle\League\Entity\User; use Trikoder\Bundle\OAuth2Bundle\League\Repository\AccessTokenRepository; +use Trikoder\Bundle\OAuth2Bundle\League\Repository\AuthCodeRepository; use Trikoder\Bundle\OAuth2Bundle\League\Repository\ClientRepository; use Trikoder\Bundle\OAuth2Bundle\League\Repository\RefreshTokenRepository; use Trikoder\Bundle\OAuth2Bundle\League\Repository\ScopeRepository; @@ -111,13 +116,15 @@ protected function setUp() $accessTokenRepository = new AccessTokenRepository($this->accessTokenManager, $this->clientManager, $scopeConverter); $refreshTokenRepository = new RefreshTokenRepository($this->refreshTokenManager, $this->accessTokenManager); $userRepository = new UserRepository($this->clientManager, $this->eventDispatcher); + $authCodeRepository = new AuthCodeRepository($this->authCodeManager, $this->clientManager, $scopeConverter); $this->authorizationServer = $this->createAuthorizationServer( $scopeRepository, $clientRepository, $accessTokenRepository, $refreshTokenRepository, - $userRepository + $userRepository, + $authCodeRepository ); $this->resourceServer = $this->createResourceServer($accessTokenRepository); @@ -171,6 +178,15 @@ protected function createResourceRequest(string $jwtToken): ServerRequestInterfa return new ServerRequest([], [], null, null, 'php://temp', $headers); } + protected function createAuthorizeRequest(?string $credentials, array $query = []): ServerRequestInterface + { + $headers = [ + 'Authorization' => sprintf('Basic %s', base64_encode($credentials)), + ]; + + return new ServerRequest([], [], null, null, 'php://temp', $headers, [], $query, ''); + } + protected function handleAuthorizationRequest(ServerRequestInterface $serverRequest): array { $response = new Response(); @@ -195,12 +211,33 @@ protected function handleResourceRequest(ServerRequestInterface $serverRequest): return $serverRequest; } + protected function handleAuthorizeRequest(ServerRequestInterface $serverRequest, $approved = true): array + { + $response = new Response(); + + try { + $authRequest = $this->authorizationServer->validateAuthorizationRequest($serverRequest); + $authRequest->setUser(new User('user')); + $authRequest->setAuthorizationApproved($approved); + + $response = $this->authorizationServer->completeAuthorizationRequest($authRequest, $response); + } catch (OAuthServerException $e) { + $response = $e->generateHttpResponse($response); + } + + $data = []; + parse_str(parse_url($response->getHeaderLine('Location'), PHP_URL_QUERY), $data); + + return $data; + } + private function createAuthorizationServer( ScopeRepositoryInterface $scopeRepository, ClientRepositoryInterface $clientRepository, AccessTokenRepositoryInterface $accessTokenRepository, RefreshTokenRepositoryInterface $refreshTokenRepository, - UserRepositoryInterface $userRepository + UserRepositoryInterface $userRepository, + AuthCodeRepositoryInterface $authCodeRepository ): AuthorizationServer { $authorizationServer = new AuthorizationServer( $clientRepository, @@ -213,6 +250,7 @@ private function createAuthorizationServer( $authorizationServer->enableGrantType(new ClientCredentialsGrant()); $authorizationServer->enableGrantType(new RefreshTokenGrant($refreshTokenRepository)); $authorizationServer->enableGrantType(new PasswordGrant($userRepository, $refreshTokenRepository)); + $authorizationServer->enableGrantType(new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, new DateInterval('PT10M'))); return $authorizationServer; } diff --git a/Tests/Integration/AuthorizationServerTest.php b/Tests/Integration/AuthorizationServerTest.php index fa7a9aac..5ced5984 100644 --- a/Tests/Integration/AuthorizationServerTest.php +++ b/Tests/Integration/AuthorizationServerTest.php @@ -383,4 +383,77 @@ public function testInvalidPayloadRefreshGrant(): void $this->assertSame('The refresh token is invalid.', $response['message']); $this->assertSame('Cannot decrypt the refresh token', $response['hint']); } + + public function testSuccessfulCodeRequest(): void + { + $request = $this->createAuthorizeRequest(null, [ + 'response_type' => 'code', + 'client_id' => 'foo', + ]); + + $response = $this->handleAuthorizeRequest($request); + + // Response assertions. + $this->assertArrayHasKey('code', $response); + } + + public function testSuccessfulCodeRequestWithState(): void + { + $request = $this->createAuthorizeRequest(null, [ + 'response_type' => 'code', + 'client_id' => 'foo', + 'state' => 'quzbaz', + ]); + + $response = $this->handleAuthorizeRequest($request); + + // Response assertions. + $this->assertArrayHasKey('code', $response); + $this->assertSame('quzbaz', $response['state']); + } + + public function testSuccessfulCodeRequestWithRedirectUri(): void + { + $request = $this->createAuthorizeRequest(null, [ + 'response_type' => 'code', + 'client_id' => 'foo', + 'redirect-uri' => 'https://example.org/oauth2/redirect-uri', + ]); + + $response = $this->handleAuthorizeRequest($request); + + // Response assertions. + $this->assertArrayHasKey('code', $response); + } + + public function testCodeRequestWithInvalidScope(): void + { + $request = $this->createAuthorizeRequest(null, [ + 'response_type' => 'code', + 'client_id' => 'foo', + 'scope' => 'non_existing', + ]); + + $response = $this->handleAuthorizeRequest($request); + + // Response assertions. + $this->assertSame('invalid_scope', $response['error']); + $this->assertSame('The requested scope is invalid, unknown, or malformed', $response['message']); + $this->assertSame('Check the `non_existing` scope', $response['hint']); + } + + public function testDeniedCodeRequest(): void + { + $request = $this->createAuthorizeRequest(null, [ + 'response_type' => 'code', + 'client_id' => 'foo', + ]); + + $response = $this->handleAuthorizeRequest($request, false); + + // Response assertions. + $this->assertSame('access_denied', $response['error']); + $this->assertSame('The resource owner or authorization server denied the request.', $response['message']); + $this->assertSame('The user denied the request', $response['hint']); + } }