|
@@ -65,7 +65,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
/** @var ISecureRandom|\PHPUnit\Framework\MockObject\MockObject */
|
|
|
private $secureRandom;
|
|
|
/** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
|
|
|
- private $time;
|
|
|
+ private $timeFactory;
|
|
|
/** @var Throttler|\PHPUnit\Framework\MockObject\MockObject */
|
|
|
private $throttler;
|
|
|
/** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
|
|
@@ -82,7 +82,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->clientMapper = $this->createMock(ClientMapper::class);
|
|
|
$this->tokenProvider = $this->createMock(TokenProvider::class);
|
|
|
$this->secureRandom = $this->createMock(ISecureRandom::class);
|
|
|
- $this->time = $this->createMock(ITimeFactory::class);
|
|
|
+ $this->timeFactory = $this->createMock(ITimeFactory::class);
|
|
|
$this->throttler = $this->createMock(Throttler::class);
|
|
|
$this->logger = $this->createMock(LoggerInterface::class);
|
|
|
|
|
@@ -94,7 +94,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->clientMapper,
|
|
|
$this->tokenProvider,
|
|
|
$this->secureRandom,
|
|
|
- $this->time,
|
|
|
+ $this->timeFactory,
|
|
|
$this->logger,
|
|
|
$this->throttler
|
|
|
);
|
|
@@ -122,7 +122,90 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'invalidcode', null, null, null));
|
|
|
}
|
|
|
|
|
|
- public function testGetTokenInvalidRefreshToken() {
|
|
|
+ public function testGetTokenExpiredCode() {
|
|
|
+ $codeCreatedAt = 100;
|
|
|
+ $expiredSince = 123;
|
|
|
+
|
|
|
+ $expected = new JSONResponse([
|
|
|
+ 'error' => 'invalid_request',
|
|
|
+ ], Http::STATUS_BAD_REQUEST);
|
|
|
+ $expected->throttle(['invalid_request' => 'authorization_code_expired', 'expired_since' => $expiredSince]);
|
|
|
+
|
|
|
+ $accessToken = new AccessToken();
|
|
|
+ $accessToken->setClientId(42);
|
|
|
+ $accessToken->setCodeCreatedAt($codeCreatedAt);
|
|
|
+
|
|
|
+ $this->accessTokenMapper->method('getByCode')
|
|
|
+ ->with('validcode')
|
|
|
+ ->willReturn($accessToken);
|
|
|
+
|
|
|
+ $tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER + $expiredSince;
|
|
|
+ $dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
|
|
|
+ $this->timeFactory->method('now')
|
|
|
+ ->willReturn($dateNow);
|
|
|
+
|
|
|
+ $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
|
|
|
+ }
|
|
|
+
|
|
|
+ public function testGetTokenWithCodeForActiveToken() {
|
|
|
+ // if a token has already delivered oauth tokens,
|
|
|
+ // it should not be possible to get a new oauth token from a valid authorization code
|
|
|
+ $codeCreatedAt = 100;
|
|
|
+
|
|
|
+ $expected = new JSONResponse([
|
|
|
+ 'error' => 'invalid_request',
|
|
|
+ ], Http::STATUS_BAD_REQUEST);
|
|
|
+ $expected->throttle(['invalid_request' => 'authorization_code_received_for_active_token']);
|
|
|
+
|
|
|
+ $accessToken = new AccessToken();
|
|
|
+ $accessToken->setClientId(42);
|
|
|
+ $accessToken->setCodeCreatedAt($codeCreatedAt);
|
|
|
+ $accessToken->setTokenCount(1);
|
|
|
+
|
|
|
+ $this->accessTokenMapper->method('getByCode')
|
|
|
+ ->with('validcode')
|
|
|
+ ->willReturn($accessToken);
|
|
|
+
|
|
|
+ $tsNow = $codeCreatedAt + 1;
|
|
|
+ $dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
|
|
|
+ $this->timeFactory->method('now')
|
|
|
+ ->willReturn($dateNow);
|
|
|
+
|
|
|
+ $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
|
|
|
+ }
|
|
|
+
|
|
|
+ public function testGetTokenClientDoesNotExist() {
|
|
|
+ // In this test, the token's authorization code is valid and has not expired
|
|
|
+ // and we check what happens when the associated Oauth client does not exist
|
|
|
+ $codeCreatedAt = 100;
|
|
|
+
|
|
|
+ $expected = new JSONResponse([
|
|
|
+ 'error' => 'invalid_request',
|
|
|
+ ], Http::STATUS_BAD_REQUEST);
|
|
|
+ $expected->throttle(['invalid_request' => 'client not found', 'client_id' => 42]);
|
|
|
+
|
|
|
+ $accessToken = new AccessToken();
|
|
|
+ $accessToken->setClientId(42);
|
|
|
+ $accessToken->setCodeCreatedAt($codeCreatedAt);
|
|
|
+
|
|
|
+ $this->accessTokenMapper->method('getByCode')
|
|
|
+ ->with('validcode')
|
|
|
+ ->willReturn($accessToken);
|
|
|
+
|
|
|
+ // 'now' is before the token's authorization code expiration
|
|
|
+ $tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER - 1;
|
|
|
+ $dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
|
|
|
+ $this->timeFactory->method('now')
|
|
|
+ ->willReturn($dateNow);
|
|
|
+
|
|
|
+ $this->clientMapper->method('getByUid')
|
|
|
+ ->with(42)
|
|
|
+ ->willThrowException(new ClientNotFoundException());
|
|
|
+
|
|
|
+ $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
|
|
|
+ }
|
|
|
+
|
|
|
+ public function testRefreshTokenInvalidRefreshToken() {
|
|
|
$expected = new JSONResponse([
|
|
|
'error' => 'invalid_request',
|
|
|
], Http::STATUS_BAD_REQUEST);
|
|
@@ -135,7 +218,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'invalidrefresh', null, null));
|
|
|
}
|
|
|
|
|
|
- public function testGetTokenClientDoesNotExist() {
|
|
|
+ public function testRefreshTokenClientDoesNotExist() {
|
|
|
$expected = new JSONResponse([
|
|
|
'error' => 'invalid_request',
|
|
|
], Http::STATUS_BAD_REQUEST);
|
|
@@ -169,7 +252,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
* @param string $clientId
|
|
|
* @param string $clientSecret
|
|
|
*/
|
|
|
- public function testGetTokenInvalidClient($clientId, $clientSecret) {
|
|
|
+ public function testRefreshTokenInvalidClient($clientId, $clientSecret) {
|
|
|
$expected = new JSONResponse([
|
|
|
'error' => 'invalid_client',
|
|
|
], Http::STATUS_BAD_REQUEST);
|
|
@@ -192,7 +275,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', $clientId, $clientSecret));
|
|
|
}
|
|
|
|
|
|
- public function testGetTokenInvalidAppToken() {
|
|
|
+ public function testRefreshTokenInvalidAppToken() {
|
|
|
$expected = new JSONResponse([
|
|
|
'error' => 'invalid_request',
|
|
|
], Http::STATUS_BAD_REQUEST);
|
|
@@ -236,7 +319,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
|
|
|
}
|
|
|
|
|
|
- public function testGetTokenValidAppToken() {
|
|
|
+ public function testRefreshTokenValidAppToken() {
|
|
|
$accessToken = new AccessToken();
|
|
|
$accessToken->setClientId(42);
|
|
|
$accessToken->setTokenId(1337);
|
|
@@ -287,7 +370,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
'random72'
|
|
|
)->willReturn($appToken);
|
|
|
|
|
|
- $this->time->method('getTime')
|
|
|
+ $this->timeFactory->method('getTime')
|
|
|
->willReturn(1000);
|
|
|
|
|
|
$this->tokenProvider->expects($this->once())
|
|
@@ -333,7 +416,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
|
|
|
}
|
|
|
|
|
|
- public function testGetTokenValidAppTokenBasicAuth() {
|
|
|
+ public function testRefreshTokenValidAppTokenBasicAuth() {
|
|
|
$accessToken = new AccessToken();
|
|
|
$accessToken->setClientId(42);
|
|
|
$accessToken->setTokenId(1337);
|
|
@@ -384,7 +467,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
'random72'
|
|
|
)->willReturn($appToken);
|
|
|
|
|
|
- $this->time->method('getTime')
|
|
|
+ $this->timeFactory->method('getTime')
|
|
|
->willReturn(1000);
|
|
|
|
|
|
$this->tokenProvider->expects($this->once())
|
|
@@ -433,7 +516,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
|
|
|
}
|
|
|
|
|
|
- public function testGetTokenExpiredAppToken() {
|
|
|
+ public function testRefreshTokenExpiredAppToken() {
|
|
|
$accessToken = new AccessToken();
|
|
|
$accessToken->setClientId(42);
|
|
|
$accessToken->setTokenId(1337);
|
|
@@ -484,7 +567,7 @@ class OauthApiControllerTest extends TestCase {
|
|
|
'random72'
|
|
|
)->willReturn($appToken);
|
|
|
|
|
|
- $this->time->method('getTime')
|
|
|
+ $this->timeFactory->method('getTime')
|
|
|
->willReturn(1000);
|
|
|
|
|
|
$this->tokenProvider->expects($this->once())
|