Marle
/
webAdministracion
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
2 Commits
1 Branch
Tree: 8452fc02c6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8452fc02c6'
${ noResults }
webAdministracion/processes/google-api-php-client-2.2.2/vendor/google/auth/tests/OAuth2Test.php

OAuth2Test.php 28KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874 
  1. <?php

  2. /*

  3.  * Copyright 2010 Google Inc.

  4.  *

  5.  * Licensed under the Apache License, Version 2.0 (the "License");

  6.  * you may not use this file except in compliance with the License.

  7.  * You may obtain a copy of the License at

  8.  *

  9.  *     http://www.apache.org/licenses/LICENSE-2.0

  10.  *

  11.  * Unless required by applicable law or agreed to in writing, software

  12.  * distributed under the License is distributed on an "AS IS" BASIS,

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.  * See the License for the specific language governing permissions and

  15.  * limitations under the License.

  16.  */

  17. 

  18. namespace Google\Auth\Tests;

  19. 

  20. use Google\Auth\OAuth2;

  21. use GuzzleHttp\Psr7;

  22. use GuzzleHttp\Psr7\Response;

  23. use PHPUnit\Framework\TestCase;

  24. 

  25. class OAuth2AuthorizationUriTest extends TestCase

  26. {

  27.     private $minimal = [

  28.         'authorizationUri' => 'https://accounts.test.org/insecure/url',

  29.         'redirectUri' => 'https://accounts.test.org/redirect/url',

  30.         'clientId' => 'aClientID',

  31.     ];

  32. 

  33.     /**

  34.      * @expectedException InvalidArgumentException

  35.      */

  36.     public function testIsNullIfAuthorizationUriIsNull()

  37.     {

  38.         $o = new OAuth2([]);

  39.         $this->assertNull($o->buildFullAuthorizationUri());

  40.     }

  41. 

  42.     /**

  43.      * @expectedException InvalidArgumentException

  44.      */

  45.     public function testRequiresTheClientId()

  46.     {

  47.         $o = new OAuth2([

  48.             'authorizationUri' => 'https://accounts.test.org/auth/url',

  49.             'redirectUri' => 'https://accounts.test.org/redirect/url',

  50.         ]);

  51.         $o->buildFullAuthorizationUri();

  52.     }

  53. 

  54.     /**

  55.      * @expectedException InvalidArgumentException

  56.      */

  57.     public function testRequiresTheRedirectUri()

  58.     {

  59.         $o = new OAuth2([

  60.             'authorizationUri' => 'https://accounts.test.org/auth/url',

  61.             'clientId' => 'aClientID',

  62.         ]);

  63.         $o->buildFullAuthorizationUri();

  64.     }

  65. 

  66.     /**

  67.      * @expectedException InvalidArgumentException

  68.      */

  69.     public function testCannotHavePromptAndApprovalPrompt()

  70.     {

  71.         $o = new OAuth2([

  72.             'authorizationUri' => 'https://accounts.test.org/auth/url',

  73.             'clientId' => 'aClientID',

  74.         ]);

  75.         $o->buildFullAuthorizationUri([

  76.             'approval_prompt' => 'an approval prompt',

  77.             'prompt' => 'a prompt',

  78.         ]);

  79.     }

  80. 

  81.     /**

  82.      * @expectedException InvalidArgumentException

  83.      */

  84.     public function testCannotHaveInsecureAuthorizationUri()

  85.     {

  86.         $o = new OAuth2([

  87.             'authorizationUri' => 'http://accounts.test.org/insecure/url',

  88.             'redirectUri' => 'https://accounts.test.org/redirect/url',

  89.             'clientId' => 'aClientID',

  90.         ]);

  91.         $o->buildFullAuthorizationUri();

  92.     }

  93. 

  94.     /**

  95.      * @expectedException InvalidArgumentException

  96.      */

  97.     public function testCannotHaveRelativeRedirectUri()

  98.     {

  99.         $o = new OAuth2([

  100.             'authorizationUri' => 'http://accounts.test.org/insecure/url',

  101.             'redirectUri' => '/redirect/url',

  102.             'clientId' => 'aClientID',

  103.         ]);

  104.         $o->buildFullAuthorizationUri();

  105.     }

  106. 

  107.     public function testHasDefaultXXXTypeParams()

  108.     {

  109.         $o = new OAuth2($this->minimal);

  110.         $q = Psr7\parse_query($o->buildFullAuthorizationUri()->getQuery());

  111.         $this->assertEquals('code', $q['response_type']);

  112.         $this->assertEquals('offline', $q['access_type']);

  113.     }

  114. 

  115.     public function testCanBeUrlObject()

  116.     {

  117.         $config = array_merge($this->minimal, [

  118.             'authorizationUri' => Psr7\uri_for('https://another/uri'),

  119.         ]);

  120.         $o = new OAuth2($config);

  121.         $this->assertEquals('/uri', $o->buildFullAuthorizationUri()->getPath());

  122.     }

  123. 

  124.     public function testCanOverrideParams()

  125.     {

  126.         $overrides = [

  127.             'access_type' => 'o_access_type',

  128.             'client_id' => 'o_client_id',

  129.             'redirect_uri' => 'o_redirect_uri',

  130.             'response_type' => 'o_response_type',

  131.             'state' => 'o_state',

  132.         ];

  133.         $config = array_merge($this->minimal, ['state' => 'the_state']);

  134.         $o = new OAuth2($config);

  135.         $q = Psr7\parse_query($o->buildFullAuthorizationUri($overrides)->getQuery());

  136.         $this->assertEquals('o_access_type', $q['access_type']);

  137.         $this->assertEquals('o_client_id', $q['client_id']);

  138.         $this->assertEquals('o_redirect_uri', $q['redirect_uri']);

  139.         $this->assertEquals('o_response_type', $q['response_type']);

  140.         $this->assertEquals('o_state', $q['state']);

  141.     }

  142. 

  143.     public function testIncludesTheScope()

  144.     {

  145.         $with_strings = array_merge($this->minimal, ['scope' => 'scope1 scope2']);

  146.         $o = new OAuth2($with_strings);

  147.         $q = Psr7\parse_query($o->buildFullAuthorizationUri()->getQuery());

  148.         $this->assertEquals('scope1 scope2', $q['scope']);

  149. 

  150.         $with_array = array_merge($this->minimal, [

  151.             'scope' => ['scope1', 'scope2'],

  152.         ]);

  153.         $o = new OAuth2($with_array);

  154.         $q = Psr7\parse_query($o->buildFullAuthorizationUri()->getQuery());

  155.         $this->assertEquals('scope1 scope2', $q['scope']);

  156.     }

  157. 

  158.     public function testRedirectUriPostmessageIsAllowed()

  159.     {

  160.         $o = new OAuth2([

  161.             'authorizationUri' => 'https://accounts.test.org/insecure/url',

  162.             'redirectUri' => 'postmessage',

  163.             'clientId' => 'aClientID',

  164.         ]);

  165.         $this->assertEquals('postmessage', $o->getRedirectUri());

  166.         $url = $o->buildFullAuthorizationUri();

  167.         $parts = parse_url((string)$url);

  168.         parse_str($parts['query'], $query);

  169.         $this->assertArrayHasKey('redirect_uri', $query);

  170.         $this->assertEquals('postmessage', $query['redirect_uri']);

  171.     }

  172. }

  173. 

  174. class OAuth2GrantTypeTest extends TestCase

  175. {

  176.     private $minimal = [

  177.         'authorizationUri' => 'https://accounts.test.org/insecure/url',

  178.         'redirectUri' => 'https://accounts.test.org/redirect/url',

  179.         'clientId' => 'aClientID',

  180.     ];

  181. 

  182.     public function testReturnsNullIfCannotBeInferred()

  183.     {

  184.         $o = new OAuth2($this->minimal);

  185.         $this->assertNull($o->getGrantType());

  186.     }

  187. 

  188.     public function testInfersAuthorizationCode()

  189.     {

  190.         $o = new OAuth2($this->minimal);

  191.         $o->setCode('an auth code');

  192.         $this->assertEquals('authorization_code', $o->getGrantType());

  193.     }

  194. 

  195.     public function testInfersRefreshToken()

  196.     {

  197.         $o = new OAuth2($this->minimal);

  198.         $o->setRefreshToken('a refresh token');

  199.         $this->assertEquals('refresh_token', $o->getGrantType());

  200.     }

  201. 

  202.     public function testInfersPassword()

  203.     {

  204.         $o = new OAuth2($this->minimal);

  205.         $o->setPassword('a password');

  206.         $o->setUsername('a username');

  207.         $this->assertEquals('password', $o->getGrantType());

  208.     }

  209. 

  210.     public function testInfersJwtBearer()

  211.     {

  212.         $o = new OAuth2($this->minimal);

  213.         $o->setIssuer('an issuer');

  214.         $o->setSigningKey('a key');

  215.         $this->assertEquals('urn:ietf:params:oauth:grant-type:jwt-bearer',

  216.             $o->getGrantType());

  217.     }

  218. 

  219.     public function testSetsKnownTypes()

  220.     {

  221.         $o = new OAuth2($this->minimal);

  222.         foreach (OAuth2::$knownGrantTypes as $t) {

  223.             $o->setGrantType($t);

  224.             $this->assertEquals($t, $o->getGrantType());

  225.         }

  226.     }

  227. 

  228.     public function testSetsUrlAsGrantType()

  229.     {

  230.         $o = new OAuth2($this->minimal);

  231.         $o->setGrantType('http://a/grant/url');

  232.         $this->assertEquals('http://a/grant/url', $o->getGrantType());

  233.     }

  234. }

  235. 

  236. class OAuth2GetCacheKeyTest extends TestCase

  237. {

  238.     private $minimal = [

  239.         'clientID' => 'aClientID',

  240.     ];

  241. 

  242.     public function testIsNullWithNoScopes()

  243.     {

  244.         $o = new OAuth2($this->minimal);

  245.         $this->assertNull($o->getCacheKey());

  246.     }

  247. 

  248.     public function testIsScopeIfSingleScope()

  249.     {

  250.         $o = new OAuth2($this->minimal);

  251.         $o->setScope('test/scope/1');

  252.         $this->assertEquals('test/scope/1', $o->getCacheKey());

  253.     }

  254. 

  255.     public function testIsAllScopesWhenScopeIsArray()

  256.     {

  257.         $o = new OAuth2($this->minimal);

  258.         $o->setScope(['test/scope/1', 'test/scope/2']);

  259.         $this->assertEquals('test/scope/1:test/scope/2', $o->getCacheKey());

  260.     }

  261. }

  262. 

  263. class OAuth2TimingTest extends TestCase

  264. {

  265.     private $minimal = [

  266.         'authorizationUri' => 'https://accounts.test.org/insecure/url',

  267.         'redirectUri' => 'https://accounts.test.org/redirect/url',

  268.         'clientId' => 'aClientID',

  269.     ];

  270. 

  271.     public function testIssuedAtDefaultsToNull()

  272.     {

  273.         $o = new OAuth2($this->minimal);

  274.         $this->assertNull($o->getIssuedAt());

  275.     }

  276. 

  277.     public function testExpiresAtDefaultsToNull()

  278.     {

  279.         $o = new OAuth2($this->minimal);

  280.         $this->assertNull($o->getExpiresAt());

  281.     }

  282. 

  283.     public function testExpiresInDefaultsToNull()

  284.     {

  285.         $o = new OAuth2($this->minimal);

  286.         $this->assertNull($o->getExpiresIn());

  287.     }

  288. 

  289.     public function testSettingExpiresInSetsIssuedAt()

  290.     {

  291.         $o = new OAuth2($this->minimal);

  292.         $this->assertNull($o->getIssuedAt());

  293.         $aShortWhile = 5;

  294.         $o->setExpiresIn($aShortWhile);

  295.         $this->assertEquals($aShortWhile, $o->getExpiresIn());

  296.         $this->assertNotNull($o->getIssuedAt());

  297.     }

  298. 

  299.     public function testSettingExpiresInSetsExpireAt()

  300.     {

  301.         $o = new OAuth2($this->minimal);

  302.         $this->assertNull($o->getExpiresAt());

  303.         $aShortWhile = 5;

  304.         $o->setExpiresIn($aShortWhile);

  305.         $this->assertNotNull($o->getExpiresAt());

  306.         $this->assertEquals($aShortWhile, $o->getExpiresAt() - $o->getIssuedAt());

  307.     }

  308. 

  309.     public function testIsNotExpiredByDefault()

  310.     {

  311.         $o = new OAuth2($this->minimal);

  312.         $this->assertFalse($o->isExpired());

  313.     }

  314. 

  315.     public function testIsNotExpiredIfExpiresAtIsOld()

  316.     {

  317.         $o = new OAuth2($this->minimal);

  318.         $o->setExpiresAt(time() - 2);

  319.         $this->assertTrue($o->isExpired());

  320.     }

  321. }

  322. 

  323. class OAuth2GeneralTest extends TestCase

  324. {

  325.     private $minimal = [

  326.         'authorizationUri' => 'https://accounts.test.org/insecure/url',

  327.         'redirectUri' => 'https://accounts.test.org/redirect/url',

  328.         'clientId' => 'aClientID',

  329.     ];

  330. 

  331.     /**

  332.      * @expectedException InvalidArgumentException

  333.      */

  334.     public function testFailsOnUnknownSigningAlgorithm()

  335.     {

  336.         $o = new OAuth2($this->minimal);

  337.         $o->setSigningAlgorithm('this is definitely not an algorithm name');

  338.     }

  339. 

  340.     public function testAllowsKnownSigningAlgorithms()

  341.     {

  342.         $o = new OAuth2($this->minimal);

  343.         foreach (OAuth2::$knownSigningAlgorithms as $a) {

  344.             $o->setSigningAlgorithm($a);

  345.             $this->assertEquals($a, $o->getSigningAlgorithm());

  346.         }

  347.     }

  348. 

  349.     /**

  350.      * @expectedException InvalidArgumentException

  351.      */

  352.     public function testFailsOnRelativeRedirectUri()

  353.     {

  354.         $o = new OAuth2($this->minimal);

  355.         $o->setRedirectUri('/relative/url');

  356.     }

  357. 

  358.     public function testAllowsUrnRedirectUri()

  359.     {

  360.         $urn = 'urn:ietf:wg:oauth:2.0:oob';

  361.         $o = new OAuth2($this->minimal);

  362.         $o->setRedirectUri($urn);

  363.         $this->assertEquals($urn, $o->getRedirectUri());

  364.     }

  365. }

  366. 

  367. class OAuth2JwtTest extends TestCase

  368. {

  369.     private $signingMinimal = [

  370.         'signingKey' => 'example_key',

  371.         'signingAlgorithm' => 'HS256',

  372.         'scope' => 'https://www.googleapis.com/auth/userinfo.profile',

  373.         'issuer' => 'app@example.com',

  374.         'audience' => 'accounts.google.com',

  375.         'clientId' => 'aClientID',

  376.     ];

  377. 

  378.     /**

  379.      * @expectedException DomainException

  380.      */

  381.     public function testFailsWithMissingAudience()

  382.     {

  383.         $testConfig = $this->signingMinimal;

  384.         unset($testConfig['audience']);

  385.         $o = new OAuth2($testConfig);

  386.         $o->toJwt();

  387.     }

  388. 

  389.     /**

  390.      * @expectedException DomainException

  391.      */

  392.     public function testFailsWithMissingIssuer()

  393.     {

  394.         $testConfig = $this->signingMinimal;

  395.         unset($testConfig['issuer']);

  396.         $o = new OAuth2($testConfig);

  397.         $o->toJwt();

  398.     }

  399. 

  400.     /**

  401.      */

  402.     public function testCanHaveNoScope()

  403.     {

  404.         $testConfig = $this->signingMinimal;

  405.         unset($testConfig['scope']);

  406.         $o = new OAuth2($testConfig);

  407.         $o->toJwt();

  408.     }

  409. 

  410.     /**

  411.      * @expectedException DomainException

  412.      */

  413.     public function testFailsWithMissingSigningKey()

  414.     {

  415.         $testConfig = $this->signingMinimal;

  416.         unset($testConfig['signingKey']);

  417.         $o = new OAuth2($testConfig);

  418.         $o->toJwt();

  419.     }

  420. 

  421.     /**

  422.      * @expectedException DomainException

  423.      */

  424.     public function testFailsWithMissingSigningAlgorithm()

  425.     {

  426.         $testConfig = $this->signingMinimal;

  427.         unset($testConfig['signingAlgorithm']);

  428.         $o = new OAuth2($testConfig);

  429.         $o->toJwt();

  430.     }

  431. 

  432.     public function testCanHS256EncodeAValidPayload()

  433.     {

  434.         $testConfig = $this->signingMinimal;

  435.         $o = new OAuth2($testConfig);

  436.         $payload = $o->toJwt();

  437.         $roundTrip = $this->jwtDecode($payload, $testConfig['signingKey'], array('HS256'));

  438.         $this->assertEquals($roundTrip->iss, $testConfig['issuer']);

  439.         $this->assertEquals($roundTrip->aud, $testConfig['audience']);

  440.         $this->assertEquals($roundTrip->scope, $testConfig['scope']);

  441.     }

  442. 

  443.     public function testCanRS256EncodeAValidPayload()

  444.     {

  445.         $publicKey = file_get_contents(__DIR__ . '/fixtures' . '/public.pem');

  446.         $privateKey = file_get_contents(__DIR__ . '/fixtures' . '/private.pem');

  447.         $testConfig = $this->signingMinimal;

  448.         $o = new OAuth2($testConfig);

  449.         $o->setSigningAlgorithm('RS256');

  450.         $o->setSigningKey($privateKey);

  451.         $payload = $o->toJwt();

  452.         $roundTrip = $this->jwtDecode($payload, $publicKey, array('RS256'));

  453.         $this->assertEquals($roundTrip->iss, $testConfig['issuer']);

  454.         $this->assertEquals($roundTrip->aud, $testConfig['audience']);

  455.         $this->assertEquals($roundTrip->scope, $testConfig['scope']);

  456.     }

  457. 

  458.     public function testCanHaveAdditionalClaims()

  459.     {

  460.         $publicKey = file_get_contents(__DIR__ . '/fixtures' . '/public.pem');

  461.         $privateKey = file_get_contents(__DIR__ . '/fixtures' . '/private.pem');

  462.         $testConfig = $this->signingMinimal;

  463.         $targetAud = '123@456.com';

  464.         $testConfig['additionalClaims'] = ['target_audience' => $targetAud];

  465.         $o = new OAuth2($testConfig);

  466.         $o->setSigningAlgorithm('RS256');

  467.         $o->setSigningKey($privateKey);

  468.         $payload = $o->toJwt();

  469.         $roundTrip = $this->jwtDecode($payload, $publicKey, array('RS256'));

  470.         $this->assertEquals($roundTrip->target_audience, $targetAud);

  471.     }

  472. 

  473.     private function jwtDecode()

  474.     {

  475.         $args = func_get_args();

  476.         $class = 'JWT';

  477.         if (class_exists('Firebase\JWT\JWT')) {

  478.             $class = 'Firebase\JWT\JWT';

  479.         }

  480. 

  481.         return call_user_func_array("$class::decode", $args);

  482.     }

  483. }

  484. 

  485. class OAuth2GenerateAccessTokenRequestTest extends TestCase

  486. {

  487.     private $tokenRequestMinimal = [

  488.         'tokenCredentialUri' => 'https://tokens_r_us/test',

  489.         'scope' => 'https://www.googleapis.com/auth/userinfo.profile',

  490.         'issuer' => 'app@example.com',

  491.         'audience' => 'accounts.google.com',

  492.         'clientId' => 'aClientID',

  493.     ];

  494. 

  495.     /**

  496.      * @expectedException DomainException

  497.      */

  498.     public function testFailsIfNoTokenCredentialUri()

  499.     {

  500.         $testConfig = $this->tokenRequestMinimal;

  501.         unset($testConfig['tokenCredentialUri']);

  502.         $o = new OAuth2($testConfig);

  503.         $o->generateCredentialsRequest();

  504.     }

  505. 

  506.     /**

  507.      * @expectedException DomainException

  508.      */

  509.     public function testFailsIfAuthorizationCodeIsMissing()

  510.     {

  511.         $testConfig = $this->tokenRequestMinimal;

  512.         $testConfig['redirectUri'] = 'https://has/redirect/uri';

  513.         $o = new OAuth2($testConfig);

  514.         $o->generateCredentialsRequest();

  515.     }

  516. 

  517.     public function testGeneratesAuthorizationCodeRequests()

  518.     {

  519.         $testConfig = $this->tokenRequestMinimal;

  520.         $testConfig['redirectUri'] = 'https://has/redirect/uri';

  521.         $o = new OAuth2($testConfig);

  522.         $o->setCode('an_auth_code');

  523. 

  524.         // Generate the request and confirm that it's correct.

  525.         $req = $o->generateCredentialsRequest();

  526.         $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req);

  527.         $this->assertEquals('POST', $req->getMethod());

  528.         $fields = Psr7\parse_query((string)$req->getBody());

  529.         $this->assertEquals('authorization_code', $fields['grant_type']);

  530.         $this->assertEquals('an_auth_code', $fields['code']);

  531.     }

  532. 

  533.     public function testGeneratesPasswordRequests()

  534.     {

  535.         $testConfig = $this->tokenRequestMinimal;

  536.         $o = new OAuth2($testConfig);

  537.         $o->setUsername('a_username');

  538.         $o->setPassword('a_password');

  539. 

  540.         // Generate the request and confirm that it's correct.

  541.         $req = $o->generateCredentialsRequest();

  542.         $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req);

  543.         $this->assertEquals('POST', $req->getMethod());

  544.         $fields = Psr7\parse_query((string)$req->getBody());

  545.         $this->assertEquals('password', $fields['grant_type']);

  546.         $this->assertEquals('a_password', $fields['password']);

  547.         $this->assertEquals('a_username', $fields['username']);

  548.     }

  549. 

  550.     public function testGeneratesRefreshTokenRequests()

  551.     {

  552.         $testConfig = $this->tokenRequestMinimal;

  553.         $o = new OAuth2($testConfig);

  554.         $o->setRefreshToken('a_refresh_token');

  555. 

  556.         // Generate the request and confirm that it's correct.

  557.         $req = $o->generateCredentialsRequest();

  558.         $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req);

  559.         $this->assertEquals('POST', $req->getMethod());

  560.         $fields = Psr7\parse_query((string)$req->getBody());

  561.         $this->assertEquals('refresh_token', $fields['grant_type']);

  562.         $this->assertEquals('a_refresh_token', $fields['refresh_token']);

  563.     }

  564. 

  565.     public function testClientSecretAddedIfSetForAuthorizationCodeRequests()

  566.     {

  567.         $testConfig = $this->tokenRequestMinimal;

  568.         $testConfig['clientSecret'] = 'a_client_secret';

  569.         $testConfig['redirectUri'] = 'https://has/redirect/uri';

  570.         $o = new OAuth2($testConfig);

  571.         $o->setCode('an_auth_code');

  572.         $request = $o->generateCredentialsRequest();

  573.         $fields = Psr7\parse_query((string)$request->getBody());

  574.         $this->assertEquals('a_client_secret', $fields['client_secret']);

  575.     }

  576. 

  577.     public function testClientSecretAddedIfSetForRefreshTokenRequests()

  578.     {

  579.         $testConfig = $this->tokenRequestMinimal;

  580.         $testConfig['clientSecret'] = 'a_client_secret';

  581.         $o = new OAuth2($testConfig);

  582.         $o->setRefreshToken('a_refresh_token');

  583.         $request = $o->generateCredentialsRequest();

  584.         $fields = Psr7\parse_query((string)$request->getBody());

  585.         $this->assertEquals('a_client_secret', $fields['client_secret']);

  586.     }

  587. 

  588.     public function testClientSecretAddedIfSetForPasswordRequests()

  589.     {

  590.         $testConfig = $this->tokenRequestMinimal;

  591.         $testConfig['clientSecret'] = 'a_client_secret';

  592.         $o = new OAuth2($testConfig);

  593.         $o->setUsername('a_username');

  594.         $o->setPassword('a_password');

  595.         $request = $o->generateCredentialsRequest();

  596.         $fields = Psr7\parse_query((string)$request->getBody());

  597.         $this->assertEquals('a_client_secret', $fields['client_secret']);

  598.     }

  599. 

  600.     public function testGeneratesAssertionRequests()

  601.     {

  602.         $testConfig = $this->tokenRequestMinimal;

  603.         $o = new OAuth2($testConfig);

  604.         $o->setSigningKey('a_key');

  605.         $o->setSigningAlgorithm('HS256');

  606. 

  607.         // Generate the request and confirm that it's correct.

  608.         $req = $o->generateCredentialsRequest();

  609.         $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req);

  610.         $this->assertEquals('POST', $req->getMethod());

  611.         $fields = Psr7\parse_query((string)$req->getBody());

  612.         $this->assertEquals(OAuth2::JWT_URN, $fields['grant_type']);

  613.         $this->assertArrayHasKey('assertion', $fields);

  614.     }

  615. 

  616.     public function testGeneratesExtendedRequests()

  617.     {

  618.         $testConfig = $this->tokenRequestMinimal;

  619.         $o = new OAuth2($testConfig);

  620.         $o->setGrantType('urn:my_test_grant_type');

  621.         $o->setExtensionParams(['my_param' => 'my_value']);

  622. 

  623.         // Generate the request and confirm that it's correct.

  624.         $req = $o->generateCredentialsRequest();

  625.         $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req);

  626.         $this->assertEquals('POST', $req->getMethod());

  627.         $fields = Psr7\parse_query((string)$req->getBody());

  628.         $this->assertEquals('my_value', $fields['my_param']);

  629.         $this->assertEquals('urn:my_test_grant_type', $fields['grant_type']);

  630.     }

  631. }

  632. 

  633. class OAuth2FetchAuthTokenTest extends TestCase

  634. {

  635.     private $fetchAuthTokenMinimal = [

  636.         'tokenCredentialUri' => 'https://tokens_r_us/test',

  637.         'scope' => 'https://www.googleapis.com/auth/userinfo.profile',

  638.         'signingKey' => 'example_key',

  639.         'signingAlgorithm' => 'HS256',

  640.         'issuer' => 'app@example.com',

  641.         'audience' => 'accounts.google.com',

  642.         'clientId' => 'aClientID',

  643.     ];

  644. 

  645.     /**

  646.      * @expectedException GuzzleHttp\Exception\ClientException

  647.      */

  648.     public function testFailsOn400()

  649.     {

  650.         $testConfig = $this->fetchAuthTokenMinimal;

  651.         $httpHandler = getHandler([

  652.             buildResponse(400),

  653.         ]);

  654.         $o = new OAuth2($testConfig);

  655.         $o->fetchAuthToken($httpHandler);

  656.     }

  657. 

  658.     /**

  659.      * @expectedException GuzzleHttp\Exception\ServerException

  660.      */

  661.     public function testFailsOn500()

  662.     {

  663.         $testConfig = $this->fetchAuthTokenMinimal;

  664.         $httpHandler = getHandler([

  665.             buildResponse(500),

  666.         ]);

  667.         $o = new OAuth2($testConfig);

  668.         $o->fetchAuthToken($httpHandler);

  669.     }

  670. 

  671.     /**

  672.      * @expectedException Exception

  673.      * @expectedExceptionMessage Invalid JSON response

  674.      */

  675.     public function testFailsOnNoContentTypeIfResponseIsNotJSON()

  676.     {

  677.         $testConfig = $this->fetchAuthTokenMinimal;

  678.         $notJson = '{"foo": , this is cannot be passed as json" "bar"}';

  679.         $httpHandler = getHandler([

  680.             buildResponse(200, [], Psr7\stream_for($notJson)),

  681.         ]);

  682.         $o = new OAuth2($testConfig);

  683.         $o->fetchAuthToken($httpHandler);

  684.     }

  685. 

  686.     public function testFetchesJsonResponseOnNoContentTypeOK()

  687.     {

  688.         $testConfig = $this->fetchAuthTokenMinimal;

  689.         $json = '{"foo": "bar"}';

  690.         $httpHandler = getHandler([

  691.             buildResponse(200, [], Psr7\stream_for($json)),

  692.         ]);

  693.         $o = new OAuth2($testConfig);

  694.         $tokens = $o->fetchAuthToken($httpHandler);

  695.         $this->assertEquals($tokens['foo'], 'bar');

  696.     }

  697. 

  698.     public function testFetchesFromFormEncodedResponseOK()

  699.     {

  700.         $testConfig = $this->fetchAuthTokenMinimal;

  701.         $json = 'foo=bar&spice=nice';

  702.         $httpHandler = getHandler([

  703.             buildResponse(

  704.                 200,

  705.                 ['Content-Type' => 'application/x-www-form-urlencoded'],

  706.                 Psr7\stream_for($json)

  707.             ),

  708.         ]);

  709.         $o = new OAuth2($testConfig);

  710.         $tokens = $o->fetchAuthToken($httpHandler);

  711.         $this->assertEquals($tokens['foo'], 'bar');

  712.         $this->assertEquals($tokens['spice'], 'nice');

  713.     }

  714. 

  715.     public function testUpdatesTokenFieldsOnFetch()

  716.     {

  717.         $testConfig = $this->fetchAuthTokenMinimal;

  718.         $wanted_updates = [

  719.             'expires_at' => '1',

  720.             'expires_in' => '57',

  721.             'issued_at' => '2',

  722.             'access_token' => 'an_access_token',

  723.             'id_token' => 'an_id_token',

  724.             'refresh_token' => 'a_refresh_token',

  725.         ];

  726.         $json = json_encode($wanted_updates);

  727.         $httpHandler = getHandler([

  728.             buildResponse(200, [], Psr7\stream_for($json)),

  729.         ]);

  730.         $o = new OAuth2($testConfig);

  731.         $this->assertNull($o->getExpiresAt());

  732.         $this->assertNull($o->getExpiresIn());

  733.         $this->assertNull($o->getIssuedAt());

  734.         $this->assertNull($o->getAccessToken());

  735.         $this->assertNull($o->getIdToken());

  736.         $this->assertNull($o->getRefreshToken());

  737.         $tokens = $o->fetchAuthToken($httpHandler);

  738.         $this->assertEquals(1, $o->getExpiresAt());

  739.         $this->assertEquals(57, $o->getExpiresIn());

  740.         $this->assertEquals(2, $o->getIssuedAt());

  741.         $this->assertEquals('an_access_token', $o->getAccessToken());

  742.         $this->assertEquals('an_id_token', $o->getIdToken());

  743.         $this->assertEquals('a_refresh_token', $o->getRefreshToken());

  744.     }

  745. 

  746.     public function testUpdatesTokenFieldsOnFetchMissingRefreshToken()

  747.     {

  748.         $testConfig = $this->fetchAuthTokenMinimal;

  749.         $testConfig['refresh_token'] = 'a_refresh_token';

  750.         $wanted_updates = [

  751.             'expires_at' => '1',

  752.             'expires_in' => '57',

  753.             'issued_at' => '2',

  754.             'access_token' => 'an_access_token',

  755.             'id_token' => 'an_id_token',

  756.         ];

  757.         $json = json_encode($wanted_updates);

  758.         $httpHandler = getHandler([

  759.             buildResponse(200, [], Psr7\stream_for($json)),

  760.         ]);

  761.         $o = new OAuth2($testConfig);

  762.         $this->assertNull($o->getExpiresAt());

  763.         $this->assertNull($o->getExpiresIn());

  764.         $this->assertNull($o->getIssuedAt());

  765.         $this->assertNull($o->getAccessToken());

  766.         $this->assertNull($o->getIdToken());

  767.         $this->assertEquals('a_refresh_token', $o->getRefreshToken());

  768.         $tokens = $o->fetchAuthToken($httpHandler);

  769.         $this->assertEquals(1, $o->getExpiresAt());

  770.         $this->assertEquals(57, $o->getExpiresIn());

  771.         $this->assertEquals(2, $o->getIssuedAt());

  772.         $this->assertEquals('an_access_token', $o->getAccessToken());

  773.         $this->assertEquals('an_id_token', $o->getIdToken());

  774.         $this->assertEquals('a_refresh_token', $o->getRefreshToken());

  775.     }

  776. }

  777. 

  778. class OAuth2VerifyIdTokenTest extends TestCase

  779. {

  780.     private $publicKey;

  781.     private $privateKey;

  782.     private $verifyIdTokenMinimal = [

  783.         'scope' => 'https://www.googleapis.com/auth/userinfo.profile',

  784.         'audience' => 'myaccount.on.host.issuer.com',

  785.         'issuer' => 'an.issuer.com',

  786.         'clientId' => 'myaccount.on.host.issuer.com',

  787.     ];

  788. 

  789.     public function setUp()

  790.     {

  791.         $this->publicKey =

  792.             file_get_contents(__DIR__ . '/fixtures' . '/public.pem');

  793.         $this->privateKey =

  794.             file_get_contents(__DIR__ . '/fixtures' . '/private.pem');

  795.     }

  796. 

  797.     /**

  798.      * @expectedException UnexpectedValueException

  799.      */

  800.     public function testFailsIfIdTokenIsInvalid()

  801.     {

  802.         $testConfig = $this->verifyIdTokenMinimal;

  803.         $not_a_jwt = 'not a jot';

  804.         $o = new OAuth2($testConfig);

  805.         $o->setIdToken($not_a_jwt);

  806.         $o->verifyIdToken($this->publicKey);

  807.     }

  808. 

  809.     /**

  810.      * @expectedException DomainException

  811.      */

  812.     public function testFailsIfAudienceIsMissing()

  813.     {

  814.         $testConfig = $this->verifyIdTokenMinimal;

  815.         $now = time();

  816.         $origIdToken = [

  817.             'issuer' => $testConfig['issuer'],

  818.             'exp' => $now + 65, // arbitrary

  819.             'iat' => $now,

  820.         ];

  821.         $o = new OAuth2($testConfig);

  822.         $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, 'RS256');

  823.         $o->setIdToken($jwtIdToken);

  824.         $o->verifyIdToken($this->publicKey, ['RS256']);

  825.     }

  826. 

  827.     /**

  828.      * @expectedException DomainException

  829.      */

  830.     public function testFailsIfAudienceIsWrong()

  831.     {

  832.         $now = time();

  833.         $testConfig = $this->verifyIdTokenMinimal;

  834.         $origIdToken = [

  835.             'aud' => 'a different audience',

  836.             'iss' => $testConfig['issuer'],

  837.             'exp' => $now + 65, // arbitrary

  838.             'iat' => $now,

  839.         ];

  840.         $o = new OAuth2($testConfig);

  841.         $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, 'RS256');

  842.         $o->setIdToken($jwtIdToken);

  843.         $o->verifyIdToken($this->publicKey, ['RS256']);

  844.     }

  845. 

  846.     public function testShouldReturnAValidIdToken()

  847.     {

  848.         $testConfig = $this->verifyIdTokenMinimal;

  849.         $now = time();

  850.         $origIdToken = [

  851.             'aud' => $testConfig['audience'],

  852.             'iss' => $testConfig['issuer'],

  853.             'exp' => $now + 65, // arbitrary

  854.             'iat' => $now,

  855.         ];

  856.         $o = new OAuth2($testConfig);

  857.         $alg = 'RS256';

  858.         $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, $alg);

  859.         $o->setIdToken($jwtIdToken);

  860.         $roundTrip = $o->verifyIdToken($this->publicKey, array($alg));

  861.         $this->assertEquals($origIdToken['aud'], $roundTrip->aud);

  862.     }

  863. 

  864.     private function jwtEncode()

  865.     {

  866.         $args = func_get_args();

  867.         $class = 'JWT';

  868.         if (class_exists('Firebase\JWT\JWT')) {

  869.             $class = 'Firebase\JWT\JWT';

  870.         }

  871. 

  872.         return call_user_func_array("$class::encode", $args);

  873.     }

  874. }