ParameterCheckerManagerTest - Code Metrics - Inspection of "Bugs fixed and tests added" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — ng ( a2b1ac...8ea883 )

by Florent

created 2018-04-12 12:14 UTC

ParameterCheckerManagerTest A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	277
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	15

Importance

Changes

Metric	Value
wmc	19
lcom	1
cbo	15
dl	0
loc	277
rs	9.1666
c	0
b	0
f	0

10 Methods

Rating	Name	Size	Complexity
A	anAuthorizationRequestIsReceivedButTheDisplayParameterIsNotValid()	22	2
A	anAuthorizationRequestIsReceivedButThePromptParameterIsNotValid()	22	2
A	anAuthorizationRequestIsReceivedButThePromptParameterNoneMustBeUsedAlone()	22	2
A	anAuthorizationRequestIsReceivedButNoRedirectUriIsSet()	20	2
A	anAuthorizationRequestIsReceivedButNoResponseTypeIsSet()	22	2
B	anAuthorizationRequestIsReceivedButTheResponseModeIsNotSupported()	26	2
A	anAuthorizationRequestIsReceivedButTheResponseTypeIsNotSupportedByThisServer()	23	2
A	anAuthorizationRequestIsReceivedButTheResponseTypeIsNotAllowedForTheClient()	23	2
B	anAuthorizationRequestIsReceivedAndIsValid()	27	1
A	getParameterCheckerManager()	23	2

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\AuthorizationEndpoint\Tests\ParameterChecker;

use Http\Message\MessageFactory\DiactorosMessageFactory;
use OAuth2Framework\Component\AuthorizationEndpoint\Authorization;
use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\DisplayParameterChecker;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\PromptParameterChecker;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\RedirectUriParameterChecker;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ResponseTypeAndResponseModeParameterChecker;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\StateParameterChecker;
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\FragmentResponseMode;
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\QueryResponseMode;
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\ResponseModeManager;
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseType;
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseTypeManager;
use OAuth2Framework\Component\Core\Client\Client;
use OAuth2Framework\Component\Core\Client\ClientId;
use OAuth2Framework\Component\Core\DataBag\DataBag;
use PHPUnit\Framework\TestCase;

/**
 * @group ParameterCheckerManager
 */
class ParameterCheckerManagerTest extends TestCase
{
    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButTheDisplayParameterIsNotValid()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'display' => 'foo',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('Invalid parameter "display". Allowed values are page, popup, touch, wap', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButThePromptParameterIsNotValid()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'prompt' => 'foo',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('Invalid parameter "prompt". Allowed values are none, login, consent, select_account', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButThePromptParameterNoneMustBeUsedAlone()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'prompt' => 'none login',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('Invalid parameter "prompt". Prompt value "none" must be used alone.', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButNoRedirectUriIsSet()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, []);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('The parameter "redirect_uri" is mandatory.', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButNoResponseTypeIsSet()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'redirect_uri' => 'https://www.foo.bar/callback',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('The parameter "response_type" is mandatory.', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButTheResponseModeIsNotSupported()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([
                'response_types' => ['foo'],
            ]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'redirect_uri' => 'https://www.foo.bar/callback',
            'response_type' => 'foo',
            'response_mode' => 'foo',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('The response mode "foo" is not supported. Please use one of the following values: query, fragment.', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButTheResponseTypeIsNotSupportedByThisServer()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'redirect_uri' => 'https://www.foo.bar/callback',
            'response_type' => 'bar',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('The response type "bar" is not supported by this server', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedButTheResponseTypeIsNotAllowedForTheClient()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'redirect_uri' => 'https://www.foo.bar/callback',
            'response_type' => 'foo',
        ]);

        try {
            $this->getParameterCheckerManager()->process($authorization);
            $this->fail('An OAuth2 exception should be thrown.');
        } catch (OAuth2AuthorizationException $e) {
            self::assertEquals(400, $e->getCode());
            self::assertEquals('invalid_request', $e->getMessage());
            self::assertEquals('The response type "foo" is not allowed for this client.', $e->getErrorDescription());
        }
    }

    /**
     * @test
     */
    public function anAuthorizationRequestIsReceivedAndIsValid()
    {
        $client = Client::createEmpty();
        $client = $client->create(
            ClientId::create('CLIENT_ID'),
            DataBag::create([
                'response_types' => ['foo'],
            ]),
            null
        );
        $client->eraseMessages();
        $authorization = Authorization::create($client, [
            'redirect_uri' => 'https://www.foo.bar/callback',
            'response_type' => 'foo',
            'state' => '0123456789',
            'prompt' => 'login consent',
            'display' => 'wap',
            'response_mode' => 'fragment',
        ]);

        $authorization = $this->getParameterCheckerManager()->process($authorization);

        self::assertInstanceOf(FragmentResponseMode::class, $authorization->getResponseMode());
        self::assertInstanceOf(ResponseType::class, $authorization->getResponseType());
        self::assertEquals(['login', 'consent'], $authorization->getPrompt());
        self::assertFalse($authorization->hasPrompt('none'));
    }

    /**
     * @var null|ParameterCheckerManager
     */
    private $extensionManager = null;

    /**
     * @return ParameterCheckerManager
     */
    private function getParameterCheckerManager(): ParameterCheckerManager
    {
        if (null === $this->extensionManager) {
            $responseType = $this->prophesize(ResponseType::class);
            $responseType->name()->willReturn('foo');
            $responseType->getResponseMode()->willReturn('query');
            $responseTypeManager = new ResponseTypeManager();
            $responseTypeManager->add($responseType->reveal());

            $responseModeManager = new ResponseModeManager();
            $responseModeManager->add(new QueryResponseMode(new DiactorosMessageFactory()));
            $responseModeManager->add(new FragmentResponseMode(new DiactorosMessageFactory()));

            $this->extensionManager = new ParameterCheckerManager();
            $this->extensionManager->add(new DisplayParameterChecker());
            $this->extensionManager->add(new PromptParameterChecker());
            $this->extensionManager->add(new RedirectUriParameterChecker());
            $this->extensionManager->add(new ResponseTypeAndResponseModeParameterChecker($responseTypeManager, $responseModeManager, true));
            $this->extensionManager->add(new StateParameterChecker());
        }

        return $this->extensionManager;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\AuthorizationEndpoint\Tests\ParameterChecker;
15
16			use Http\Message\MessageFactory\DiactorosMessageFactory;
17			use OAuth2Framework\Component\AuthorizationEndpoint\Authorization;
18			use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException;
19			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\DisplayParameterChecker;
20			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager;
21			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\PromptParameterChecker;
22			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\RedirectUriParameterChecker;
23			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ResponseTypeAndResponseModeParameterChecker;
24			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\StateParameterChecker;
25			use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\FragmentResponseMode;
26			use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\QueryResponseMode;
27			use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\ResponseModeManager;
28			use OAuth2Framework\Component\AuthorizationEndpoint\ResponseType;
29			use OAuth2Framework\Component\AuthorizationEndpoint\ResponseTypeManager;
30			use OAuth2Framework\Component\Core\Client\Client;
31			use OAuth2Framework\Component\Core\Client\ClientId;
32			use OAuth2Framework\Component\Core\DataBag\DataBag;
33			use PHPUnit\Framework\TestCase;
34
35			/**
36			* @group ParameterCheckerManager
37			*/
38			class ParameterCheckerManagerTest extends TestCase
39			{
40			/**
41			* @test
42			*/
43			public function anAuthorizationRequestIsReceivedButTheDisplayParameterIsNotValid()
44			{
45			$client = Client::createEmpty();
46			$client = $client->create(
47			ClientId::create('CLIENT_ID'),
48			DataBag::create([]),
49			null
50			);
51			$client->eraseMessages();
52			$authorization = Authorization::create($client, [
53			'display' => 'foo',
54			]);
55
56			try {
57			$this->getParameterCheckerManager()->process($authorization);
58			$this->fail('An OAuth2 exception should be thrown.');
59			} catch (OAuth2AuthorizationException $e) {
60			self::assertEquals(400, $e->getCode());
61			self::assertEquals('invalid_request', $e->getMessage());
62			self::assertEquals('Invalid parameter "display". Allowed values are page, popup, touch, wap', $e->getErrorDescription());
63			}
64			}
65
66			/**
67			* @test
68			*/
69			public function anAuthorizationRequestIsReceivedButThePromptParameterIsNotValid()
70			{
71			$client = Client::createEmpty();
72			$client = $client->create(
73			ClientId::create('CLIENT_ID'),
74			DataBag::create([]),
75			null
76			);
77			$client->eraseMessages();
78			$authorization = Authorization::create($client, [
79			'prompt' => 'foo',
80			]);
81
82			try {
83			$this->getParameterCheckerManager()->process($authorization);
84			$this->fail('An OAuth2 exception should be thrown.');
85			} catch (OAuth2AuthorizationException $e) {
86			self::assertEquals(400, $e->getCode());
87			self::assertEquals('invalid_request', $e->getMessage());
88			self::assertEquals('Invalid parameter "prompt". Allowed values are none, login, consent, select_account', $e->getErrorDescription());
89			}
90			}
91
92			/**
93			* @test
94			*/
95			public function anAuthorizationRequestIsReceivedButThePromptParameterNoneMustBeUsedAlone()
96			{
97			$client = Client::createEmpty();
98			$client = $client->create(
99			ClientId::create('CLIENT_ID'),
100			DataBag::create([]),
101			null
102			);
103			$client->eraseMessages();
104			$authorization = Authorization::create($client, [
105			'prompt' => 'none login',
106			]);
107
108			try {
109			$this->getParameterCheckerManager()->process($authorization);
110			$this->fail('An OAuth2 exception should be thrown.');
111			} catch (OAuth2AuthorizationException $e) {
112			self::assertEquals(400, $e->getCode());
113			self::assertEquals('invalid_request', $e->getMessage());
114			self::assertEquals('Invalid parameter "prompt". Prompt value "none" must be used alone.', $e->getErrorDescription());
115			}
116			}
117
118			/**
119			* @test
120			*/
121			public function anAuthorizationRequestIsReceivedButNoRedirectUriIsSet()
122			{
123			$client = Client::createEmpty();
124			$client = $client->create(
125			ClientId::create('CLIENT_ID'),
126			DataBag::create([]),
127			null
128			);
129			$client->eraseMessages();
130			$authorization = Authorization::create($client, []);
131
132			try {
133			$this->getParameterCheckerManager()->process($authorization);
134			$this->fail('An OAuth2 exception should be thrown.');
135			} catch (OAuth2AuthorizationException $e) {
136			self::assertEquals(400, $e->getCode());
137			self::assertEquals('invalid_request', $e->getMessage());
138			self::assertEquals('The parameter "redirect_uri" is mandatory.', $e->getErrorDescription());
139			}
140			}
141
142			/**
143			* @test
144			*/
145			public function anAuthorizationRequestIsReceivedButNoResponseTypeIsSet()
146			{
147			$client = Client::createEmpty();
148			$client = $client->create(
149			ClientId::create('CLIENT_ID'),
150			DataBag::create([]),
151			null
152			);
153			$client->eraseMessages();
154			$authorization = Authorization::create($client, [
155			'redirect_uri' => 'https://www.foo.bar/callback',
156			]);
157
158			try {
159			$this->getParameterCheckerManager()->process($authorization);
160			$this->fail('An OAuth2 exception should be thrown.');
161			} catch (OAuth2AuthorizationException $e) {
162			self::assertEquals(400, $e->getCode());
163			self::assertEquals('invalid_request', $e->getMessage());
164			self::assertEquals('The parameter "response_type" is mandatory.', $e->getErrorDescription());
165			}
166			}
167
168			/**
169			* @test
170			*/
171			public function anAuthorizationRequestIsReceivedButTheResponseModeIsNotSupported()
172			{
173			$client = Client::createEmpty();
174			$client = $client->create(
175			ClientId::create('CLIENT_ID'),
176			DataBag::create([
177			'response_types' => ['foo'],
178			]),
179			null
180			);
181			$client->eraseMessages();
182			$authorization = Authorization::create($client, [
183			'redirect_uri' => 'https://www.foo.bar/callback',
184			'response_type' => 'foo',
185			'response_mode' => 'foo',
186			]);
187
188			try {
189			$this->getParameterCheckerManager()->process($authorization);
190			$this->fail('An OAuth2 exception should be thrown.');
191			} catch (OAuth2AuthorizationException $e) {
192			self::assertEquals(400, $e->getCode());
193			self::assertEquals('invalid_request', $e->getMessage());
194			self::assertEquals('The response mode "foo" is not supported. Please use one of the following values: query, fragment.', $e->getErrorDescription());
195			}
196			}
197
198			/**
199			* @test
200			*/
201			public function anAuthorizationRequestIsReceivedButTheResponseTypeIsNotSupportedByThisServer()
202			{
203			$client = Client::createEmpty();
204			$client = $client->create(
205			ClientId::create('CLIENT_ID'),
206			DataBag::create([]),
207			null
208			);
209			$client->eraseMessages();
210			$authorization = Authorization::create($client, [
211			'redirect_uri' => 'https://www.foo.bar/callback',
212			'response_type' => 'bar',
213			]);
214
215			try {
216			$this->getParameterCheckerManager()->process($authorization);
217			$this->fail('An OAuth2 exception should be thrown.');
218			} catch (OAuth2AuthorizationException $e) {
219			self::assertEquals(400, $e->getCode());
220			self::assertEquals('invalid_request', $e->getMessage());
221			self::assertEquals('The response type "bar" is not supported by this server', $e->getErrorDescription());
222			}
223			}
224
225			/**
226			* @test
227			*/
228			public function anAuthorizationRequestIsReceivedButTheResponseTypeIsNotAllowedForTheClient()
229			{
230			$client = Client::createEmpty();
231			$client = $client->create(
232			ClientId::create('CLIENT_ID'),
233			DataBag::create([]),
234			null
235			);
236			$client->eraseMessages();
237			$authorization = Authorization::create($client, [
238			'redirect_uri' => 'https://www.foo.bar/callback',
239			'response_type' => 'foo',
240			]);
241
242			try {
243			$this->getParameterCheckerManager()->process($authorization);
244			$this->fail('An OAuth2 exception should be thrown.');
245			} catch (OAuth2AuthorizationException $e) {
246			self::assertEquals(400, $e->getCode());
247			self::assertEquals('invalid_request', $e->getMessage());
248			self::assertEquals('The response type "foo" is not allowed for this client.', $e->getErrorDescription());
249			}
250			}
251
252			/**
253			* @test
254			*/
255			public function anAuthorizationRequestIsReceivedAndIsValid()
256			{
257			$client = Client::createEmpty();
258			$client = $client->create(
259			ClientId::create('CLIENT_ID'),
260			DataBag::create([
261			'response_types' => ['foo'],
262			]),
263			null
264			);
265			$client->eraseMessages();
266			$authorization = Authorization::create($client, [
267			'redirect_uri' => 'https://www.foo.bar/callback',
268			'response_type' => 'foo',
269			'state' => '0123456789',
270			'prompt' => 'login consent',
271			'display' => 'wap',
272			'response_mode' => 'fragment',
273			]);
274
275			$authorization = $this->getParameterCheckerManager()->process($authorization);
276
277			self::assertInstanceOf(FragmentResponseMode::class, $authorization->getResponseMode());
278			self::assertInstanceOf(ResponseType::class, $authorization->getResponseType());
279			self::assertEquals(['login', 'consent'], $authorization->getPrompt());
280			self::assertFalse($authorization->hasPrompt('none'));
281			}
282
283			/**
284			* @var null\|ParameterCheckerManager
285			*/
286			private $extensionManager = null;
287
288			/**
289			* @return ParameterCheckerManager
290			*/
291			private function getParameterCheckerManager(): ParameterCheckerManager
292			{
293			if (null === $this->extensionManager) {
294			$responseType = $this->prophesize(ResponseType::class);
295			$responseType->name()->willReturn('foo');
296			$responseType->getResponseMode()->willReturn('query');
297			$responseTypeManager = new ResponseTypeManager();
298			$responseTypeManager->add($responseType->reveal());
299
300			$responseModeManager = new ResponseModeManager();
301			$responseModeManager->add(new QueryResponseMode(new DiactorosMessageFactory()));
302			$responseModeManager->add(new FragmentResponseMode(new DiactorosMessageFactory()));
303
304			$this->extensionManager = new ParameterCheckerManager();
305			$this->extensionManager->add(new DisplayParameterChecker());
306			$this->extensionManager->add(new PromptParameterChecker());
307			$this->extensionManager->add(new RedirectUriParameterChecker());
308			$this->extensionManager->add(new ResponseTypeAndResponseModeParameterChecker($responseTypeManager, $responseModeManager, true));
309			$this->extensionManager->add(new StateParameterChecker());
310			}
311
312			return $this->extensionManager;
313			}
314			}
315

OAuth2-Framework / oauth2-framework

Push — ng ( a2b1ac...8ea883 )

ParameterCheckerManagerTest A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

10 Methods

Duplication Side-by-Side

Filter issues like