These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * The MIT License (MIT) |
||
7 | * |
||
8 | * Copyright (c) 2014-2018 Spomky-Labs |
||
9 | * |
||
10 | * This software may be modified and distributed under the terms |
||
11 | * of the MIT license. See the LICENSE file for details. |
||
12 | */ |
||
13 | |||
14 | namespace OAuth2Framework\Component\ClientAuthentication\Tests; |
||
15 | |||
16 | use OAuth2Framework\Component\ClientAuthentication\AuthenticationMethod; |
||
17 | use OAuth2Framework\Component\ClientAuthentication\AuthenticationMethodManager; |
||
18 | use OAuth2Framework\Component\ClientAuthentication\ClientAuthenticationMiddleware; |
||
19 | use OAuth2Framework\Component\ClientAuthentication\ClientSecretBasic; |
||
20 | use OAuth2Framework\Component\Core\Client\Client; |
||
21 | use OAuth2Framework\Component\Core\Client\ClientId; |
||
22 | use OAuth2Framework\Component\Core\Client\ClientRepository; |
||
23 | use OAuth2Framework\Component\Core\DataBag\DataBag; |
||
24 | use OAuth2Framework\Component\Core\Message\OAuth2Error; |
||
25 | use PHPUnit\Framework\TestCase; |
||
26 | use Prophecy\Argument; |
||
27 | use Psr\Http\Message\ResponseInterface; |
||
28 | use Psr\Http\Message\ServerRequestInterface; |
||
29 | use Psr\Http\Server\RequestHandlerInterface; |
||
30 | |||
31 | /** |
||
32 | * @group TokenEndpoint |
||
33 | * @group ClientAuthenticationMiddleware |
||
34 | */ |
||
35 | final class ClientAuthenticationMiddlewareTest extends TestCase |
||
36 | { |
||
37 | /** |
||
38 | * @test |
||
39 | */ |
||
40 | public function noClientIsFoundInTheRequest() |
||
41 | { |
||
42 | $response = $this->prophesize(ResponseInterface::class); |
||
43 | $request = $this->prophesize(ServerRequestInterface::class); |
||
44 | $request->getHeader('Authorization')->willReturn([])->shouldBeCalled(); |
||
45 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
46 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
47 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
48 | ->shouldBeCalled() |
||
49 | ->willReturn($response->reveal()) |
||
50 | ; |
||
51 | |||
52 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
53 | } |
||
54 | |||
55 | /** |
||
56 | * @test |
||
57 | */ |
||
58 | public function aClientIdIsSetButTheClientDoesNotExist() |
||
59 | { |
||
60 | $request = $this->prophesize(ServerRequestInterface::class); |
||
61 | $request->getHeader('Authorization') |
||
62 | ->willReturn([ |
||
63 | 'Basic '.\base64_encode('FOO:BAR'), |
||
64 | ]) |
||
65 | ->shouldBeCalled(); |
||
66 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
67 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
68 | $clientRepository->find(Argument::type(ClientId::class))->willReturn(null)->shouldBeCalled(); |
||
69 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
70 | ->shouldNotBeCalled() |
||
71 | ; |
||
72 | |||
73 | try { |
||
74 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
75 | static::fail('An OAuth2 exception should be thrown.'); |
||
76 | } catch (OAuth2Error $e) { |
||
77 | static::assertEquals(401, $e->getCode()); |
||
78 | static::assertEquals([ |
||
79 | 'error' => 'invalid_client', |
||
80 | 'error_description' => 'Client authentication failed.', |
||
81 | ], $e->getData()); |
||
82 | } |
||
83 | } |
||
84 | |||
85 | /** |
||
86 | * @test |
||
87 | */ |
||
88 | public function aClientIdIsSetButTheClientIsDeleted() |
||
89 | { |
||
90 | $client = new Client( |
||
91 | new ClientId('FOO'), |
||
92 | new DataBag([]), |
||
93 | null |
||
94 | ); |
||
95 | $client = $client->markAsDeleted(); |
||
0 ignored issues
–
show
|
|||
96 | |||
97 | $request = $this->prophesize(ServerRequestInterface::class); |
||
98 | $request->getHeader('Authorization') |
||
99 | ->willReturn([ |
||
100 | 'Basic '.\base64_encode('FOO:BAR'), |
||
101 | ]) |
||
102 | ->shouldBeCalled(); |
||
103 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
104 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
105 | $clientRepository->find(Argument::type(ClientId::class))->willReturn($client)->shouldBeCalled(); |
||
106 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
107 | ->shouldNotBeCalled() |
||
108 | ; |
||
109 | |||
110 | try { |
||
111 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
112 | static::fail('An OAuth2 exception should be thrown.'); |
||
113 | } catch (OAuth2Error $e) { |
||
114 | static::assertEquals(401, $e->getCode()); |
||
115 | static::assertEquals([ |
||
116 | 'error' => 'invalid_client', |
||
117 | 'error_description' => 'Client authentication failed.', |
||
118 | ], $e->getData()); |
||
119 | } |
||
120 | } |
||
121 | |||
122 | /** |
||
123 | * @test |
||
124 | */ |
||
125 | public function aClientIdIsSetButTheClientCredentialsExpired() |
||
126 | { |
||
127 | $client = new Client( |
||
128 | new ClientId('FOO'), |
||
129 | new DataBag([ |
||
130 | 'token_endpoint_auth_method' => 'client_secret_basic', |
||
131 | 'client_secret' => 'BAR', |
||
132 | 'client_secret_expires_at' => \time() - 1, |
||
133 | ]), |
||
134 | null |
||
135 | ); |
||
136 | |||
137 | $request = $this->prophesize(ServerRequestInterface::class); |
||
138 | $request->getHeader('Authorization') |
||
139 | ->willReturn([ |
||
140 | 'Basic '.\base64_encode('FOO:BAR'), |
||
141 | ]) |
||
142 | ->shouldBeCalled(); |
||
143 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
144 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
145 | $clientRepository->find(Argument::type(ClientId::class))->willReturn($client)->shouldBeCalled(); |
||
146 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
147 | ->shouldNotBeCalled() |
||
148 | ; |
||
149 | |||
150 | try { |
||
151 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
152 | static::fail('An OAuth2 exception should be thrown.'); |
||
153 | } catch (OAuth2Error $e) { |
||
154 | static::assertEquals(401, $e->getCode()); |
||
155 | static::assertEquals([ |
||
156 | 'error' => 'invalid_client', |
||
157 | 'error_description' => 'Client credentials expired.', |
||
158 | ], $e->getData()); |
||
159 | } |
||
160 | } |
||
161 | |||
162 | /** |
||
163 | * @test |
||
164 | */ |
||
165 | public function aClientIdIsSetButTheAuthenticationMethodIsNotSupportedByTheClient() |
||
166 | { |
||
167 | $client = new Client( |
||
168 | new ClientId('FOO'), |
||
169 | new DataBag([ |
||
170 | 'token_endpoint_auth_method' => 'none', |
||
171 | ]), |
||
172 | null |
||
173 | ); |
||
174 | |||
175 | $request = $this->prophesize(ServerRequestInterface::class); |
||
176 | $request->getHeader('Authorization') |
||
177 | ->willReturn([ |
||
178 | 'Basic '.\base64_encode('FOO:BAR'), |
||
179 | ]) |
||
180 | ->shouldBeCalled(); |
||
181 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
182 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
183 | $clientRepository->find(Argument::type(ClientId::class))->willReturn($client)->shouldBeCalled(); |
||
184 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
185 | ->shouldNotBeCalled() |
||
186 | ; |
||
187 | |||
188 | try { |
||
189 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
190 | static::fail('An OAuth2 exception should be thrown.'); |
||
191 | } catch (OAuth2Error $e) { |
||
192 | static::assertEquals(401, $e->getCode()); |
||
193 | static::assertEquals([ |
||
194 | 'error' => 'invalid_client', |
||
195 | 'error_description' => 'Client authentication failed.', |
||
196 | ], $e->getData()); |
||
197 | } |
||
198 | } |
||
199 | |||
200 | /** |
||
201 | * @test |
||
202 | */ |
||
203 | public function aClientIdIsSetButTheClientIsNotAuthenticated() |
||
204 | { |
||
205 | $client = new Client( |
||
206 | new ClientId('FOO'), |
||
207 | new DataBag([ |
||
208 | 'token_endpoint_auth_method' => 'client_secret_basic', |
||
209 | 'client_secret' => 'BAR', |
||
210 | ]), |
||
211 | null |
||
212 | ); |
||
213 | |||
214 | $request = $this->prophesize(ServerRequestInterface::class); |
||
215 | $request->getHeader('Authorization') |
||
216 | ->willReturn([ |
||
217 | 'Basic '.\base64_encode('FOO:BAD_SECRET'), |
||
218 | ]) |
||
219 | ->shouldBeCalled(); |
||
220 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
221 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
222 | $clientRepository->find(Argument::type(ClientId::class))->willReturn($client)->shouldBeCalled(); |
||
223 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
224 | ->shouldNotBeCalled() |
||
225 | ; |
||
226 | |||
227 | try { |
||
228 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
229 | static::fail('An OAuth2 exception should be thrown.'); |
||
230 | } catch (OAuth2Error $e) { |
||
231 | static::assertEquals(401, $e->getCode()); |
||
232 | static::assertEquals([ |
||
233 | 'error' => 'invalid_client', |
||
234 | 'error_description' => 'Client authentication failed.', |
||
235 | ], $e->getData()); |
||
236 | } |
||
237 | } |
||
238 | |||
239 | /** |
||
240 | * @test |
||
241 | */ |
||
242 | public function aClientIsFullyAuthenticated() |
||
243 | { |
||
244 | $client = new Client( |
||
245 | new ClientId('FOO'), |
||
246 | new DataBag([ |
||
247 | 'token_endpoint_auth_method' => 'client_secret_basic', |
||
248 | 'client_secret' => 'BAR', |
||
249 | ]), |
||
250 | null |
||
251 | ); |
||
252 | |||
253 | $response = $this->prophesize(ResponseInterface::class); |
||
254 | $request = $this->prophesize(ServerRequestInterface::class); |
||
255 | $request->getHeader('Authorization') |
||
256 | ->willReturn([ |
||
257 | 'Basic '.\base64_encode('FOO:BAR'), |
||
258 | ]) |
||
259 | ->shouldBeCalled(); |
||
260 | $request->withAttribute('client', $client)->shouldBeCalled()->willReturn($request->reveal()); |
||
261 | $request->withAttribute('client_authentication_method', Argument::type(AuthenticationMethod::class))->shouldBeCalled()->willReturn($request->reveal()); |
||
262 | $request->withAttribute('client_credentials', 'BAR')->shouldBeCalled()->willReturn($request->reveal()); |
||
263 | $handler = $this->prophesize(RequestHandlerInterface::class); |
||
264 | $clientRepository = $this->prophesize(ClientRepository::class); |
||
265 | $clientRepository->find(Argument::type(ClientId::class))->willReturn($client)->shouldBeCalled(); |
||
266 | $handler->handle(Argument::type(ServerRequestInterface::class)) |
||
267 | ->shouldBeCalled() |
||
268 | ->willReturn($response->reveal()) |
||
269 | ; |
||
270 | |||
271 | $this->getClientAuthenticationMiddleware($clientRepository->reveal())->process($request->reveal(), $handler->reveal()); |
||
272 | } |
||
273 | |||
274 | private function getClientAuthenticationMiddleware(ClientRepository $clientRepository): ClientAuthenticationMiddleware |
||
275 | { |
||
276 | $authenticationMethodManager = new AuthenticationMethodManager(); |
||
277 | $authenticationMethodManager->add(new ClientSecretBasic('Real')); |
||
278 | |||
279 | $clientAuthenticationMiddleware = new ClientAuthenticationMiddleware( |
||
280 | $clientRepository, |
||
281 | $authenticationMethodManager |
||
282 | ); |
||
283 | |||
284 | return $clientAuthenticationMiddleware; |
||
285 | } |
||
286 | } |
||
287 |
This check looks for function or method calls that always return null and whose return value is assigned to a variable.
The method
getObject()
can return nothing but null, so it makes no sense to assign that value to a variable.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.