This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
mismatching argument types where a subclass or implementation is assumed.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php namespace League\OAuth2\Client\Test\Provider; |
||
2 | |||
3 | use League\OAuth2\Client\Tool\QueryBuilderTrait; |
||
4 | use Mockery as m; |
||
5 | |||
6 | class InstagramTest extends \PHPUnit\Framework\TestCase |
||
7 | { |
||
8 | use QueryBuilderTrait; |
||
9 | |||
10 | protected $provider; |
||
11 | |||
12 | protected function setUp(): void |
||
13 | { |
||
14 | $this->provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
15 | 'clientId' => 'mock_client_id', |
||
16 | 'clientSecret' => 'mock_secret', |
||
17 | 'redirectUri' => 'none', |
||
18 | ]); |
||
19 | } |
||
20 | |||
21 | public function testAuthorizationUrl() |
||
22 | { |
||
23 | $url = $this->provider->getAuthorizationUrl(); |
||
24 | $uri = parse_url($url); |
||
25 | parse_str($uri['query'], $query); |
||
26 | |||
27 | $this->assertArrayHasKey('client_id', $query); |
||
28 | $this->assertArrayHasKey('redirect_uri', $query); |
||
29 | $this->assertArrayHasKey('state', $query); |
||
30 | $this->assertArrayHasKey('scope', $query); |
||
31 | $this->assertArrayHasKey('response_type', $query); |
||
32 | $this->assertArrayHasKey('approval_prompt', $query); |
||
33 | $this->assertNotNull($this->provider->getState()); |
||
34 | } |
||
35 | |||
36 | public function testSetHostInConfig() |
||
37 | { |
||
38 | $host = uniqid(); |
||
39 | |||
40 | $provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
41 | 'clientId' => 'mock_client_id', |
||
42 | 'clientSecret' => 'mock_secret', |
||
43 | 'redirectUri' => 'none', |
||
44 | 'host' => $host |
||
45 | ]); |
||
46 | |||
47 | $this->assertEquals($host, $provider->getHost()); |
||
48 | } |
||
49 | |||
50 | public function testSetHostAfterConfig() |
||
51 | { |
||
52 | $host = uniqid(); |
||
53 | |||
54 | $this->provider->setHost($host); |
||
55 | |||
56 | $this->assertEquals($host, $this->provider->getHost()); |
||
57 | } |
||
58 | |||
59 | public function testSetGraphHostInConfig() |
||
60 | { |
||
61 | $host = uniqid(); |
||
62 | |||
63 | $provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
64 | 'clientId' => 'mock_client_id', |
||
65 | 'clientSecret' => 'mock_secret', |
||
66 | 'redirectUri' => 'none', |
||
67 | 'graphHost' => $host |
||
68 | ]); |
||
69 | |||
70 | $this->assertEquals($host, $provider->getGraphHost()); |
||
71 | } |
||
72 | |||
73 | public function testSetGraphHostAfterConfig() |
||
74 | { |
||
75 | $host = uniqid(); |
||
76 | |||
77 | $this->provider->setGraphHost($host); |
||
78 | |||
79 | $this->assertEquals($host, $this->provider->getGraphHost()); |
||
80 | } |
||
81 | |||
82 | public function testScopes() |
||
83 | { |
||
84 | $scopeSeparator = ' '; |
||
85 | $options = ['scope' => [uniqid(), uniqid()]]; |
||
86 | $query = ['scope' => implode($scopeSeparator, $options['scope'])]; |
||
87 | $url = $this->provider->getAuthorizationUrl($options); |
||
88 | $encodedScope = $this->buildQueryString($query); |
||
89 | $this->assertStringContainsString($encodedScope, $url); |
||
90 | } |
||
91 | |||
92 | public function testGetAuthorizationUrl() |
||
93 | { |
||
94 | $url = $this->provider->getAuthorizationUrl(); |
||
95 | $uri = parse_url($url); |
||
96 | |||
97 | $this->assertEquals('/oauth/authorize', $uri['path']); |
||
98 | } |
||
99 | |||
100 | public function testGetBaseAccessTokenUrl() |
||
101 | { |
||
102 | $params = []; |
||
103 | |||
104 | $url = $this->provider->getBaseAccessTokenUrl($params); |
||
105 | $uri = parse_url($url); |
||
106 | |||
107 | $this->assertEquals('/oauth/access_token', $uri['path']); |
||
108 | } |
||
109 | |||
110 | public function testGetAccessToken() |
||
111 | { |
||
112 | $response = m::mock('Psr\Http\Message\ResponseInterface'); |
||
113 | $response->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token","user_id": "123"}'); |
||
114 | $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
115 | |||
116 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
117 | $client->shouldReceive('send')->times(1)->andReturn($response); |
||
118 | $this->provider->setHttpClient($client); |
||
119 | |||
120 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
121 | |||
122 | $this->assertEquals('mock_access_token', $token->getToken()); |
||
123 | $this->assertNull($token->getExpires()); |
||
124 | $this->assertNull($token->getRefreshToken()); |
||
125 | $this->assertEquals('123', $token->getResourceOwnerId()); |
||
126 | } |
||
127 | |||
128 | public function testUserData() |
||
129 | { |
||
130 | $userId = rand(1000,9999); |
||
131 | $nickname = uniqid(); |
||
132 | |||
133 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
134 | $postResponse->shouldReceive('getBody')->andReturn('{"access_token": "mock_access_token","user_id": "1574083"}'); |
||
135 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
136 | |||
137 | $userResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
138 | $userResponse->shouldReceive('getBody')->andReturn('{"id": "'.$userId.'", "username": "'.$nickname.'"}'); |
||
139 | $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
140 | |||
141 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
142 | $client->shouldReceive('send') |
||
143 | ->times(2) |
||
144 | ->andReturn($postResponse, $userResponse); |
||
145 | $this->provider->setHttpClient($client); |
||
146 | |||
147 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
148 | $user = $this->provider->getResourceOwner($token); |
||
0 ignored issues
–
show
|
|||
149 | |||
150 | $this->assertEquals($userId, $user->getId()); |
||
151 | $this->assertEquals($userId, $user->toArray()['id']); |
||
152 | $this->assertEquals($nickname, $user->getNickname()); |
||
153 | $this->assertEquals($nickname, $user->toArray()['username']); |
||
154 | } |
||
155 | |||
156 | public function testExceptionThrownWhenErrorObjectReceived() |
||
157 | { |
||
158 | $this->expectException('League\OAuth2\Client\Provider\Exception\IdentityProviderException'); |
||
159 | $message = uniqid(); |
||
160 | $status = rand(400,600); |
||
161 | $traceId = uniqid(); |
||
162 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
163 | $postResponse->shouldReceive('getBody')->andReturn('{"error": {"type": "IGApiException","code": '.$status.',"message": "'.$message.'","fbtrace_id":"'.$traceId.'"}}'); |
||
164 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
165 | $postResponse->shouldReceive('getReasonPhrase'); |
||
166 | $postResponse->shouldReceive('getStatusCode')->andReturn($status); |
||
167 | |||
168 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
169 | $client->shouldReceive('send') |
||
170 | ->times(1) |
||
171 | ->andReturn($postResponse); |
||
172 | $this->provider->setHttpClient($client); |
||
173 | $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
174 | } |
||
175 | |||
176 | public function testExceptionThrownWhenAuthErrorObjectReceived() |
||
177 | { |
||
178 | $this->expectException('League\OAuth2\Client\Provider\Exception\IdentityProviderException'); |
||
179 | $message = uniqid(); |
||
180 | $status = rand(400,600); |
||
181 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
182 | $postResponse->shouldReceive('getBody')->andReturn('{"error_type": "OAuthException","code": '.$status.',"error_message": "'.$message.'"}'); |
||
183 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
184 | $postResponse->shouldReceive('getReasonPhrase'); |
||
185 | $postResponse->shouldReceive('getStatusCode')->andReturn($status); |
||
186 | |||
187 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
188 | $client->shouldReceive('send') |
||
189 | ->times(1) |
||
190 | ->andReturn($postResponse); |
||
191 | $this->provider->setHttpClient($client); |
||
192 | $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
193 | } |
||
194 | |||
195 | public function testGetAuthenticatedRequest() |
||
196 | { |
||
197 | $method = 'GET'; |
||
198 | $url = 'https://graph.instagram.com/me'; |
||
199 | |||
200 | $accessTokenResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
201 | $accessTokenResponse->shouldReceive('getBody')->andReturn('{"access_token": "mock_access_token","user_id": "1574083"}'); |
||
202 | $accessTokenResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
203 | |||
204 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
205 | $client->shouldReceive('send') |
||
206 | ->times(1) |
||
207 | ->andReturn($accessTokenResponse); |
||
208 | $this->provider->setHttpClient($client); |
||
209 | |||
210 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
211 | |||
212 | $authenticatedRequest = $this->provider->getAuthenticatedRequest($method, $url, $token); |
||
213 | |||
214 | $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $authenticatedRequest); |
||
215 | $this->assertEquals($method, $authenticatedRequest->getMethod()); |
||
216 | $this->assertStringContainsString('access_token=mock_access_token', $authenticatedRequest->getUri()->getQuery()); |
||
217 | } |
||
218 | } |
||
219 |
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass.
Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type.