This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php namespace League\OAuth2\Client\Test\Provider; |
||
2 | |||
3 | use League\OAuth2\Client\Tool\QueryBuilderTrait; |
||
4 | use Mockery as m; |
||
5 | |||
6 | class InstagramTest extends \PHPUnit\Framework\TestCase |
||
7 | { |
||
8 | use QueryBuilderTrait; |
||
9 | |||
10 | protected $provider; |
||
11 | |||
12 | protected function setUp(): void |
||
13 | { |
||
14 | $this->provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
15 | 'clientId' => 'mock_client_id', |
||
16 | 'clientSecret' => 'mock_secret', |
||
17 | 'redirectUri' => 'none', |
||
18 | ]); |
||
19 | } |
||
20 | |||
21 | public function testAuthorizationUrl() |
||
22 | { |
||
23 | $url = $this->provider->getAuthorizationUrl(); |
||
24 | $uri = parse_url($url); |
||
25 | parse_str($uri['query'], $query); |
||
26 | |||
27 | $this->assertArrayHasKey('client_id', $query); |
||
0 ignored issues
–
show
|
|||
28 | $this->assertArrayHasKey('redirect_uri', $query); |
||
0 ignored issues
–
show
It seems like
$query can also be of type null ; however, PHPUnit\Framework\Assert::assertArrayHasKey() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
29 | $this->assertArrayHasKey('state', $query); |
||
0 ignored issues
–
show
It seems like
$query can also be of type null ; however, PHPUnit\Framework\Assert::assertArrayHasKey() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
30 | $this->assertArrayHasKey('scope', $query); |
||
0 ignored issues
–
show
It seems like
$query can also be of type null ; however, PHPUnit\Framework\Assert::assertArrayHasKey() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
31 | $this->assertArrayHasKey('response_type', $query); |
||
0 ignored issues
–
show
It seems like
$query can also be of type null ; however, PHPUnit\Framework\Assert::assertArrayHasKey() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
32 | $this->assertArrayHasKey('approval_prompt', $query); |
||
0 ignored issues
–
show
It seems like
$query can also be of type null ; however, PHPUnit\Framework\Assert::assertArrayHasKey() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
33 | $this->assertNotNull($this->provider->getState()); |
||
34 | } |
||
35 | |||
36 | public function testSetHostInConfig() |
||
37 | { |
||
38 | $host = uniqid(); |
||
39 | |||
40 | $provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
41 | 'clientId' => 'mock_client_id', |
||
42 | 'clientSecret' => 'mock_secret', |
||
43 | 'redirectUri' => 'none', |
||
44 | 'host' => $host |
||
45 | ]); |
||
46 | |||
47 | $this->assertEquals($host, $provider->getHost()); |
||
48 | } |
||
49 | |||
50 | public function testSetHostAfterConfig() |
||
51 | { |
||
52 | $host = uniqid(); |
||
53 | |||
54 | $this->provider->setHost($host); |
||
55 | |||
56 | $this->assertEquals($host, $this->provider->getHost()); |
||
57 | } |
||
58 | |||
59 | public function testSetGraphHostInConfig() |
||
60 | { |
||
61 | $host = uniqid(); |
||
62 | |||
63 | $provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
64 | 'clientId' => 'mock_client_id', |
||
65 | 'clientSecret' => 'mock_secret', |
||
66 | 'redirectUri' => 'none', |
||
67 | 'graphHost' => $host |
||
68 | ]); |
||
69 | |||
70 | $this->assertEquals($host, $provider->getGraphHost()); |
||
71 | } |
||
72 | |||
73 | public function testSetGraphHostAfterConfig() |
||
74 | { |
||
75 | $host = uniqid(); |
||
76 | |||
77 | $this->provider->setGraphHost($host); |
||
78 | |||
79 | $this->assertEquals($host, $this->provider->getGraphHost()); |
||
80 | } |
||
81 | |||
82 | public function testScopes() |
||
83 | { |
||
84 | $scopeSeparator = ' '; |
||
85 | $options = ['scope' => [uniqid(), uniqid()]]; |
||
86 | $query = ['scope' => implode($scopeSeparator, $options['scope'])]; |
||
87 | $url = $this->provider->getAuthorizationUrl($options); |
||
88 | $encodedScope = $this->buildQueryString($query); |
||
89 | $this->assertStringContainsString($encodedScope, $url); |
||
90 | } |
||
91 | |||
92 | public function testGetAuthorizationUrl() |
||
93 | { |
||
94 | $url = $this->provider->getAuthorizationUrl(); |
||
95 | $uri = parse_url($url); |
||
96 | |||
97 | $this->assertEquals('/oauth/authorize', $uri['path']); |
||
98 | } |
||
99 | |||
100 | public function testGetBaseAccessTokenUrl() |
||
101 | { |
||
102 | $params = []; |
||
103 | |||
104 | $url = $this->provider->getBaseAccessTokenUrl($params); |
||
105 | $uri = parse_url($url); |
||
106 | |||
107 | $this->assertEquals('/oauth/access_token', $uri['path']); |
||
108 | } |
||
109 | |||
110 | public function testGetAccessToken() |
||
111 | { |
||
112 | $response = m::mock('Psr\Http\Message\ResponseInterface'); |
||
113 | $response->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token","user_id": "123"}'); |
||
114 | $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
115 | |||
116 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
117 | $client->shouldReceive('send')->times(1)->andReturn($response); |
||
118 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
119 | |||
120 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
121 | |||
122 | $this->assertEquals('mock_access_token', $token->getToken()); |
||
123 | $this->assertNull($token->getExpires()); |
||
124 | $this->assertNull($token->getRefreshToken()); |
||
125 | $this->assertEquals('123', $token->getResourceOwnerId()); |
||
126 | } |
||
127 | |||
128 | public function testUserData() |
||
129 | { |
||
130 | $userId = rand(1000,9999); |
||
131 | $nickname = uniqid(); |
||
132 | |||
133 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
134 | $postResponse->shouldReceive('getBody')->andReturn('{"access_token": "mock_access_token","user_id": "1574083"}'); |
||
135 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
136 | |||
137 | $userResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
138 | $userResponse->shouldReceive('getBody')->andReturn('{"id": "'.$userId.'", "username": "'.$nickname.'"}'); |
||
139 | $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
140 | |||
141 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
142 | $client->shouldReceive('send') |
||
143 | ->times(2) |
||
144 | ->andReturn($postResponse, $userResponse); |
||
145 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
146 | |||
147 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
148 | $user = $this->provider->getResourceOwner($token); |
||
0 ignored issues
–
show
$token of type object<League\OAuth2\Cli...n\AccessTokenInterface> is not a sub-type of object<League\OAuth2\Client\Token\AccessToken> . It seems like you assume a concrete implementation of the interface League\OAuth2\Client\Token\AccessTokenInterface to be always present.
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type.
Loading history...
|
|||
149 | |||
150 | $this->assertEquals($userId, $user->getId()); |
||
151 | $this->assertEquals($userId, $user->toArray()['id']); |
||
152 | $this->assertEquals($nickname, $user->getNickname()); |
||
153 | $this->assertEquals($nickname, $user->toArray()['username']); |
||
154 | } |
||
155 | |||
156 | public function testExceptionThrownWhenErrorObjectReceived() |
||
157 | { |
||
158 | $this->expectException('League\OAuth2\Client\Provider\Exception\IdentityProviderException'); |
||
159 | $message = uniqid(); |
||
160 | $status = rand(400,600); |
||
161 | $traceId = uniqid(); |
||
162 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
163 | $postResponse->shouldReceive('getBody')->andReturn('{"error": {"type": "IGApiException","code": '.$status.',"message": "'.$message.'","fbtrace_id":"'.$traceId.'"}}'); |
||
164 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
165 | $postResponse->shouldReceive('getReasonPhrase'); |
||
166 | $postResponse->shouldReceive('getStatusCode')->andReturn($status); |
||
167 | |||
168 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
169 | $client->shouldReceive('send') |
||
170 | ->times(1) |
||
171 | ->andReturn($postResponse); |
||
172 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
173 | $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
174 | } |
||
175 | |||
176 | public function testExceptionThrownWhenAuthErrorObjectReceived() |
||
177 | { |
||
178 | $this->expectException('League\OAuth2\Client\Provider\Exception\IdentityProviderException'); |
||
179 | $message = uniqid(); |
||
180 | $status = rand(400,600); |
||
181 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
182 | $postResponse->shouldReceive('getBody')->andReturn('{"error_type": "OAuthException","code": '.$status.',"error_message": "'.$message.'"}'); |
||
183 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
184 | $postResponse->shouldReceive('getReasonPhrase'); |
||
185 | $postResponse->shouldReceive('getStatusCode')->andReturn($status); |
||
186 | |||
187 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
188 | $client->shouldReceive('send') |
||
189 | ->times(1) |
||
190 | ->andReturn($postResponse); |
||
191 | $this->provider->setHttpClient($client); |
||
192 | $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
193 | } |
||
194 | |||
195 | public function testGetAuthenticatedRequest() |
||
196 | { |
||
197 | $method = 'GET'; |
||
198 | $url = 'https://graph.instagram.com/me'; |
||
199 | |||
200 | $accessTokenResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
201 | $accessTokenResponse->shouldReceive('getBody')->andReturn('{"access_token": "mock_access_token","user_id": "1574083"}'); |
||
202 | $accessTokenResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
203 | |||
204 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
205 | $client->shouldReceive('send') |
||
206 | ->times(1) |
||
207 | ->andReturn($accessTokenResponse); |
||
208 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
209 | |||
210 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
211 | |||
212 | $authenticatedRequest = $this->provider->getAuthenticatedRequest($method, $url, $token); |
||
213 | |||
214 | $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $authenticatedRequest); |
||
215 | $this->assertEquals($method, $authenticatedRequest->getMethod()); |
||
216 | $this->assertStringContainsString('access_token=mock_access_token', $authenticatedRequest->getUri()->getQuery()); |
||
217 | } |
||
218 | } |
||
219 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.