This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php namespace League\OAuth2\Client\Test\Provider; |
||
2 | |||
3 | use League\OAuth2\Client\Tool\QueryBuilderTrait; |
||
4 | use Mockery as m; |
||
5 | |||
6 | class InstagramTest extends \PHPUnit\Framework\TestCase |
||
7 | { |
||
8 | use QueryBuilderTrait; |
||
9 | |||
10 | protected $provider; |
||
11 | |||
12 | protected function setUp(): void |
||
13 | { |
||
14 | $this->provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
15 | 'clientId' => 'mock_client_id', |
||
16 | 'clientSecret' => 'mock_secret', |
||
17 | 'redirectUri' => 'none', |
||
18 | ]); |
||
19 | } |
||
20 | |||
21 | public function testAuthorizationUrl() |
||
22 | { |
||
23 | $url = $this->provider->getAuthorizationUrl(); |
||
24 | $uri = parse_url($url); |
||
25 | parse_str($uri['query'], $query); |
||
26 | |||
27 | $this->assertArrayHasKey('client_id', $query); |
||
28 | $this->assertArrayHasKey('redirect_uri', $query); |
||
29 | $this->assertArrayHasKey('state', $query); |
||
30 | $this->assertArrayHasKey('scope', $query); |
||
31 | $this->assertArrayHasKey('response_type', $query); |
||
32 | $this->assertArrayHasKey('approval_prompt', $query); |
||
33 | $this->assertNotNull($this->provider->getState()); |
||
34 | } |
||
35 | |||
36 | public function testSetHostInConfig() |
||
37 | { |
||
38 | $host = uniqid(); |
||
39 | |||
40 | $provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
41 | 'clientId' => 'mock_client_id', |
||
42 | 'clientSecret' => 'mock_secret', |
||
43 | 'redirectUri' => 'none', |
||
44 | 'host' => $host |
||
45 | ]); |
||
46 | |||
47 | $this->assertEquals($host, $provider->getHost()); |
||
48 | } |
||
49 | |||
50 | public function testSetHostAfterConfig() |
||
51 | { |
||
52 | $host = uniqid(); |
||
53 | |||
54 | $this->provider->setHost($host); |
||
55 | |||
56 | $this->assertEquals($host, $this->provider->getHost()); |
||
57 | } |
||
58 | |||
59 | public function testSetGraphHostInConfig() |
||
60 | { |
||
61 | $host = uniqid(); |
||
62 | |||
63 | $provider = new \League\OAuth2\Client\Provider\Instagram([ |
||
64 | 'clientId' => 'mock_client_id', |
||
65 | 'clientSecret' => 'mock_secret', |
||
66 | 'redirectUri' => 'none', |
||
67 | 'graphHost' => $host |
||
68 | ]); |
||
69 | |||
70 | $this->assertEquals($host, $provider->getGraphHost()); |
||
71 | } |
||
72 | |||
73 | public function testSetGraphHostAfterConfig() |
||
74 | { |
||
75 | $host = uniqid(); |
||
76 | |||
77 | $this->provider->setGraphHost($host); |
||
78 | |||
79 | $this->assertEquals($host, $this->provider->getGraphHost()); |
||
80 | } |
||
81 | |||
82 | public function testScopes() |
||
83 | { |
||
84 | $scopeSeparator = ' '; |
||
85 | $options = ['scope' => [uniqid(), uniqid()]]; |
||
86 | $query = ['scope' => implode($scopeSeparator, $options['scope'])]; |
||
87 | $url = $this->provider->getAuthorizationUrl($options); |
||
88 | $encodedScope = $this->buildQueryString($query); |
||
89 | $this->assertStringContainsString($encodedScope, $url); |
||
90 | } |
||
91 | |||
92 | public function testGetAuthorizationUrl() |
||
93 | { |
||
94 | $url = $this->provider->getAuthorizationUrl(); |
||
95 | $uri = parse_url($url); |
||
96 | |||
97 | $this->assertEquals('/oauth/authorize', $uri['path']); |
||
98 | } |
||
99 | |||
100 | public function testGetBaseAccessTokenUrl() |
||
101 | { |
||
102 | $params = []; |
||
103 | |||
104 | $url = $this->provider->getBaseAccessTokenUrl($params); |
||
105 | $uri = parse_url($url); |
||
106 | |||
107 | $this->assertEquals('/oauth/access_token', $uri['path']); |
||
108 | } |
||
109 | |||
110 | public function testGetAccessToken() |
||
111 | { |
||
112 | $response = m::mock('Psr\Http\Message\ResponseInterface'); |
||
113 | $response->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token","user_id": "123"}'); |
||
114 | $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
115 | |||
116 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
117 | $client->shouldReceive('send')->times(1)->andReturn($response); |
||
118 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
|
|||
119 | |||
120 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
121 | |||
122 | $this->assertEquals('mock_access_token', $token->getToken()); |
||
123 | $this->assertNull($token->getExpires()); |
||
124 | $this->assertNull($token->getRefreshToken()); |
||
125 | $this->assertEquals('123', $token->getResourceOwnerId()); |
||
126 | } |
||
127 | |||
128 | public function testUserData() |
||
129 | { |
||
130 | $userId = rand(1000,9999); |
||
131 | $nickname = uniqid(); |
||
132 | |||
133 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
134 | $postResponse->shouldReceive('getBody')->andReturn('{"access_token": "mock_access_token","user_id": "1574083"}'); |
||
135 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
136 | |||
137 | $userResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
138 | $userResponse->shouldReceive('getBody')->andReturn('{"id": "'.$userId.'", "username": "'.$nickname.'"}'); |
||
139 | $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
140 | |||
141 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
142 | $client->shouldReceive('send') |
||
143 | ->times(2) |
||
144 | ->andReturn($postResponse, $userResponse); |
||
145 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
146 | |||
147 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
148 | $user = $this->provider->getResourceOwner($token); |
||
0 ignored issues
–
show
$token of type object<League\OAuth2\Cli...n\AccessTokenInterface> is not a sub-type of object<League\OAuth2\Client\Token\AccessToken> . It seems like you assume a concrete implementation of the interface League\OAuth2\Client\Token\AccessTokenInterface to be always present.
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type.
Loading history...
|
|||
149 | |||
150 | $this->assertEquals($userId, $user->getId()); |
||
151 | $this->assertEquals($userId, $user->toArray()['id']); |
||
152 | $this->assertEquals($nickname, $user->getNickname()); |
||
153 | $this->assertEquals($nickname, $user->toArray()['username']); |
||
154 | } |
||
155 | |||
156 | public function testExceptionThrownWhenErrorObjectReceived() |
||
157 | { |
||
158 | $this->expectException('League\OAuth2\Client\Provider\Exception\IdentityProviderException'); |
||
159 | $message = uniqid(); |
||
160 | $status = rand(400,600); |
||
161 | $traceId = uniqid(); |
||
162 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
163 | $postResponse->shouldReceive('getBody')->andReturn('{"error": {"type": "IGApiException","code": '.$status.',"message": "'.$message.'","fbtrace_id":"'.$traceId.'"}}'); |
||
164 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
165 | $postResponse->shouldReceive('getReasonPhrase'); |
||
166 | $postResponse->shouldReceive('getStatusCode')->andReturn($status); |
||
167 | |||
168 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
169 | $client->shouldReceive('send') |
||
170 | ->times(1) |
||
171 | ->andReturn($postResponse); |
||
172 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
173 | $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
174 | } |
||
175 | |||
176 | public function testExceptionThrownWhenAuthErrorObjectReceived() |
||
177 | { |
||
178 | $this->expectException('League\OAuth2\Client\Provider\Exception\IdentityProviderException'); |
||
179 | $message = uniqid(); |
||
180 | $status = rand(400,600); |
||
181 | $postResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
182 | $postResponse->shouldReceive('getBody')->andReturn('{"error_type": "OAuthException","code": '.$status.',"error_message": "'.$message.'"}'); |
||
183 | $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
184 | $postResponse->shouldReceive('getReasonPhrase'); |
||
185 | $postResponse->shouldReceive('getStatusCode')->andReturn($status); |
||
186 | |||
187 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
188 | $client->shouldReceive('send') |
||
189 | ->times(1) |
||
190 | ->andReturn($postResponse); |
||
191 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
192 | $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
193 | } |
||
194 | |||
195 | public function testGetAuthenticatedRequest() |
||
196 | { |
||
197 | $method = 'GET'; |
||
198 | $url = 'https://graph.instagram.com/me'; |
||
199 | |||
200 | $accessTokenResponse = m::mock('Psr\Http\Message\ResponseInterface'); |
||
201 | $accessTokenResponse->shouldReceive('getBody')->andReturn('{"access_token": "mock_access_token","user_id": "1574083"}'); |
||
202 | $accessTokenResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']); |
||
203 | |||
204 | $client = m::mock('GuzzleHttp\ClientInterface'); |
||
205 | $client->shouldReceive('send') |
||
206 | ->times(1) |
||
207 | ->andReturn($accessTokenResponse); |
||
208 | $this->provider->setHttpClient($client); |
||
0 ignored issues
–
show
$client is of type object<Mockery\LegacyMockInterface> , but the function expects a object<GuzzleHttp\ClientInterface> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
209 | |||
210 | $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']); |
||
211 | |||
212 | $authenticatedRequest = $this->provider->getAuthenticatedRequest($method, $url, $token); |
||
213 | |||
214 | $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $authenticatedRequest); |
||
215 | $this->assertEquals($method, $authenticatedRequest->getMethod()); |
||
216 | $this->assertStringContainsString('access_token=mock_access_token', $authenticatedRequest->getUri()->getQuery()); |
||
217 | } |
||
218 | } |
||
219 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: