source: sandbox/2.4.1-3/prototype/library/oauth2/tests/OAuth2Test.php @ 6351

Revision 6351, 16.5 KB checked in by gustavo, 12 years ago (diff)

Ticket #2768 - Melhorias na inserção de destinatários na criacao de mensagem
  • Property svn:executable set to *
Line 
1<?php
2require __DIR__ . '/../lib/OAuth2.php';
3require __DIR__ . '/../lib/IOAuth2Storage.php';
4require __DIR__ . '/../lib/IOAuth2GrantCode.php';
5
6/**
7 * OAuth2 test case.
8 */
9class OAuth2Test extends PHPUnit_Framework_TestCase {
10 
11  /**
12   * @var OAuth2
13   */
14  private $fixture;
15 
16  /**
17   * The actual token ID is irrelevant, so choose one:
18   * @var string
19   */
20  private $tokenId = 'my_token';
21 
22  /**
23   * Tests OAuth2->verifyAccessToken() with a missing token
24   */
25  public function testVerifyAccessTokenWithNoParam() {
26    $mockStorage = $this->getMock('IOAuth2Storage');
27    $this->fixture = new OAuth2($mockStorage);
28   
29    $scope = null;
30    $this->setExpectedException('OAuth2AuthenticateException');
31    $this->fixture->verifyAccessToken('', $scope);
32  }
33 
34  /**
35   * Tests OAuth2->verifyAccessToken() with a invalid token
36   */
37  public function testVerifyAccessTokenInvalidToken() {
38   
39    // Set up the mock storage to say this token does not exist
40    $mockStorage = $this->getMock('IOAuth2Storage');
41    $mockStorage->expects($this->once())
42      ->method('getAccessToken')
43      ->will($this->returnValue(false));
44     
45    $this->fixture = new OAuth2($mockStorage);
46   
47    $scope = null;
48    $this->setExpectedException('OAuth2AuthenticateException');
49    $this->fixture->verifyAccessToken($this->tokenId, $scope);
50  }
51 
52  /**
53   * Tests OAuth2->verifyAccessToken() with a malformed token
54   *
55   * @dataProvider generateMalformedTokens
56   */
57  public function testVerifyAccessTokenMalformedToken($token) {
58   
59    // Set up the mock storage to say this token does not exist
60    $mockStorage = $this->getMock('IOAuth2Storage');
61    $mockStorage->expects($this->once())
62      ->method('getAccessToken')
63      ->will($this->returnValue($token));
64     
65    $this->fixture = new OAuth2($mockStorage);
66   
67    $scope = null;
68    $this->setExpectedException('OAuth2AuthenticateException');
69    $this->fixture->verifyAccessToken($this->tokenId, $scope);
70  }
71 
72        /**
73   * Tests OAuth2->verifyAccessToken() with different expiry dates
74   *
75   * @dataProvider generateExpiryTokens
76   */
77  public function testVerifyAccessTokenCheckExpiry($token, $expectedToPass) {
78   
79    // Set up the mock storage to say this token does not exist
80    $mockStorage = $this->getMock('IOAuth2Storage');
81    $mockStorage->expects($this->once())
82      ->method('getAccessToken')
83      ->will($this->returnValue($token));
84     
85    $this->fixture = new OAuth2($mockStorage);
86   
87    $scope = null;
88   
89   
90    // When valid, we just want any sort of token
91    if ($expectedToPass) {
92      $actual = $this->fixture->verifyAccessToken($this->tokenId, $scope);
93      $this->assertNotEmpty($actual, "verifyAccessToken() was expected to PASS, but it failed");
94      $this->assertInternalType('array', $actual);
95    }
96    else {
97      $this->setExpectedException('OAuth2AuthenticateException');
98      $this->fixture->verifyAccessToken($this->tokenId, $scope);
99    }
100  }
101 
102        /**
103   * Tests OAuth2->verifyAccessToken() with different scopes
104   *
105   * @dataProvider generateScopes
106   */
107  public function testVerifyAccessTokenCheckScope($scopeRequired, $token, $expectedToPass) {
108   
109    // Set up the mock storage to say this token does not exist
110    $mockStorage = $this->getMock('IOAuth2Storage');
111    $mockStorage->expects($this->once())
112      ->method('getAccessToken')
113      ->will($this->returnValue($token));
114     
115    $this->fixture = new OAuth2($mockStorage);
116   
117    // When valid, we just want any sort of token
118    if ($expectedToPass) {
119      $actual = $this->fixture->verifyAccessToken($this->tokenId, $scopeRequired);
120      $this->assertNotEmpty($actual, "verifyAccessToken() was expected to PASS, but it failed");
121      $this->assertInternalType('array', $actual);
122    }
123    else {
124      $this->setExpectedException('OAuth2AuthenticateException');
125      $this->fixture->verifyAccessToken($this->tokenId, $scopeRequired);
126    }
127  }
128 
129  /**
130   * Tests OAuth2->grantAccessToken() for missing data
131   *
132   * @dataProvider generateEmptyDataForGrant
133   */
134  public function testGrantAccessTokenMissingData($inputData, $authHeaders) {
135    $mockStorage = $this->getMock('IOAuth2Storage');
136    $this->fixture = new OAuth2($mockStorage);
137   
138    $this->setExpectedException('OAuth2ServerException');
139    $this->fixture->grantAccessToken($inputData, $authHeaders);
140  }
141 
142  /**
143   * Tests OAuth2->grantAccessToken()
144   *
145   * Tests the different ways client credentials can be provided.
146   */
147  public function testGrantAccessTokenCheckClientCredentials() {
148    $mockStorage = $this->getMock('IOAuth2Storage');
149    $mockStorage->expects($this->any())
150      ->method('checkClientCredentials')
151      ->will($this->returnValue(TRUE)); // Always return true for any combination of user/pass
152    $this->fixture = new OAuth2($mockStorage);
153   
154    $inputData = array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE);
155    $authHeaders = array();
156   
157    // First, confirm that an non-client related error is thrown:
158    try {
159      $this->fixture->grantAccessToken($inputData, $authHeaders);
160      $this->fail('The expected exception OAuth2ServerException was not thrown');
161    } catch ( OAuth2ServerException $e ) {
162      $this->assertEquals(OAuth2::ERROR_INVALID_CLIENT, $e->getMessage());
163    }
164
165    // Confirm Auth header
166    $authHeaders = array('PHP_AUTH_USER' => 'dev-abc', 'PHP_AUTH_PW' => 'pass');
167    $inputData = array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'client_id' => 'dev-abc'); // When using auth, client_id must match
168    try {
169      $this->fixture->grantAccessToken($inputData, $authHeaders);
170      $this->fail('The expected exception OAuth2ServerException was not thrown');
171    } catch ( OAuth2ServerException $e ) {
172      $this->assertNotEquals(OAuth2::ERROR_INVALID_CLIENT, $e->getMessage());
173    }
174   
175    // Confirm GET/POST
176    $authHeaders = array();
177    $inputData = array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'client_id' => 'dev-abc', 'client_secret' => 'foo'); // When using auth, client_id must match
178    try {
179      $this->fixture->grantAccessToken($inputData, $authHeaders);
180      $this->fail('The expected exception OAuth2ServerException was not thrown');
181    } catch ( OAuth2ServerException $e ) {
182      $this->assertNotEquals(OAuth2::ERROR_INVALID_CLIENT, $e->getMessage());
183    }
184  }
185 
186  /**
187   * Tests OAuth2->grantAccessToken() with Auth code grant
188   *
189   */
190  public function testGrantAccessTokenWithGrantAuthCodeMandatoryParams() {
191    $mockStorage = $this->createBaseMock('IOAuth2GrantCode');
192    $inputData = array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'client_id' => 'a', 'client_secret' => 'b');
193    $fakeAuthCode = array('client_id' => $inputData['client_id'], 'redirect_uri' => '/foo', 'expires' => time() + 60);
194    $fakeAccessToken = array('access_token' => 'abcde');
195   
196    // Ensure redirect URI and auth-code is mandatory
197    try {
198      $this->fixture = new OAuth2($mockStorage);
199      $this->fixture->setVariable(OAuth2::CONFIG_ENFORCE_INPUT_REDIRECT, true); // Only required when this is set
200      $this->fixture->grantAccessToken($inputData + array('code' => 'foo'), array());
201      $this->fail('The expected exception OAuth2ServerException was not thrown');
202    } catch ( OAuth2ServerException $e ) {
203      $this->assertEquals(OAuth2::ERROR_INVALID_REQUEST, $e->getMessage());
204    }
205    try {
206      $this->fixture = new OAuth2($mockStorage);
207      $this->fixture->grantAccessToken($inputData + array('redirect_uri' => 'foo'), array());
208      $this->fail('The expected exception OAuth2ServerException was not thrown');
209    } catch ( OAuth2ServerException $e ) {
210      $this->assertEquals(OAuth2::ERROR_INVALID_REQUEST, $e->getMessage());
211    }
212  }
213 
214   /**
215   * Tests OAuth2->grantAccessToken() with Auth code grant
216   *
217   */
218  public function testGrantAccessTokenWithGrantAuthCodeNoToken() {
219    $mockStorage = $this->createBaseMock('IOAuth2GrantCode');
220    $inputData = array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'client_id' => 'a', 'client_secret' => 'b', 'redirect_uri' => 'foo', 'code'=> 'foo');
221   
222    // Ensure missing auth code raises an error
223    try {
224      $this->fixture = new OAuth2($mockStorage);
225      $this->fixture->grantAccessToken($inputData + array(), array());
226      $this->fail('The expected exception OAuth2ServerException was not thrown');
227    }
228    catch ( OAuth2ServerException $e ) {
229      $this->assertEquals(OAuth2::ERROR_INVALID_GRANT, $e->getMessage());
230    }
231  }
232 
233  /**
234   * Tests OAuth2->grantAccessToken() with checks the redirect URI
235   *
236   */
237  public function testGrantAccessTokenWithGrantAuthCodeRedirectChecked() {
238    $inputData = array('redirect_uri' => 'http://www.crossdomain.com/my/subdir', 'grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'client_id' => 'my_little_app', 'client_secret' => 'b', 'code'=> 'foo');
239    $storedToken = array('redirect_uri' => 'http://www.example.com', 'client_id' => 'my_little_app', 'expires' => time() + 60);
240   
241    $mockStorage = $this->createBaseMock('IOAuth2GrantCode');
242    $mockStorage->expects($this->any())
243      ->method('getAuthCode')
244      ->will($this->returnValue($storedToken));
245     
246    // Ensure that the redirect_uri is checked
247    try {
248      $this->fixture = new OAuth2($mockStorage);
249      $this->fixture->grantAccessToken($inputData, array());
250     
251      $this->fail('The expected exception OAuth2ServerException was not thrown');
252    }
253    catch ( OAuth2ServerException $e ) {
254      $this->assertEquals(OAuth2::ERROR_REDIRECT_URI_MISMATCH, $e->getMessage());
255    }
256  }
257 
258        /**
259   * Tests OAuth2->grantAccessToken() with checks the client ID is matched
260   *
261   */
262  public function testGrantAccessTokenWithGrantAuthCodeClientIdChecked() {
263    $inputData = array('client_id' => 'another_app', 'grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'redirect_uri' => 'http://www.example.com/my/subdir', 'client_secret' => 'b', 'code'=> 'foo');
264    $storedToken = array('client_id' => 'my_little_app', 'redirect_uri' => 'http://www.example.com', 'expires' => time() + 60);
265   
266    $mockStorage = $this->createBaseMock('IOAuth2GrantCode');
267    $mockStorage->expects($this->any())
268      ->method('getAuthCode')
269      ->will($this->returnValue($storedToken));
270     
271    // Ensure the client ID is checked
272    try {
273      $this->fixture = new OAuth2($mockStorage);
274      $this->fixture->grantAccessToken($inputData, array());
275     
276      $this->fail('The expected exception OAuth2ServerException was not thrown');
277    }
278    catch ( OAuth2ServerException $e ) {
279      $this->assertEquals(OAuth2::ERROR_INVALID_GRANT, $e->getMessage());
280    }
281  }
282 
283  /**
284   * Tests OAuth2->grantAccessToken() with implicit
285   *
286   */
287  public function testGrantAccessTokenWithGrantImplicit() {
288    $this->markTestIncomplete ( "grantAccessToken test not implemented" );
289   
290    $this->fixture->grantAccessToken(/* parameters */);
291  }
292 
293        /**
294   * Tests OAuth2->grantAccessToken() with user credentials
295   *
296   */
297  public function testGrantAccessTokenWithGrantUser() {
298    $this->markTestIncomplete ( "grantAccessToken test not implemented" );
299   
300    $this->fixture->grantAccessToken(/* parameters */);
301  }
302 
303 
304        /**
305   * Tests OAuth2->grantAccessToken() with client credentials
306   *
307   */
308  public function testGrantAccessTokenWithGrantClient() {
309    $this->markTestIncomplete ( "grantAccessToken test not implemented" );
310   
311    $this->fixture->grantAccessToken(/* parameters */);
312  }
313 
314        /**
315   * Tests OAuth2->grantAccessToken() with refresh token
316   *
317   */
318  public function testGrantAccessTokenWithGrantRefresh() {
319    $this->markTestIncomplete ( "grantAccessToken test not implemented" );
320   
321    $this->fixture->grantAccessToken(/* parameters */);
322  }
323 
324        /**
325   * Tests OAuth2->grantAccessToken() with extension
326   *
327   */
328  public function testGrantAccessTokenWithGrantExtension() {
329    $this->markTestIncomplete ( "grantAccessToken test not implemented" );
330   
331    $this->fixture->grantAccessToken(/* parameters */);
332  }
333 
334  /**
335   * Tests OAuth2->getAuthorizeParams()
336   */
337  public function testGetAuthorizeParams() {
338    // TODO Auto-generated OAuth2Test->testGetAuthorizeParams()
339    $this->markTestIncomplete ( "getAuthorizeParams test not implemented" );
340   
341    $this->fixture->getAuthorizeParams(/* parameters */);
342 
343  }
344 
345  /**
346   * Tests OAuth2->finishClientAuthorization()
347   */
348  public function testFinishClientAuthorization() {
349    // TODO Auto-generated OAuth2Test->testFinishClientAuthorization()
350    $this->markTestIncomplete ( "finishClientAuthorization test not implemented" );
351   
352    $this->fixture->finishClientAuthorization(/* parameters */);
353 
354  }
355
356  // Utility methods
357 
358  /**
359   *
360   * @param string $interfaceName
361   */
362  protected function createBaseMock($interfaceName) {
363    $mockStorage = $this->getMock($interfaceName);
364    $mockStorage->expects($this->any())
365      ->method('checkClientCredentials')
366      ->will($this->returnValue(TRUE)); // Always return true for any combination of user/pass
367    $mockStorage->expects($this->any())
368      ->method('checkRestrictedGrantType')
369      ->will($this->returnValue(TRUE)); // Always return true for any combination of user/pass
370     
371     return $mockStorage;
372  }
373 
374  // Data Providers below:
375 
376  /**
377   * Dataprovider for testVerifyAccessTokenMalformedToken().
378   *
379   * Produces malformed access tokens
380   */
381  public function generateMalformedTokens() {
382    return array(
383      array(array()), // an empty array as a token
384      array(array('expires' => 5)), // missing client_id
385      array(array('client_id' => 6)), // missing expires
386      array(array('something' => 6)), // missing both 'expires' and 'client_id'
387    );
388  }
389 
390  /**
391   * Dataprovider for testVerifyAccessTokenCheckExpiry().
392   *
393   * Produces malformed access tokens
394   */
395  public function generateExpiryTokens() {
396    return array(
397      array(array('client_id' => 'blah', 'expires' => time() - 30),                 FALSE), // 30 seconds ago should fail
398      array(array('client_id' => 'blah', 'expires' => time() - 1),                  FALSE), // now-ish should fail
399      array(array('client_id' => 'blah', 'expires' => 0),                           FALSE), // 1970 should fail
400      array(array('client_id' => 'blah', 'expires' => time() + 30),                 TRUE),  // 30 seconds in the future should be valid
401      array(array('client_id' => 'blah', 'expires' => time() + 86400),              TRUE),  // 1 day in the future should be valid
402      array(array('client_id' => 'blah', 'expires' => time() + (365 * 86400)),      TRUE),  // 1 year should be valid
403      array(array('client_id' => 'blah', 'expires' => time() + (10 * 365 * 86400)), TRUE),  // 10 years should be valid
404    );
405  }
406 
407  /**
408   * Dataprovider for testVerifyAccessTokenCheckExpiry().
409   *
410   * Produces malformed access tokens
411   */
412  public function generateScopes() {
413    $baseToken = array('client_id' => 'blah', 'expires' => time() + 60);
414   
415    return array(
416      array(null,   $baseToken + array(),                               TRUE), // missing scope is valif
417      array(null,   $baseToken + array('scope' => null),                TRUE), // null scope is valid
418      array('',     $baseToken + array('scope' => ''),                  TRUE), // empty scope is valid
419      array('read', $baseToken + array('scope' => 'read'),              TRUE), // exact same scope is valid
420      array('read', $baseToken + array('scope' => ' read '),            TRUE), // exact same scope is valid
421      array(' read ', $baseToken + array('scope' => 'read'),            TRUE), // exact same scope is valid
422      array('read', $baseToken + array('scope' => 'read write delete'), TRUE), // contains scope
423      array('read', $baseToken + array('scope' => 'write read delete'), TRUE), // contains scope
424      array('read', $baseToken + array('scope' => 'delete write read'), TRUE), // contains scope
425     
426      // Invalid combinations
427      array('read', $baseToken + array('scope' => 'write'),            FALSE),
428      array('read', $baseToken + array('scope' => 'apple banana'),     FALSE),
429      array('read', $baseToken + array('scope' => 'apple read-write'), FALSE),
430      array('read', $baseToken + array('scope' => 'apple read,write'), FALSE),
431      array('read', $baseToken + array('scope' => null),               FALSE),
432      array('read', $baseToken + array('scope' => ''),                 FALSE),
433    );
434  }
435 
436  /**
437   * Provider for OAuth2->grantAccessToken()
438   */
439  public function generateEmptyDataForGrant() {
440    return array(
441      array(
442        array(), array()
443      ),
444      array(
445        array(), array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE) // grant_type in auth headers should be ignored
446      ),
447      array(
448        array('not_grant_type' => 5), array()
449      ),
450    );
451  }
452}
453
Note: See TracBrowser for help on using the repository browser.