Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php declare(strict_types=1); namespace LeagueTests\ResponseTypes; use DateInterval; u..
Decoded Output download
<?php
declare(strict_types=1);
namespace LeagueTests\ResponseTypes;
use DateInterval;
use DateTimeImmutable;
use Laminas\Diactoros\Response;
use Laminas\Diactoros\ServerRequest;
use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use LeagueTests\Stubs\AccessTokenEntity;
use LeagueTests\Stubs\ClientEntity;
use LeagueTests\Stubs\RefreshTokenEntity;
use LeagueTests\Stubs\ScopeEntity;
use PHPUnit\Framework\TestCase;
use function base64_encode;
use function json_decode;
use function random_bytes;
use function sprintf;
class BearerResponseTypeTest extends TestCase
{
public function testGenerateHttpResponse(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$scope = new ScopeEntity();
$scope->setIdentifier('basic');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->addScope($scope);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$accessToken->setUserIdentifier('userId');
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
self::assertEquals(200, $response->getStatusCode());
self::assertEquals('no-cache', $response->getHeader('pragma')[0]);
self::assertEquals('no-store', $response->getHeader('cache-control')[0]);
self::assertEquals('application/json; charset=UTF-8', $response->getHeader('content-type')[0]);
$response->getBody()->rewind();
$json = json_decode($response->getBody()->getContents());
self::assertEquals('Bearer', $json->token_type);
self::assertObjectHasProperty('expires_in', $json);
self::assertObjectHasProperty('access_token', $json);
self::assertObjectHasProperty('refresh_token', $json);
}
public function testGenerateHttpResponseWithExtraParams(): void
{
$responseType = new BearerTokenResponseWithParams();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$scope = new ScopeEntity();
$scope->setIdentifier('basic');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->addScope($scope);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$accessToken->setUserIdentifier('userId');
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
self::assertEquals(200, $response->getStatusCode());
self::assertEquals('no-cache', $response->getHeader('pragma')[0]);
self::assertEquals('no-store', $response->getHeader('cache-control')[0]);
self::assertEquals('application/json; charset=UTF-8', $response->getHeader('content-type')[0]);
$response->getBody()->rewind();
$json = json_decode($response->getBody()->getContents());
self::assertEquals('Bearer', $json->token_type);
self::assertObjectHasProperty('expires_in', $json);
self::assertObjectHasProperty('access_token', $json);
self::assertObjectHasProperty('refresh_token', $json);
self::assertObjectHasProperty('foo', $json);
self::assertEquals('bar', $json->foo);
}
public function testDetermineAccessTokenInHeaderValidToken(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setUserIdentifier('123');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
$json = json_decode((string) $response->getBody());
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('isAccessTokenRevoked')->willReturn(false);
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', sprintf('Bearer %s', $json->access_token));
$request = $authorizationValidator->validateAuthorization($request);
self::assertEquals('abcdef', $request->getAttribute('oauth_access_token_id'));
self::assertEquals('clientName', $request->getAttribute('oauth_client_id'));
self::assertEquals('123', $request->getAttribute('oauth_user_id'));
self::assertEquals([], $request->getAttribute('oauth_scopes'));
}
public function testDetermineAccessTokenInHeaderInvalidJWT(): void
{
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setUserIdentifier('123');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->sub(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
$json = json_decode((string) $response->getBody());
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', sprintf('Bearer %s', $json->access_token));
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'Access token could not be verified',
$e->getHint()
);
}
}
public function testDetermineAccessTokenInHeaderRevokedToken(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setUserIdentifier('123');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
$json = json_decode((string) $response->getBody());
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('isAccessTokenRevoked')->willReturn(true);
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', sprintf('Bearer %s', $json->access_token));
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'Access token has been revoked',
$e->getHint()
);
}
}
public function testDetermineAccessTokenInHeaderInvalidToken(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', 'Bearer blah');
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'The JWT string must have two dots',
$e->getHint()
);
}
}
public function testDetermineMissingBearerInHeader(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', 'Bearer blah.blah.blah');
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'Error while decoding from JSON',
$e->getHint()
);
}
}
}
?>Did this file decode correctly?
Original Code
<?php
declare(strict_types=1);
namespace LeagueTests\ResponseTypes;
use DateInterval;
use DateTimeImmutable;
use Laminas\Diactoros\Response;
use Laminas\Diactoros\ServerRequest;
use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use LeagueTests\Stubs\AccessTokenEntity;
use LeagueTests\Stubs\ClientEntity;
use LeagueTests\Stubs\RefreshTokenEntity;
use LeagueTests\Stubs\ScopeEntity;
use PHPUnit\Framework\TestCase;
use function base64_encode;
use function json_decode;
use function random_bytes;
use function sprintf;
class BearerResponseTypeTest extends TestCase
{
public function testGenerateHttpResponse(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$scope = new ScopeEntity();
$scope->setIdentifier('basic');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->addScope($scope);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$accessToken->setUserIdentifier('userId');
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
self::assertEquals(200, $response->getStatusCode());
self::assertEquals('no-cache', $response->getHeader('pragma')[0]);
self::assertEquals('no-store', $response->getHeader('cache-control')[0]);
self::assertEquals('application/json; charset=UTF-8', $response->getHeader('content-type')[0]);
$response->getBody()->rewind();
$json = json_decode($response->getBody()->getContents());
self::assertEquals('Bearer', $json->token_type);
self::assertObjectHasProperty('expires_in', $json);
self::assertObjectHasProperty('access_token', $json);
self::assertObjectHasProperty('refresh_token', $json);
}
public function testGenerateHttpResponseWithExtraParams(): void
{
$responseType = new BearerTokenResponseWithParams();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$scope = new ScopeEntity();
$scope->setIdentifier('basic');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->addScope($scope);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$accessToken->setUserIdentifier('userId');
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
self::assertEquals(200, $response->getStatusCode());
self::assertEquals('no-cache', $response->getHeader('pragma')[0]);
self::assertEquals('no-store', $response->getHeader('cache-control')[0]);
self::assertEquals('application/json; charset=UTF-8', $response->getHeader('content-type')[0]);
$response->getBody()->rewind();
$json = json_decode($response->getBody()->getContents());
self::assertEquals('Bearer', $json->token_type);
self::assertObjectHasProperty('expires_in', $json);
self::assertObjectHasProperty('access_token', $json);
self::assertObjectHasProperty('refresh_token', $json);
self::assertObjectHasProperty('foo', $json);
self::assertEquals('bar', $json->foo);
}
public function testDetermineAccessTokenInHeaderValidToken(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setUserIdentifier('123');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
$json = json_decode((string) $response->getBody());
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('isAccessTokenRevoked')->willReturn(false);
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', sprintf('Bearer %s', $json->access_token));
$request = $authorizationValidator->validateAuthorization($request);
self::assertEquals('abcdef', $request->getAttribute('oauth_access_token_id'));
self::assertEquals('clientName', $request->getAttribute('oauth_client_id'));
self::assertEquals('123', $request->getAttribute('oauth_user_id'));
self::assertEquals([], $request->getAttribute('oauth_scopes'));
}
public function testDetermineAccessTokenInHeaderInvalidJWT(): void
{
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setUserIdentifier('123');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->sub(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
$json = json_decode((string) $response->getBody());
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', sprintf('Bearer %s', $json->access_token));
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'Access token could not be verified',
$e->getHint()
);
}
}
public function testDetermineAccessTokenInHeaderRevokedToken(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$client = new ClientEntity();
$client->setIdentifier('clientName');
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier('abcdef');
$accessToken->setUserIdentifier('123');
$accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$accessToken->setClient($client);
$accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier('abcdef');
$refreshToken->setAccessToken($accessToken);
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
$response = $responseType->generateHttpResponse(new Response());
$json = json_decode((string) $response->getBody());
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('isAccessTokenRevoked')->willReturn(true);
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', sprintf('Bearer %s', $json->access_token));
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'Access token has been revoked',
$e->getHint()
);
}
}
public function testDetermineAccessTokenInHeaderInvalidToken(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', 'Bearer blah');
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'The JWT string must have two dots',
$e->getHint()
);
}
}
public function testDetermineMissingBearerInHeader(): void
{
$responseType = new BearerTokenResponse();
$responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$responseType->setEncryptionKey(base64_encode(random_bytes(36)));
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$authorizationValidator = new BearerTokenValidator($accessTokenRepositoryMock);
$authorizationValidator->setPublicKey(new CryptKey('file://' . __DIR__ . '/../Stubs/public.key'));
$request = (new ServerRequest())->withHeader('authorization', 'Bearer blah.blah.blah');
try {
$authorizationValidator->validateAuthorization($request);
} catch (OAuthServerException $e) {
self::assertEquals(
'Error while decoding from JSON',
$e->getHint()
);
}
}
}
Function Calls
| None |
Stats
| MD5 | 1dae1014580c1fab3cdef84aec72468d |
| Eval Count | 0 |
| Decode Time | 120 ms |