diff options
author | Morris Jobke <hey@morrisjobke.de> | 2018-05-29 17:12:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-29 17:12:00 +0200 |
commit | a52f0150afdd5ad9d0752af9af8ee17ed9892bfa (patch) | |
tree | 703a53292fd67042f86809e0c481014562c41a5e | |
parent | 5c9f2dd99f4da223b02da63a071a8d9c787f17a6 (diff) | |
parent | d48333910ef16c64d6716f8ade257d4dda1e4c41 (diff) | |
download | nextcloud-server-a52f0150afdd5ad9d0752af9af8ee17ed9892bfa.tar.gz nextcloud-server-a52f0150afdd5ad9d0752af9af8ee17ed9892bfa.zip |
Merge pull request #9659 from nextcloud/backport/9653/stable13
[stable13] The OAuth endpoint needs to support Basic Auth
-rw-r--r-- | apps/oauth2/lib/Controller/OauthApiController.php | 5 | ||||
-rw-r--r-- | apps/oauth2/tests/Controller/OauthApiControllerTest.php | 84 |
2 files changed, 89 insertions, 0 deletions
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 8c96a3feee1..2083741fa0c 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -118,6 +118,11 @@ class OauthApiController extends Controller { ], Http::STATUS_BAD_REQUEST); } + if (isset($this->request->server['PHP_AUTH_USER'])) { + $client_id = $this->request->server['PHP_AUTH_USER']; + $client_secret = $this->request->server['PHP_AUTH_PW']; + } + // The client id and secret must match. Else we don't provide an access token! if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) { return new JSONResponse([ diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index 790dba0a598..10748485971 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -289,6 +289,90 @@ class OauthApiControllerTest extends TestCase { $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret')); } + public function testGetTokenValidAppTokenBasicAuth() { + $accessToken = new AccessToken(); + $accessToken->setClientId(42); + $accessToken->setTokenId(1337); + $accessToken->setEncryptedToken('encryptedToken'); + + $this->accessTokenMapper->method('getByCode') + ->with('validrefresh') + ->willReturn($accessToken); + + $client = new Client(); + $client->setClientIdentifier('clientId'); + $client->setSecret('clientSecret'); + $this->clientMapper->method('getByUid') + ->with(42) + ->willReturn($client); + + $this->crypto->method('decrypt') + ->with( + 'encryptedToken', + 'validrefresh' + )->willReturn('decryptedToken'); + + $appToken = new DefaultToken(); + $appToken->setUid('userId'); + $this->tokenProvider->method('getTokenById') + ->with(1337) + ->willThrowException(new ExpiredTokenException($appToken)); + + $this->accessTokenMapper->expects($this->never()) + ->method('delete') + ->with($accessToken); + + $this->secureRandom->method('generate') + ->will($this->returnCallback(function ($len) { + return 'random'.$len; + })); + + $this->tokenProvider->expects($this->once()) + ->method('rotate') + ->with( + $appToken, + 'decryptedToken', + 'random72' + )->willReturn($appToken); + + $this->time->method('getTime') + ->willReturn(1000); + + $this->tokenProvider->expects($this->once()) + ->method('updateToken') + ->with( + $this->callback(function (DefaultToken $token) { + return $token->getExpires() === 4600; + }) + ); + + $this->crypto->method('encrypt') + ->with('random72', 'random128') + ->willReturn('newEncryptedToken'); + + $this->accessTokenMapper->expects($this->once()) + ->method('update') + ->with( + $this->callback(function (AccessToken $token) { + return $token->getHashedCode() === hash('sha512', 'random128') && + $token->getEncryptedToken() === 'newEncryptedToken'; + }) + ); + + $expected = new JSONResponse([ + 'access_token' => 'random72', + 'token_type' => 'Bearer', + 'expires_in' => 3600, + 'refresh_token' => 'random128', + 'user_id' => 'userId', + ]); + + $this->request->server['PHP_AUTH_USER'] = 'clientId'; + $this->request->server['PHP_AUTH_PW'] = 'clientSecret'; + + $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null)); + } + public function testGetTokenExpiredAppToken() { $accessToken = new AccessToken(); $accessToken->setClientId(42); |