aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2018-05-29 15:13:43 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2018-05-29 15:17:54 +0200
commit3556e78c25036b1fbc55967771883e16732faacc (patch)
tree19136e65c8c6da7a5e177f8f81150af329e2385e
parent645eaaa434d95c82fb97aded52dc7d81c94c45b0 (diff)
downloadnextcloud-server-3556e78c25036b1fbc55967771883e16732faacc.tar.gz
nextcloud-server-3556e78c25036b1fbc55967771883e16732faacc.zip
The OAuth endpoint needs to support Basic Auth
* Add test Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r--apps/oauth2/lib/Controller/OauthApiController.php5
-rw-r--r--apps/oauth2/tests/Controller/OauthApiControllerTest.php84
2 files changed, 89 insertions, 0 deletions
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php
index 8c96a3feee1..2083741fa0c 100644
--- a/apps/oauth2/lib/Controller/OauthApiController.php
+++ b/apps/oauth2/lib/Controller/OauthApiController.php
@@ -118,6 +118,11 @@ class OauthApiController extends Controller {
], Http::STATUS_BAD_REQUEST);
}
+ if (isset($this->request->server['PHP_AUTH_USER'])) {
+ $client_id = $this->request->server['PHP_AUTH_USER'];
+ $client_secret = $this->request->server['PHP_AUTH_PW'];
+ }
+
// The client id and secret must match. Else we don't provide an access token!
if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) {
return new JSONResponse([
diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php
index 790dba0a598..10748485971 100644
--- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php
+++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php
@@ -289,6 +289,90 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
}
+ public function testGetTokenValidAppTokenBasicAuth() {
+ $accessToken = new AccessToken();
+ $accessToken->setClientId(42);
+ $accessToken->setTokenId(1337);
+ $accessToken->setEncryptedToken('encryptedToken');
+
+ $this->accessTokenMapper->method('getByCode')
+ ->with('validrefresh')
+ ->willReturn($accessToken);
+
+ $client = new Client();
+ $client->setClientIdentifier('clientId');
+ $client->setSecret('clientSecret');
+ $this->clientMapper->method('getByUid')
+ ->with(42)
+ ->willReturn($client);
+
+ $this->crypto->method('decrypt')
+ ->with(
+ 'encryptedToken',
+ 'validrefresh'
+ )->willReturn('decryptedToken');
+
+ $appToken = new DefaultToken();
+ $appToken->setUid('userId');
+ $this->tokenProvider->method('getTokenById')
+ ->with(1337)
+ ->willThrowException(new ExpiredTokenException($appToken));
+
+ $this->accessTokenMapper->expects($this->never())
+ ->method('delete')
+ ->with($accessToken);
+
+ $this->secureRandom->method('generate')
+ ->will($this->returnCallback(function ($len) {
+ return 'random'.$len;
+ }));
+
+ $this->tokenProvider->expects($this->once())
+ ->method('rotate')
+ ->with(
+ $appToken,
+ 'decryptedToken',
+ 'random72'
+ )->willReturn($appToken);
+
+ $this->time->method('getTime')
+ ->willReturn(1000);
+
+ $this->tokenProvider->expects($this->once())
+ ->method('updateToken')
+ ->with(
+ $this->callback(function (DefaultToken $token) {
+ return $token->getExpires() === 4600;
+ })
+ );
+
+ $this->crypto->method('encrypt')
+ ->with('random72', 'random128')
+ ->willReturn('newEncryptedToken');
+
+ $this->accessTokenMapper->expects($this->once())
+ ->method('update')
+ ->with(
+ $this->callback(function (AccessToken $token) {
+ return $token->getHashedCode() === hash('sha512', 'random128') &&
+ $token->getEncryptedToken() === 'newEncryptedToken';
+ })
+ );
+
+ $expected = new JSONResponse([
+ 'access_token' => 'random72',
+ 'token_type' => 'Bearer',
+ 'expires_in' => 3600,
+ 'refresh_token' => 'random128',
+ 'user_id' => 'userId',
+ ]);
+
+ $this->request->server['PHP_AUTH_USER'] = 'clientId';
+ $this->request->server['PHP_AUTH_PW'] = 'clientSecret';
+
+ $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
+ }
+
public function testGetTokenExpiredAppToken() {
$accessToken = new AccessToken();
$accessToken->setClientId(42);