aboutsummaryrefslogtreecommitdiffstats
path: root/apps/oauth2/tests/Controller/OauthApiControllerTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/oauth2/tests/Controller/OauthApiControllerTest.php')
-rw-r--r--apps/oauth2/tests/Controller/OauthApiControllerTest.php128
1 files changed, 68 insertions, 60 deletions
diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php
index 369b5f38e0b..53dd8549196 100644
--- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php
+++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php
@@ -1,4 +1,5 @@
<?php
+
/**
* SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
@@ -84,7 +85,7 @@ class OauthApiControllerTest extends TestCase {
);
}
- public function testGetTokenInvalidGrantType() {
+ public function testGetTokenInvalidGrantType(): void {
$expected = new JSONResponse([
'error' => 'invalid_grant',
], Http::STATUS_BAD_REQUEST);
@@ -93,7 +94,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('foo', null, null, null, null));
}
- public function testGetTokenInvalidCode() {
+ public function testGetTokenInvalidCode(): void {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
@@ -106,7 +107,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'invalidcode', null, null, null));
}
- public function testGetTokenExpiredCode() {
+ public function testGetTokenExpiredCode(): void {
$codeCreatedAt = 100;
$expiredSince = 123;
@@ -131,7 +132,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
}
- public function testGetTokenWithCodeForActiveToken() {
+ public function testGetTokenWithCodeForActiveToken(): void {
// if a token has already delivered oauth tokens,
// it should not be possible to get a new oauth token from a valid authorization code
$codeCreatedAt = 100;
@@ -158,7 +159,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
}
- public function testGetTokenClientDoesNotExist() {
+ public function testGetTokenClientDoesNotExist(): void {
// In this test, the token's authorization code is valid and has not expired
// and we check what happens when the associated Oauth client does not exist
$codeCreatedAt = 100;
@@ -189,7 +190,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
}
- public function testRefreshTokenInvalidRefreshToken() {
+ public function testRefreshTokenInvalidRefreshToken(): void {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
@@ -202,7 +203,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'invalidrefresh', null, null));
}
- public function testRefreshTokenClientDoesNotExist() {
+ public function testRefreshTokenClientDoesNotExist(): void {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
@@ -222,7 +223,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
}
- public function invalidClientProvider() {
+ public static function invalidClientProvider() {
return [
['invalidClientId', 'invalidClientSecret'],
['clientId', 'invalidClientSecret'],
@@ -231,12 +232,12 @@ class OauthApiControllerTest extends TestCase {
}
/**
- * @dataProvider invalidClientProvider
*
* @param string $clientId
* @param string $clientSecret
*/
- public function testRefreshTokenInvalidClient($clientId, $clientSecret) {
+ #[\PHPUnit\Framework\Attributes\DataProvider('invalidClientProvider')]
+ public function testRefreshTokenInvalidClient($clientId, $clientSecret): void {
$expected = new JSONResponse([
'error' => 'invalid_client',
], Http::STATUS_BAD_REQUEST);
@@ -249,9 +250,20 @@ class OauthApiControllerTest extends TestCase {
->with('validrefresh')
->willReturn($accessToken);
+ $this->crypto
+ ->method('calculateHMAC')
+ ->with($this->callback(function (string $text) {
+ return $text === 'clientSecret' || $text === 'invalidClientSecret';
+ }))
+ ->willReturnCallback(function (string $text) {
+ return $text === 'clientSecret'
+ ? 'hashedClientSecret'
+ : 'hashedInvalidClientSecret';
+ });
+
$client = new Client();
$client->setClientIdentifier('clientId');
- $client->setSecret('clientSecret');
+ $client->setSecret(bin2hex('hashedClientSecret'));
$this->clientMapper->method('getByUid')
->with(42)
->willReturn($client);
@@ -259,7 +271,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', $clientId, $clientSecret));
}
- public function testRefreshTokenInvalidAppToken() {
+ public function testRefreshTokenInvalidAppToken(): void {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
@@ -276,21 +288,20 @@ class OauthApiControllerTest extends TestCase {
$client = new Client();
$client->setClientIdentifier('clientId');
- $client->setSecret('encryptedClientSecret');
+ $client->setSecret(bin2hex('hashedClientSecret'));
$this->clientMapper->method('getByUid')
->with(42)
->willReturn($client);
$this->crypto
->method('decrypt')
- ->with($this->callback(function (string $text) {
- return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
- }))
- ->willReturnCallback(function (string $text) {
- return $text === 'encryptedClientSecret'
- ? 'clientSecret'
- : ($text === 'encryptedToken' ? 'decryptedToken' : '');
- });
+ ->with('encryptedToken')
+ ->willReturn('decryptedToken');
+
+ $this->crypto
+ ->method('calculateHMAC')
+ ->with('clientSecret')
+ ->willReturn('hashedClientSecret');
$this->tokenProvider->method('getTokenById')
->with(1337)
@@ -303,7 +314,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
}
- public function testRefreshTokenValidAppToken() {
+ public function testRefreshTokenValidAppToken(): void {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setTokenId(1337);
@@ -315,21 +326,20 @@ class OauthApiControllerTest extends TestCase {
$client = new Client();
$client->setClientIdentifier('clientId');
- $client->setSecret('encryptedClientSecret');
+ $client->setSecret(bin2hex('hashedClientSecret'));
$this->clientMapper->method('getByUid')
->with(42)
->willReturn($client);
$this->crypto
->method('decrypt')
- ->with($this->callback(function (string $text) {
- return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
- }))
- ->willReturnCallback(function (string $text) {
- return $text === 'encryptedClientSecret'
- ? 'clientSecret'
- : ($text === 'encryptedToken' ? 'decryptedToken' : '');
- });
+ ->with('encryptedToken')
+ ->willReturn('decryptedToken');
+
+ $this->crypto
+ ->method('calculateHMAC')
+ ->with('clientSecret')
+ ->willReturn('hashedClientSecret');
$appToken = new PublicKeyToken();
$appToken->setUid('userId');
@@ -343,7 +353,7 @@ class OauthApiControllerTest extends TestCase {
$this->secureRandom->method('generate')
->willReturnCallback(function ($len) {
- return 'random'.$len;
+ return 'random' . $len;
});
$this->tokenProvider->expects($this->once())
@@ -373,8 +383,8 @@ class OauthApiControllerTest extends TestCase {
->method('update')
->with(
$this->callback(function (AccessToken $token) {
- return $token->getHashedCode() === hash('sha512', 'random128') &&
- $token->getEncryptedToken() === 'newEncryptedToken';
+ return $token->getHashedCode() === hash('sha512', 'random128')
+ && $token->getEncryptedToken() === 'newEncryptedToken';
})
);
@@ -400,7 +410,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
}
- public function testRefreshTokenValidAppTokenBasicAuth() {
+ public function testRefreshTokenValidAppTokenBasicAuth(): void {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setTokenId(1337);
@@ -412,21 +422,20 @@ class OauthApiControllerTest extends TestCase {
$client = new Client();
$client->setClientIdentifier('clientId');
- $client->setSecret('encryptedClientSecret');
+ $client->setSecret(bin2hex('hashedClientSecret'));
$this->clientMapper->method('getByUid')
->with(42)
->willReturn($client);
$this->crypto
->method('decrypt')
- ->with($this->callback(function (string $text) {
- return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
- }))
- ->willReturnCallback(function (string $text) {
- return $text === 'encryptedClientSecret'
- ? 'clientSecret'
- : ($text === 'encryptedToken' ? 'decryptedToken' : '');
- });
+ ->with('encryptedToken')
+ ->willReturn('decryptedToken');
+
+ $this->crypto
+ ->method('calculateHMAC')
+ ->with('clientSecret')
+ ->willReturn('hashedClientSecret');
$appToken = new PublicKeyToken();
$appToken->setUid('userId');
@@ -440,7 +449,7 @@ class OauthApiControllerTest extends TestCase {
$this->secureRandom->method('generate')
->willReturnCallback(function ($len) {
- return 'random'.$len;
+ return 'random' . $len;
});
$this->tokenProvider->expects($this->once())
@@ -470,8 +479,8 @@ class OauthApiControllerTest extends TestCase {
->method('update')
->with(
$this->callback(function (AccessToken $token) {
- return $token->getHashedCode() === hash('sha512', 'random128') &&
- $token->getEncryptedToken() === 'newEncryptedToken';
+ return $token->getHashedCode() === hash('sha512', 'random128')
+ && $token->getEncryptedToken() === 'newEncryptedToken';
})
);
@@ -500,7 +509,7 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
}
- public function testRefreshTokenExpiredAppToken() {
+ public function testRefreshTokenExpiredAppToken(): void {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setTokenId(1337);
@@ -512,21 +521,20 @@ class OauthApiControllerTest extends TestCase {
$client = new Client();
$client->setClientIdentifier('clientId');
- $client->setSecret('encryptedClientSecret');
+ $client->setSecret(bin2hex('hashedClientSecret'));
$this->clientMapper->method('getByUid')
->with(42)
->willReturn($client);
$this->crypto
->method('decrypt')
- ->with($this->callback(function (string $text) {
- return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
- }))
- ->willReturnCallback(function (string $text) {
- return $text === 'encryptedClientSecret'
- ? 'clientSecret'
- : ($text === 'encryptedToken' ? 'decryptedToken' : '');
- });
+ ->with('encryptedToken')
+ ->willReturn('decryptedToken');
+
+ $this->crypto
+ ->method('calculateHMAC')
+ ->with('clientSecret')
+ ->willReturn('hashedClientSecret');
$appToken = new PublicKeyToken();
$appToken->setUid('userId');
@@ -540,7 +548,7 @@ class OauthApiControllerTest extends TestCase {
$this->secureRandom->method('generate')
->willReturnCallback(function ($len) {
- return 'random'.$len;
+ return 'random' . $len;
});
$this->tokenProvider->expects($this->once())
@@ -570,8 +578,8 @@ class OauthApiControllerTest extends TestCase {
->method('update')
->with(
$this->callback(function (AccessToken $token) {
- return $token->getHashedCode() === hash('sha512', 'random128') &&
- $token->getEncryptedToken() === 'newEncryptedToken';
+ return $token->getHashedCode() === hash('sha512', 'random128')
+ && $token->getEncryptedToken() === 'newEncryptedToken';
})
);
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 22:13:08 +0000