~fkooman/vpn-user-portal

ref: 2.3.10 vpn-user-portal/tests/OAuth/BearerValidatorTest.php -rw-r--r-- 4.1 KiB
e0bd9cc0François Kooman prepare for release 1 year, 1 month ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php

/*
 * eduVPN - End-user friendly VPN.
 *
 * Copyright: 2016-2019, The Commons Conservancy eduVPN Programme
 * SPDX-License-Identifier: AGPL-3.0+
 */

namespace LC\Portal\OAuth\Tests;

use DateInterval;
use DateTime;
use fkooman\Jwt\Keys\EdDSA\SecretKey;
use fkooman\OAuth\Server\OAuthServer;
use LC\Common\Config;
use LC\Portal\ClientFetcher;
use LC\Portal\OAuth\BearerValidator;
use LC\Portal\OAuth\PublicSigner;
use LC\Portal\Storage;
use PDO;
use PHPUnit\Framework\TestCase;

class BearerValidatorTest extends TestCase
{
    /** @var \LC\Portal\OAuth\BearerValidator */
    private $bearerValidator;

    /** @var \fkooman\Jwt\Keys\EdDSA\SecretKey */
    private $secretKey;

    /** @var \fkooman\Jwt\Keys\EdDSA\SecretKey */
    private $remoteSecretKey;

    /** @var \DateTime */
    private $dateTime;

    /**
     * @return void
     */
    protected function setUp()
    {
        $this->dateTime = new DateTime('2018-01-01');

        $storage = new Storage(
            new PDO('sqlite::memory:'),
            \dirname(\dirname(__DIR__)).'/schema',
            new DateInterval('P90D')
        );
        $storage->setDateTime($this->dateTime);
        $storage->init();
        $storage->storeAuthorization('foo', 'org.letsconnect-vpn.app.windows', 'config', 'random_1');
        $clientDb = new ClientFetcher(new Config(['Api' => ['consumerList' => []]]));
        $this->secretKey = SecretKey::generate();
        $this->remoteSecretKey = SecretKey::generate();
        $keyInstanceMapping = [
            PublicSigner::calculateKeyId($this->remoteSecretKey->getPublicKey()) => [
                'base_uri' => 'https://vpn.example.org',
                'public_key' => $this->remoteSecretKey->getPublicKey()->encode(),
            ],
        ];

        $this->bearerValidator = new BearerValidator(
            $storage,
            $clientDb,
            $this->secretKey->getPublicKey(),
            $keyInstanceMapping
        );
        $this->bearerValidator->setDateTime($this->dateTime);
    }

    /**
     * @return void
     */
    public function testLocalToken()
    {
        $signer = new PublicSigner($this->secretKey->getPublicKey(), $this->secretKey);
        $bearerToken = $signer->sign(
            [
                'v' => OAuthServer::TOKEN_VERSION,
                'type' => 'access_token',
                'auth_key' => 'random_1', // to bind it to the authorization
                'user_id' => 'foo',
                'client_id' => 'org.letsconnect-vpn.app.windows',
                'scope' => 'config',
                'expires_at' => date_add(clone $this->dateTime, new DateInterval('PT1H'))->format(DateTime::ATOM),
            ]
        );

        $accessTokenInfo = $this->bearerValidator->validate('Bearer '.$bearerToken);
        $this->assertSame('foo', $accessTokenInfo->getUserId());
        $this->assertSame('org.letsconnect-vpn.app.windows', $accessTokenInfo->getClientId());
        $this->assertSame('config', (string) $accessTokenInfo->getScope());
        $this->assertTrue($accessTokenInfo->getIsLocal());
    }

    /**
     * @return void
     */
    public function testRemoteToken()
    {
        $signer = new PublicSigner($this->remoteSecretKey->getPublicKey(), $this->remoteSecretKey);
        $bearerToken = $signer->sign(
            [
                'v' => OAuthServer::TOKEN_VERSION,
                'type' => 'access_token',
                'auth_key' => 'remote_random_1', // to bind it to the authorization
                'user_id' => 'foo',
                'client_id' => 'org.letsconnect-vpn.app.windows',
                'scope' => 'config',
                'expires_at' => date_add(clone $this->dateTime, new DateInterval('PT1H'))->format(DateTime::ATOM),
            ]
        );
        $accessTokenInfo = $this->bearerValidator->validate('Bearer '.$bearerToken);
        $this->assertSame('https://vpn.example.org!!foo', $accessTokenInfo->getUserId());
        $this->assertSame('org.letsconnect-vpn.app.windows', $accessTokenInfo->getClientId());
        $this->assertSame('config', (string) $accessTokenInfo->getScope());
        $this->assertFalse($accessTokenInfo->getIsLocal());
    }
}