adds tests for JwtBearer storage

Author: bshaffer

src/OAuth2/Storage/Cassandra.php

@@ -316,14 +316,26 @@ public function setScope($scope, $client_id = null, $type = 'supported')
     /*JWTBearerInterface */
     public function getClientKey($client_id, $subject)
     {
-        $jwt = $this->getValue($this->config['jwt_key'] . $client_id);
+        if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
+            return false;
+        }
+
         if (isset($jwt['subject']) && $jwt['subject'] == $subject ) {
             return $jwt['key'];
         }
 
         return null;
     }
 
+    public function setClientKey($client_id, $key, $subject = null)
+    {
+        return $this->setValue($this->config['jwt_key'] . $client_id, array(
+            'key' => $key,
+            'subject' => $subject
+        ));
+    }
+
+    /*ScopeInterface */
     public function getClientScope($client_id)
     {
         if (!$clientDetails = $this->getClientDetails($client_id)) {

src/OAuth2/Storage/Mongo.php

@@ -304,7 +304,7 @@ public function getClientKey($client_id, $subject)
             'subject' => $subject
         ));
 
-        return $result;
+        return is_null($result) ? false : $result['key'];
     }
 
     public function getClientScope($client_id)

src/OAuth2/Storage/Redis.php

@@ -263,14 +263,25 @@ public function setScope($scope, $client_id = null, $type = 'supported')
     /*JWTBearerInterface */
     public function getClientKey($client_id, $subject)
     {
-        $jwt = $this->getValue($this->config['jwt_key'] . $client_id);
-        if ( isset($jwt['subject']) && $jwt['subject'] == $subject ) {
+        if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
+            return false;
+        }
+
+        if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
             return $jwt['key'];
         }
 
         return null;
     }
 
+    public function setClientKey($client_id, $key, $subject = null)
+    {
+        return $this->setValue($this->config['jwt_key'] . $client_id, array(
+            'key' => $key,
+            'subject' => $subject
+        ));
+    }
+
     public function getClientScope($client_id)
     {
         if (!$clientDetails = $this->getClientDetails($client_id)) {

test/OAuth2/Storage/JwtBearerTest.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace OAuth2\Storage;
+
+class JwtBearerTest extends BaseTest
+{
+    /** @dataProvider provideStorage */
+    public function testGetClientKey(JwtBearerInterface $storage)
+    {
+        if ($storage instanceof NullStorage) {
+            $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
+
+            return;
+        }
+
+        // nonexistant client_id
+        $key = $storage->getClientKey('this-is-not-real', 'nor-is-this');
+        $this->assertFalse($key);
+
+        // valid client_id and subject
+        $key = $storage->getClientKey('oauth_test_client', 'test_subject');
+        $this->assertNotNull($key);
+        $this->assertEquals($key, Bootstrap::getInstance()->getTestPublicKey());
+    }
+}

test/config/storage.json

@@ -123,6 +123,10 @@
         "Missing Key Client PHP-5.2": {
             "key": null,
             "subject": "[email protected]"
+        },
+        "oauth_test_client": {
+            "key": "-----BEGIN CERTIFICATE-----\nMIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL\nMAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe\nFw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs\nNjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw\nizIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu\nBe+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K\nvCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh\ndGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD\nlM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl\naViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL\nFRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg==\n-----END CERTIFICATE-----",
+            "subject": "test_subject"
         }
     },
     "jti": [

test/lib/OAuth2/Storage/Bootstrap.php

@@ -199,6 +199,8 @@ private function createCassandraDb(Cassandra $storage)
 
         $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Default Scope Client ID 2');
         $storage->setScope('clientscope3', 'Test Default Scope Client ID 2', 'default');
+
+        $storage->setClientKey('oauth_test_client', $this->getTestPublicKey(), 'test_subject');
     }
 
     private function createSqliteDb(\PDO $pdo)
@@ -222,13 +224,14 @@ private function createMysqlDb(\PDO $pdo)
 
     public function runPdoSql(\PDO $pdo)
     {
-        $pdo->exec('CREATE TABLE oauth_clients (client_id TEXT, client_secret TEXT, redirect_uri TEXT, grant_types TEXT, scope TEXT, user_id TEXT)');
+        $pdo->exec('CREATE TABLE oauth_clients (client_id TEXT, client_secret TEXT, redirect_uri TEXT, grant_types TEXT, scope TEXT, user_id TEXT, public_key TEXT)');
         $pdo->exec('CREATE TABLE oauth_access_tokens (access_token TEXT, client_id TEXT, user_id TEXT, expires DATETIME, scope TEXT)');
         $pdo->exec('CREATE TABLE oauth_authorization_codes (authorization_code TEXT, client_id TEXT, user_id TEXT, redirect_uri TEXT, expires DATETIME, scope TEXT)');
         $pdo->exec('CREATE TABLE oauth_users (username TEXT, password TEXT, first_name TEXT, last_name TEXT, scope TEXT)');
         $pdo->exec('CREATE TABLE oauth_refresh_tokens (refresh_token TEXT, client_id TEXT, user_id TEXT, expires DATETIME, scope TEXT)');
         $pdo->exec('CREATE TABLE oauth_scopes (scope TEXT, is_default BOOLEAN)');
         $pdo->exec('CREATE TABLE oauth_public_keys (client_id TEXT, public_key TEXT, private_key TEXT, encryption_algorithm VARCHAR(100) DEFAULT "RS256")');
+        $pdo->exec('CREATE TABLE oauth_jwt (client_id VARCHAR(80), subject VARCHAR(80), public_key VARCHAR(2000))');
 
         // set up scopes
         foreach (explode(' ', 'supportedscope1 supportedscope2 supportedscope3 supportedscope4 clientscope1 clientscope2 clientscope3') as $supportedScope) {
@@ -251,7 +254,8 @@ public function runPdoSql(\PDO $pdo)
         $pdo->exec('INSERT INTO oauth_users (username, password) VALUES ("testuser", "password")');
         $pdo->exec('INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES ("ClientID_One", "client_1_public", "client_1_private", "RS256")');
         $pdo->exec('INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES ("ClientID_Two", "client_2_public", "client_2_private", "RS256")');
-        $pdo->exec(sprintf('INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (NULL, "%s", "%s", "RS256")', file_get_contents($this->configDir.'/keys/id_rsa.pub'), file_get_contents($this->configDir.'/keys/id_rsa')));
+        $pdo->exec(sprintf('INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (NULL, "%s", "%s", "RS256")', $this->getTestPublicKey(), $this->getTestPrivateKey()));
+        $pdo->exec(sprintf('INSERT INTO oauth_jwt (client_id, subject, public_key) VALUES ("oauth_test_client", "test_subject", "%s")', $this->getTestPublicKey()));
     }
 
     public function removeMysqlDb(\PDO $pdo)
@@ -271,10 +275,33 @@ public function getConfigDir()
 
     private function createMongoDb(\MongoDB $db)
     {
-        $db->oauth_clients->insert(array('client_id' => "oauth_test_client", 'client_secret' => "testpass", 'redirect_uri' => "http://example.com", 'grant_types' => 'implicit password'));
-        $db->oauth_access_tokens->insert(array('access_token' => "testtoken", 'client_id' => "Some Client"));
-        $db->oauth_authorization_codes->insert(array('authorization_code' => "testcode", 'client_id' => "Some Client"));
-        $db->oauth_users->insert(array('username' => "testuser", 'password' => "password"));
+        $db->oauth_clients->insert(array(
+            'client_id' => "oauth_test_client",
+            'client_secret' => "testpass",
+            'redirect_uri' => "http://example.com",
+            'grant_types' => 'implicit password'
+        ));
+
+        $db->oauth_access_tokens->insert(array(
+            'access_token' => "testtoken",
+            'client_id' => "Some Client"
+        ));
+
+        $db->oauth_authorization_codes->insert(array(
+            'authorization_code' => "testcode",
+            'client_id' => "Some Client"
+        ));
+
+        $db->oauth_users->insert(array(
+            'username' => "testuser",
+            'password' => "password"
+        ));
+
+        $db->oauth_jwt->insert(array(
+            'client_id' => 'oauth_test_client',
+            'key'       => $this->getTestPublicKey(),
+            'subject'   => 'test_subject',
+        ));
     }
 
     private function createRedisDb(Redis $storage)
@@ -298,10 +325,22 @@ private function createRedisDb(Redis $storage)
 
         $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Default Scope Client ID 2');
         $storage->setScope('clientscope3', 'Test Default Scope Client ID 2', 'default');
+
+        $storage->setClientKey('oauth_test_client', $this->getTestPublicKey(), 'test_subject');
     }
 
     public function removeMongoDb(\MongoDB $db)
     {
         $db->drop();
     }
+
+    public function getTestPublicKey()
+    {
+        return file_get_contents(__DIR__.'/../../../config/keys/id_rsa.pub');
+    }
+
+    private function getTestPrivateKey()
+    {
+        return file_get_contents(__DIR__.'/../../../config/keys/id_rsa');
+    }
 }