mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #9660 from nextcloud/backport/9653/stable12 

[stable12] The OAuth endpoint needs to support Basic Auth
This commit is contained in:
Morris Jobke 2018-05-30 15:03:54 +02:00 committed by GitHub
parent a98bfa8d87 e824973786
commit 475d9e15b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 89 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/oauth2/lib/Controller/OauthApiController.php
View File

@ -118,6 +118,11 @@ class OauthApiController extends Controller {
], Http::STATUS_BAD_REQUEST); ], Http::STATUS_BAD_REQUEST);
} }
if (isset($this->request->server['PHP_AUTH_USER'])) {
$client_id = $this->request->server['PHP_AUTH_USER'];
$client_secret = $this->request->server['PHP_AUTH_PW'];
}
// The client id and secret must match. Else we don't provide an access token! // The client id and secret must match. Else we don't provide an access token!
if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) { if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) {
return new JSONResponse([ return new JSONResponse([

84
apps/oauth2/tests/Controller/OauthApiControllerTest.php
View File

@ -289,6 +289,90 @@ class OauthApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret')); $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
} }
public function testGetTokenValidAppTokenBasicAuth() {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setTokenId(1337);
$accessToken->setEncryptedToken('encryptedToken');
$this->accessTokenMapper->method('getByCode')
->with('validrefresh')
->willReturn($accessToken);
$client = new Client();
$client->setClientIdentifier('clientId');
$client->setSecret('clientSecret');
$this->clientMapper->method('getByUid')
->with(42)
->willReturn($client);
$this->crypto->method('decrypt')
->with(
'encryptedToken',
'validrefresh'
)->willReturn('decryptedToken');
$appToken = new DefaultToken();
$appToken->setUid('userId');
$this->tokenProvider->method('getTokenById')
->with(1337)
->willThrowException(new ExpiredTokenException($appToken));
$this->accessTokenMapper->expects($this->never())
->method('delete')
->with($accessToken);
$this->secureRandom->method('generate')
->will($this->returnCallback(function ($len) {
return 'random'.$len;
}));
$this->tokenProvider->expects($this->once())
->method('rotate')
->with(
$appToken,
'decryptedToken',
'random72'
)->willReturn($appToken);
$this->time->method('getTime')
->willReturn(1000);
$this->tokenProvider->expects($this->once())
->method('updateToken')
->with(
$this->callback(function (DefaultToken $token) {
return $token->getExpires() === 4600;
})
);
$this->crypto->method('encrypt')
->with('random72', 'random128')
->willReturn('newEncryptedToken');
$this->accessTokenMapper->expects($this->once())
->method('update')
->with(
$this->callback(function (AccessToken $token) {
return $token->getHashedCode() === hash('sha512', 'random128') &&
$token->getEncryptedToken() === 'newEncryptedToken';
})
);
$expected = new JSONResponse([
'access_token' => 'random72',
'token_type' => 'Bearer',
'expires_in' => 3600,
'refresh_token' => 'random128',
'user_id' => 'userId',
]);
$this->request->server['PHP_AUTH_USER'] = 'clientId';
$this->request->server['PHP_AUTH_PW'] = 'clientSecret';
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
}
public function testGetTokenExpiredAppToken() { public function testGetTokenExpiredAppToken() {
$accessToken = new AccessToken(); $accessToken = new AccessToken();
$accessToken->setClientId(42); $accessToken->setClientId(42);