Merge pull request #9660 from nextcloud/backport/9653/stable12
[stable12] The OAuth endpoint needs to support Basic Auth
This commit is contained in:
commit
475d9e15b6
|
@ -118,6 +118,11 @@ class OauthApiController extends Controller {
|
|||
], Http::STATUS_BAD_REQUEST);
|
||||
}
|
||||
|
||||
if (isset($this->request->server['PHP_AUTH_USER'])) {
|
||||
$client_id = $this->request->server['PHP_AUTH_USER'];
|
||||
$client_secret = $this->request->server['PHP_AUTH_PW'];
|
||||
}
|
||||
|
||||
// The client id and secret must match. Else we don't provide an access token!
|
||||
if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) {
|
||||
return new JSONResponse([
|
||||
|
|
|
@ -289,6 +289,90 @@ class OauthApiControllerTest extends TestCase {
|
|||
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
|
||||
}
|
||||
|
||||
public function testGetTokenValidAppTokenBasicAuth() {
|
||||
$accessToken = new AccessToken();
|
||||
$accessToken->setClientId(42);
|
||||
$accessToken->setTokenId(1337);
|
||||
$accessToken->setEncryptedToken('encryptedToken');
|
||||
|
||||
$this->accessTokenMapper->method('getByCode')
|
||||
->with('validrefresh')
|
||||
->willReturn($accessToken);
|
||||
|
||||
$client = new Client();
|
||||
$client->setClientIdentifier('clientId');
|
||||
$client->setSecret('clientSecret');
|
||||
$this->clientMapper->method('getByUid')
|
||||
->with(42)
|
||||
->willReturn($client);
|
||||
|
||||
$this->crypto->method('decrypt')
|
||||
->with(
|
||||
'encryptedToken',
|
||||
'validrefresh'
|
||||
)->willReturn('decryptedToken');
|
||||
|
||||
$appToken = new DefaultToken();
|
||||
$appToken->setUid('userId');
|
||||
$this->tokenProvider->method('getTokenById')
|
||||
->with(1337)
|
||||
->willThrowException(new ExpiredTokenException($appToken));
|
||||
|
||||
$this->accessTokenMapper->expects($this->never())
|
||||
->method('delete')
|
||||
->with($accessToken);
|
||||
|
||||
$this->secureRandom->method('generate')
|
||||
->will($this->returnCallback(function ($len) {
|
||||
return 'random'.$len;
|
||||
}));
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('rotate')
|
||||
->with(
|
||||
$appToken,
|
||||
'decryptedToken',
|
||||
'random72'
|
||||
)->willReturn($appToken);
|
||||
|
||||
$this->time->method('getTime')
|
||||
->willReturn(1000);
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('updateToken')
|
||||
->with(
|
||||
$this->callback(function (DefaultToken $token) {
|
||||
return $token->getExpires() === 4600;
|
||||
})
|
||||
);
|
||||
|
||||
$this->crypto->method('encrypt')
|
||||
->with('random72', 'random128')
|
||||
->willReturn('newEncryptedToken');
|
||||
|
||||
$this->accessTokenMapper->expects($this->once())
|
||||
->method('update')
|
||||
->with(
|
||||
$this->callback(function (AccessToken $token) {
|
||||
return $token->getHashedCode() === hash('sha512', 'random128') &&
|
||||
$token->getEncryptedToken() === 'newEncryptedToken';
|
||||
})
|
||||
);
|
||||
|
||||
$expected = new JSONResponse([
|
||||
'access_token' => 'random72',
|
||||
'token_type' => 'Bearer',
|
||||
'expires_in' => 3600,
|
||||
'refresh_token' => 'random128',
|
||||
'user_id' => 'userId',
|
||||
]);
|
||||
|
||||
$this->request->server['PHP_AUTH_USER'] = 'clientId';
|
||||
$this->request->server['PHP_AUTH_PW'] = 'clientSecret';
|
||||
|
||||
$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
|
||||
}
|
||||
|
||||
public function testGetTokenExpiredAppToken() {
|
||||
$accessToken = new AccessToken();
|
||||
$accessToken->setClientId(42);
|
||||
|
|
Loading…
Reference in New Issue