WebSVN – Moodle – Diff – /lib/tests/oauth2/discovery/auth_server_config_reader_test.php



 * @coversDefaultClass \core\oauth2\discovery\auth_server_config_reader
 * @package core
 * @copyright 2023 Jake Dallimore <jrhdallimore@gmail.com>
 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
final class auth_server_config_reader_test extends \advanced_testcase {

 
    /**
     * Test reading the config for an auth server.
     *

    /**
     * Provider for testing read_configuration().
     *
     * @return array test data.
     */
    public static function config_provider(): array {
        return [
            'Valid, good issuer URL, good config' => [
                'issuerurl' => 'https://app.example.com',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'request' => [
                        'url' => 'https://app.example.com/.well-known/oauth-authorization-server'
                    ],
                    'metadata' => [

                        ]
                    ]
                ]
            ],
            'Valid, issuer URL with path component confirming well known suffix placement' => [
                'issuerurl' => 'https://app.example.com/some/path',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'request' => [
                        'url' => 'https://app.example.com/.well-known/oauth-authorization-server/some/path'
                    ],
                    'metadata' => [

                        ]
                    ]
                ]
            ],
            'Valid, single trailing / path only' => [
                'issuerurl' => 'https://app.example.com/',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'request' => [
                        'url' => 'https://app.example.com/.well-known/oauth-authorization-server'
                    ],
                    'metadata' => [

                        ]
                    ]
                ]
            ],
            'Invalid, non HTTPS issuer URL' => [
                'issuerurl' => 'http://app.example.com',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'exception' => \moodle_exception::class
                ]
            ],
            'Invalid, query string in issuer URL' => [
                'issuerurl' => 'https://app.example.com?test=cat',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'exception' => \moodle_exception::class
                ]
            ],
            'Invalid, fragment in issuer URL' => [
                'issuerurl' => 'https://app.example.com/#cat',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'exception' => \moodle_exception::class
                ]
            ],
            'Valid, port in issuer URL' => [
                'issuerurl' => 'https://app.example.com:8080/some/path',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => null,
                'expected' => [
                    'request' => [
                        'url' => 'https://app.example.com:8080/.well-known/oauth-authorization-server/some/path'
                    ],
                    'metadata' => [

                        ]
                    ]
                ]
            ],
            'Valid, alternate well known suffix, no path' => [
                'issuerurl' => 'https://app.example.com',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => 'openid-configuration', // An application using the openid well known, which is valid.
                'expected' => [
                    'request' => [
                        'url' => 'https://app.example.com/.well-known/openid-configuration'
                    ],
                    'metadata' => [

                        ]
                    ]
                ]
            ],
            'Valid, alternate well known suffix, with path' => [
                'issuerurl' => 'https://app.example.com/some/path/',
                'httpresponse' => new Response(
                    200,
                    ['Content-Type' => 'application/json'],
                    json_encode([
                        "issuer" => "https://app.example.com",
                        "authorization_endpoint" => "https://app.example.com/authorize",

                            "en-GB",
                            "fr-FR",
                        ]
                    ])
                ),
                'altwellknownsuffix' => 'openid-configuration', // An application using the openid well known, which is valid.
                'expected' => [
                    'request' => [
                        'url' => 'https://app.example.com/.well-known/openid-configuration/some/path/'
                    ],
                    'metadata' => [

                        ]
                    ]
                ]
            ],
            'Invalid, bad response' => [
                'issuerurl' => 'https://app.example.com',
                'httpresponse' => new Response(404),
                'altwellknownsuffix' => null,
                'expected' => [
                    'exception' => ClientException::class
                ]
            ]
        ];

Rev 11	Rev 1441
Línea 30...	Línea 30...
30	`* @coversDefaultClass \core\oauth2\discovery\auth_server_config_reader`	30	`* @coversDefaultClass \core\oauth2\discovery\auth_server_config_reader`
31	`* @package core`	31	`* @package core`
32	`* @copyright 2023 Jake Dallimore <jrhdallimore@gmail.com>`	32	`* @copyright 2023 Jake Dallimore <jrhdallimore@gmail.com>`
33	`* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later`	33	`* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later`
34	`*/`	34	`*/`
35	`class auth_server_config_reader_test extends \advanced_testcase {`	35	`final class auth_server_config_reader_test extends \advanced_testcase {`
Línea 36...	Línea 36...
36		36
37	`/**`	37	`/**`
38	`* Test reading the config for an auth server.`	38	`* Test reading the config for an auth server.`
39	`*`	39	`*`
Línea 81...	Línea 81...
81	`/**`	81	`/**`
82	`* Provider for testing read_configuration().`	82	`* Provider for testing read_configuration().`
83	`*`	83	`*`
84	`* @return array test data.`	84	`* @return array test data.`
85	`*/`	85	`*/`
86	`public function config_provider(): array {`	86	`public static function config_provider(): array {`
87	`return [`	87	`return [`
88	`'Valid, good issuer URL, good config' => [`	88	`'Valid, good issuer URL, good config' => [`
89	`'issuer_url' => 'https://app.example.com',`	89	`'issuerurl' => 'https://app.example.com',`
90	`'http_response' => new Response(`	90	`'httpresponse' => new Response(`
91	`200,`	91	`200,`
92	`['Content-Type' => 'application/json'],`	92	`['Content-Type' => 'application/json'],`
93	`json_encode([`	93	`json_encode([`
94	`"issuer" => "https://app.example.com",`	94	`"issuer" => "https://app.example.com",`
95	`"authorization_endpoint" => "https://app.example.com/authorize",`	95	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 120...	Línea 120...
120	`"en-GB",`	120	`"en-GB",`
121	`"fr-FR",`	121	`"fr-FR",`
122	`]`	122	`]`
123	`])`	123	`])`
124	`),`	124	`),`
125	`'well_known_suffix' => null,`	125	`'altwellknownsuffix' => null,`
126	`'expected' => [`	126	`'expected' => [`
127	`'request' => [`	127	`'request' => [`
128	`'url' => 'https://app.example.com/.well-known/oauth-authorization-server'`	128	`'url' => 'https://app.example.com/.well-known/oauth-authorization-server'`
129	`],`	129	`],`
130	`'metadata' => [`	130	`'metadata' => [`
Línea 159...	Línea 159...
159	`]`	159	`]`
160	`]`	160	`]`
161	`]`	161	`]`
162	`],`	162	`],`
163	`'Valid, issuer URL with path component confirming well known suffix placement' => [`	163	`'Valid, issuer URL with path component confirming well known suffix placement' => [`
164	`'issuer_url' => 'https://app.example.com/some/path',`	164	`'issuerurl' => 'https://app.example.com/some/path',`
165	`'http_response' => new Response(`	165	`'httpresponse' => new Response(`
166	`200,`	166	`200,`
167	`['Content-Type' => 'application/json'],`	167	`['Content-Type' => 'application/json'],`
168	`json_encode([`	168	`json_encode([`
169	`"issuer" => "https://app.example.com",`	169	`"issuer" => "https://app.example.com",`
170	`"authorization_endpoint" => "https://app.example.com/authorize",`	170	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 195...	Línea 195...
195	`"en-GB",`	195	`"en-GB",`
196	`"fr-FR",`	196	`"fr-FR",`
197	`]`	197	`]`
198	`])`	198	`])`
199	`),`	199	`),`
200	`'well_known_suffix' => null,`	200	`'altwellknownsuffix' => null,`
201	`'expected' => [`	201	`'expected' => [`
202	`'request' => [`	202	`'request' => [`
203	`'url' => 'https://app.example.com/.well-known/oauth-authorization-server/some/path'`	203	`'url' => 'https://app.example.com/.well-known/oauth-authorization-server/some/path'`
204	`],`	204	`],`
205	`'metadata' => [`	205	`'metadata' => [`
Línea 234...	Línea 234...
234	`]`	234	`]`
235	`]`	235	`]`
236	`]`	236	`]`
237	`],`	237	`],`
238	`'Valid, single trailing / path only' => [`	238	`'Valid, single trailing / path only' => [`
239	`'issuer_url' => 'https://app.example.com/',`	239	`'issuerurl' => 'https://app.example.com/',`
240	`'http_response' => new Response(`	240	`'httpresponse' => new Response(`
241	`200,`	241	`200,`
242	`['Content-Type' => 'application/json'],`	242	`['Content-Type' => 'application/json'],`
243	`json_encode([`	243	`json_encode([`
244	`"issuer" => "https://app.example.com",`	244	`"issuer" => "https://app.example.com",`
245	`"authorization_endpoint" => "https://app.example.com/authorize",`	245	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 270...	Línea 270...
270	`"en-GB",`	270	`"en-GB",`
271	`"fr-FR",`	271	`"fr-FR",`
272	`]`	272	`]`
273	`])`	273	`])`
274	`),`	274	`),`
275	`'well_known_suffix' => null,`	275	`'altwellknownsuffix' => null,`
276	`'expected' => [`	276	`'expected' => [`
277	`'request' => [`	277	`'request' => [`
278	`'url' => 'https://app.example.com/.well-known/oauth-authorization-server'`	278	`'url' => 'https://app.example.com/.well-known/oauth-authorization-server'`
279	`],`	279	`],`
280	`'metadata' => [`	280	`'metadata' => [`
Línea 309...	Línea 309...
309	`]`	309	`]`
310	`]`	310	`]`
311	`]`	311	`]`
312	`],`	312	`],`
313	`'Invalid, non HTTPS issuer URL' => [`	313	`'Invalid, non HTTPS issuer URL' => [`
314	`'issuer_url' => 'http://app.example.com',`	314	`'issuerurl' => 'http://app.example.com',`
315	`'http_response' => new Response(`	315	`'httpresponse' => new Response(`
316	`200,`	316	`200,`
317	`['Content-Type' => 'application/json'],`	317	`['Content-Type' => 'application/json'],`
318	`json_encode([`	318	`json_encode([`
319	`"issuer" => "https://app.example.com",`	319	`"issuer" => "https://app.example.com",`
320	`"authorization_endpoint" => "https://app.example.com/authorize",`	320	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 345...	Línea 345...
345	`"en-GB",`	345	`"en-GB",`
346	`"fr-FR",`	346	`"fr-FR",`
347	`]`	347	`]`
348	`])`	348	`])`
349	`),`	349	`),`
350	`'well_known_suffix' => null,`	350	`'altwellknownsuffix' => null,`
351	`'expected' => [`	351	`'expected' => [`
352	`'exception' => \moodle_exception::class`	352	`'exception' => \moodle_exception::class`
353	`]`	353	`]`
354	`],`	354	`],`
355	`'Invalid, query string in issuer URL' => [`	355	`'Invalid, query string in issuer URL' => [`
356	`'issuer_url' => 'https://app.example.com?test=cat',`	356	`'issuerurl' => 'https://app.example.com?test=cat',`
357	`'http_response' => new Response(`	357	`'httpresponse' => new Response(`
358	`200,`	358	`200,`
359	`['Content-Type' => 'application/json'],`	359	`['Content-Type' => 'application/json'],`
360	`json_encode([`	360	`json_encode([`
361	`"issuer" => "https://app.example.com",`	361	`"issuer" => "https://app.example.com",`
362	`"authorization_endpoint" => "https://app.example.com/authorize",`	362	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 387...	Línea 387...
387	`"en-GB",`	387	`"en-GB",`
388	`"fr-FR",`	388	`"fr-FR",`
389	`]`	389	`]`
390	`])`	390	`])`
391	`),`	391	`),`
392	`'well_known_suffix' => null,`	392	`'altwellknownsuffix' => null,`
393	`'expected' => [`	393	`'expected' => [`
394	`'exception' => \moodle_exception::class`	394	`'exception' => \moodle_exception::class`
395	`]`	395	`]`
396	`],`	396	`],`
397	`'Invalid, fragment in issuer URL' => [`	397	`'Invalid, fragment in issuer URL' => [`
398	`'issuer_url' => 'https://app.example.com/#cat',`	398	`'issuerurl' => 'https://app.example.com/#cat',`
399	`'http_response' => new Response(`	399	`'httpresponse' => new Response(`
400	`200,`	400	`200,`
401	`['Content-Type' => 'application/json'],`	401	`['Content-Type' => 'application/json'],`
402	`json_encode([`	402	`json_encode([`
403	`"issuer" => "https://app.example.com",`	403	`"issuer" => "https://app.example.com",`
404	`"authorization_endpoint" => "https://app.example.com/authorize",`	404	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 429...	Línea 429...
429	`"en-GB",`	429	`"en-GB",`
430	`"fr-FR",`	430	`"fr-FR",`
431	`]`	431	`]`
432	`])`	432	`])`
433	`),`	433	`),`
434	`'well_known_suffix' => null,`	434	`'altwellknownsuffix' => null,`
435	`'expected' => [`	435	`'expected' => [`
436	`'exception' => \moodle_exception::class`	436	`'exception' => \moodle_exception::class`
437	`]`	437	`]`
438	`],`	438	`],`
439	`'Valid, port in issuer URL' => [`	439	`'Valid, port in issuer URL' => [`
440	`'issuer_url' => 'https://app.example.com:8080/some/path',`	440	`'issuerurl' => 'https://app.example.com:8080/some/path',`
441	`'http_response' => new Response(`	441	`'httpresponse' => new Response(`
442	`200,`	442	`200,`
443	`['Content-Type' => 'application/json'],`	443	`['Content-Type' => 'application/json'],`
444	`json_encode([`	444	`json_encode([`
445	`"issuer" => "https://app.example.com",`	445	`"issuer" => "https://app.example.com",`
446	`"authorization_endpoint" => "https://app.example.com/authorize",`	446	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 471...	Línea 471...
471	`"en-GB",`	471	`"en-GB",`
472	`"fr-FR",`	472	`"fr-FR",`
473	`]`	473	`]`
474	`])`	474	`])`
475	`),`	475	`),`
476	`'well_known_suffix' => null,`	476	`'altwellknownsuffix' => null,`
477	`'expected' => [`	477	`'expected' => [`
478	`'request' => [`	478	`'request' => [`
479	`'url' => 'https://app.example.com:8080/.well-known/oauth-authorization-server/some/path'`	479	`'url' => 'https://app.example.com:8080/.well-known/oauth-authorization-server/some/path'`
480	`],`	480	`],`
481	`'metadata' => [`	481	`'metadata' => [`
Línea 510...	Línea 510...
510	`]`	510	`]`
511	`]`	511	`]`
512	`]`	512	`]`
513	`],`	513	`],`
514	`'Valid, alternate well known suffix, no path' => [`	514	`'Valid, alternate well known suffix, no path' => [`
515	`'issuer_url' => 'https://app.example.com',`	515	`'issuerurl' => 'https://app.example.com',`
516	`'http_response' => new Response(`	516	`'httpresponse' => new Response(`
517	`200,`	517	`200,`
518	`['Content-Type' => 'application/json'],`	518	`['Content-Type' => 'application/json'],`
519	`json_encode([`	519	`json_encode([`
520	`"issuer" => "https://app.example.com",`	520	`"issuer" => "https://app.example.com",`
521	`"authorization_endpoint" => "https://app.example.com/authorize",`	521	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 546...	Línea 546...
546	`"en-GB",`	546	`"en-GB",`
547	`"fr-FR",`	547	`"fr-FR",`
548	`]`	548	`]`
549	`])`	549	`])`
550	`),`	550	`),`
551	`'well_known_suffix' => 'openid-configuration', // An application using the openid well known, which is valid.`	551	`'altwellknownsuffix' => 'openid-configuration', // An application using the openid well known, which is valid.`
552	`'expected' => [`	552	`'expected' => [`
553	`'request' => [`	553	`'request' => [`
554	`'url' => 'https://app.example.com/.well-known/openid-configuration'`	554	`'url' => 'https://app.example.com/.well-known/openid-configuration'`
555	`],`	555	`],`
556	`'metadata' => [`	556	`'metadata' => [`
Línea 585...	Línea 585...
585	`]`	585	`]`
586	`]`	586	`]`
587	`]`	587	`]`
588	`],`	588	`],`
589	`'Valid, alternate well known suffix, with path' => [`	589	`'Valid, alternate well known suffix, with path' => [`
590	`'issuer_url' => 'https://app.example.com/some/path/',`	590	`'issuerurl' => 'https://app.example.com/some/path/',`
591	`'http_response' => new Response(`	591	`'httpresponse' => new Response(`
592	`200,`	592	`200,`
593	`['Content-Type' => 'application/json'],`	593	`['Content-Type' => 'application/json'],`
594	`json_encode([`	594	`json_encode([`
595	`"issuer" => "https://app.example.com",`	595	`"issuer" => "https://app.example.com",`
596	`"authorization_endpoint" => "https://app.example.com/authorize",`	596	`"authorization_endpoint" => "https://app.example.com/authorize",`
Línea 621...	Línea 621...
621	`"en-GB",`	621	`"en-GB",`
622	`"fr-FR",`	622	`"fr-FR",`
623	`]`	623	`]`
624	`])`	624	`])`
625	`),`	625	`),`
626	`'well_known_suffix' => 'openid-configuration', // An application using the openid well known, which is valid.`	626	`'altwellknownsuffix' => 'openid-configuration', // An application using the openid well known, which is valid.`
627	`'expected' => [`	627	`'expected' => [`
628	`'request' => [`	628	`'request' => [`
629	`'url' => 'https://app.example.com/.well-known/openid-configuration/some/path/'`	629	`'url' => 'https://app.example.com/.well-known/openid-configuration/some/path/'`
630	`],`	630	`],`
631	`'metadata' => [`	631	`'metadata' => [`
Línea 660...	Línea 660...
660	`]`	660	`]`
661	`]`	661	`]`
662	`]`	662	`]`
663	`],`	663	`],`
664	`'Invalid, bad response' => [`	664	`'Invalid, bad response' => [`
665	`'issuer_url' => 'https://app.example.com',`	665	`'issuerurl' => 'https://app.example.com',`
666	`'http_response' => new Response(404),`	666	`'httpresponse' => new Response(404),`
667	`'well_known_suffix' => null,`	667	`'altwellknownsuffix' => null,`
668	`'expected' => [`	668	`'expected' => [`
669	`'exception' => ClientException::class`	669	`'exception' => ClientException::class`
670	`]`	670	`]`
671	`]`	671	`]`
672	`];`	672	`];`

Proyectos de Subversion Moodle

(root)/lib/tests/oauth2/discovery/auth_server_config_reader_test.php – Rev 11 → 1441