2626use Symfony \Component \Security \Core \Exception \CredentialsExpiredException ;
2727use Symfony \Component \Security \Core \Exception \DisabledException ;
2828use Symfony \Component \Security \Core \User \UserCheckerInterface ;
29- use Symfony \Component \Security \Core \User \UserInterface ;
29+ use Symfony \Component \Security \Core \User \User ;
3030use Symfony \Component \Security \Core \User \UserProviderInterface ;
3131use Symfony \Component \Security \Http \Authenticator \Passport \Badge \UserBadge ;
3232use Symfony \Component \Security \Http \Authenticator \Passport \Credentials \PasswordCredentials ;
@@ -50,7 +50,7 @@ class OAuthAuthenticatorTest extends \PHPUnit\Framework\TestCase
5050 protected $ tokenStorage
5151
5252 /**
53- * @var \PHPUnit\Framework\MockObject\MockObject|UserInterface
53+ * @var \PHPUnit\Framework\MockObject\MockObject|User
5454 */
5555 protected $ user
5656
@@ -69,16 +69,20 @@ public function setUp(): void
6969 $ this serverService = $ this getMockBuilder (OAuth2::class)
7070 ->disableOriginalConstructor ()
7171 ->setMethods ([
72+ 'getBearerToken ' ,
7273 'getVariable ' ,
73- 'verifyAccessToken '
74+ 'verifyAccessToken ' ,
7475 ])
7576 ->getMock ()
7677 ;
7778 $ this tokenStorage = $ this getMockBuilder (TokenStorageInterface::class)->disableOriginalConstructor ()->getMock ();
78- $ this user = $ this getMockBuilder (UserInterface::class)->disableOriginalConstructor ()->getMock ();
7979 $ this userChecker = $ this getMockBuilder (UserCheckerInterface::class)->disableOriginalConstructor ()->getMock ();
8080 $ this userProvider = $ this getMockBuilder (UserProviderInterface::class)->disableOriginalConstructor ()->getMock ();
8181
82+ // mock the core user object rather than the user interface that the new
83+ // getUserIdentifier method is used rather than the deprecated getUsername
84+ $ this user = $ this getMockBuilder (User::class)->disableOriginalConstructor ()->getMock ();
85+
8286 $ this authenticator = new OAuthAuthenticator (
8387 $ this serverService ,
8488 $ this tokenStorage ,
@@ -89,12 +93,15 @@ public function setUp(): void
8993
9094 public function testAuthenticateReturnsPassportIfValid (): void
9195 {
92- // expect a token from the token storage
93- $ tokennew OAuthToken ();
94- $ tokensetToken ('mock_token_string ' );
95- $ this tokenStorage ->expects ($ this once ())
96- ->method ('getToken ' )
97- ->will ($ this returnValue ($ token
96+ // expect the OAuth2 service to get the token from the request header,
97+ // flagging the authorization header to be removed at the same time
98+ $ this serverService ->expects ($ this once ())
99+ ->method ('getBearerToken ' )
100+ ->with (
101+ $ this isInstanceOf (Request::class),
102+ $ this equalTo (true )
103+ )
104+ ->will ($ this returnValue ('mock_token_string ' ))
98105 ;
99106
100107 // expect the OAuth2 service to verify the token, returning an access token
@@ -107,18 +114,18 @@ public function testAuthenticateReturnsPassportIfValid(): void
107114 ->will ($ this returnValue ($ accessToken
108115 ;
109116
117+ // expect the username from the user
118+ $ this user ->expects ($ this once ())
119+ ->method ('getUserIdentifier ' )
120+ ->will ($ this returnValue ('test_user ' ))
121+ ;
122+
110123 // expect the user checker to pass
111124 $ this userChecker ->expects ($ this once ())
112125 ->method ('checkPreAuth ' )
113126 ->with ($ this user )
114127 ;
115128
116- // expect the username from the user
117- $ this user ->expects ($ this once ())
118- ->method ('getUsername ' )
119- ->will ($ this returnValue ('test_user ' ))
120- ;
121-
122129 $ passport$ this authenticator ->authenticate (new Request ());
123130
124131 $ this assertInstanceOf (Passport::class, $ passport
@@ -128,16 +135,20 @@ public function testAuthenticateReturnsPassportIfValid(): void
128135 $ this assertSame ('test_user ' , $ passportgetBadge (UserBadge::class)->getUserIdentifier ());
129136 $ this assertSame ('mock_token_string ' , $ passportgetBadge (OAuthCredentials::class)->getTokenString ());
130137 $ this assertSame (['ROLE_SCOPE_1 ' , 'ROLE_SCOPE_2 ' ], $ passportgetBadge (OAuthCredentials::class)->getRoles ($ this user ));
138+ $ this assertTrue ($ passportgetBadge (OAuthCredentials::class)->isResolved ());
131139 }
132140
133- public function testAuthenticateReturnsTokenInvalidWhenNullData (): void
141+ public function testAuthenticateReturnsUnresolvedPassportWhenNullUser (): void
134142 {
135- // expect a token from the token storage
136- $ tokennew OAuthToken ();
137- $ tokensetToken ('mock_token_string ' );
138- $ this tokenStorage ->expects ($ this once ())
139- ->method ('getToken ' )
140- ->will ($ this returnValue ($ token
143+ // expect the OAuth2 service to get the token from the request header,
144+ // flagging the authorization header to be removed at the same time
145+ $ this serverService ->expects ($ this once ())
146+ ->method ('getBearerToken ' )
147+ ->with (
148+ $ this isInstanceOf (Request::class),
149+ $ this equalTo (true )
150+ )
151+ ->will ($ this returnValue ('mock_token_string ' ))
141152 ;
142153
143154 // expect the OAuth2 service to verify the token, returning an access
@@ -149,26 +160,29 @@ public function testAuthenticateReturnsTokenInvalidWhenNullData(): void
149160 ->will ($ this returnValue ($ accessToken
150161 ;
151162
152- // expect an authentication exception
153- $ this expectException (AuthenticationException::class);
154- $ this expectExceptionMessage ('OAuth2 authentication failed ' );
163+ // expect the null user value to not be processed
164+ $ this userChecker ->expects ($ this never ())->method ('checkPreAuth ' );
155165
156- $ this authenticator ->authenticate (new Request ());
166+ $ passport$ this authenticator ->authenticate (new Request ());
167+
168+ // confirm that the returned passport won't pass validation
169+ $ this assertFalse ($ passportgetBadge (OAuthCredentials::class)->isResolved ());
157170 }
158171
159- public function testAuthenticateTransformsOAuthServerException (): void
172+ public function testAuthenticateReturnsUnresolvedPassportWhenInvalidToken (): void
160173 {
161- // expect a token from the token storage
162- $ tokennew OAuthToken ();
163- $ tokensetToken ('mock_token_string ' );
164- $ this tokenStorage ->expects ($ this once ())
165- ->method ('getToken ' )
166- ->will ($ this returnValue ($ token
174+ // expect the OAuth2 service to get the token from the request header,
175+ // flagging the authorization header to be removed at the same time
176+ $ this serverService ->expects ($ this once ())
177+ ->method ('getBearerToken ' )
178+ ->with (
179+ $ this isInstanceOf (Request::class),
180+ $ this equalTo (true )
181+ )
182+ ->will ($ this returnValue ('mock_token_string ' ))
167183 ;
168184
169- // expect the OAuth2 service to verify the token, returning an access
170- // token, but without a related user
171- $ accessTokennew AccessToken ();
185+ // expect the OAuth2 service to not verify the token, throwing an exception
172186 $ this serverService ->expects ($ this once ())
173187 ->method ('verifyAccessToken ' )
174188 ->with ('mock_token_string ' )
@@ -182,21 +196,26 @@ public function testAuthenticateTransformsOAuthServerException(): void
182196 ))
183197 ;
184198
185- // expect the thrown exception to be transformed into an authentication exception
186- $ this expectException (AuthenticationException::class);
187- $ this expectExceptionMessage ('OAuth2 authentication failed ' );
199+ // expect the null user value to not be processed
200+ $ this userChecker ->expects ($ this never ())->method ('checkPreAuth ' );
201+
202+ $ passport$ this authenticator ->authenticate (new Request ());
188203
189- $ this authenticator ->authenticate (new Request ());
204+ // confirm that the returned passport won't pass validation
205+ $ this assertFalse ($ passportgetBadge (OAuthCredentials::class)->isResolved ());
190206 }
191207
192208 public function testAuthenticateTransformsAccountStatusException (): void
193209 {
194- // expect a token from the token storage
195- $ tokennew OAuthToken ();
196- $ tokensetToken ('mock_token_string ' );
197- $ this tokenStorage ->expects ($ this once ())
198- ->method ('getToken ' )
199- ->will ($ this returnValue ($ token
210+ // expect the OAuth2 service to get the token from the request header,
211+ // flagging the authorization header to be removed at the same time
212+ $ this serverService ->expects ($ this once ())
213+ ->method ('getBearerToken ' )
214+ ->with (
215+ $ this isInstanceOf (Request::class),
216+ $ this equalTo (true )
217+ )
218+ ->will ($ this returnValue ('mock_token_string ' ))
200219 ;
201220
202221 // expect the OAuth2 service to verify the token, returning an access token
@@ -216,11 +235,10 @@ public function testAuthenticateTransformsAccountStatusException(): void
216235 ->willThrowException (new DisabledException ('User account is disabled. ' ))
217236 ;
218237
219- // expect the thrown exception to be transformed into an authentication exception
220- $ this expectException (AuthenticationException::class);
221- $ this expectExceptionMessage ('OAuth2 authentication failed ' );
238+ $ passport$ this authenticator ->authenticate (new Request ());
222239
223- $ this authenticator ->authenticate (new Request ());
240+ // confirm that the returned passport won't pass validation
241+ $ this assertFalse ($ passportgetBadge (OAuthCredentials::class)->isResolved ());
224242 }
225243
226244 public function testCreateAuthenticatedTokenWithValidPassport (): void
@@ -245,6 +263,12 @@ public function testCreateAuthenticatedTokenWithValidPassport(): void
245263 ->will ($ this returnValue (['ROLE_USER ' ]))
246264 ;
247265
266+ // expect a new authenticated token to be stored
267+ $ this tokenStorage ->expects ($ this once ())
268+ ->method ('setToken ' )
269+ ->with ($ this isInstanceOf (OAuthToken::class))
270+ ;
271+
248272 // configure the passport
249273 $ passportnew Passport (
250274 new UserBadge ('test_user ' ),
0 commit comments