authbucket · mcfedr · Aug 8, 2017 · Aug 8, 2017 · Aug 8, 2017 · Aug 10, 2017
diff --git a/composer.json b/composer.json
@@ -35,7 +35,7 @@
     "license": "MIT",
     "name": "authbucket/oauth2-symfony-bundle",
     "require": {
-        "authbucket/oauth2-php": "~5.0.0-alpha4",
+        "authbucket/oauth2-php": "dev-master as ~5.0-dev",
         "php": ">=5.5.9",
         "symfony/framework-bundle": "~3.2",
         "symfony/monolog-bundle": "~3.0",
@@ -53,5 +53,11 @@
         "symfony/symfony": "~3.2",
         "twig/extensions": "~1.0"
     },
-    "type": "symfony-bundle"
+    "type": "symfony-bundle",
+    "repositories": [
+        {
+            "type": "vcs",
+            "url": "https://github.com/mcfedr/oauth2-php"
+        }
+    ]
 }
diff --git a/src/DependencyInjection/AuthBucketOAuth2Extension.php b/src/DependencyInjection/AuthBucketOAuth2Extension.php
@@ -49,8 +49,11 @@ public function load(array $configs, ContainerBuilder $container)
 
         $userProvider = $config['user_provider'] ?: null;
         if ($userProvider) {
+            $userProviderReference = new Reference($userProvider);
             $container->getDefinition('authbucket_oauth2.grant_type_handler.factory')
-                ->replaceArgument(5, new Reference($userProvider));
+                ->replaceArgument(5, $userProviderReference);
+            $container->getDefinition('security.authentication.provider.resource')
+                ->replaceArgument(5, $userProviderReference);
         }
         unset($config['user_provider']);
 

diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php
@@ -48,6 +48,12 @@ public function getConfigTreeBuilder()
                 ->arrayNode('resource_type_handler')
                     ->prototype('scalar')->end()
                 ->end()
+                ->arrayNode('client_token_roles')
+                    ->prototype('scalar')->end()
+                ->end()
+                ->arrayNode('resource_token_roles')
+                    ->prototype('scalar')->end()
+                ->end()
             ->end();
 
         return $treeBuilder;

diff --git a/src/DependencyInjection/Security/Factory/ResourceFactory.php b/src/DependencyInjection/Security/Factory/ResourceFactory.php
@@ -11,9 +11,11 @@
 
 namespace AuthBucket\Bundle\OAuth2Bundle\DependencyInjection\Security\Factory;
 
+use AuthBucket\OAuth2\Symfony\Component\Security\Http\EntryPoint\ResourceAuthenticationEntryPoint;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Definition;
 use Symfony\Component\DependencyInjection\DefinitionDecorator;
 
 class ResourceFactory implements SecurityFactoryInterface
@@ -38,6 +40,13 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
         $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.resource'))
             ->replaceArgument(0, $id);
 
+        if (!$defaultEntryPoint) {
+            $entryPointId = 'security.authentication.entrypoint.token.'.$id;
+            $container->setDefinition($entryPointId, new Definition(ResourceAuthenticationEntryPoint::class));
+
+            $defaultEntryPoint = $entryPointId;
+        }
+
         return [$providerId, $listenerId, $defaultEntryPoint];
     }
 

diff --git a/src/DependencyInjection/Security/Factory/TokenFactory.php b/src/DependencyInjection/Security/Factory/TokenFactory.php
@@ -11,9 +11,11 @@
 
 namespace AuthBucket\Bundle\OAuth2Bundle\DependencyInjection\Security\Factory;
 
+use AuthBucket\OAuth2\Symfony\Component\Security\Http\EntryPoint\TokenAuthenticationEntryPoint;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Definition;
 use Symfony\Component\DependencyInjection\DefinitionDecorator;
 
 class TokenFactory implements SecurityFactoryInterface
@@ -28,6 +30,13 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
         $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.token'))
             ->replaceArgument(0, $id);
 
+        if (!$defaultEntryPoint) {
+            $entryPointId = 'security.authentication.entrypoint.token.'.$id;
+            $container->setDefinition($entryPointId, new Definition(TokenAuthenticationEntryPoint::class));
+
+            $defaultEntryPoint = $entryPointId;
+        }
+
         return [$providerId, $listenerId, $defaultEntryPoint];
     }
 

diff --git a/src/Entity/Authorize.php b/src/Entity/Authorize.php
@@ -42,6 +42,13 @@ abstract class Authorize implements AuthorizeInterface
      */
     protected $scope;
 
+    /**
+     * @var array
+     *
+     * @ORM\Column(name="grant_type", type="array")
+     */
+    protected $grantType;
+
     /**
      * Set client_id.
      *
@@ -113,4 +120,28 @@ public function getScope()
     {
         return $this->scope;
     }
+
+    /**
+     * Set grant type.
+     *
+     * @param array $grantType
+     *
+     * @return Authorize
+     */
+    public function setGrantType($grantType)
+    {
+        $this->grantType = $grantType;
+
+        return $this;
+    }
+
+    /**
+     * Get grant type.
+     *
+     * @return array
+     */
+    public function getGrantType()
+    {
+        return $this->grantType;
+    }
 }
diff --git a/src/Resources/config/services.yml b/src/Resources/config/services.yml
@@ -17,6 +17,12 @@ parameters:
         model:              AuthBucket\OAuth2\ResourceType\ModelResourceTypeHandler
         debug_endpoint:     AuthBucket\OAuth2\ResourceType\DebugEndpointResourceTypeHandler
 
+    authbucket_oauth2.client_token_roles:
+        - ROLE_CLIENT_ID
+
+    authbucket_oauth2.resource_token_roles:
+        - ROLE_RESOURCE
+
 services:
     authbucket_oauth2.exception_listener:
         class: AuthBucket\OAuth2\Symfony\Component\EventDispatcher\ExceptionListener
@@ -90,6 +96,7 @@ services:
             - "@security.authentication.manager"
             - "@validator"
             - "@logger"
+            - "%authbucket_oauth2.client_token_roles%"
 
     security.authentication.provider.resource:
         class: AuthBucket\OAuth2\Symfony\Component\Security\Core\Authentication\Provider\ResourceProvider
@@ -99,6 +106,7 @@ services:
             - ~
             - ~
             - ~
+            - ~
 
     security.authentication.listener.resource:
         class: AuthBucket\OAuth2\Symfony\Component\Security\Http\Firewall\ResourceListener
@@ -109,3 +117,4 @@ services:
             - "@validator"
             - "@logger"
             - "@authbucket_oauth2.token_type_handler.factory"
+            - "%authbucket_oauth2.resource_token_roles%"
diff --git a/tests/Controller/OAuth2ControllerTest.php b/tests/Controller/OAuth2ControllerTest.php
@@ -36,6 +36,19 @@ public function testExceptionNoResponseType()
         $this->assertSame('invalid_request', $tokenResponse['error']);
     }
 
+    public function testExceptionNotLoggedIn()
+    {
+        $parameters = [
+            'client_id' => '1234',
+        ];
+        $server = [
+
+        ];
+        $client = $this->createClient();
+        $crawler = $client->request('GET', '/api/oauth2/authorize', $parameters, [], $server);
+        $this->assertSame(401, $client->getResponse()->getStatusCode());
+    }
+
     public function testErrorBadResponseType()
     {
         $parameters = [

diff --git a/tests/GrantType/AuthorizationCodeGrantTypeHandlerTest.php b/tests/GrantType/AuthorizationCodeGrantTypeHandlerTest.php
@@ -145,9 +145,13 @@ public function testGoodAuthCode()
         $crawler = $client->request('POST', '/api/oauth2/token', $parameters, [], $server);
         $this->assertNotNull(json_decode($client->getResponse()->getContent()));
 
+    }
+
+    public function testGoodAuthCodePostClient()
+    {
         $parameters = [
             'grant_type' => 'authorization_code',
-            'code' => 'f0c68d250bcc729eb780a235371a9a55',
+            'code' => 'f0c68d250bcc729eb780a235371a9a56',
             'redirect_uri' => 'http://democlient2.com/redirect_uri',
             'client_id' => 'http://democlient2.com/',
             'client_secret' => 'demosecret2',
@@ -164,7 +168,7 @@ public function testGoodAuthCodeNoPassedRedirectUri()
     {
         $parameters = [
             'grant_type' => 'authorization_code',
-            'code' => 'f0c68d250bcc729eb780a235371a9a55',
+            'code' => 'f0c68d250bcc729eb780a235371a9a57',
             'client_id' => 'http://democlient2.com/',
             'client_secret' => 'demosecret2',
             'state' => 'f0c68d250bcc729eb780a235371a9a55',

diff --git a/tests/GrantType/RefreshTokenGrantTypeHandlerTest.php b/tests/GrantType/RefreshTokenGrantTypeHandlerTest.php
@@ -163,10 +163,13 @@ public function testGoodRefreshToken()
         $crawler = $client->request('POST', '/api/oauth2/token', $parameters, [], $server);
         $this->assertSame(200, $client->getResponse()->getStatusCode());
         $this->assertNotNull(json_decode($client->getResponse()->getContent()));
+    }
 
+    public function testGoodRefreshTokenHttpClientAuth()
+    {
         $parameters = [
             'grant_type' => 'refresh_token',
-            'refresh_token' => '288b5ea8e75d2b24368a79ed5ed9593b',
+            'refresh_token' => '288b5ea8e75d2b24368a79ed5ed9593c',
         ];
         $server = [
             'PHP_AUTH_USER' => 'http://democlient3.com/',

diff --git a/tests/TestBundle/DataFixtures/ORM/AuthorizeFixture.php b/tests/TestBundle/DataFixtures/ORM/AuthorizeFixture.php
@@ -77,6 +77,11 @@ public function load(ObjectManager $manager)
             ->setUsername('demousername1')
             ->setScope([
                 'demoscope1',
+            ])
+            ->setGrantType([
+                'authorization_code',
+                'implicit',
+                'password',
             ]);
         $manager->persist($model);
 
@@ -96,6 +101,11 @@ public function load(ObjectManager $manager)
                 'demoscope1',
                 'demoscope2',
                 'demoscope3',
+            ])
+            ->setGrantType([
+                'authorization_code',
+                'implicit',
+                'password',
             ]);
         $manager->persist($model);
 
@@ -106,6 +116,9 @@ public function load(ObjectManager $manager)
                 'demoscope1',
                 'demoscope2',
                 'demoscope3',
+            ])
+            ->setGrantType([
+                'client_credentials',
             ]);
         $manager->persist($model);
 

diff --git a/tests/TestBundle/DataFixtures/ORM/CodeFixture.php b/tests/TestBundle/DataFixtures/ORM/CodeFixture.php
@@ -31,6 +31,30 @@ public function load(ObjectManager $manager)
             ]);
         $manager->persist($model);
 
+        $model = new Code();
+        $model->setCode('f0c68d250bcc729eb780a235371a9a56')
+            ->setClientId('http://democlient2.com/')
+            ->setUsername('demousername2')
+            ->setRedirectUri('http://democlient2.com/redirect_uri')
+            ->setExpires(new \DateTime('+10 minutes'))
+            ->setScope([
+                'demoscope1',
+                'demoscope2',
+            ]);
+        $manager->persist($model);
+
+        $model = new Code();
+        $model->setCode('f0c68d250bcc729eb780a235371a9a57')
+            ->setClientId('http://democlient2.com/')
+            ->setUsername('demousername2')
+            ->setRedirectUri('http://democlient2.com/redirect_uri')
+            ->setExpires(new \DateTime('+10 minutes'))
+            ->setScope([
+                'demoscope1',
+                'demoscope2',
+            ]);
+        $manager->persist($model);
+
         $model = new Code();
         $model->setCode('1e5aa97ddaf4b0228dfb4223010d4417')
             ->setClientId('http://democlient1.com/')

diff --git a/tests/TestBundle/DataFixtures/ORM/RefreshTokenFixture.php b/tests/TestBundle/DataFixtures/ORM/RefreshTokenFixture.php
@@ -52,6 +52,18 @@ public function load(ObjectManager $manager)
             ]);
         $manager->persist($model);
 
+        $model = new RefreshToken();
+        $model->setRefreshToken('288b5ea8e75d2b24368a79ed5ed9593c')
+            ->setClientId('http://democlient3.com/')
+            ->setUsername('demousername3')
+            ->setExpires(new \DateTime('+1 days'))
+            ->setScope([
+                'demoscope1',
+                'demoscope2',
+                'demoscope3',
+            ]);
+        $manager->persist($model);
+
         $manager->flush();
     }
 }
diff --git a/tests/TokenType/BearerTokenTypeHandlerTest.php b/tests/TokenType/BearerTokenTypeHandlerTest.php
@@ -22,7 +22,7 @@ public function testExceptionNoToken()
         $server = [];
         $client = $this->createClient();
         $crawler = $client->request('GET', '/api/oauth2/debug', $parameters, [], $server);
-        $this->assertSame(400, $client->getResponse()->getStatusCode());
+        $this->assertSame(401, $client->getResponse()->getStatusCode());
         $this->assertNotNull(json_decode($client->getResponse()->getContent()));
         $tokenResponse = json_decode($client->getResponse()->getContent(), true);
         $this->assertSame('invalid_request', $tokenResponse['error']);
@@ -38,7 +38,7 @@ public function testExceptionDuplicateToken()
         ];
         $client = $this->createClient();
         $crawler = $client->request('GET', '/api/oauth2/debug', $parameters, [], $server);
-        $this->assertSame(400, $client->getResponse()->getStatusCode());
+        $this->assertSame(401, $client->getResponse()->getStatusCode());
         $this->assertNotNull(json_decode($client->getResponse()->getContent()));
         $tokenResponse = json_decode($client->getResponse()->getContent(), true);
         $this->assertSame('invalid_request', $tokenResponse['error']);