diff --git a/src/CryptTrait.php b/src/CryptTrait.php index 6a440829b..ee481b55c 100644 --- a/src/CryptTrait.php +++ b/src/CryptTrait.php @@ -15,9 +15,9 @@ namespace League\OAuth2\Server; use Defuse\Crypto\Crypto; -use Defuse\Crypto\Key; use Defuse\Crypto\Exception\EnvironmentIsBrokenException; use Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException; +use Defuse\Crypto\Key; use Exception; use InvalidArgumentException; use LogicException; diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php index 6a6842661..2bcd756e3 100644 --- a/tests/Grant/AuthCodeGrantTest.php +++ b/tests/Grant/AuthCodeGrantTest.php @@ -1450,7 +1450,7 @@ public function testRespondToAccessTokenRequestClientMismatch(): void } } - public function testRespondToAccessTokenRequestBadCodeEncryption(): void + public function testRespondToAccessTokenRequestBadCode(): void { $client = new ClientEntity(); @@ -1492,7 +1492,7 @@ public function testRespondToAccessTokenRequestBadCodeEncryption(): void 'grant_type' => 'authorization_code', 'client_id' => 'foo', 'redirect_uri' => self::REDIRECT_URI, - 'code' => 'sdfsfsd', + 'code' => 'badCode', ] ); @@ -1500,10 +1500,66 @@ public function testRespondToAccessTokenRequestBadCodeEncryption(): void /* @var StubResponseType $response */ $grant->respondToAccessTokenRequest($request, new StubResponseType(), new DateInterval('PT10M')); } catch (OAuthServerException $e) { - self::assertEquals($e->getHint(), 'Cannot decrypt the authorization code'); + self::assertEquals($e->getErrorType(), 'invalid_grant'); + self::assertEquals($e->getHint(), 'Cannot validate the provided authorization code'); } } +public function testRespondToAccessTokenRequestNoEncryptionKey(): void +{ + $client = new ClientEntity(); + + $client->setIdentifier('foo'); + $client->setRedirectUri(self::REDIRECT_URI); + $client->setConfidential(); + + $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); + + $clientRepositoryMock->method('getClientEntity')->willReturn($client); + $clientRepositoryMock->method('validateClient')->willReturn(true); + + $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); + $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf(); + + $refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(); + $refreshTokenRepositoryMock->method('persistNewRefreshToken')->willReturnSelf(); + + $grant = new AuthCodeGrant( + $this->getMockBuilder(AuthCodeRepositoryInterface::class)->getMock(), + $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock(), + new DateInterval('PT10M') + ); + $grant->setClientRepository($clientRepositoryMock); + $grant->setAccessTokenRepository($accessTokenRepositoryMock); + $grant->setRefreshTokenRepository($refreshTokenRepositoryMock); + // We deliberately don't set an encryption key here + + $request = new ServerRequest( + [], + [], + null, + 'POST', + 'php://input', + [], + [], + [], + [ + 'grant_type' => 'authorization_code', + 'client_id' => 'foo', + 'redirect_uri' => self::REDIRECT_URI, + 'code' => 'badCode', + ] + ); + + try { + /* @var StubResponseType $response */ + $grant->respondToAccessTokenRequest($request, new StubResponseType(), new DateInterval('PT10M')); + } catch (OAuthServerException $e) { + self::assertEquals($e->getErrorType(), 'invalid_request'); + self::assertEquals($e->getHint(), 'Issue decrypting the authorization code'); + } +} + public function testRespondToAccessTokenRequestBadCodeVerifierPlain(): void { $client = new ClientEntity();