lars/accred
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Caribana
2017-05-26 11:41:26 +02:00
commit 61c24500af
6264 changed files with 645934 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

508
vendor/google/auth/tests/Credentials/ServiceAccountCredentialsTest.php vendored Normal file
View File

@@ -0,0 +1,508 @@
<?php
/*
* Copyright 2015 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Google\Auth\Tests;
use Google\Auth\ApplicationDefaultCredentials;
use Google\Auth\Credentials\ServiceAccountCredentials;
use Google\Auth\Credentials\ServiceAccountJwtAccessCredentials;
use Google\Auth\CredentialsLoader;
use Google\Auth\OAuth2;
use GuzzleHttp\Psr7;
// Creates a standard JSON auth object for testing.
function createTestJson()
{
return [
'private_key_id' => 'key123',
'private_key' => 'privatekey',
'client_email' => 'test@example.com',
'client_id' => 'client123',
'type' => 'service_account',
];
}
class SACGetCacheKeyTest extends \PHPUnit_Framework_TestCase
{
public function testShouldBeTheSameAsOAuth2WithTheSameScope()
{
$testJson = createTestJson();
$scope = ['scope/1', 'scope/2'];
$sa = new ServiceAccountCredentials(
$scope,
$testJson);
$o = new OAuth2(['scope' => $scope]);
$this->assertSame(
$testJson['client_email'] . ':' . $o->getCacheKey(),
$sa->getCacheKey()
);
}
public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSub()
{
$testJson = createTestJson();
$scope = ['scope/1', 'scope/2'];
$sub = 'sub123';
$sa = new ServiceAccountCredentials(
$scope,
$testJson,
$sub);
$o = new OAuth2(['scope' => $scope]);
$this->assertSame(
$testJson['client_email'] . ':' . $o->getCacheKey() . ':' . $sub,
$sa->getCacheKey()
);
}
public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSubAddedLater()
{
$testJson = createTestJson();
$scope = ['scope/1', 'scope/2'];
$sub = 'sub123';
$sa = new ServiceAccountCredentials(
$scope,
$testJson,
null);
$sa->setSub($sub);
$o = new OAuth2(['scope' => $scope]);
$this->assertSame(
$testJson['client_email'] . ':' . $o->getCacheKey() . ':' . $sub,
$sa->getCacheKey()
);
}
}
class SACConstructorTest extends \PHPUnit_Framework_TestCase
{
/**
* @expectedException InvalidArgumentException
*/
public function testShouldFailIfScopeIsNotAValidType()
{
$testJson = createTestJson();
$notAnArrayOrString = new \stdClass();
$sa = new ServiceAccountCredentials(
$notAnArrayOrString,
$testJson
);
}
/**
* @expectedException InvalidArgumentException
*/
public function testShouldFailIfJsonDoesNotHaveClientEmail()
{
$testJson = createTestJson();
unset($testJson['client_email']);
$scope = ['scope/1', 'scope/2'];
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
}
/**
* @expectedException InvalidArgumentException
*/
public function testShouldFailIfJsonDoesNotHavePrivateKey()
{
$testJson = createTestJson();
unset($testJson['private_key']);
$scope = ['scope/1', 'scope/2'];
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
}
/**
* @expectedException InvalidArgumentException
*/
public function testFailsToInitalizeFromANonExistentFile()
{
$keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json';
new ServiceAccountCredentials('scope/1', $keyFile);
}
public function testInitalizeFromAFile()
{
$keyFile = __DIR__ . '/../fixtures' . '/private.json';
$this->assertNotNull(
new ServiceAccountCredentials('scope/1', $keyFile)
);
}
}
class SACFromEnvTest extends \PHPUnit_Framework_TestCase
{
protected function tearDown()
{
putenv(ServiceAccountCredentials::ENV_VAR); // removes it from
}
public function testIsNullIfEnvVarIsNotSet()
{
$this->assertNull(ServiceAccountCredentials::fromEnv());
}
/**
* @expectedException DomainException
*/
public function testFailsIfEnvSpecifiesNonExistentFile()
{
$keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json';
putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile);
ApplicationDefaultCredentials::getCredentials('a scope');
}
public function testSucceedIfFileExists()
{
$keyFile = __DIR__ . '/../fixtures' . '/private.json';
putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile);
$this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope'));
}
}
class SACFromWellKnownFileTest extends \PHPUnit_Framework_TestCase
{
private $originalHome;
protected function setUp()
{
$this->originalHome = getenv('HOME');
}
protected function tearDown()
{
if ($this->originalHome != getenv('HOME')) {
putenv('HOME=' . $this->originalHome);
}
}
public function testIsNullIfFileDoesNotExist()
{
putenv('HOME=' . __DIR__ . '/../not_exists_fixtures');
$this->assertNull(
ServiceAccountCredentials::fromWellKnownFile()
);
}
public function testSucceedIfFileIsPresent()
{
putenv('HOME=' . __DIR__ . '/../fixtures');
$this->assertNotNull(
ApplicationDefaultCredentials::getCredentials('a scope')
);
}
}
class SACFetchAuthTokenTest extends \PHPUnit_Framework_TestCase
{
private $privateKey;
public function setUp()
{
$this->privateKey =
file_get_contents(__DIR__ . '/../fixtures' . '/private.pem');
}
private function createTestJson()
{
$testJson = createTestJson();
$testJson['private_key'] = $this->privateKey;
return $testJson;
}
/**
* @expectedException GuzzleHttp\Exception\ClientException
*/
public function testFailsOnClientErrors()
{
$testJson = $this->createTestJson();
$scope = ['scope/1', 'scope/2'];
$httpHandler = getHandler([
buildResponse(400),
]);
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
$sa->fetchAuthToken($httpHandler);
}
/**
* @expectedException GuzzleHttp\Exception\ServerException
*/
public function testFailsOnServerErrors()
{
$testJson = $this->createTestJson();
$scope = ['scope/1', 'scope/2'];
$httpHandler = getHandler([
buildResponse(500),
]);
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
$sa->fetchAuthToken($httpHandler);
}
public function testCanFetchCredsOK()
{
$testJson = $this->createTestJson();
$testJsonText = json_encode($testJson);
$scope = ['scope/1', 'scope/2'];
$httpHandler = getHandler([
buildResponse(200, [], Psr7\stream_for($testJsonText)),
]);
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
$tokens = $sa->fetchAuthToken($httpHandler);
$this->assertEquals($testJson, $tokens);
}
public function testUpdateMetadataFunc()
{
$testJson = $this->createTestJson();
$scope = ['scope/1', 'scope/2'];
$access_token = 'accessToken123';
$responseText = json_encode(array('access_token' => $access_token));
$httpHandler = getHandler([
buildResponse(200, [], Psr7\stream_for($responseText)),
]);
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
$update_metadata = $sa->getUpdateMetadataFunc();
$this->assertTrue(is_callable($update_metadata));
$actual_metadata = call_user_func($update_metadata,
$metadata = array('foo' => 'bar'),
$authUri = null,
$httpHandler);
$this->assertTrue(
isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]));
$this->assertEquals(
$actual_metadata[CredentialsLoader::AUTH_METADATA_KEY],
array('Bearer ' . $access_token));
}
}
class SACJwtAccessTest extends \PHPUnit_Framework_TestCase
{
private $privateKey;
public function setUp()
{
$this->privateKey =
file_get_contents(__DIR__ . '/../fixtures' . '/private.pem');
}
private function createTestJson()
{
$testJson = createTestJson();
$testJson['private_key'] = $this->privateKey;
return $testJson;
}
/**
* @expectedException InvalidArgumentException
*/
public function testFailsOnMissingClientEmail()
{
$testJson = $this->createTestJson();
unset($testJson['client_email']);
$sa = new ServiceAccountJwtAccessCredentials(
$testJson
);
}
/**
* @expectedException InvalidArgumentException
*/
public function testFailsOnMissingPrivateKey()
{
$testJson = $this->createTestJson();
unset($testJson['private_key']);
$sa = new ServiceAccountJwtAccessCredentials(
$testJson
);
}
public function testCanInitializeFromJson()
{
$testJson = $this->createTestJson();
$sa = new ServiceAccountJwtAccessCredentials(
$testJson
);
$this->assertNotNull($sa);
}
public function testNoOpOnFetchAuthToken()
{
$testJson = $this->createTestJson();
$sa = new ServiceAccountJwtAccessCredentials(
$testJson
);
$this->assertNotNull($sa);
$httpHandler = getHandler([
buildResponse(200),
]);
$result = $sa->fetchAuthToken($httpHandler); // authUri has not been set
$this->assertNull($result);
}
public function testAuthUriIsNotSet()
{
$testJson = $this->createTestJson();
$sa = new ServiceAccountJwtAccessCredentials(
$testJson
);
$this->assertNotNull($sa);
$update_metadata = $sa->getUpdateMetadataFunc();
$this->assertTrue(is_callable($update_metadata));
$actual_metadata = call_user_func($update_metadata,
$metadata = array('foo' => 'bar'),
$authUri = null);
$this->assertTrue(
!isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]));
}
public function testUpdateMetadataFunc()
{
$testJson = $this->createTestJson();
$sa = new ServiceAccountJwtAccessCredentials(
$testJson
);
$this->assertNotNull($sa);
$update_metadata = $sa->getUpdateMetadataFunc();
$this->assertTrue(is_callable($update_metadata));
$actual_metadata = call_user_func($update_metadata,
$metadata = array('foo' => 'bar'),
$authUri = 'https://example.com/service');
$this->assertTrue(
isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]));
$authorization = $actual_metadata[CredentialsLoader::AUTH_METADATA_KEY];
$this->assertTrue(is_array($authorization));
$bearer_token = current($authorization);
$this->assertTrue(is_string($bearer_token));
$this->assertTrue(strpos($bearer_token, 'Bearer ') == 0);
$this->assertTrue(strlen($bearer_token) > 30);
$actual_metadata2 = call_user_func($update_metadata,
$metadata = array('foo' => 'bar'),
$authUri = 'https://example.com/anotherService');
$this->assertTrue(
isset($actual_metadata2[CredentialsLoader::AUTH_METADATA_KEY]));
$authorization2 = $actual_metadata2[CredentialsLoader::AUTH_METADATA_KEY];
$this->assertTrue(is_array($authorization2));
$bearer_token2 = current($authorization2);
$this->assertTrue(is_string($bearer_token2));
$this->assertTrue(strpos($bearer_token2, 'Bearer ') == 0);
$this->assertTrue(strlen($bearer_token2) > 30);
$this->assertTrue($bearer_token != $bearer_token2);
}
}
class SACJwtAccessComboTest extends \PHPUnit_Framework_TestCase
{
private $privateKey;
public function setUp()
{
$this->privateKey =
file_get_contents(__DIR__ . '/../fixtures' . '/private.pem');
}
private function createTestJson()
{
$testJson = createTestJson();
$testJson['private_key'] = $this->privateKey;
return $testJson;
}
public function testNoScopeUseJwtAccess()
{
$testJson = $this->createTestJson();
// no scope, jwt access should be used, no outbound
// call should be made
$scope = null;
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
$this->assertNotNull($sa);
$update_metadata = $sa->getUpdateMetadataFunc();
$this->assertTrue(is_callable($update_metadata));
$actual_metadata = call_user_func($update_metadata,
$metadata = array('foo' => 'bar'),
$authUri = 'https://example.com/service');
$this->assertTrue(
isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]));
$authorization = $actual_metadata[CredentialsLoader::AUTH_METADATA_KEY];
$this->assertTrue(is_array($authorization));
$bearer_token = current($authorization);
$this->assertTrue(is_string($bearer_token));
$this->assertTrue(strpos($bearer_token, 'Bearer ') == 0);
$this->assertTrue(strlen($bearer_token) > 30);
}
public function testNoScopeAndNoAuthUri()
{
$testJson = $this->createTestJson();
// no scope, jwt access should be used, no outbound
// call should be made
$scope = null;
$sa = new ServiceAccountCredentials(
$scope,
$testJson
);
$this->assertNotNull($sa);
$update_metadata = $sa->getUpdateMetadataFunc();
$this->assertTrue(is_callable($update_metadata));
$actual_metadata = call_user_func($update_metadata,
$metadata = array('foo' => 'bar'),
$authUri = null);
// no access_token is added to the metadata hash
// but also, no error should be thrown
$this->assertTrue(is_array($actual_metadata));
$this->assertTrue(
!isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]));
}
}