pax_global_header00006660000000000000000000000064126346230450014517gustar00rootroot0000000000000052 comment=7ff4cce0c9d3c6bcba154e15fba76b89d1847340 google-auth-library-php-0.5/000077500000000000000000000000001263462304500160255ustar00rootroot00000000000000google-auth-library-php-0.5/.gitignore000066400000000000000000000000301263462304500200060ustar00rootroot00000000000000*~ vendor composer.lock google-auth-library-php-0.5/.travis.yml000066400000000000000000000011571263462304500201420ustar00rootroot00000000000000language: php sudo: false php: - 5.4 - 5.5 - 5.6 - 7.0 - hhvm env: global: - FIREBASE_JWT_VERSION=3.0.0 matrix: - GUZZLE_VERSION=5.3 - GUZZLE_VERSION=~6.0 matrix: exclude: - php: 5.4 env: GUZZLE_VERSION=~6.0 # run one test with minimum firebase version include: - php: 5.5 env: FIREBASE_JWT_VERSION=2.0.0 GUZZLE_VERSION=~5.3 before_script: - composer install - composer require firebase/php-jwt:$FIREBASE_JWT_VERSION - composer require guzzlehttp/guzzle:$GUZZLE_VERSION script: - vendor/bin/phpunit - vendor/bin/phplint src/ - vendor/bin/phplint tests/ google-auth-library-php-0.5/CHANGELOG.md000066400000000000000000000003551263462304500176410ustar00rootroot00000000000000## 0.4.0 (23/04/2015) ### Changes * Export callback function to update auth metadata ([@stanley-cheung][]) * Adds an implementation of User Refresh Token auth ([@stanley-cheung][]) [@stanley-cheung]: https://github.com/stanley-cheung google-auth-library-php-0.5/CONTRIBUTING.md000066400000000000000000000071071263462304500202630ustar00rootroot00000000000000# How to become a contributor and submit your own code ## Contributor License Agreements We'd love to accept your sample apps and patches! Before we can take them, we have to jump a couple of legal hurdles. Please fill out either the individual or corporate Contributor License Agreement (CLA). * If you are an individual writing original source code and you're sure you own the intellectual property, then you'll need to sign an [individual CLA] (http://code.google.com/legal/individual-cla-v1.0.html). * If you work for a company that wants to allow you to contribute your work, then you'll need to sign a [corporate CLA] (http://code.google.com/legal/corporate-cla-v1.0.html). Follow either of the two links above to access the appropriate CLA and instructions for how to sign and return it. Once we receive it, we'll be able to accept your pull requests. ## Issue reporting * Check that the issue has not already been reported. * Check that the issue has not already been fixed in the latest code (a.k.a. `master`). * Be clear, concise and precise in your description of the problem. * Open an issue with a descriptive title and a summary in grammatically correct, complete sentences. * Include any relevant code to the issue summary. ## Pull requests * Read [how to properly contribute to open source projects on Github][2]. * Fork the project. * Use a topic/feature branch to easily amend a pull request later, if necessary. * Write [good commit messages][3]. * Use the same coding conventions as the rest of the project. * Commit and push until you are happy with your contribution. * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally. * Add an entry to the [Changelog](CHANGELOG.md) accordingly. See [changelog entry format](#changelog-entry-format). * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it. * Make sure the test suite is passing and the code you wrote doesn't produce phpunit or phplint offenses. * [Squash related commits together][5]. * Open a [pull request][4] that relates to *only* one subject with a clear title and description in grammatically correct, complete sentences. ### Changelog entry format Here are a few examples: ``` * ADC Support for User Refresh Tokens (@tbetbetbe[]) * [#16](https://github.com/google/google-auth-library-php/issues/16): ADC Support for User Refresh Tokens ([@tbetbetbe][]) ``` * Mark it up in [Markdown syntax][6]. * The entry line should start with `* ` (an asterisk and a space). * If the change has a related GitHub issue (e.g. a bug fix for a reported issue), put a link to the issue as `[#16](https://github.com/google/google-auth-library-php/issues/16): `. * Describe the brief of the change. The sentence should end with a punctuation. * At the end of the entry, add an implicit link to your GitHub user page as `([@username][])`. * If this is your first contribution to google-auth-library-php project, add a link definition for the implicit link to the bottom of the changelog as `[@username]: https://github.com/username`. [1]: https://github.com/google/google-auth-php-library/issues [2]: http://gun.io/blog/how-to-github-fork-branch-and-pull-request [3]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html [4]: https://help.github.com/articles/using-pull-requests [5]: http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html [6]: http://daringfireball.net/projects/markdown/syntax google-auth-library-php-0.5/COPYING000066400000000000000000000261161263462304500170660ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright 2015 Google Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. google-auth-library-php-0.5/LICENSE000066400000000000000000000240201263462304500170300ustar00rootroot00000000000000Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. google-auth-library-php-0.5/README.md000066400000000000000000000124701263462304500173100ustar00rootroot00000000000000# Google Auth Library for PHP
Homepage
http://www.github.com/google/google-auth-library-php
Authors
Tim Emiola
Stanley Cheung
Copyright
Copyright © 2015 Google, Inc.
License
Apache 2.0
## Description This is Google's officially supported PHP client library for using OAuth 2.0 authorization and authentication with Google APIs. ## Alpha This library is in Alpha. We will make an effort to support the library, but we reserve the right to make incompatible changes when necessary. ### Installing via Composer The recommended way to install the google auth library is through [Composer](http://getcomposer.org). ```bash # Install Composer curl -sS https://getcomposer.org/installer | php ``` Next, run the Composer command to install the latest stable version: ```bash composer.phar require google/auth:dev-master ``` > As this project is in alpha, there is currently no "stable" composer version, > so specifying `dev-master` is required. ## Application Default Credentials This library provides an implementation of [application default credentials][application default credentials] for PHP. The Application Default Credentials provide a simple way to get authorization credentials for use in calling Google APIs. They are best suited for cases when the call needs to have the same identity and authorization level for the application independent of the user. This is the recommended approach to authorize calls to Cloud APIs, particularly when you're building an application that uses Google Compute Engine. #### Download your Service Account Credentials JSON file To use `Application Default Credentials`, You first need to download a set of JSON credentials for your project. Go to **APIs & Auth** > **Credentials** in the [Google Developers Console](developer console) and select **Service account** from the **Add credentials** dropdown. > This file is your *only copy* of these credentials. It should never be > committed with your source code, and should be stored securely. Once downloaded, store the path to this file in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. ```php putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json'); ``` > PHP's `putenv` function is just one way to set an environment variable. > Consider using `.htaccess` or apache configuration files as well. #### Enable the API you want to use Before making your API call, you must be sure the API you're calling has been enabled. Go to **APIs & Auth** > **APIs** in the [Google Developers Console](developer console) and enable the APIs you'd like to call. For the example below, you must enable the `Drive API`. #### Call the APIs As long as you update the environment variable below to point to *your* JSON credentials file, the following code should output a list of your Drive files. ```php use Google\Auth\ApplicationDefaultCredentials; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack; // specify the path to your application credentials putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json'); // define the scopes for your API call $scopes = ['https://www.googleapis.com/auth/drive.readonly']; // create middleware $middleware = ApplicationDefaultCredentials::getMiddleware($scopes); $stack = HandlerStack::create(); $stack->push($middleware); // create the HTTP client $client = new Client([ 'handler' => $stack 'base_url' => 'https://www.googleapis.com', 'auth' => 'google_auth' // authorize all requests ]); // make the request $response = $client->get('drive/v2/files'); // show the result! print_r((string) $response->getBody()); ``` ## What about auth in google-apis-php-client? The goal is for auth done by [google-apis-php-client][google-apis-php-client] to be be performed by this library. Eventually, google-apis-php-client should have a dependency on this library. At the moment, there is no ETA for this, a key prequisite being for google-apis-php-client itself take a dependency on [Guzzle][Guzzle] so that it can use the Guzzle subscribers that this package provides. That's currently [being discussed](http://github.com/google/google-api-php-client#473). This package's availability should make that transition simpler as there is one less thing that need to be handled. ## License This library is licensed under Apache 2.0. Full license text is available in [COPYING][copying]. ## Contributing See [CONTRIBUTING][contributing]. ## Support Please [report bugs at the project on Github](https://github.com/google/google-auth-library-php/issues). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-php) about the client or APIs on [StackOverflow](http://stackoverflow.com). [google-apis-php-client]: https://github.com/google/google-api-php-client [application default credentials]: https://developers.google.com/accounts/docs/application-default-credentials [contributing]: https://github.com/google/google-auth-library-php/tree/master/CONTRIBUTING.md [copying]: https://github.com/google/google-auth-library-php/tree/master/COPYING [Guzzle]: https://github.com/guzzle/guzzle [developer console]: https://console.developers.google.com google-auth-library-php-0.5/autoload.php000066400000000000000000000020741263462304500203510ustar00rootroot00000000000000 3) { // Maximum class file path depth in this project is 3. $classPath = array_slice($classPath, 0, 3); } $filePath = dirname(__FILE__) . '/src/' . implode('/', $classPath) . '.php'; if (file_exists($filePath)) { require_once($filePath); } } spl_autoload_register('oauth2client_php_autoload'); google-auth-library-php-0.5/composer.json000066400000000000000000000011541263462304500205500ustar00rootroot00000000000000{ "name": "google/auth", "type": "library", "description": "Google Auth Library for PHP", "keywords": ["google", "oauth2", "authentication"], "homepage": "http://github.com/google/google-auth-library-php", "license": "Apache-2.0", "require": { "firebase/php-jwt": "~2.0|~3.0", "guzzlehttp/guzzle": "~5.2|~6.0", "php": ">=5.4", "guzzlehttp/psr7": "1.2.*", "psr/http-message": "1.0.*" }, "require-dev": { "phpunit/phpunit": "3.7.*", "phplint/phplint": "0.0.1" }, "autoload": { "classmap": [ "src/" ], "psr-4": { "Google\\Auth\\": "src" } } } google-auth-library-php-0.5/phpunit.xml.dist000066400000000000000000000006731263462304500212060ustar00rootroot00000000000000 tests src src/ google-auth-library-php-0.5/src/000077500000000000000000000000001263462304500166145ustar00rootroot00000000000000google-auth-library-php-0.5/src/ApplicationDefaultCredentials.php000066400000000000000000000126031263462304500252550ustar00rootroot00000000000000push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); */ class ApplicationDefaultCredentials { /** * Obtains an AuthTokenSubscriber that uses the default FetchAuthTokenInterface * implementation to use in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the compute engine defaults. * * @param string|array scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param object $cache an implementation of CacheInterface * * @throws DomainException if no implementation can be obtained. */ public static function getSubscriber( $scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheInterface $cache = null ) { $creds = self::getCredentials($scope, $httpHandler); return new AuthTokenSubscriber($creds, $cacheConfig, $cache, $httpHandler); } /** * Obtains an AuthTokenMiddleware that uses the default FetchAuthTokenInterface * implementation to use in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the compute engine defaults. * * @param string|array scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable $httpHandler callback which delivers psr7 request * @param cacheConfig configuration for the cache when it's present * @param object $cache an implementation of CacheInterface * * @throws DomainException if no implementation can be obtained. */ public static function getMiddleware( $scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheInterface $cache = null ) { $creds = self::getCredentials($scope, $httpHandler); return new AuthTokenMiddleware($creds, $cacheConfig, $cache, $httpHandler); } /** * Obtains the default FetchAuthTokenInterface implementation to use * in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the Compute Engine defaults. * * @param string|array scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * * @param callable $httpHandler callback which delivers psr7 request * @throws DomainException if no implementation can be obtained. */ public static function getCredentials($scope = null, callable $httpHandler = null) { $creds = CredentialsLoader::fromEnv($scope); if (!is_null($creds)) { return $creds; } $creds = CredentialsLoader::fromWellKnownFile($scope); if (!is_null($creds)) { return $creds; } if (AppIdentityCredentials::onAppEngine()) { return new AppIdentityCredentials($scope); } if (GCECredentials::onGce($httpHandler)) { return new GCECredentials(); } throw new \DomainException(self::notFound()); } private static function notFound() { $msg = 'Could not load the default credentials. Browse to '; $msg .= 'https://developers.google.com'; $msg .= '/accounts/docs/application-default-credentials'; $msg .= ' for more information' ; return $msg; } } google-auth-library-php-0.5/src/CacheInterface.php000066400000000000000000000024441263462304500221550ustar00rootroot00000000000000 $value * * Implementations will serialize $value. * * @param string $key the cachke key * @param string $value data */ public function set($key, $value); /** * Removes the key/data pair. * * @param String $key */ public function delete($key); } google-auth-library-php-0.5/src/CacheTrait.php000066400000000000000000000031411263462304500213330ustar00rootroot00000000000000cache)) { return null; } if (isset($this->fetcher)) { $fetcherKey = $this->fetcher->getCacheKey(); } else { $fetcherKey = $this->getCacheKey(); } if (is_null($fetcherKey)) { return null; } $key = $this->cacheConfig['prefix'] . $fetcherKey; return $this->cache->get($key, $this->cacheConfig['lifetime']); } /** * Saves the value in the cache when that is available. */ private function setCachedValue($v) { if (is_null($this->cache)) { return; } if (isset($this->fetcher)) { $fetcherKey = $this->fetcher->getCacheKey(); } else { $fetcherKey = $this->getCacheKey(); } if (is_null($fetcherKey)) { return; } $key = $this->cacheConfig['prefix'] . $fetcherKey; $this->cache->set($key, $v); } } google-auth-library-php-0.5/src/Credentials/000077500000000000000000000000001263462304500210515ustar00rootroot00000000000000google-auth-library-php-0.5/src/Credentials/AppIdentityCredentials.php000066400000000000000000000071611263462304500261770ustar00rootroot00000000000000push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/books/v1', * 'auth' => 'google_auth' * ]); * * $res = $client->get('volumes?q=Henry+David+Thoreau&country=US'); */ class AppIdentityCredentials extends CredentialsLoader { private $scope; public function __construct($scope = array()) { $this->scope = $scope; } /** * Determines if this an App Engine instance, by accessing the SERVER_SOFTWARE * environment variable. * * @return true if this an App Engine Instance, false otherwise */ public static function onAppEngine() { return (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Google App Engine') !== false); } /** * Implements FetchAuthTokenInterface#fetchAuthToken. * * Fetches the auth tokens using the AppIdentityService if available. * As the AppIdentityService uses protobufs to fetch the access token, * the GuzzleHttp\ClientInterface instance passed in will not be used. * * @param callable $httpHandler callback which delivers psr7 request * @return array the auth metadata: * array(2) { * ["access_token"]=> * string(3) "xyz" * ["expiration_time"]=> * string(10) "1444339905" * } */ public function fetchAuthToken(callable $httpHandler = null) { if (!self::onAppEngine()) { return array(); } if (!class_exists('google\appengine\api\app_identity\AppIdentityService')) { throw new \Exception( 'This class must be run in App Engine, or you must include the AppIdentityService ' . 'mock class defined in tests/mocks/AppIdentityService.php' ); } // AppIdentityService expects an array when multiple scopes are supplied $scope = is_array($this->scope) ? $this->scope : explode(' ', $this->scope); $token = AppIdentityService::getAccessToken($scope); return $token; } /** * Implements FetchAuthTokenInterface#getCacheKey. * * @return 'GOOGLE_AUTH_PHP_APPIDENTITY' */ public function getCacheKey() { return 'GOOGLE_AUTH_PHP_APPIDENTITY'; } } google-auth-library-php-0.5/src/Credentials/GCECredentials.php000066400000000000000000000120011263462304500243300ustar00rootroot00000000000000push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); */ class GCECredentials extends CredentialsLoader { /** * The metadata IP address on appengine instances. * * The IP is used instead of the domain 'metadata' to avoid slow responses * when not on Compute Engine. */ const METADATA_IP = '169.254.169.254'; /** * The metadata path of the default token. */ const TOKEN_URI_PATH = 'v1/instance/service-accounts/default/token'; /** * The header whose presence indicates GCE presence. */ const FLAVOR_HEADER = 'Metadata-Flavor'; /** * Flag used to ensure that the onGCE test is only done once; */ private $hasCheckedOnGce = false; /** * Flag that stores the value of the onGCE check. */ private $isOnGce = false; /** * The full uri for accessing the default token. */ public static function getTokenUri() { $base = 'http://' . self::METADATA_IP . '/computeMetadata/'; return $base . self::TOKEN_URI_PATH; } /** * Determines if this a GCE instance, by accessing the expected metadata * host. * If $httpHandler is not specified a the default HttpHandler is used. * * @param callable $httpHandler callback which delivers psr7 request * @return true if this a GCEInstance false otherwise */ public static function onGce(callable $httpHandler = null) { if (is_null($httpHandler)) { $httpHandler = HttpHandlerFactory::build(); } $checkUri = 'http://' . self::METADATA_IP; try { // Comment from: oauth2client/client.py // // Note: the explicit `timeout` below is a workaround. The underlying // issue is that resolving an unknown host on some networks will take // 20-30 seconds; making this timeout short fixes the issue, but // could lead to false negatives in the event that we are on GCE, but // the metadata resolution was particularly slow. The latter case is // "unlikely". $resp = $httpHandler( new Request('GET', $checkUri), ['timeout' => 0.3] ); return $resp->getHeaderLine(self::FLAVOR_HEADER) == 'Google'; } catch (ClientException $e) { return false; } catch (ServerException $e) { return false; } catch (RequestException $e) { return false; } } /** * Implements FetchAuthTokenInterface#fetchAuthToken. * * Fetches the auth tokens from the GCE metadata host if it is available. * If $httpHandler is not specified a the default HttpHandler is used. * * @param callable $httpHandler callback which delivers psr7 request * @return array the response */ public function fetchAuthToken(callable $httpHandler = null) { if (is_null($httpHandler)) { $httpHandler = HttpHandlerFactory::build(); } if (!$this->hasCheckedOnGce) { $this->isOnGce = self::onGce($httpHandler); } if (!$this->isOnGce) { return array(); // return an empty array with no access token } $resp = $httpHandler( new Request( 'GET', self::getTokenUri(), [self::FLAVOR_HEADER => 'Google'] ) ); $body = (string) $resp->getBody(); // Assume it's JSON; if it's not throw an exception if (null === $json = json_decode($body, true)) { throw new \Exception('Invalid JSON response'); } return $json; } /** * Implements FetchAuthTokenInterface#getCacheKey. * * @return 'GOOGLE_AUTH_PHP_GCE' */ public function getCacheKey() { return 'GOOGLE_AUTH_PHP_GCE'; } } google-auth-library-php-0.5/src/Credentials/IAMCredentials.php000066400000000000000000000043011263462304500243440ustar00rootroot00000000000000selector = $selector; $this->token = $token; } /** * export a callback function which updates runtime metadata * * @return an updateMetadata function */ public function getUpdateMetadataFunc() { return array($this, 'updateMetadata'); } /** * Updates metadata with the appropriate header metadata * * @param array $metadata metadata hashmap * @param string $unusedAuthUri optional auth uri * @param callable $httpHandler callback which delivers psr7 request * Note: this param is unused here, only included here for * consistency with other credentials class * * @return array updated metadata hashmap */ public function updateMetadata( $metadata, $unusedAuthUri = null, callable $httpHandler = null ) { $metadata_copy = $metadata; $metadata_copy[self::SELECTOR_KEY] = $this->selector; $metadata_copy[self::TOKEN_KEY] = $this->token; return $metadata_copy; } } google-auth-library-php-0.5/src/Credentials/ServiceAccountCredentials.php000066400000000000000000000116601263462304500266610ustar00rootroot00000000000000)); * $sa = new ServiceAccountCredentials( * 'https://www.googleapis.com/auth/taskqueue', * $stream * ); * $middleware = new AuthTokenMiddleware($sa); * $stack = HandlerStack::create(); * $stack->push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); */ class ServiceAccountCredentials extends CredentialsLoader { /** * Create a new ServiceAccountCredentials. * * @param string|array $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * * @param array $jsonKey JSON credentials. * * @param string $jsonKeyPath the path to a file containing JSON credentials. If * jsonKeyStream is set, it is ignored. * * @param string $sub an email address account to impersonate, in situations when * the service account has been delegated domain wide access. */ public function __construct( $scope, $jsonKey, $jsonKeyPath = null, $sub = null ) { if (is_null($jsonKey)) { $jsonKeyStream = Psr7\stream_for(file_get_contents($jsonKeyPath)); $jsonKey = json_decode($jsonKeyStream->getContents(), true); } if (!array_key_exists('client_email', $jsonKey)) { throw new \InvalidArgumentException( 'json key is missing the client_email field'); } if (!array_key_exists('private_key', $jsonKey)) { throw new \InvalidArgumentException( 'json key is missing the private_key field'); } $this->auth = new OAuth2([ 'audience' => self::TOKEN_CREDENTIAL_URI, 'issuer' => $jsonKey['client_email'], 'scope' => $scope, 'signingAlgorithm' => 'RS256', 'signingKey' => $jsonKey['private_key'], 'sub' => $sub, 'tokenCredentialUri' => self::TOKEN_CREDENTIAL_URI ]); } /** * Implements FetchAuthTokenInterface#fetchAuthToken. */ public function fetchAuthToken(callable $httpHandler = null) { return $this->auth->fetchAuthToken($httpHandler); } /** * Implements FetchAuthTokenInterface#getCacheKey. */ public function getCacheKey() { $key = $this->auth->getIssuer() . ':' . $this->auth->getCacheKey(); if ($sub = $this->auth->getSub()) { $key .= ':' . $sub; } return $key; } /** * Updates metadata with the authorization token * * @param array $metadata metadata hashmap * @param string $authUri optional auth uri * @param callable $httpHandler callback which delivers psr7 request * * @return array updated metadata hashmap */ public function updateMetadata( $metadata, $authUri = null, callable $httpHandler = null ) { // scope exists. use oauth implementation $scope = $this->auth->getScope(); if (!is_null($scope)) { return parent::updateMetadata($metadata, $authUri, $httpHandler); } // no scope found. create jwt with the auth uri $credJson = array( 'private_key' => $this->auth->getSigningKey(), 'client_email' => $this->auth->getIssuer(), ); $jwtCreds = new ServiceAccountJwtAccessCredentials($credJson); return $jwtCreds->updateMetadata($metadata, $authUri, $httpHandler); } /** * @param string $sub an email address account to impersonate, in situations when * the service account has been delegated domain wide access. */ public function setSub($sub) { $this->auth->setSub($sub); } } google-auth-library-php-0.5/src/Credentials/ServiceAccountJwtAccessCredentials.php000066400000000000000000000054761263462304500305000ustar00rootroot00000000000000auth = new OAuth2([ 'issuer' => $jsonKey['client_email'], 'sub' => $jsonKey['client_email'], 'signingAlgorithm' => 'RS256', 'signingKey' => $jsonKey['private_key'], ]); } /** * Updates metadata with the authorization token * * @param array $metadata metadata hashmap * @param string $authUri optional auth uri * @param callable $httpHandler callback which delivers psr7 request * * @return array updated metadata hashmap */ public function updateMetadata( $metadata, $authUri = null, callable $httpHandler = null ) { if (empty($authUri)) { return $metadata; } $this->auth->setAudience($authUri); return parent::updateMetadata($metadata, $authUri, $httpHandler); } /** * Implements FetchAuthTokenInterface#fetchAuthToken. */ public function fetchAuthToken(callable $httpHandler = null) { $audience = $this->auth->getAudience(); if (empty($audience)) { return null; } $access_token = $this->auth->toJwt(); return array('access_token' => $access_token); } /** * Implements FetchAuthTokenInterface#getCacheKey. */ public function getCacheKey() { return $this->auth->getCacheKey(); } } google-auth-library-php-0.5/src/Credentials/UserRefreshCredentials.php000066400000000000000000000055301263462304500262000ustar00rootroot00000000000000getContents(), true); } if (!array_key_exists('client_id', $jsonKey)) { throw new \InvalidArgumentException( 'json key is missing the client_id field'); } if (!array_key_exists('client_secret', $jsonKey)) { throw new \InvalidArgumentException( 'json key is missing the client_secret field'); } if (!array_key_exists('refresh_token', $jsonKey)) { throw new \InvalidArgumentException( 'json key is missing the refresh_token field'); } $this->auth = new OAuth2([ 'clientId' => $jsonKey['client_id'], 'clientSecret' => $jsonKey['client_secret'], 'refresh_token' => $jsonKey['refresh_token'], 'scope' => $scope, 'tokenCredentialUri' => self::TOKEN_CREDENTIAL_URI ]); } /** * Implements FetchAuthTokenInterface#fetchAuthToken. */ public function fetchAuthToken(callable $httpHandler = null) { return $this->auth->fetchAuthToken($httpHandler); } /** * Implements FetchAuthTokenInterface#getCacheKey. */ public function getCacheKey() { return $this->auth->getClientId() . ':' . $this->auth->getCacheKey(); } } google-auth-library-php-0.5/src/CredentialsLoader.php000066400000000000000000000124051263462304500227130ustar00rootroot00000000000000getContents(), true); if (!array_key_exists('type', $jsonKey)) { throw new \InvalidArgumentException( 'json key is missing the type field'); } if ($jsonKey['type'] == 'service_account') { return new ServiceAccountCredentials($scope, $jsonKey); } else if ($jsonKey['type'] == 'authorized_user') { return new UserRefreshCredentials($scope, $jsonKey); } else { throw new \InvalidArgumentException( 'invalid value in the type field'); } } /** * export a callback function which updates runtime metadata * * @return an updateMetadata function */ public function getUpdateMetadataFunc() { return array($this, 'updateMetadata'); } /** * Updates metadata with the authorization token * * @param array $metadata metadata hashmap * @param string $authUri optional auth uri * @param callable $httpHandler callback which delivers psr7 request * * @return array updated metadata hashmap */ public function updateMetadata( $metadata, $authUri = null, callable $httpHandler = null ) { $result = $this->fetchAuthToken($httpHandler); if (!isset($result['access_token'])) { return $metadata; } $metadata_copy = $metadata; $metadata_copy[self::AUTH_METADATA_KEY] = array('Bearer ' . $result['access_token']); return $metadata_copy; } } google-auth-library-php-0.5/src/FetchAuthTokenInterface.php000066400000000000000000000023211263462304500240200ustar00rootroot00000000000000client = $client; } /** * Accepts a PSR-7 Request and an array of options and returns a PSR-7 response. * * @param RequestInterface $request * @param array $options * @return ResponseInterface */ public function __invoke(RequestInterface $request, array $options = []) { $request = $this->client->createRequest( $request->getMethod(), $request->getUri(), array_merge([ 'headers' => $request->getHeaders(), 'body' => $request->getBody() ], $options) ); $response = $this->client->send($request); return new Response( $response->getStatusCode(), $response->getHeaders() ?: [], $response->getBody(), $response->getProtocolVersion(), $response->getReasonPhrase() ); } } google-auth-library-php-0.5/src/HttpHandler/Guzzle6HttpHandler.php000066400000000000000000000013121263462304500252430ustar00rootroot00000000000000client = $client; } /** * Accepts a PSR-7 request and an array of options and returns a PSR-7 response. * * @param RequestInterface $request * @param array $options * @return ResponseInterface */ public function __invoke(RequestInterface $request, array $options = []) { return $this->client->send($request, $options); } } google-auth-library-php-0.5/src/HttpHandler/HttpHandlerFactory.php000066400000000000000000000025671263462304500253210ustar00rootroot00000000000000' */ class AuthTokenMiddleware { use CacheTrait; const DEFAULT_CACHE_LIFETIME = 1500; /** @var An implementation of CacheInterface */ private $cache; /** @var callback */ private $httpHandler; /** @var An implementation of FetchAuthTokenInterface */ private $fetcher; /** @var cache configuration */ private $cacheConfig; /** * Creates a new AuthTokenMiddleware. * * @param FetchAuthTokenInterface $fetcher is used to fetch the auth token * @param array $cacheConfig configures the cache * @param CacheInterface $cache (optional) caches the token. * @param callable $httpHandler (optional) callback which delivers psr7 request */ public function __construct( FetchAuthTokenInterface $fetcher, array $cacheConfig = null, CacheInterface $cache = null, callable $httpHandler = null ) { $this->fetcher = $fetcher; $this->httpHandler = $httpHandler; if (!is_null($cache)) { $this->cache = $cache; $this->cacheConfig = array_merge([ 'lifetime' => self::DEFAULT_CACHE_LIFETIME, 'prefix' => '' ], $cacheConfig); } } /** * Updates the request with an Authorization header when auth is 'google_auth'. * * use Google\Auth\Middleware\AuthTokenMiddleware; * use Google\Auth\OAuth2; * use GuzzleHttp\Client; * use GuzzleHttp\HandlerStack; * * $config = [...]; * $oauth2 = new OAuth2($config) * $middleware = new AuthTokenMiddleware( * $oauth2, * ['prefix' => 'OAuth2::'], * $cache = new Memcache() * ); * $stack = HandlerStack::create(); * $stack->push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); */ public function __invoke(callable $handler) { return function (RequestInterface $request, array $options) use ($handler) { // Requests using "auth"="google_auth" will be authorized. if (!isset($options['auth']) || $options['auth'] !== 'google_auth') { return $handler($request, $options); } $request = $request->withHeader('Authorization', 'Bearer ' . $this->fetchToken()); return $handler($request, $options); }; } /** * Determine if token is available in the cache, if not call fetcher to * fetch it. * * @return string */ private function fetchToken() { // TODO: correct caching; update the call to setCachedValue to set the expiry // to the value returned with the auth token. // // TODO: correct caching; enable the cache to be cleared. $cached = $this->getCachedValue(); if (!empty($cached)) { return $cached; } $auth_tokens = $this->fetcher->fetchAuthToken($this->httpHandler); if (array_key_exists('access_token', $auth_tokens)) { $this->setCachedValue($auth_tokens['access_token']); return $auth_tokens['access_token']; } } } google-auth-library-php-0.5/src/Middleware/ScopedAccessTokenMiddleware.php000066400000000000000000000110321263462304500267350ustar00rootroot00000000000000' */ class ScopedAccessTokenMiddleware { use CacheTrait; const DEFAULT_CACHE_LIFETIME = 1500; /** @var An implementation of CacheInterface */ private $cache; /** @var callback */ private $httpHandler; /** @var An implementation of FetchAuthTokenInterface */ private $fetcher; /** @var cache configuration */ private $cacheConfig; /** * Creates a new ScopedAccessTokenMiddleware. * * @param callable $tokenFunc a token generator function * @param array|string $scopes the token authentication scopes * @param array $cacheConfig configuration for the cache when it's present * @param CacheInterface $cache an implementation of CacheInterface */ public function __construct( callable $tokenFunc, $scopes, array $cacheConfig = null, CacheInterface $cache = null ) { $this->tokenFunc = $tokenFunc; if (!(is_string($scopes) || is_array($scopes))) { throw new \InvalidArgumentException( 'wants scope should be string or array'); } $this->scopes = $scopes; if (!is_null($cache)) { $this->cache = $cache; $this->cacheConfig = array_merge([ 'lifetime' => self::DEFAULT_CACHE_LIFETIME, 'prefix' => '' ], $cacheConfig); } } /** * Updates the request with an Authorization header when auth is 'scoped'. * * E.g this could be used to authenticate using the AppEngine * AppIdentityService. * * use google\appengine\api\app_identity\AppIdentityService; * use Google\Auth\Middleware\ScopedAccessTokenMiddleware; * use GuzzleHttp\Client; * use GuzzleHttp\HandlerStack; * * $scope = 'https://www.googleapis.com/auth/taskqueue' * $middleware = new ScopedAccessTokenMiddleware( * 'AppIdentityService::getAccessToken', * $scope, * [ 'prefix' => 'Google\Auth\ScopedAccessToken::' ], * $cache = new Memcache() * ); * $stack = HandlerStack::create(); * $stack->push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_url' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); */ public function __invoke(callable $handler) { return function (RequestInterface $request, array $options) use ($handler) { // Requests using "auth"="scoped" will be authorized. if (!isset($options['auth']) || $options['auth'] !== 'scoped') { return $handler($request, $options); } $request = $request->withHeader('Authorization', 'Bearer ' . $this->fetchToken()); return $handler($request, $options); }; } /** * @return string */ private function getCacheKey() { $key = null; if (is_string($this->scopes)) { $key .= $this->scopes; } else if (is_array($this->scopes)) { $key .= implode(":", $this->scopes); } return $key; } /** * Determine if token is available in the cache, if not call tokenFunc to * fetch it. * * @return string */ private function fetchToken() { $cached = $this->getCachedValue(); if (!empty($cached)) { return $cached; } $token = call_user_func($this->tokenFunc, $this->scopes); $this->setCachedValue($token); return $token; } } google-auth-library-php-0.5/src/Middleware/SimpleMiddleware.php000066400000000000000000000050721263462304500246350ustar00rootroot00000000000000config = array_merge(['key' => null], $config); } /** * Updates the request query with the developer key if auth is set to simple * * use Google\Auth\Middleware\SimpleMiddleware; * use GuzzleHttp\Client; * use GuzzleHttp\HandlerStack; * * $my_key = 'is not the same as yours'; * $middleware = new SimpleMiddleware(['key' => $my_key]); * $stack = HandlerStack::create(); * $stack->push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/discovery/v1/', * 'auth' => 'simple' * ]); * * $res = $client->get('drive/v2/rest'); */ public function __invoke(callable $handler) { return function (RequestInterface $request, array $options) use ($handler) { // Requests using "auth"="scoped" will be authorized. if (!isset($options['auth']) || $options['auth'] !== 'simple') { return $handler($request, $options); } $query = Psr7\parse_query($request->getUri()->getQuery()); $params = array_merge($query, $this->config); $uri = $request->getUri()->withQuery(Psr7\build_query($params)); $request = $request->withUri($uri); return $handler($request, $options); }; } } google-auth-library-php-0.5/src/OAuth2.php000066400000000000000000000667051263462304500204450ustar00rootroot00000000000000 self::DEFAULT_EXPIRY_MINUTES, 'extensionParams' => [], 'authorizationUri' => null, 'redirectUri' => null, 'tokenCredentialUri' => null, 'state' => null, 'username' => null, 'password' => null, 'clientId' => null, 'clientSecret' => null, 'issuer' => null, 'principal' => null, 'sub' => null, 'audience' => null, 'signingKey' => null, 'signingAlgorithm' => null, 'scope' => null ], $config); $this->setAuthorizationUri($opts['authorizationUri']); $this->setRedirectUri($opts['redirectUri']); $this->setTokenCredentialUri($opts['tokenCredentialUri']); $this->setState($opts['state']); $this->setUsername($opts['username']); $this->setPassword($opts['password']); $this->setClientId($opts['clientId']); $this->setClientSecret($opts['clientSecret']); $this->setIssuer($opts['issuer']); $this->setPrincipal($opts['principal']); $this->setSub($opts['sub']); $this->setExpiry($opts['expiry']); $this->setAudience($opts['audience']); $this->setSigningKey($opts['signingKey']); $this->setSigningAlgorithm($opts['signingAlgorithm']); $this->setScope($opts['scope']); $this->setExtensionParams($opts['extensionParams']); $this->updateToken($opts); } /** * Verifies the idToken if present. * * - if none is present, return null * - if present, but invalid, raises DomainException. * - otherwise returns the payload in the idtoken as a PHP object. * * if $publicKey is null, the key is decoded without being verified. * * @param $publicKey the publicKey to use to authenticate the token * @param Array $allowed_algs List of supported verification algorithms */ public function verifyIdToken($publicKey = null, $allowed_algs = array()) { $idToken = $this->getIdToken(); if (is_null($idToken)) { return null; } $resp = $this->jwtDecode($idToken, $publicKey, $allowed_algs); if (!property_exists($resp, 'aud')) { throw new \DomainException('No audience found the id token'); } if ($resp->aud != $this->getAudience()) { throw new \DomainException('Wrong audience present in the id token'); } return $resp; } /** * Obtains the encoded jwt from the instance data. * * @param $config array optional configuration parameters */ public function toJwt(array $config = []) { if (is_null($this->getSigningKey())) { throw new \DomainException('No signing key available'); } if (is_null($this->getSigningAlgorithm())) { throw new \DomainException('No signing algorithm specified'); } $now = time(); $opts = array_merge([ 'skew' => self::DEFAULT_SKEW ], $config); $assertion = [ 'iss' => $this->getIssuer(), 'aud' => $this->getAudience(), 'exp' => ($now + $this->getExpiry()), 'iat' => ($now - $opts['skew']) ]; foreach ($assertion as $k => $v) { if (is_null($v)) { throw new \DomainException($k . ' should not be null'); } } if (!(is_null($this->getScope()))) { $assertion['scope'] = $this->getScope(); } if (!(is_null($this->getPrincipal()))) { $assertion['prn'] = $this->getPrincipal(); } if (!(is_null($this->getSub()))) { $assertion['sub'] = $this->getSub(); } return $this->jwtEncode($assertion, $this->getSigningKey(), $this->getSigningAlgorithm()); } /** * Generates a request for token credentials. * * @return RequestInterface the authorization Url. */ public function generateCredentialsRequest() { $uri = $this->getTokenCredentialUri(); if (is_null($uri)) { throw new \DomainException('No token credential URI was set.'); } $grantType = $this->getGrantType(); $params = array('grant_type' => $grantType); switch($grantType) { case 'authorization_code': $params['code'] = $this->getCode(); $params['redirect_uri'] = $this->getRedirectUri(); $this->addClientCredentials($params); break; case 'password': $params['username'] = $this->getUsername(); $params['password'] = $this->getPassword(); $this->addClientCredentials($params); break; case 'refresh_token': $params['refresh_token'] = $this->getRefreshToken(); $this->addClientCredentials($params); break; case self::JWT_URN: $params['assertion'] = $this->toJwt(); break; default: if (!is_null($this->getRedirectUri())) { # Grant type was supposed to be 'authorization_code', as there # is a redirect URI. throw new \DomainException('Missing authorization code'); } unset($params['grant_type']); if (!is_null($grantType)) { $params['grant_type'] = $grantType; } $params = array_merge($params, $this->getExtensionParams()); } $headers = [ 'Cache-Control' => 'no-store', 'Content-Type' => 'application/x-www-form-urlencoded' ]; return new Request( 'POST', $uri, $headers, Psr7\build_query($params) ); } /** * Fetchs the auth tokens based on the current state. * * @param callable $httpHandler callback which delivers psr7 request * @return array the response */ public function fetchAuthToken(callable $httpHandler = null) { if (is_null($httpHandler)) { $httpHandler = HttpHandlerFactory::build(); } $response = $httpHandler($this->generateCredentialsRequest()); $creds = $this->parseTokenResponse($response); $this->updateToken($creds); return $creds; } /** * Obtains a key that can used to cache the results of #fetchAuthToken. * * The key is derived from the scopes. * * @return string a key that may be used to cache the auth token. */ public function getCacheKey() { if (is_string($this->scope)) { return $this->scope; } else if (is_array($this->scope)) { return implode(":", $this->scope); } // If scope has not set, return null to indicate no caching. return null; } /** * Parses the fetched tokens. * * @param $resp ReponseInterface the response. * @return array the tokens parsed from the response body. */ public function parseTokenResponse(ResponseInterface $resp) { $body = (string) $resp->getBody(); if ($resp->hasHeader('Content-Type') && $resp->getHeaderLine('Content-Type') == 'application/x-www-form-urlencoded') { $res = array(); parse_str($body, $res); return $res; } else { // Assume it's JSON; if it's not throw an exception if (null === $res = json_decode($body, true)) { throw new \Exception('Invalid JSON response'); } return $res; } } /** * Updates an OAuth 2.0 client. * * @example * client.updateToken([ * 'refresh_token' => 'n4E9O119d', * 'access_token' => 'FJQbwq9', * 'expires_in' => 3600 * ]) * * @param array options * The configuration parameters related to the token. * * - refresh_token * The refresh token associated with the access token * to be refreshed. * * - access_token * The current access token for this client. * * - id_token * The current ID token for this client. * * - expires_in * The time in seconds until access token expiration. * * - expires_at * The time as an integer number of seconds since the Epoch * * - issued_at * The timestamp that the token was issued at. */ public function updateToken(array $config) { $opts = array_merge([ 'extensionParams' => [], 'refresh_token' => null, 'access_token' => null, 'id_token' => null, 'expires' => null, 'expires_in' => null, 'expires_at' => null, 'issued_at' => null ], $config); $this->setExpiresAt($opts['expires']); $this->setExpiresAt($opts['expires_at']); $this->setExpiresIn($opts['expires_in']); // By default, the token is issued at `Time.now` when `expiresIn` is set, // but this can be used to supply a more precise time. $this->setIssuedAt($opts['issued_at']); $this->setAccessToken($opts['access_token']); $this->setIdToken($opts['id_token']); $this->setRefreshToken($opts['refresh_token']); } /** * Builds the authorization Uri that the user should be redirected to. * * @param $config configuration options that customize the return url * @return UriInterface the authorization Url. * @throws InvalidArgumentException */ public function buildFullAuthorizationUri(array $config = []) { if (is_null($this->getAuthorizationUri())) { throw new \InvalidArgumentException( 'requires an authorizationUri to have been set'); } $params = array_merge([ 'response_type' => 'code', 'access_type' => 'offline', 'client_id' => $this->clientId, 'redirect_uri' => $this->redirectUri, 'state' => $this->state, 'scope' => $this->getScope(), ], $config); // Validate the auth_params if (is_null($params['client_id'])) { throw new \InvalidArgumentException( 'missing the required client identifier'); } if (is_null($params['redirect_uri'])) { throw new \InvalidArgumentException('missing the required redirect URI'); } if (!empty($params['prompt']) && !empty($params['approval_prompt'])) { throw new \InvalidArgumentException( 'prompt and approval_prompt are mutually exclusive'); } // Construct the uri object; return it if it is valid. $result = clone $this->authorizationUri; $existingParams = Psr7\parse_query($result->getQuery()); $result = $result->withQuery( Psr7\build_query(array_merge($existingParams, $params)) ); if ($result->getScheme() != 'https') { throw new \InvalidArgumentException( 'Authorization endpoint must be protected by TLS'); } return $result; } /** * Sets the authorization server's HTTP endpoint capable of authenticating * the end-user and obtaining authorization. */ public function setAuthorizationUri($uri) { $this->authorizationUri = $this->coerceUri($uri); } /** * Gets the authorization server's HTTP endpoint capable of authenticating * the end-user and obtaining authorization. */ public function getAuthorizationUri() { return $this->authorizationUri; } /** * Gets the authorization server's HTTP endpoint capable of issuing tokens * and refreshing expired tokens. */ public function getTokenCredentialUri() { return $this->tokenCredentialUri; } /** * Sets the authorization server's HTTP endpoint capable of issuing tokens * and refreshing expired tokens. */ public function setTokenCredentialUri($uri) { $this->tokenCredentialUri = $this->coerceUri($uri); } /** * Gets the redirection URI used in the initial request. */ public function getRedirectUri() { return $this->redirectUri; } /** * Sets the redirection URI used in the initial request. */ public function setRedirectUri($uri) { if (is_null($uri)) { $this->redirectUri = null; return; } if (!$this->isAbsoluteUri($uri)) { throw new \InvalidArgumentException( 'Redirect URI must be absolute'); } $this->redirectUri = (string) $uri; } /** * Gets the scope of the access requests as a space-delimited String. */ public function getScope() { if (is_null($this->scope)) { return $this->scope; } return implode(' ', $this->scope); } /** * Sets the scope of the access request, expressed either as an Array or as * a space-delimited String. */ public function setScope($scope) { if (is_null($scope)) { $this->scope = null; } else if (is_string($scope)) { $this->scope = explode(' ', $scope); } else if (is_array($scope)) { foreach ($scope as $s) { $pos = strpos($s, ' '); if ($pos !== false) { throw new \InvalidArgumentException( 'array scope values should not contain spaces'); } } $this->scope = $scope; } else { throw new \InvalidArgumentException( 'scopes should be a string or array of strings'); } } /** * Gets the current grant type. */ public function getGrantType() { if (!is_null($this->grantType)) { return $this->grantType; } // Returns the inferred grant type, based on the current object instance // state. if (!is_null($this->code) && !is_null($this->redirectUri)) { return 'authorization_code'; } else if (!is_null($this->refreshToken)) { return 'refresh_token'; } else if (!is_null($this->username) && !is_null($this->password)) { return 'password'; } else if (!is_null($this->issuer) && !is_null($this->signingKey)) { return self::JWT_URN; } else { return null; } } /** * Sets the current grant type. */ public function setGrantType($gt) { if (in_array($gt, self::$knownGrantTypes)) { $this->grantType = $gt; } else { // validate URI if (!$this->isAbsoluteUri($gt)) { throw new \InvalidArgumentException( 'invalid grant type'); } $this->grantType = (string) $gt; } } /** * Gets an arbitrary string designed to allow the client to maintain state. */ public function getState() { return $this->state; } /** * Sets an arbitrary string designed to allow the client to maintain state. */ public function setState($state) { $this->state = $state; } /** * Gets the authorization code issued to this client. */ public function getCode() { return $this->code; } /** * Sets the authorization code issued to this client. */ public function setCode($code) { $this->code = $code; } /** * Gets the resource owner's username. */ public function getUsername() { return $this->username; } /** * Sets the resource owner's username. */ public function setUsername($username) { $this->username = $username; } /** * Gets the resource owner's password. */ public function getPassword() { return $this->password; } /** * Sets the resource owner's password. */ public function setPassword($password) { $this->password = $password; } /** * Sets a unique identifier issued to the client to identify itself to the * authorization server. */ public function getClientId() { return $this->clientId; } /** * Sets a unique identifier issued to the client to identify itself to the * authorization server. */ public function setClientId($clientId) { $this->clientId = $clientId; } /** * Gets a shared symmetric secret issued by the authorization server, which * is used to authenticate the client. */ public function getClientSecret() { return $this->clientSecret; } /** * Sets a shared symmetric secret issued by the authorization server, which * is used to authenticate the client. */ public function setClientSecret($clientSecret) { $this->clientSecret = $clientSecret; } /** * Gets the Issuer ID when using assertion profile. */ public function getIssuer() { return $this->issuer; } /** * Sets the Issuer ID when using assertion profile. */ public function setIssuer($issuer) { $this->issuer = $issuer; } /** * Gets the target user for the assertions. */ public function getPrincipal() { return $this->principal; } /** * Sets the target user for the assertions. */ public function setPrincipal($p) { $this->principal = $p; } /** * Gets the target sub when issuing assertions. */ public function getSub() { return $this->sub; } /** * Sets the target sub when issuing assertions. */ public function setSub($sub) { $this->sub = $sub; } /** * Gets the target audience when issuing assertions. */ public function getAudience() { return $this->audience; } /** * Sets the target audience when issuing assertions. */ public function setAudience($audience) { $this->audience = $audience; } /** * Gets the signing key when using an assertion profile. */ public function getSigningKey() { return $this->signingKey; } /** * Sets the signing key when using an assertion profile. */ public function setSigningKey($signingKey) { $this->signingKey = $signingKey; } /** * Gets the signing algorithm when using an assertion profile. */ public function getSigningAlgorithm() { return $this->signingAlgorithm; } /** * Sets the signing algorithm when using an assertion profile. */ public function setSigningAlgorithm($sa) { if (is_null($sa)) { $this->signingAlgorithm = null; } else if (!in_array($sa, self::$knownSigningAlgorithms)) { throw new \InvalidArgumentException('unknown signing algorithm'); } else { $this->signingAlgorithm = $sa; } } /** * Gets the set of parameters used by extension when using an extension * grant type. */ public function getExtensionParams() { return $this->extensionParams; } /** * Sets the set of parameters used by extension when using an extension * grant type. */ public function setExtensionParams($extensionParams) { $this->extensionParams = $extensionParams; } /** * Gets the number of seconds assertions are valid for. */ public function getExpiry() { return $this->expiry; } /** * Sets the number of seconds assertions are valid for. */ public function setExpiry($expiry) { $this->expiry = $expiry; } /** * Gets the lifetime of the access token in seconds. */ public function getExpiresIn() { return $this->expiresIn; } /** * Sets the lifetime of the access token in seconds. */ public function setExpiresIn($expiresIn) { if (is_null($expiresIn)) { $this->expiresIn = null; $this->issuedAt = null; } else { $this->issuedAt = time(); $this->expiresIn = (int) $expiresIn; } } /** * Gets the time the current access token expires at. */ public function getExpiresAt() { if (!is_null($this->expiresAt)) { return $this->expiresAt; } else if (!is_null($this->issuedAt) && !is_null($this->expiresIn)) { return $this->issuedAt + $this->expiresIn; } return null; } /** * Returns true if the acccess token has expired. */ public function isExpired() { $expiration = $this->getExpiresAt(); $now = time(); return (!is_null($expiration) && $now >= $expiration); } /** * Sets the time the current access token expires at. */ public function setExpiresAt($expiresAt) { $this->expiresAt = $expiresAt; } /** * Gets the time the current access token was issued at. */ public function getIssuedAt() { return $this->issuedAt; } /** * Sets the time the current access token was issued at. */ public function setIssuedAt($issuedAt) { $this->issuedAt = $issuedAt; } /** * Gets the current access token. */ public function getAccessToken() { return $this->accessToken; } /** * Sets the current access token. */ public function setAccessToken($accessToken) { $this->accessToken = $accessToken; } /** * Gets the current ID token. */ public function getIdToken() { return $this->idToken; } /** * Sets the current ID token. */ public function setIdToken($idToken) { $this->idToken = $idToken; } /** * Gets the refresh token associated with the current access token. */ public function getRefreshToken() { return $this->refreshToken; } /** * Sets the refresh token associated with the current access token. */ public function setRefreshToken($refreshToken) { $this->refreshToken = $refreshToken; } /** * @todo handle uri as array * @param string $uri * @return null|UriInterface */ private function coerceUri($uri) { if (is_null($uri)) { return null; } return Psr7\uri_for($uri); } private function jwtDecode($idToken, $publicKey, $allowedAlgs) { if (class_exists('Firebase\JWT\JWT')) { return \Firebase\JWT\JWT::decode($idToken, $publicKey, $allowedAlgs); } return \JWT::decode($idToken, $publicKey, $allowedAlgs); } private function jwtEncode($assertion, $signingKey, $signingAlgorithm) { if (class_exists('Firebase\JWT\JWT')) { return \Firebase\JWT\JWT::encode($assertion, $signingKey, $signingAlgorithm); } return \JWT::encode($assertion, $signingKey, $signingAlgorithm); } /** * Determines if the URI is absolute based on its scheme and host or path * (RFC 3986) * * @param string $uri * @return bool */ private function isAbsoluteUri($uri) { $u = $this->coerceUri($uri); return $u->getScheme() && ($u->getHost() || $u->getPath()); } private function addClientCredentials(&$params) { $clientId = $this->getClientId(); $clientSecret = $this->getClientSecret(); if ($clientId && $clientSecret) { $params['client_id'] = $clientId; $params['client_secret'] = $clientSecret; } return $params; } } google-auth-library-php-0.5/src/Subscriber/000077500000000000000000000000001263462304500207175ustar00rootroot00000000000000google-auth-library-php-0.5/src/Subscriber/AuthTokenSubscriber.php000066400000000000000000000102571263462304500253630ustar00rootroot00000000000000' */ class AuthTokenSubscriber implements SubscriberInterface { use CacheTrait; const DEFAULT_CACHE_LIFETIME = 1500; /** @var An implementation of CacheInterface */ private $cache; /** @var callable */ private $httpHandler; /** @var An implementation of FetchAuthTokenInterface */ private $fetcher; /** @var cache configuration */ private $cacheConfig; /** * Creates a new AuthTokenSubscriber. * * @param FetchAuthTokenInterface $fetcher is used to fetch the auth token * @param array $cacheConfig configures the cache * @param CacheInterface $cache (optional) caches the token. * @param callable $httpHandler (optional) http client to fetch the token. */ public function __construct( FetchAuthTokenInterface $fetcher, array $cacheConfig = null, CacheInterface $cache = null, callable $httpHandler = null ) { $this->fetcher = $fetcher; $this->httpHandler = $httpHandler; if (!is_null($cache)) { $this->cache = $cache; $this->cacheConfig = array_merge([ 'lifetime' => self::DEFAULT_CACHE_LIFETIME, 'prefix' => '' ], $cacheConfig); } } /* Implements SubscriberInterface */ public function getEvents() { return ['before' => ['onBefore', RequestEvents::SIGN_REQUEST]]; } /** * Updates the request with an Authorization header when auth is 'fetched_auth_token'. * * use GuzzleHttp\Client; * use Google\Auth\OAuth2; * use Google\Auth\Subscriber\AuthTokenSubscriber; * * $config = [...]; * $oauth2 = new OAuth2($config) * $subscriber = new AuthTokenSubscriber( * $oauth2, * ['prefix' => 'OAuth2::'], * $cache = new Memcache() * ); * * $client = new Client([ * 'base_url' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'defaults' => ['auth' => 'google_auth'] * ]); * $client->getEmitter()->attach($subscriber); * * $res = $client->get('myproject/taskqueues/myqueue'); */ public function onBefore(BeforeEvent $event) { // Requests using "auth"="google_auth" will be authorized. $request = $event->getRequest(); if ($request->getConfig()['auth'] != 'google_auth') { return; } // Use the cached value if its available. // // TODO: correct caching; update the call to setCachedValue to set the expiry // to the value returned with the auth token. // // TODO: correct caching; enable the cache to be cleared. $cached = $this->getCachedValue(); if (!empty($cached)) { $request->setHeader('Authorization', 'Bearer ' . $cached); return; } // Fetch the auth token. $auth_tokens = $this->fetcher->fetchAuthToken($this->httpHandler); if (array_key_exists('access_token', $auth_tokens)) { $request->setHeader('Authorization', 'Bearer ' . $auth_tokens['access_token']); $this->setCachedValue($auth_tokens['access_token']); } } } google-auth-library-php-0.5/src/Subscriber/ScopedAccessTokenSubscriber.php000066400000000000000000000110321263462304500270110ustar00rootroot00000000000000' */ class ScopedAccessTokenSubscriber implements SubscriberInterface { use CacheTrait; const DEFAULT_CACHE_LIFETIME = 1500; /** @var An implementation of CacheInterface */ private $cache; /** @var The access token generator function */ private $tokenFunc; /** @var The scopes used to generate the token */ private $scopes; /** @var cache configuration */ private $cacheConfig; /** * Creates a new ScopedAccessTokenSubscriber. * * @param callable $tokenFunc a token generator function * @param array|string $scopes the token authentication scopes * @param array $cacheConfig configuration for the cache when it's present * @param CacheInterface $cache an implementation of CacheInterface */ public function __construct( callable $tokenFunc, $scopes, array $cacheConfig = null, CacheInterface $cache = null ) { $this->tokenFunc = $tokenFunc; if (!(is_string($scopes) || is_array($scopes))) { throw new \InvalidArgumentException( 'wants scope should be string or array'); } $this->scopes = $scopes; if (!is_null($cache)) { $this->cache = $cache; $this->cacheConfig = array_merge([ 'lifetime' => self::DEFAULT_CACHE_LIFETIME, 'prefix' => '' ], $cacheConfig); } } /* Implements SubscriberInterface */ public function getEvents() { return ['before' => ['onBefore', RequestEvents::SIGN_REQUEST]]; } /** * Updates the request with an Authorization header when auth is 'scoped'. * * E.g this could be used to authenticate using the AppEngine * AppIdentityService. * * use google\appengine\api\app_identity\AppIdentityService; * use Google\Auth\Subscriber\ScopedAccessTokenSubscriber; * use GuzzleHttp\Client; * * $scope = 'https://www.googleapis.com/auth/taskqueue' * $subscriber = new ScopedAccessToken( * 'AppIdentityService::getAccessToken', * $scope, * ['prefix' => 'Google\Auth\ScopedAccessToken::'], * $cache = new Memcache() * ); * * $client = new Client([ * 'base_url' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'defaults' => ['auth' => 'scoped'] * ]); * $client->getEmitter()->attach($subscriber); * * $res = $client->get('myproject/taskqueues/myqueue'); */ public function onBefore(BeforeEvent $event) { // Requests using "auth"="scoped" will be authorized. $request = $event->getRequest(); if ($request->getConfig()['auth'] != 'scoped') { return; } $auth_header = 'Bearer ' . $this->fetchToken(); $request->setHeader('Authorization', $auth_header); } /** * @return string */ private function getCacheKey() { $key = null; if (is_string($this->scopes)) { $key .= $this->scopes; } else if (is_array($this->scopes)) { $key .= implode(":", $this->scopes); } return $key; } /** * Determine if token is available in the cache, if not call tokenFunc to * fetch it. * * @return string */ private function fetchToken() { $cached = $this->getCachedValue(); if (!empty($cached)) { return $cached; } $token = call_user_func($this->tokenFunc, $this->scopes); $this->setCachedValue($token); return $token; } } google-auth-library-php-0.5/src/Subscriber/SimpleSubscriber.php000066400000000000000000000046101263462304500247060ustar00rootroot00000000000000config = array_merge([], $config); } /* Implements SubscriberInterface */ public function getEvents() { return ['before' => ['onBefore', RequestEvents::SIGN_REQUEST]]; } /** * Updates the request query with the developer key if auth is set to simple * * use Google\Auth\Subscriber\SimpleSubscriber; * use GuzzleHttp\Client; * * $my_key = 'is not the same as yours'; * $subscriber = new SimpleSubscriber(['key' => $my_key]); * * $client = new Client([ * 'base_url' => 'https://www.googleapis.com/discovery/v1/', * 'defaults' => ['auth' => 'simple'] * ]); * $client->getEmitter()->attach($subscriber); * * $res = $client->get('drive/v2/rest'); */ public function onBefore(BeforeEvent $event) { // Requests using "auth"="simple" with the developer key. $request = $event->getRequest(); if ($request->getConfig()['auth'] != 'simple') { return; } $request->getQuery()->overwriteWith($this->config); } } google-auth-library-php-0.5/tests/000077500000000000000000000000001263462304500171675ustar00rootroot00000000000000google-auth-library-php-0.5/tests/ApplicationDefaultCredentialsTest.php000066400000000000000000000160311263462304500264670ustar00rootroot00000000000000originalHome = getenv('HOME'); } protected function tearDown() { if ($this->originalHome != getenv('HOME')) { putenv('HOME=' . $this->originalHome); } putenv(ServiceAccountCredentials::ENV_VAR); // removes it from } /** * @expectedException DomainException */ public function testIsFailsEnvSpecifiesNonExistentFile() { $keyFile = __DIR__ . '/fixtures' . '/does-not-exist-private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); ApplicationDefaultCredentials::getCredentials('a scope'); } public function testLoadsOKIfEnvSpecifiedIsValid() { $keyFile = __DIR__ . '/fixtures' . '/private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); $this->assertNotNull( ApplicationDefaultCredentials::getCredentials('a scope') ); } public function testLoadsDefaultFileIfPresentAndEnvVarIsNotSet() { putenv('HOME=' . __DIR__ . '/fixtures'); $this->assertNotNull( ApplicationDefaultCredentials::getCredentials('a scope') ); } /** * @expectedException DomainException */ public function testFailsIfNotOnGceAndNoDefaultFileFound() { putenv('HOME=' . __DIR__ . '/not_exist_fixtures'); // simulate not being GCE by return 500 $httpHandler = getHandler([ buildResponse(500) ]); ApplicationDefaultCredentials::getCredentials('a scope', $httpHandler); } public function testSuccedsIfNoDefaultFilesButIsOnGCE() { $wantedTokens = [ 'access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer', ]; $jsonTokens = json_encode($wantedTokens); // simulate the response from GCE. $httpHandler = getHandler([ buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']), buildResponse(200, [], Psr7\stream_for($jsonTokens)) ]); $this->assertNotNull( ApplicationDefaultCredentials::getCredentials('a scope', $httpHandler) ); } } class ADCGetMiddlewareTest extends \PHPUnit_Framework_TestCase { private $originalHome; protected function setUp() { $this->originalHome = getenv('HOME'); } protected function tearDown() { if ($this->originalHome != getenv('HOME')) { putenv('HOME=' . $this->originalHome); } putenv(ServiceAccountCredentials::ENV_VAR); // removes it if assigned } /** * @expectedException DomainException */ public function testIsFailsEnvSpecifiesNonExistentFile() { $keyFile = __DIR__ . '/fixtures' . '/does-not-exist-private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); ApplicationDefaultCredentials::getMiddleware('a scope'); } public function testLoadsOKIfEnvSpecifiedIsValid() { $keyFile = __DIR__ . '/fixtures' . '/private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); $this->assertNotNull(ApplicationDefaultCredentials::getMiddleware('a scope')); } public function testLoadsDefaultFileIfPresentAndEnvVarIsNotSet() { putenv('HOME=' . __DIR__ . '/fixtures'); $this->assertNotNull(ApplicationDefaultCredentials::getMiddleware('a scope')); } /** * @expectedException DomainException */ public function testFailsIfNotOnGceAndNoDefaultFileFound() { putenv('HOME=' . __DIR__ . '/not_exist_fixtures'); // simulate not being GCE by return 500 $httpHandler = getHandler([ buildResponse(500) ]); ApplicationDefaultCredentials::getMiddleware('a scope', $httpHandler); } public function testSuccedsIfNoDefaultFilesButIsOnGCE() { $wantedTokens = [ 'access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer', ]; $jsonTokens = json_encode($wantedTokens); // simulate the response from GCE. $httpHandler = getHandler([ buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']), buildResponse(200, [], Psr7\stream_for($jsonTokens)) ]); $this->assertNotNull(ApplicationDefaultCredentials::getMiddleware('a scope', $httpHandler)); } } // @todo consider a way to DRY this and above class up class ADCGetSubscriberTest extends BaseTest { private $originalHome; protected function setUp() { $this->onlyGuzzle5(); $this->originalHome = getenv('HOME'); } protected function tearDown() { if ($this->originalHome != getenv('HOME')) { putenv('HOME=' . $this->originalHome); } putenv(ServiceAccountCredentials::ENV_VAR); // removes it if assigned } /** * @expectedException DomainException */ public function testIsFailsEnvSpecifiesNonExistentFile() { $keyFile = __DIR__ . '/fixtures' . '/does-not-exist-private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); ApplicationDefaultCredentials::getSubscriber('a scope'); } public function testLoadsOKIfEnvSpecifiedIsValid() { $keyFile = __DIR__ . '/fixtures' . '/private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); $this->assertNotNull(ApplicationDefaultCredentials::getSubscriber('a scope')); } public function testLoadsDefaultFileIfPresentAndEnvVarIsNotSet() { putenv('HOME=' . __DIR__ . '/fixtures'); $this->assertNotNull(ApplicationDefaultCredentials::getSubscriber('a scope')); } /** * @expectedException DomainException */ public function testFailsIfNotOnGceAndNoDefaultFileFound() { putenv('HOME=' . __DIR__ . '/not_exist_fixtures'); // simulate not being GCE by return 500 $httpHandler = getHandler([ buildResponse(500) ]); ApplicationDefaultCredentials::getSubscriber('a scope', $httpHandler); } public function testSuccedsIfNoDefaultFilesButIsOnGCE() { $wantedTokens = [ 'access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer', ]; $jsonTokens = json_encode($wantedTokens); // simulate the response from GCE. $httpHandler = getHandler([ buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']), buildResponse(200, [], Psr7\stream_for($jsonTokens)) ]); $this->assertNotNull(ApplicationDefaultCredentials::getSubscriber('a scope', $httpHandler)); } } google-auth-library-php-0.5/tests/BaseTest.php000066400000000000000000000007201263462304500214110ustar00rootroot00000000000000markTestSkipped('Guzzle 6 only'); } } public function onlyGuzzle5() { $version = ClientInterface::VERSION; if ('5' !== $version[0]) { $this->markTestSkipped('Guzzle 5 only'); } } }google-auth-library-php-0.5/tests/CacheTraitTest.php000066400000000000000000000112771263462304500225570ustar00rootroot00000000000000mockFetcher = $this ->getMockBuilder('Google\Auth\FetchAuthTokenInterface') ->getMock(); $this->mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); } public function testSuccessfullyPullsFromCacheWithoutFetcher() { $expectedValue = '1234'; $this->mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue($expectedValue)); $implementation = new CacheTraitImplementation([ 'cache' => $this->mockCache ]); $cachedValue = $implementation->gCachedValue(); $this->assertEquals($expectedValue, $cachedValue); } public function testSuccessfullyPullsFromCacheWithFetcher() { $expectedValue = '1234'; $this->mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue($expectedValue)); $this->mockFetcher ->expects($this->once()) ->method('getCacheKey') ->will($this->returnValue('key')); $implementation = new CacheTraitImplementation([ 'cache' => $this->mockCache, 'fetcher' => $this->mockFetcher ]); $cachedValue = $implementation->gCachedValue(); $this->assertEquals($expectedValue, $cachedValue); } public function testFailsPullFromCacheWithNoCache() { $implementation = new CacheTraitImplementation(); $cachedValue = $implementation->gCachedValue(); $this->assertEquals(null, $cachedValue); } public function testFailsPullFromCacheWithoutKey() { $this->mockFetcher ->expects($this->once()) ->method('getCacheKey') ->will($this->returnValue(null)); $implementation = new CacheTraitImplementation([ 'cache' => $this->mockCache, 'fetcher' => $this->mockFetcher ]); $cachedValue = $implementation->gCachedValue(); } public function testSuccessfullySetsToCacheWithoutFetcher() { $value = '1234'; $this->mockCache ->expects($this->once()) ->method('set') ->with('key', $value); $implementation = new CacheTraitImplementation([ 'cache' => $this->mockCache ]); $implementation->sCachedValue($value); } public function testSuccessfullySetsToCacheWithFetcher() { $value = '1234'; $this->mockCache ->expects($this->once()) ->method('set') ->with('key', $value); $this->mockFetcher ->expects($this->once()) ->method('getCacheKey') ->will($this->returnValue('key')); $implementation = new CacheTraitImplementation([ 'cache' => $this->mockCache, 'fetcher' => $this->mockFetcher ]); $implementation->sCachedValue($value); } public function testFailsSetToCacheWithNoCache() { $this->mockFetcher ->expects($this->never()) ->method('getCacheKey'); $implementation = new CacheTraitImplementation([ 'fetcher' => $this->mockFetcher ]); $implementation->sCachedValue('1234'); } public function testFailsSetToCacheWithoutKey() { $this->mockFetcher ->expects($this->once()) ->method('getCacheKey') ->will($this->returnValue(null)); $implementation = new CacheTraitImplementation([ 'cache' => $this->mockCache, 'fetcher' => $this->mockFetcher ]); $cachedValue = $implementation->sCachedValue('1234'); } } class CacheTraitImplementation { use CacheTrait; private $cache; private $fetcher; private $cacheConfig; public function __construct(array $config = []) { $this->cache = isset($config['cache']) ? $config['cache'] : null; $this->fetcher = isset($config['fetcher']) ? $config['fetcher'] : null; $this->cacheConfig = [ 'prefix' => '', 'lifetime' => 1000 ]; } // allows us to keep trait methods private public function gCachedValue() { return $this->getCachedValue(); } public function sCachedValue($v) { $this->setCachedValue($v); } private function getCacheKey() { return 'key'; } } google-auth-library-php-0.5/tests/Credentials/000077500000000000000000000000001263462304500214245ustar00rootroot00000000000000google-auth-library-php-0.5/tests/Credentials/AppIndentityCredentialsTest.php000066400000000000000000000060541263462304500275700ustar00rootroot00000000000000assertFalse(AppIdentityCredentials::onAppEngine()); } public function testIsTrueWhenServerSoftwareIsGoogleAppEngine() { $_SERVER['SERVER_SOFTWARE'] = 'Google App Engine'; $this->assertTrue(AppIdentityCredentials::onAppEngine()); } } class AppIdentityCredentialsGetCacheKeyTest extends \PHPUnit_Framework_TestCase { public function testShouldNotBeEmpty() { $g = new AppIdentityCredentials(); $this->assertNotEmpty($g->getCacheKey()); } } class AppIdentityCredentialsFetchAuthTokenTest extends \PHPUnit_Framework_TestCase { public function testShouldBeEmptyIfNotOnAppEngine() { $g = new AppIdentityCredentials(); $this->assertEquals(array(), $g->fetchAuthToken()); } /* @expectedException */ public function testThrowsExceptionIfClassDoesntExist() { $_SERVER['SERVER_SOFTWARE'] = 'Google App Engine'; $g = new AppIdentityCredentials(); } public function testReturnsExpectedToken() { // include the mock AppIdentityService class require_once __DIR__ . '/../mocks/AppIdentityService.php'; $wantedToken = [ 'access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer', ]; AppIdentityService::$accessToken = $wantedToken; $_SERVER['SERVER_SOFTWARE'] = 'Google App Engine'; $g = new AppIdentityCredentials(); $this->assertEquals($wantedToken, $g->fetchAuthToken()); } public function testScopeIsAlwaysArray() { // include the mock AppIdentityService class require_once __DIR__ . '/../mocks/AppIdentityService.php'; $scope1 = ['scopeA', 'scopeB']; $scope2 = 'scopeA scopeB'; $scope3 = 'scopeA'; $_SERVER['SERVER_SOFTWARE'] = 'Google App Engine'; $g = new AppIdentityCredentials($scope1); $g->fetchAuthToken(); $this->assertEquals($scope1, AppIdentityService::$scope); $g = new AppIdentityCredentials($scope2); $g->fetchAuthToken(); $this->assertEquals(explode(' ', $scope2), AppIdentityService::$scope); $g = new AppIdentityCredentials($scope3); $g->fetchAuthToken(); $this->assertEquals([$scope3], AppIdentityService::$scope); } } google-auth-library-php-0.5/tests/Credentials/GCECredentialsTest.php000066400000000000000000000061001263462304500255460ustar00rootroot00000000000000assertFalse(GCECredentials::onGCE($httpHandler)); } public function testIsFalseOnServerErrorStatus() { $httpHandler = getHandler([ buildResponse(500) ]); $this->assertFalse(GCECredentials::onGCE($httpHandler)); } public function testIsFalseOnOkStatusWithoutExpectedHeader() { $httpHandler = getHandler([ buildResponse(200) ]); $this->assertFalse(GCECredentials::onGCE($httpHandler)); } public function testIsOkIfGoogleIsTheFlavor() { $httpHandler = getHandler([ buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']) ]); $this->assertTrue(GCECredentials::onGCE($httpHandler)); } } class GCECredentialsGetCacheKeyTest extends \PHPUnit_Framework_TestCase { public function testShouldNotBeEmpty() { $g = new GCECredentials(); $this->assertNotEmpty($g->getCacheKey()); } } class GCECredentialsFetchAuthTokenTest extends \PHPUnit_Framework_TestCase { public function testShouldBeEmptyIfNotOnGCE() { $httpHandler = getHandler([ buildResponse(500) ]); $g = new GCECredentials(); $this->assertEquals(array(), $g->fetchAuthToken($httpHandler)); } /** * @expectedException Exception * @expectedExceptionMessage Invalid JSON response */ public function testShouldFailIfResponseIsNotJson() { $notJson = '{"foo": , this is cannot be passed as json" "bar"}'; $httpHandler = getHandler([ buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']), buildResponse(200, [], $notJson), ]); $g = new GCECredentials(); $g->fetchAuthToken($httpHandler); } public function testShouldReturnTokenInfo() { $wantedTokens = [ 'access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer', ]; $jsonTokens = json_encode($wantedTokens); $httpHandler = getHandler([ buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']), buildResponse(200, [], Psr7\stream_for($jsonTokens)), ]); $g = new GCECredentials(); $this->assertEquals($wantedTokens, $g->fetchAuthToken($httpHandler)); } } google-auth-library-php-0.5/tests/Credentials/IAMCredentialsTest.php000066400000000000000000000042351263462304500255650ustar00rootroot00000000000000assertNotNull( new IAMCredentials("iam-selector", "iam-token") ); } } class IAMUpdateMetadataCallbackTest extends \PHPUnit_Framework_TestCase { public function testUpdateMetadataFunc() { $selector = 'iam-selector'; $token = 'iam-token'; $iam = new IAMCredentials( $selector, $token ); $update_metadata = $iam->getUpdateMetadataFunc(); $this->assertTrue(is_callable($update_metadata)); $actual_metadata = call_user_func($update_metadata, $metadata = array('foo' => 'bar')); $this->assertTrue( isset($actual_metadata[IAMCredentials::SELECTOR_KEY])); $this->assertEquals( $actual_metadata[IAMCredentials::SELECTOR_KEY], $selector); $this->assertTrue( isset($actual_metadata[IAMCredentials::TOKEN_KEY])); $this->assertEquals( $actual_metadata[IAMCredentials::TOKEN_KEY], $token); } } google-auth-library-php-0.5/tests/Credentials/ServiceAccountCredentialsTest.php000066400000000000000000000336741263462304500301050ustar00rootroot00000000000000 'key123', 'private_key' => 'privatekey', 'client_email' => 'test@example.com', 'client_id' => 'client123', 'type' => 'service_account' ]; } class SACGetCacheKeyTest extends \PHPUnit_Framework_TestCase { public function testShouldBeTheSameAsOAuth2WithTheSameScope() { $testJson = createTestJson(); $scope = ['scope/1', 'scope/2']; $sa = new ServiceAccountCredentials( $scope, $testJson); $o = new OAuth2(['scope' => $scope]); $this->assertSame( $testJson['client_email'] . ':' . $o->getCacheKey(), $sa->getCacheKey() ); } public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSub() { $testJson = createTestJson(); $scope = ['scope/1', 'scope/2']; $sub = 'sub123'; $sa = new ServiceAccountCredentials( $scope, $testJson, null, $sub); $o = new OAuth2(['scope' => $scope]); $this->assertSame( $testJson['client_email'] . ':' . $o->getCacheKey() . ':' . $sub, $sa->getCacheKey() ); } public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSubAddedLater() { $testJson = createTestJson(); $scope = ['scope/1', 'scope/2']; $sub = 'sub123'; $sa = new ServiceAccountCredentials( $scope, $testJson, null); $sa->setSub($sub); $o = new OAuth2(['scope' => $scope]); $this->assertSame( $testJson['client_email'] . ':' . $o->getCacheKey() . ':' . $sub, $sa->getCacheKey() ); } } class SACConstructorTest extends \PHPUnit_Framework_TestCase { /** * @expectedException InvalidArgumentException */ public function testShouldFailIfScopeIsNotAValidType() { $testJson = createTestJson(); $notAnArrayOrString = new \stdClass(); $sa = new ServiceAccountCredentials( $notAnArrayOrString, $testJson ); } /** * @expectedException InvalidArgumentException */ public function testShouldFailIfJsonDoesNotHaveClientEmail() { $testJson = createTestJson(); unset($testJson['client_email']); $scope = ['scope/1', 'scope/2']; $sa = new ServiceAccountCredentials( $scope, $testJson ); } /** * @expectedException InvalidArgumentException */ public function testShouldFailIfJsonDoesNotHavePrivateKey() { $testJson = createTestJson(); unset($testJson['private_key']); $scope = ['scope/1', 'scope/2']; $sa = new ServiceAccountCredentials( $scope, $testJson ); } /** * @expectedException PHPUnit_Framework_Error_Warning */ public function testFailsToInitalizeFromANonExistentFile() { $keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json'; new ServiceAccountCredentials('scope/1', null, $keyFile); } public function testInitalizeFromAFile() { $keyFile = __DIR__ . '/../fixtures' . '/private.json'; $this->assertNotNull( new ServiceAccountCredentials('scope/1', null, $keyFile) ); } } class SACFromEnvTest extends \PHPUnit_Framework_TestCase { protected function tearDown() { putenv(ServiceAccountCredentials::ENV_VAR); // removes it from } public function testIsNullIfEnvVarIsNotSet() { $this->assertNull(ServiceAccountCredentials::fromEnv('a scope')); } /** * @expectedException DomainException */ public function testFailsIfEnvSpecifiesNonExistentFile() { $keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); ApplicationDefaultCredentials::getCredentials('a scope'); } public function testSucceedIfFileExists() { $keyFile = __DIR__ . '/../fixtures' . '/private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); $this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope')); } } class SACFromWellKnownFileTest extends \PHPUnit_Framework_TestCase { private $originalHome; protected function setUp() { $this->originalHome = getenv('HOME'); } protected function tearDown() { if ($this->originalHome != getenv('HOME')) { putenv('HOME=' . $this->originalHome); } } public function testIsNullIfFileDoesNotExist() { putenv('HOME=' . __DIR__ . '/../not_exists_fixtures'); $this->assertNull( ServiceAccountCredentials::fromWellKnownFile('a scope') ); } public function testSucceedIfFileIsPresent() { putenv('HOME=' . __DIR__ . '/../fixtures'); $this->assertNotNull( ApplicationDefaultCredentials::getCredentials('a scope') ); } } class SACFetchAuthTokenTest extends \PHPUnit_Framework_TestCase { private $privateKey; public function setUp() { $this->privateKey = file_get_contents(__DIR__ . '/../fixtures' . '/private.pem'); } private function createTestJson() { $testJson = createTestJson(); $testJson['private_key'] = $this->privateKey; return $testJson; } /** * @expectedException GuzzleHttp\Exception\ClientException */ public function testFailsOnClientErrors() { $testJson = $this->createTestJson(); $scope = ['scope/1', 'scope/2']; $httpHandler = getHandler([ buildResponse(400) ]); $sa = new ServiceAccountCredentials( $scope, $testJson ); $sa->fetchAuthToken($httpHandler); } /** * @expectedException GuzzleHttp\Exception\ServerException */ public function testFailsOnServerErrors() { $testJson = $this->createTestJson(); $scope = ['scope/1', 'scope/2']; $httpHandler = getHandler([ buildResponse(500) ]); $sa = new ServiceAccountCredentials( $scope, $testJson ); $sa->fetchAuthToken($httpHandler); } public function testCanFetchCredsOK() { $testJson = $this->createTestJson(); $testJsonText = json_encode($testJson); $scope = ['scope/1', 'scope/2']; $httpHandler = getHandler([ buildResponse(200, [], Psr7\stream_for($testJsonText)) ]); $sa = new ServiceAccountCredentials( $scope, $testJson ); $tokens = $sa->fetchAuthToken($httpHandler); $this->assertEquals($testJson, $tokens); } public function testUpdateMetadataFunc() { $testJson = $this->createTestJson(); $scope = ['scope/1', 'scope/2']; $access_token = 'accessToken123'; $responseText = json_encode(array('access_token' => $access_token)); $httpHandler = getHandler([ buildResponse(200, [], Psr7\stream_for($responseText)) ]); $sa = new ServiceAccountCredentials( $scope, $testJson ); $update_metadata = $sa->getUpdateMetadataFunc(); $this->assertTrue(is_callable($update_metadata)); $actual_metadata = call_user_func($update_metadata, $metadata = array('foo' => 'bar'), $authUri = null, $httpHandler); $this->assertTrue( isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY])); $this->assertEquals( $actual_metadata[CredentialsLoader::AUTH_METADATA_KEY], array('Bearer ' . $access_token)); } } class SACJwtAccessTest extends \PHPUnit_Framework_TestCase { private $privateKey; public function setUp() { $this->privateKey = file_get_contents(__DIR__ . '/../fixtures' . '/private.pem'); } private function createTestJson() { $testJson = createTestJson(); $testJson['private_key'] = $this->privateKey; return $testJson; } /** * @expectedException InvalidArgumentException */ public function testFailsOnMissingClientEmail() { $testJson = $this->createTestJson(); unset($testJson['client_email']); $sa = new ServiceAccountJwtAccessCredentials( $testJson ); } /** * @expectedException InvalidArgumentException */ public function testFailsOnMissingPrivateKey() { $testJson = $this->createTestJson(); unset($testJson['private_key']); $sa = new ServiceAccountJwtAccessCredentials( $testJson ); } public function testCanInitializeFromJson() { $testJson = $this->createTestJson(); $sa = new ServiceAccountJwtAccessCredentials( $testJson ); $this->assertNotNull($sa); } public function testNoOpOnFetchAuthToken() { $testJson = $this->createTestJson(); $sa = new ServiceAccountJwtAccessCredentials( $testJson ); $this->assertNotNull($sa); $httpHandler = getHandler([ buildResponse(200) ]); $result = $sa->fetchAuthToken($httpHandler); // authUri has not been set $this->assertNull($result); } public function testAuthUriIsNotSet() { $testJson = $this->createTestJson(); $sa = new ServiceAccountJwtAccessCredentials( $testJson ); $this->assertNotNull($sa); $update_metadata = $sa->getUpdateMetadataFunc(); $this->assertTrue(is_callable($update_metadata)); $actual_metadata = call_user_func($update_metadata, $metadata = array('foo' => 'bar'), $authUri = null); $this->assertTrue( !isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY])); } public function testUpdateMetadataFunc() { $testJson = $this->createTestJson(); $sa = new ServiceAccountJwtAccessCredentials( $testJson ); $this->assertNotNull($sa); $update_metadata = $sa->getUpdateMetadataFunc(); $this->assertTrue(is_callable($update_metadata)); $actual_metadata = call_user_func($update_metadata, $metadata = array('foo' => 'bar'), $authUri = 'https://example.com/service'); $this->assertTrue( isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY])); $authorization = $actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]; $this->assertTrue(is_array($authorization)); $bearer_token = current($authorization); $this->assertTrue(is_string($bearer_token)); $this->assertTrue(strpos($bearer_token, 'Bearer ') == 0); $this->assertTrue(strlen($bearer_token) > 30); $actual_metadata2 = call_user_func($update_metadata, $metadata = array('foo' => 'bar'), $authUri = 'https://example.com/anotherService'); $this->assertTrue( isset($actual_metadata2[CredentialsLoader::AUTH_METADATA_KEY])); $authorization2 = $actual_metadata2[CredentialsLoader::AUTH_METADATA_KEY]; $this->assertTrue(is_array($authorization2)); $bearer_token2 = current($authorization2); $this->assertTrue(is_string($bearer_token2)); $this->assertTrue(strpos($bearer_token2, 'Bearer ') == 0); $this->assertTrue(strlen($bearer_token2) > 30); $this->assertTrue($bearer_token != $bearer_token2); } } class SACJwtAccessComboTest extends \PHPUnit_Framework_TestCase { private $privateKey; public function setUp() { $this->privateKey = file_get_contents(__DIR__ . '/../fixtures' . '/private.pem'); } private function createTestJson() { $testJson = createTestJson(); $testJson['private_key'] = $this->privateKey; return $testJson; } public function testNoScopeUseJwtAccess() { $testJson = $this->createTestJson(); // no scope, jwt access should be used, no outbound // call should be made $scope = null; $sa = new ServiceAccountCredentials( $scope, $testJson ); $this->assertNotNull($sa); $update_metadata = $sa->getUpdateMetadataFunc(); $this->assertTrue(is_callable($update_metadata)); $actual_metadata = call_user_func($update_metadata, $metadata = array('foo' => 'bar'), $authUri = 'https://example.com/service'); $this->assertTrue( isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY])); $authorization = $actual_metadata[CredentialsLoader::AUTH_METADATA_KEY]; $this->assertTrue(is_array($authorization)); $bearer_token = current($authorization); $this->assertTrue(is_string($bearer_token)); $this->assertTrue(strpos($bearer_token, 'Bearer ') == 0); $this->assertTrue(strlen($bearer_token) > 30); } public function testNoScopeAndNoAuthUri() { $testJson = $this->createTestJson(); // no scope, jwt access should be used, no outbound // call should be made $scope = null; $sa = new ServiceAccountCredentials( $scope, $testJson ); $this->assertNotNull($sa); $update_metadata = $sa->getUpdateMetadataFunc(); $this->assertTrue(is_callable($update_metadata)); $actual_metadata = call_user_func($update_metadata, $metadata = array('foo' => 'bar'), $authUri = null); // no access_token is added to the metadata hash // but also, no error should be thrown $this->assertTrue(is_array($actual_metadata)); $this->assertTrue( !isset($actual_metadata[CredentialsLoader::AUTH_METADATA_KEY])); } } google-auth-library-php-0.5/tests/Credentials/UserRefreshCredentialsTest.php000066400000000000000000000134501263462304500274130ustar00rootroot00000000000000 'client123', 'client_secret' => 'clientSecret123', 'refresh_token' => 'refreshToken123', 'type' => 'authorized_user' ]; } class URCGetCacheKeyTest extends \PHPUnit_Framework_TestCase { public function testShouldBeTheSameAsOAuth2WithTheSameScope() { $testJson = createURCTestJson(); $scope = ['scope/1', 'scope/2']; $sa = new UserRefreshCredentials( $scope, $testJson); $o = new OAuth2(['scope' => $scope]); $this->assertSame( $testJson['client_id'] . ':' . $o->getCacheKey(), $sa->getCacheKey() ); } } class URCConstructorTest extends \PHPUnit_Framework_TestCase { /** * @expectedException InvalidArgumentException */ public function testShouldFailIfScopeIsNotAValidType() { $testJson = createURCTestJson(); $notAnArrayOrString = new \stdClass(); $sa = new UserRefreshCredentials( $notAnArrayOrString, $testJson ); } /** * @expectedException InvalidArgumentException */ public function testShouldFailIfJsonDoesNotHaveClientSecret() { $testJson = createURCTestJson(); unset($testJson['client_secret']); $scope = ['scope/1', 'scope/2']; $sa = new UserRefreshCredentials( $scope, $testJson ); } /** * @expectedException InvalidArgumentException */ public function testShouldFailIfJsonDoesNotHaveRefreshToken() { $testJson = createURCTestJson(); unset($testJson['refresh_token']); $scope = ['scope/1', 'scope/2']; $sa = new UserRefreshCredentials( $scope, $testJson ); } /** * @expectedException PHPUnit_Framework_Error_Warning */ public function testFailsToInitalizeFromANonExistentFile() { $keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json'; new UserRefreshCredentials('scope/1', null, $keyFile); } public function testInitalizeFromAFile() { $keyFile = __DIR__ . '/../fixtures2' . '/private.json'; $this->assertNotNull( new UserRefreshCredentials('scope/1', null, $keyFile) ); } } class URCFromEnvTest extends \PHPUnit_Framework_TestCase { protected function tearDown() { putenv(UserRefreshCredentials::ENV_VAR); // removes it from } public function testIsNullIfEnvVarIsNotSet() { $this->assertNull(UserRefreshCredentials::fromEnv('a scope')); } /** * @expectedException DomainException */ public function testFailsIfEnvSpecifiesNonExistentFile() { $keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json'; putenv(UserRefreshCredentials::ENV_VAR . '=' . $keyFile); UserRefreshCredentials::fromEnv('a scope'); } public function testSucceedIfFileExists() { $keyFile = __DIR__ . '/../fixtures2' . '/private.json'; putenv(UserRefreshCredentials::ENV_VAR . '=' . $keyFile); $this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope')); } } class URCFromWellKnownFileTest extends \PHPUnit_Framework_TestCase { private $originalHome; protected function setUp() { $this->originalHome = getenv('HOME'); } protected function tearDown() { if ($this->originalHome != getenv('HOME')) { putenv('HOME=' . $this->originalHome); } } public function testIsNullIfFileDoesNotExist() { putenv('HOME=' . __DIR__ . '/../not_exist_fixtures'); $this->assertNull( UserRefreshCredentials::fromWellKnownFile('a scope') ); } public function testSucceedIfFileIsPresent() { putenv('HOME=' . __DIR__ . '/../fixtures2'); $this->assertNotNull( ApplicationDefaultCredentials::getCredentials('a scope') ); } } class URCFetchAuthTokenTest extends \PHPUnit_Framework_TestCase { /** * @expectedException GuzzleHttp\Exception\ClientException */ public function testFailsOnClientErrors() { $testJson = createURCTestJson(); $scope = ['scope/1', 'scope/2']; $httpHandler = getHandler([ buildResponse(400) ]); $sa = new UserRefreshCredentials( $scope, $testJson ); $sa->fetchAuthToken($httpHandler); } /** * @expectedException GuzzleHttp\Exception\ServerException */ public function testFailsOnServerErrors() { $testJson = createURCTestJson(); $scope = ['scope/1', 'scope/2']; $httpHandler = getHandler([ buildResponse(500) ]); $sa = new UserRefreshCredentials( $scope, $testJson ); $sa->fetchAuthToken($httpHandler); } public function testCanFetchCredsOK() { $testJson = createURCTestJson(); $testJsonText = json_encode($testJson); $scope = ['scope/1', 'scope/2']; $httpHandler = getHandler([ buildResponse(200, [], Psr7\stream_for($testJsonText)) ]); $sa = new UserRefreshCredentials( $scope, $testJson ); $tokens = $sa->fetchAuthToken($httpHandler); $this->assertEquals($testJson, $tokens); } } google-auth-library-php-0.5/tests/HttpHandler/000077500000000000000000000000001263462304500214045ustar00rootroot00000000000000google-auth-library-php-0.5/tests/HttpHandler/Guzzle5HttpHandlerTest.php000066400000000000000000000033051263462304500264610ustar00rootroot00000000000000onlyGuzzle5(); $this->mockPsr7Request = $this ->getMockBuilder('Psr\Http\Message\RequestInterface') ->getMock(); $this->mockRequest = $this ->getMockBuilder('GuzzleHttp\Message\RequestInterface') ->getMock(); $this->mockClient = $this ->getMockBuilder('GuzzleHttp\Client') ->disableOriginalConstructor() ->getMock(); } public function testSuccessfullySendsRequest() { $this->mockClient ->expects($this->any()) ->method('send') ->will($this->returnValue(new Response(200))); $this->mockClient ->expects($this->any()) ->method('createRequest') ->will($this->returnValue($this->mockRequest)); $handler = new Guzzle5HttpHandler($this->mockClient); $response = $handler($this->mockPsr7Request); $this->assertInstanceOf('Psr\Http\Message\ResponseInterface', $response); } } google-auth-library-php-0.5/tests/HttpHandler/Guzzle6HttpHandlerTest.php000066400000000000000000000026261263462304500264670ustar00rootroot00000000000000onlyGuzzle6(); $this->mockRequest = $this ->getMockBuilder('Psr\Http\Message\RequestInterface') ->getMock(); $this->mockClient = $this ->getMockBuilder('GuzzleHttp\Client') ->getMock(); } public function testSuccessfullySendsRequest() { $this->mockClient ->expects($this->any()) ->method('send') ->will($this->returnValue(new Response(200))); $handler = new Guzzle6HttpHandler($this->mockClient); $response = $handler($this->mockRequest); $this->assertInstanceOf('Psr\Http\Message\ResponseInterface', $response); } } google-auth-library-php-0.5/tests/HttpHandler/HttpHandlerFactoryTest.php000066400000000000000000000021761263462304500265300ustar00rootroot00000000000000onlyGuzzle5(); $handler = HttpHandlerFactory::build(); $this->assertInstanceOf('Google\Auth\HttpHandler\Guzzle5HttpHandler', $handler); } public function testBuildsGuzzle6Handler() { $this->onlyGuzzle6(); $handler = HttpHandlerFactory::build(); $this->assertInstanceOf('Google\Auth\HttpHandler\Guzzle6HttpHandler', $handler); } } google-auth-library-php-0.5/tests/Middleware/000077500000000000000000000000001263462304500212445ustar00rootroot00000000000000google-auth-library-php-0.5/tests/Middleware/AuthTokenMiddlewareTest.php000066400000000000000000000151021263462304500265140ustar00rootroot00000000000000onlyGuzzle6(); $this->mockFetcher = $this ->getMockBuilder('Google\Auth\FetchAuthTokenInterface') ->getMock(); $this->mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); $this->mockRequest = $this ->getMockBuilder('GuzzleHttp\Psr7\Request') ->disableOriginalConstructor() ->getMock(); } public function testOnlyTouchesWhenAuthConfigScoped() { $this->mockFetcher ->expects($this->any()) ->method('fetchAuthToken') ->will($this->returnValue([])); $this->mockRequest ->expects($this->never()) ->method('withHeader'); $middleware = new AuthTokenMiddleware($this->mockFetcher); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'not_google_auth']); } public function testAddsTheTokenAsAnAuthorizationHeader() { $authResult = ['access_token' => '1/abcdef1234567890']; $this->mockFetcher ->expects($this->once()) ->method('fetchAuthToken') ->will($this->returnValue($authResult)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $authResult['access_token']) ->will($this->returnValue($this->mockRequest)); // Run the test. $middleware = new AuthTokenMiddleware($this->mockFetcher); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'google_auth']); } public function testDoesNotAddAnAuthorizationHeaderOnNoAccessToken() { $authResult = ['not_access_token' => '1/abcdef1234567890']; $this->mockFetcher ->expects($this->once()) ->method('fetchAuthToken') ->will($this->returnValue($authResult)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ') ->will($this->returnValue($this->mockRequest)); // Run the test. $middleware = new AuthTokenMiddleware($this->mockFetcher); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'google_auth']); } public function testUsesCachedAuthToken() { $cacheKey = 'myKey'; $cachedValue = '2/abcdef1234567890'; $this->mockCache ->expects($this->once()) ->method('get') ->with($this->equalTo($cacheKey), $this->equalTo(AuthTokenMiddleware::DEFAULT_CACHE_LIFETIME)) ->will($this->returnValue($cachedValue)); $this->mockFetcher ->expects($this->never()) ->method('fetchAuthToken'); $this->mockFetcher ->expects($this->any()) ->method('getCacheKey') ->will($this->returnValue($cacheKey)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $cachedValue) ->will($this->returnValue($this->mockRequest)); // Run the test. $middleware = new AuthTokenMiddleware($this->mockFetcher, [], $this->mockCache); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'google_auth']); } public function testGetsCachedAuthTokenUsingCacheOptions() { $prefix = 'test_prefix:'; $lifetime = '70707'; $cacheKey = 'myKey'; $cachedValue = '2/abcdef1234567890'; $this->mockCache ->expects($this->once()) ->method('get') ->with($this->equalTo($prefix . $cacheKey), $this->equalTo($lifetime)) ->will($this->returnValue($cachedValue)); $this->mockFetcher ->expects($this->never()) ->method('fetchAuthToken'); $this->mockFetcher ->expects($this->any()) ->method('getCacheKey') ->will($this->returnValue($cacheKey)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $cachedValue) ->will($this->returnValue($this->mockRequest)); // Run the test. $middleware = new AuthTokenMiddleware( $this->mockFetcher, ['prefix' => $prefix, 'lifetime' => $lifetime], $this->mockCache ); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'google_auth']); } public function testShouldSaveValueInCacheWithSpecifiedPrefix() { $token = '1/abcdef1234567890'; $authResult = ['access_token' => $token]; $cacheKey = 'myKey'; $prefix = 'test_prefix:'; $this->mockCache ->expects($this->any()) ->method('get') ->will($this->returnValue(null)); $this->mockCache ->expects($this->once()) ->method('set') ->with($this->equalTo($prefix . $cacheKey), $this->equalTo($token)) ->will($this->returnValue(false)); $this->mockFetcher ->expects($this->any()) ->method('getCacheKey') ->will($this->returnValue($cacheKey)); $this->mockFetcher ->expects($this->once()) ->method('fetchAuthToken') ->will($this->returnValue($authResult)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $token) ->will($this->returnValue($this->mockRequest)); // Run the test. $middleware = new AuthTokenMiddleware( $this->mockFetcher, ['prefix' => $prefix], $this->mockCache ); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'google_auth']); } } google-auth-library-php-0.5/tests/Middleware/ScopedAccessTokenMiddlewareTest.php000066400000000000000000000146071263462304500301630ustar00rootroot00000000000000onlyGuzzle6(); $this->mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); $this->mockRequest = $this ->getMockBuilder('GuzzleHttp\Psr7\Request') ->disableOriginalConstructor() ->getMock(); } /** * @expectedException InvalidArgumentException */ public function testRequiresScopeAsAStringOrArray() { $fakeAuthFunc = function ($unused_scopes) { return '1/abcdef1234567890'; }; new ScopedAccessTokenMiddleware($fakeAuthFunc, new \stdClass()); } public function testAddsTheTokenAsAnAuthorizationHeader() { $token = '1/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) use ($token) { return $token; }; $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $token) ->will($this->returnValue($this->mockRequest)); // Run the test $middleware = new ScopedAccessTokenMiddleware($fakeAuthFunc, self::TEST_SCOPE); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'scoped']); } public function testUsesCachedAuthToken() { $cachedValue = '2/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) { return ''; }; $this->mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue($cachedValue)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $cachedValue) ->will($this->returnValue($this->mockRequest)); // Run the test $middleware = new ScopedAccessTokenMiddleware( $fakeAuthFunc, self::TEST_SCOPE, [], $this->mockCache ); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'scoped']); } public function testGetsCachedAuthTokenUsingCacheOptions() { $prefix = 'test_prefix:'; $lifetime = '70707'; $cachedValue = '2/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) { return ''; }; $this->mockCache ->expects($this->once()) ->method('get') ->with($this->equalTo($prefix . self::TEST_SCOPE), $this->equalTo($lifetime)) ->will($this->returnValue($cachedValue)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $cachedValue) ->will($this->returnValue($this->mockRequest)); // Run the test $middleware = new ScopedAccessTokenMiddleware( $fakeAuthFunc, self::TEST_SCOPE, ['prefix' => $prefix, 'lifetime' => $lifetime], $this->mockCache ); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'scoped']); } public function testShouldSaveValueInCache() { $token = '2/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) use ($token) { return $token; }; $this->mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue(false)); $this->mockCache ->expects($this->once()) ->method('set') ->with($this->equalTo(self::TEST_SCOPE), $this->equalTo($token)) ->will($this->returnValue(false)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $token) ->will($this->returnValue($this->mockRequest)); // Run the test $middleware = new ScopedAccessTokenMiddleware( $fakeAuthFunc, self::TEST_SCOPE, [], $this->mockCache ); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'scoped']); } public function testShouldSaveValueInCacheWithSpecifiedPrefix() { $token = '2/abcdef1234567890'; $prefix = 'test_prefix:'; $fakeAuthFunc = function ($unused_scopes) use ($token) { return $token; }; $this->mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue(false)); $this->mockCache ->expects($this->once()) ->method('set') ->with($this->equalTo($prefix . self::TEST_SCOPE), $this->equalTo($token)) ->will($this->returnValue(false)); $this->mockRequest ->expects($this->once()) ->method('withHeader') ->with('Authorization', 'Bearer ' . $token) ->will($this->returnValue($this->mockRequest)); // Run the test $middleware = new ScopedAccessTokenMiddleware( $fakeAuthFunc, self::TEST_SCOPE, ['prefix' => $prefix], $this->mockCache ); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'scoped']); } public function testOnlyTouchesWhenAuthConfigScoped() { $fakeAuthFunc = function ($unused_scopes) { return '1/abcdef1234567890'; }; $this->mockRequest ->expects($this->never()) ->method('withHeader'); // Run the test $middleware = new ScopedAccessTokenMiddleware($fakeAuthFunc, self::TEST_SCOPE); $mock = new MockHandler([new Response(200)]); $callable = $middleware($mock); $callable($this->mockRequest, ['auth' => 'not_scoped']); } } google-auth-library-php-0.5/tests/Middleware/SimpleMiddlewareTest.php000066400000000000000000000021731263462304500260470ustar00rootroot00000000000000onlyGuzzle6(); $this->mockRequest = $this ->getMockBuilder('GuzzleHttp\Psr7\Request') ->disableOriginalConstructor() ->getMock(); } public function testTest() { } } google-auth-library-php-0.5/tests/OAuth2Test.php000066400000000000000000000600171263462304500216460ustar00rootroot00000000000000 'https://accounts.test.org/insecure/url', 'redirectUri' => 'https://accounts.test.org/redirect/url', 'clientId' => 'aClientID' ]; /** * @expectedException InvalidArgumentException */ public function testIsNullIfAuthorizationUriIsNull() { $o = new OAuth2([]); $this->assertNull($o->buildFullAuthorizationUri()); } /** * @expectedException InvalidArgumentException */ public function testRequiresTheClientId() { $o = new OAuth2([ 'authorizationUri' => 'https://accounts.test.org/auth/url', 'redirectUri' => 'https://accounts.test.org/redirect/url' ]); $o->buildFullAuthorizationUri(); } /** * @expectedException InvalidArgumentException */ public function testRequiresTheRedirectUri() { $o = new OAuth2([ 'authorizationUri' => 'https://accounts.test.org/auth/url', 'clientId' => 'aClientID' ]); $o->buildFullAuthorizationUri(); } /** * @expectedException InvalidArgumentException */ public function testCannotHavePromptAndApprovalPrompt() { $o = new OAuth2([ 'authorizationUri' => 'https://accounts.test.org/auth/url', 'clientId' => 'aClientID' ]); $o->buildFullAuthorizationUri([ 'approval_prompt' => 'an approval prompt', 'prompt' => 'a prompt', ]); } /** * @expectedException InvalidArgumentException */ public function testCannotHaveInsecureAuthorizationUri() { $o = new OAuth2([ 'authorizationUri' => 'http://accounts.test.org/insecure/url', 'redirectUri' => 'https://accounts.test.org/redirect/url', 'clientId' => 'aClientID' ]); $o->buildFullAuthorizationUri(); } /** * @expectedException InvalidArgumentException */ public function testCannotHaveRelativeRedirectUri() { $o = new OAuth2([ 'authorizationUri' => 'http://accounts.test.org/insecure/url', 'redirectUri' => '/redirect/url', 'clientId' => 'aClientID' ]); $o->buildFullAuthorizationUri(); } public function testHasDefaultXXXTypeParams() { $o = new OAuth2($this->minimal); $q = Psr7\parse_query($o->buildFullAuthorizationUri()->getQuery()); $this->assertEquals('code', $q['response_type']); $this->assertEquals('offline', $q['access_type']); } public function testCanBeUrlObject() { $config = array_merge($this->minimal, [ 'authorizationUri' => Psr7\uri_for('https://another/uri') ]); $o = new OAuth2($config); $this->assertEquals('/uri', $o->buildFullAuthorizationUri()->getPath()); } public function testCanOverrideParams() { $overrides = [ 'access_type' => 'o_access_type', 'client_id' => 'o_client_id', 'redirect_uri' => 'o_redirect_uri', 'response_type' => 'o_response_type', 'state' => 'o_state', ]; $config = array_merge($this->minimal, ['state' => 'the_state']); $o = new OAuth2($config); $q = Psr7\parse_query($o->buildFullAuthorizationUri($overrides)->getQuery()); $this->assertEquals('o_access_type', $q['access_type']); $this->assertEquals('o_client_id', $q['client_id']); $this->assertEquals('o_redirect_uri', $q['redirect_uri']); $this->assertEquals('o_response_type', $q['response_type']); $this->assertEquals('o_state', $q['state']); } public function testIncludesTheScope() { $with_strings = array_merge($this->minimal, ['scope' => 'scope1 scope2']); $o = new OAuth2($with_strings); $q = Psr7\parse_query($o->buildFullAuthorizationUri()->getQuery()); $this->assertEquals('scope1 scope2', $q['scope']); $with_array = array_merge($this->minimal, [ 'scope' => ['scope1', 'scope2'] ]); $o = new OAuth2($with_array); $q = Psr7\parse_query($o->buildFullAuthorizationUri()->getQuery()); $this->assertEquals('scope1 scope2', $q['scope']); } } class OAuth2GrantTypeTest extends \PHPUnit_Framework_TestCase { private $minimal = [ 'authorizationUri' => 'https://accounts.test.org/insecure/url', 'redirectUri' => 'https://accounts.test.org/redirect/url', 'clientId' => 'aClientID' ]; public function testReturnsNullIfCannotBeInferred() { $o = new OAuth2($this->minimal); $this->assertNull($o->getGrantType()); } public function testInfersAuthorizationCode() { $o = new OAuth2($this->minimal); $o->setCode('an auth code'); $this->assertEquals('authorization_code', $o->getGrantType()); } public function testInfersRefreshToken() { $o = new OAuth2($this->minimal); $o->setRefreshToken('a refresh token'); $this->assertEquals('refresh_token', $o->getGrantType()); } public function testInfersPassword() { $o = new OAuth2($this->minimal); $o->setPassword('a password'); $o->setUsername('a username'); $this->assertEquals('password', $o->getGrantType()); } public function testInfersJwtBearer() { $o = new OAuth2($this->minimal); $o->setIssuer('an issuer'); $o->setSigningKey('a key'); $this->assertEquals('urn:ietf:params:oauth:grant-type:jwt-bearer', $o->getGrantType()); } public function testSetsKnownTypes() { $o = new OAuth2($this->minimal); foreach (OAuth2::$knownGrantTypes as $t) { $o->setGrantType($t); $this->assertEquals($t, $o->getGrantType()); } } public function testSetsUrlAsGrantType() { $o = new OAuth2($this->minimal); $o->setGrantType('http://a/grant/url'); $this->assertEquals('http://a/grant/url', $o->getGrantType()); } } class OAuth2GetCacheKeyTest extends \PHPUnit_Framework_TestCase { private $minimal = [ 'clientID' => 'aClientID' ]; public function testIsNullWithNoScopes() { $o = new OAuth2($this->minimal); $this->assertNull($o->getCacheKey()); } public function testIsScopeIfSingleScope() { $o = new OAuth2($this->minimal); $o->setScope('test/scope/1'); $this->assertEquals('test/scope/1', $o->getCacheKey()); } public function testIsAllScopesWhenScopeIsArray() { $o = new OAuth2($this->minimal); $o->setScope(['test/scope/1', 'test/scope/2']); $this->assertEquals('test/scope/1:test/scope/2', $o->getCacheKey()); } } class OAuth2TimingTest extends \PHPUnit_Framework_TestCase { private $minimal = [ 'authorizationUri' => 'https://accounts.test.org/insecure/url', 'redirectUri' => 'https://accounts.test.org/redirect/url', 'clientId' => 'aClientID' ]; public function testIssuedAtDefaultsToNull() { $o = new OAuth2($this->minimal); $this->assertNull($o->getIssuedAt()); } public function testExpiresAtDefaultsToNull() { $o = new OAuth2($this->minimal); $this->assertNull($o->getExpiresAt()); } public function testExpiresInDefaultsToNull() { $o = new OAuth2($this->minimal); $this->assertNull($o->getExpiresIn()); } public function testSettingExpiresInSetsIssuedAt() { $o = new OAuth2($this->minimal); $this->assertNull($o->getIssuedAt()); $aShortWhile = 5; $o->setExpiresIn($aShortWhile); $this->assertEquals($aShortWhile, $o->getExpiresIn()); $this->assertNotNull($o->getIssuedAt()); } public function testSettingExpiresInSetsExpireAt() { $o = new OAuth2($this->minimal); $this->assertNull($o->getExpiresAt()); $aShortWhile = 5; $o->setExpiresIn($aShortWhile); $this->assertNotNull($o->getExpiresAt()); $this->assertEquals($aShortWhile, $o->getExpiresAt() - $o->getIssuedAt()); } public function testIsNotExpiredByDefault() { $o = new OAuth2($this->minimal); $this->assertFalse($o->isExpired()); } public function testIsNotExpiredIfExpiresAtIsOld() { $o = new OAuth2($this->minimal); $o->setExpiresAt(time() - 2); $this->assertTrue($o->isExpired()); } } class OAuth2GeneralTest extends \PHPUnit_Framework_TestCase { private $minimal = [ 'authorizationUri' => 'https://accounts.test.org/insecure/url', 'redirectUri' => 'https://accounts.test.org/redirect/url', 'clientId' => 'aClientID' ]; /** * @expectedException InvalidArgumentException */ public function testFailsOnUnknownSigningAlgorithm() { $o = new OAuth2($this->minimal); $o->setSigningAlgorithm('this is definitely not an algorithm name'); } public function testAllowsKnownSigningAlgorithms() { $o = new OAuth2($this->minimal); foreach (OAuth2::$knownSigningAlgorithms as $a) { $o->setSigningAlgorithm($a); $this->assertEquals($a, $o->getSigningAlgorithm()); } } /** * @expectedException InvalidArgumentException */ public function testFailsOnRelativeRedirectUri() { $o = new OAuth2($this->minimal); $o->setRedirectUri('/relative/url'); } public function testAllowsUrnRedirectUri() { $urn = 'urn:ietf:wg:oauth:2.0:oob'; $o = new OAuth2($this->minimal); $o->setRedirectUri($urn); $this->assertEquals($urn, $o->getRedirectUri()); } } class OAuth2JwtTest extends \PHPUnit_Framework_TestCase { private $signingMinimal = [ 'signingKey' => 'example_key', 'signingAlgorithm' => 'HS256', 'scope' => 'https://www.googleapis.com/auth/userinfo.profile', 'issuer' => 'app@example.com', 'audience' => 'accounts.google.com', 'clientId' => 'aClientID' ]; /** * @expectedException DomainException */ public function testFailsWithMissingAudience() { $testConfig = $this->signingMinimal; unset($testConfig['audience']); $o = new OAuth2($testConfig); $o->toJwt(); } /** * @expectedException DomainException */ public function testFailsWithMissingIssuer() { $testConfig = $this->signingMinimal; unset($testConfig['issuer']); $o = new OAuth2($testConfig); $o->toJwt(); } /** */ public function testCanHaveNoScope() { $testConfig = $this->signingMinimal; unset($testConfig['scope']); $o = new OAuth2($testConfig); $o->toJwt(); } /** * @expectedException DomainException */ public function testFailsWithMissingSigningKey() { $testConfig = $this->signingMinimal; unset($testConfig['signingKey']); $o = new OAuth2($testConfig); $o->toJwt(); } /** * @expectedException DomainException */ public function testFailsWithMissingSigningAlgorithm() { $testConfig = $this->signingMinimal; unset($testConfig['signingAlgorithm']); $o = new OAuth2($testConfig); $o->toJwt(); } public function testCanHS256EncodeAValidPayload() { $testConfig = $this->signingMinimal; $o = new OAuth2($testConfig); $payload = $o->toJwt(); $roundTrip = $this->jwtDecode($payload, $testConfig['signingKey'], array('HS256')) ; $this->assertEquals($roundTrip->iss, $testConfig['issuer']); $this->assertEquals($roundTrip->aud, $testConfig['audience']); $this->assertEquals($roundTrip->scope, $testConfig['scope']); } public function testCanRS256EncodeAValidPayload() { $publicKey = file_get_contents(__DIR__ . '/fixtures' . '/public.pem'); $privateKey = file_get_contents(__DIR__ . '/fixtures' . '/private.pem'); $testConfig = $this->signingMinimal; $o = new OAuth2($testConfig); $o->setSigningAlgorithm('RS256'); $o->setSigningKey($privateKey); $payload = $o->toJwt(); $roundTrip = $this->jwtDecode($payload, $publicKey, array('RS256')) ; $this->assertEquals($roundTrip->iss, $testConfig['issuer']); $this->assertEquals($roundTrip->aud, $testConfig['audience']); $this->assertEquals($roundTrip->scope, $testConfig['scope']); } private function jwtDecode() { $args = func_get_args(); $class = 'JWT'; if (class_exists('Firebase\JWT\JWT')) { $class = 'Firebase\JWT\JWT'; } return call_user_func_array("$class::decode", $args); } } class OAuth2GenerateAccessTokenRequestTest extends \PHPUnit_Framework_TestCase { private $tokenRequestMinimal = [ 'tokenCredentialUri' => 'https://tokens_r_us/test', 'scope' => 'https://www.googleapis.com/auth/userinfo.profile', 'issuer' => 'app@example.com', 'audience' => 'accounts.google.com', 'clientId' => 'aClientID' ]; /** * @expectedException DomainException */ public function testFailsIfNoTokenCredentialUri() { $testConfig = $this->tokenRequestMinimal; unset($testConfig['tokenCredentialUri']); $o = new OAuth2($testConfig); $o->generateCredentialsRequest(); } /** * @expectedException DomainException */ public function testFailsIfAuthorizationCodeIsMissing() { $testConfig = $this->tokenRequestMinimal; $testConfig['redirectUri'] = 'https://has/redirect/uri'; $o = new OAuth2($testConfig); $o->generateCredentialsRequest(); } public function testGeneratesAuthorizationCodeRequests() { $testConfig = $this->tokenRequestMinimal; $testConfig['redirectUri'] = 'https://has/redirect/uri'; $o = new OAuth2($testConfig); $o->setCode('an_auth_code'); // Generate the request and confirm that it's correct. $req = $o->generateCredentialsRequest(); $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req); $this->assertEquals('POST', $req->getMethod()); $fields = Psr7\parse_query((string) $req->getBody()); $this->assertEquals('authorization_code', $fields['grant_type']); $this->assertEquals('an_auth_code', $fields['code']); } public function testGeneratesPasswordRequests() { $testConfig = $this->tokenRequestMinimal; $o = new OAuth2($testConfig); $o->setUsername('a_username'); $o->setPassword('a_password'); // Generate the request and confirm that it's correct. $req = $o->generateCredentialsRequest(); $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req); $this->assertEquals('POST', $req->getMethod()); $fields = Psr7\parse_query((string) $req->getBody()); $this->assertEquals('password', $fields['grant_type']); $this->assertEquals('a_password', $fields['password']); $this->assertEquals('a_username', $fields['username']); } public function testGeneratesRefreshTokenRequests() { $testConfig = $this->tokenRequestMinimal; $o = new OAuth2($testConfig); $o->setRefreshToken('a_refresh_token'); // Generate the request and confirm that it's correct. $req = $o->generateCredentialsRequest(); $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req); $this->assertEquals('POST', $req->getMethod()); $fields = Psr7\parse_query((string) $req->getBody()); $this->assertEquals('refresh_token', $fields['grant_type']); $this->assertEquals('a_refresh_token', $fields['refresh_token']); } public function testClientSecretAddedIfSetForAuthorizationCodeRequests() { $testConfig = $this->tokenRequestMinimal; $testConfig['clientSecret'] = 'a_client_secret'; $testConfig['redirectUri'] = 'https://has/redirect/uri'; $o = new OAuth2($testConfig); $o->setCode('an_auth_code'); $request = $o->generateCredentialsRequest(); $fields = Psr7\parse_query((string) $request->getBody()); $this->assertEquals('a_client_secret', $fields['client_secret']); } public function testClientSecretAddedIfSetForRefreshTokenRequests() { $testConfig = $this->tokenRequestMinimal; $testConfig['clientSecret'] = 'a_client_secret'; $o = new OAuth2($testConfig); $o->setRefreshToken('a_refresh_token'); $request = $o->generateCredentialsRequest(); $fields = Psr7\parse_query((string) $request->getBody()); $this->assertEquals('a_client_secret', $fields['client_secret']); } public function testClientSecretAddedIfSetForPasswordRequests() { $testConfig = $this->tokenRequestMinimal; $testConfig['clientSecret'] = 'a_client_secret'; $o = new OAuth2($testConfig); $o->setUsername('a_username'); $o->setPassword('a_password'); $request = $o->generateCredentialsRequest(); $fields = Psr7\parse_query((string) $request->getBody()); $this->assertEquals('a_client_secret', $fields['client_secret']); } public function testGeneratesAssertionRequests() { $testConfig = $this->tokenRequestMinimal; $o = new OAuth2($testConfig); $o->setSigningKey('a_key'); $o->setSigningAlgorithm('HS256'); // Generate the request and confirm that it's correct. $req = $o->generateCredentialsRequest(); $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req); $this->assertEquals('POST', $req->getMethod()); $fields = Psr7\parse_query((string) $req->getBody()); $this->assertEquals(OAuth2::JWT_URN, $fields['grant_type']); $this->assertTrue(array_key_exists('assertion', $fields)); } public function testGeneratesExtendedRequests() { $testConfig = $this->tokenRequestMinimal; $o = new OAuth2($testConfig); $o->setGrantType('urn:my_test_grant_type'); $o->setExtensionParams(['my_param' => 'my_value']); // Generate the request and confirm that it's correct. $req = $o->generateCredentialsRequest(); $this->assertInstanceOf('Psr\Http\Message\RequestInterface', $req); $this->assertEquals('POST', $req->getMethod()); $fields = Psr7\parse_query((string) $req->getBody()); $this->assertEquals('my_value', $fields['my_param']); $this->assertEquals('urn:my_test_grant_type', $fields['grant_type']); } } class OAuth2FetchAuthTokenTest extends \PHPUnit_Framework_TestCase { private $fetchAuthTokenMinimal = [ 'tokenCredentialUri' => 'https://tokens_r_us/test', 'scope' => 'https://www.googleapis.com/auth/userinfo.profile', 'signingKey' => 'example_key', 'signingAlgorithm' => 'HS256', 'issuer' => 'app@example.com', 'audience' => 'accounts.google.com', 'clientId' => 'aClientID' ]; /** * @expectedException GuzzleHttp\Exception\ClientException */ public function testFailsOn400() { $testConfig = $this->fetchAuthTokenMinimal; $httpHandler = getHandler([ buildResponse(400) ]); $o = new OAuth2($testConfig); $o->fetchAuthToken($httpHandler); } /** * @expectedException GuzzleHttp\Exception\ServerException */ public function testFailsOn500() { $testConfig = $this->fetchAuthTokenMinimal; $httpHandler = getHandler([ buildResponse(500) ]); $o = new OAuth2($testConfig); $o->fetchAuthToken($httpHandler); } /** * @expectedException Exception * @expectedExceptionMessage Invalid JSON response */ public function testFailsOnNoContentTypeIfResponseIsNotJSON() { $testConfig = $this->fetchAuthTokenMinimal; $notJson = '{"foo": , this is cannot be passed as json" "bar"}'; $httpHandler = getHandler([ buildResponse(200, [], Psr7\stream_for($notJson)) ]); $o = new OAuth2($testConfig); $o->fetchAuthToken($httpHandler); } public function testFetchesJsonResponseOnNoContentTypeOK() { $testConfig = $this->fetchAuthTokenMinimal; $json = '{"foo": "bar"}'; $httpHandler = getHandler([ buildResponse(200, [], Psr7\stream_for($json)) ]); $o = new OAuth2($testConfig); $tokens = $o->fetchAuthToken($httpHandler); $this->assertEquals($tokens['foo'], 'bar'); } public function testFetchesFromFormEncodedResponseOK() { $testConfig = $this->fetchAuthTokenMinimal; $json = 'foo=bar&spice=nice'; $httpHandler = getHandler([ buildResponse( 200, ['Content-Type' => 'application/x-www-form-urlencoded'], Psr7\stream_for($json) ) ]); $o = new OAuth2($testConfig); $tokens = $o->fetchAuthToken($httpHandler); $this->assertEquals($tokens['foo'], 'bar'); $this->assertEquals($tokens['spice'], 'nice'); } public function testUpdatesTokenFieldsOnFetch() { $testConfig = $this->fetchAuthTokenMinimal; $wanted_updates = [ 'expires_at' => '1', 'expires_in' => '57', 'issued_at' => '2', 'access_token' => 'an_access_token', 'id_token' => 'an_id_token', 'refresh_token' => 'a_refresh_token', ]; $json = json_encode($wanted_updates); $httpHandler = getHandler([ buildResponse(200, [], Psr7\stream_for($json)) ]); $o = new OAuth2($testConfig); $this->assertNull($o->getExpiresAt()); $this->assertNull($o->getExpiresIn()); $this->assertNull($o->getIssuedAt()); $this->assertNull($o->getAccessToken()); $this->assertNull($o->getIdToken()); $this->assertNull($o->getRefreshToken()); $tokens = $o->fetchAuthToken($httpHandler); $this->assertEquals(1, $o->getExpiresAt()); $this->assertEquals(57, $o->getExpiresIn()); $this->assertEquals(2, $o->getIssuedAt()); $this->assertEquals('an_access_token', $o->getAccessToken()); $this->assertEquals('an_id_token', $o->getIdToken()); $this->assertEquals('a_refresh_token', $o->getRefreshToken()); } } class OAuth2VerifyIdTokenTest extends \PHPUnit_Framework_TestCase { private $publicKey; private $privateKey; private $verifyIdTokenMinimal = [ 'scope' => 'https://www.googleapis.com/auth/userinfo.profile', 'audience' => 'myaccount.on.host.issuer.com', 'issuer' => 'an.issuer.com', 'clientId' => 'myaccount.on.host.issuer.com' ]; public function setUp() { $this->publicKey = file_get_contents(__DIR__ . '/fixtures' . '/public.pem'); $this->privateKey = file_get_contents(__DIR__ . '/fixtures' . '/private.pem'); } /** * @expectedException UnexpectedValueException */ public function testFailsIfIdTokenIsInvalid() { $testConfig = $this->verifyIdTokenMinimal; $not_a_jwt = 'not a jot'; $o = new OAuth2($testConfig); $o->setIdToken($not_a_jwt); $o->verifyIdToken($this->publicKey); } /** * @expectedException DomainException */ public function testFailsIfAudienceIsMissing() { $testConfig = $this->verifyIdTokenMinimal; $now = time(); $origIdToken = [ 'issuer' => $testConfig['issuer'], 'exp' => $now + 65, // arbitrary 'iat' => $now, ]; $o = new OAuth2($testConfig); $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, 'RS256'); $o->setIdToken($jwtIdToken); $o->verifyIdToken($this->publicKey); } /** * @expectedException DomainException */ public function testFailsIfAudienceIsWrong() { $now = time(); $testConfig = $this->verifyIdTokenMinimal; $origIdToken = [ 'aud' => 'a different audience', 'iss' => $testConfig['issuer'], 'exp' => $now + 65, // arbitrary 'iat' => $now, ]; $o = new OAuth2($testConfig); $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, 'RS256'); $o->setIdToken($jwtIdToken); $o->verifyIdToken($this->publicKey); } public function testShouldReturnAValidIdToken() { $testConfig = $this->verifyIdTokenMinimal; $now = time(); $origIdToken = [ 'aud' => $testConfig['audience'], 'iss' => $testConfig['issuer'], 'exp' => $now + 65, // arbitrary 'iat' => $now, ]; $o = new OAuth2($testConfig); $alg = 'RS256'; $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, $alg); $o->setIdToken($jwtIdToken); $roundTrip = $o->verifyIdToken($this->publicKey, array($alg)); $this->assertEquals($origIdToken['aud'], $roundTrip->aud); } private function jwtEncode() { $args = func_get_args(); $class = 'JWT'; if (class_exists('Firebase\JWT\JWT')) { $class = 'Firebase\JWT\JWT'; } return call_user_func_array("$class::encode", $args); } } google-auth-library-php-0.5/tests/Subscriber/000077500000000000000000000000001263462304500212725ustar00rootroot00000000000000google-auth-library-php-0.5/tests/Subscriber/AuthTokenSubscriberTest.php000066400000000000000000000153741263462304500266030ustar00rootroot00000000000000onlyGuzzle5(); $this->mockFetcher = $this ->getMockBuilder('Google\Auth\FetchAuthTokenInterface') ->getMock(); $this->mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); } public function testSubscribesToEvents() { $a = new AuthTokenSubscriber($this->mockFetcher, array()); $this->assertArrayHasKey('before', $a->getEvents()); } public function testOnlyTouchesWhenAuthConfigScoped() { $s = new AuthTokenSubscriber($this->mockFetcher, array()); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'not_google_auth']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame($request->getHeader('Authorization'), ''); } public function testAddsTheTokenAsAnAuthorizationHeader() { $authResult = ['access_token' => '1/abcdef1234567890']; $this->mockFetcher ->expects($this->once()) ->method('fetchAuthToken') ->will($this->returnValue($authResult)); // Run the test. $a = new AuthTokenSubscriber($this->mockFetcher, array()); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'google_auth']); $before = new BeforeEvent(new Transaction($client, $request)); $a->onBefore($before); $this->assertSame($request->getHeader('Authorization'), 'Bearer 1/abcdef1234567890'); } public function testDoesNotAddAnAuthorizationHeaderOnNoAccessToken() { $authResult = ['not_access_token' => '1/abcdef1234567890']; $this->mockFetcher ->expects($this->once()) ->method('fetchAuthToken') ->will($this->returnValue($authResult)); // Run the test. $a = new AuthTokenSubscriber($this->mockFetcher, array()); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'google_auth']); $before = new BeforeEvent(new Transaction($client, $request)); $a->onBefore($before); $this->assertSame($request->getHeader('Authorization'), ''); } public function testUsesCachedAuthToken() { $cacheKey = 'myKey'; $cachedValue = '2/abcdef1234567890'; $this->mockCache ->expects($this->once()) ->method('get') ->with($this->equalTo($cacheKey), $this->equalTo(AuthTokenSubscriber::DEFAULT_CACHE_LIFETIME)) ->will($this->returnValue($cachedValue)); $this->mockFetcher ->expects($this->never()) ->method('fetchAuthToken'); $this->mockFetcher ->expects($this->any()) ->method('getCacheKey') ->will($this->returnValue($cacheKey)); // Run the test. $a = new AuthTokenSubscriber($this->mockFetcher, array(), $this->mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'google_auth']); $before = new BeforeEvent(new Transaction($client, $request)); $a->onBefore($before); $this->assertSame($request->getHeader('Authorization'), 'Bearer 2/abcdef1234567890'); } public function testGetsCachedAuthTokenUsingCacheOptions() { $prefix = 'test_prefix:'; $lifetime = '70707'; $cacheKey = 'myKey'; $cachedValue = '2/abcdef1234567890'; $this->mockCache ->expects($this->once()) ->method('get') ->with($this->equalTo($prefix . $cacheKey), $this->equalTo($lifetime)) ->will($this->returnValue($cachedValue)); $this->mockFetcher ->expects($this->never()) ->method('fetchAuthToken'); $this->mockFetcher ->expects($this->any()) ->method('getCacheKey') ->will($this->returnValue($cacheKey)); // Run the test $a = new AuthTokenSubscriber($this->mockFetcher, array('prefix' => $prefix, 'lifetime' => $lifetime), $this->mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'google_auth']); $before = new BeforeEvent(new Transaction($client, $request)); $a->onBefore($before); $this->assertSame($request->getHeader('Authorization'), 'Bearer 2/abcdef1234567890'); } public function testShouldSaveValueInCacheWithSpecifiedPrefix() { $token = '1/abcdef1234567890'; $authResult = ['access_token' => $token]; $cacheKey = 'myKey'; $prefix = 'test_prefix:'; $this->mockCache ->expects($this->any()) ->method('get') ->will($this->returnValue(null)); $this->mockCache ->expects($this->once()) ->method('set') ->with($this->equalTo($prefix . $cacheKey), $this->equalTo($token)) ->will($this->returnValue(false)); $this->mockFetcher ->expects($this->any()) ->method('getCacheKey') ->will($this->returnValue($cacheKey)); $this->mockFetcher ->expects($this->once()) ->method('fetchAuthToken') ->will($this->returnValue($authResult)); // Run the test $a = new AuthTokenSubscriber($this->mockFetcher, array('prefix' => $prefix), $this->mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'google_auth']); $before = new BeforeEvent(new Transaction($client, $request)); $a->onBefore($before); $this->assertSame($request->getHeader('Authorization'), 'Bearer 1/abcdef1234567890'); } } google-auth-library-php-0.5/tests/Subscriber/ScopedAccessTokenSubscriberTest.php000066400000000000000000000157361263462304500302430ustar00rootroot00000000000000onlyGuzzle5(); } /** * @expectedException InvalidArgumentException */ public function testRequiresScopeAsAStringOrArray() { $fakeAuthFunc = function ($unused_scopes) { return '1/abcdef1234567890'; }; new ScopedAccessTokenSubscriber($fakeAuthFunc, new \stdClass(), array()); } public function testSubscribesToEvents() { $fakeAuthFunc = function ($unused_scopes) { return '1/abcdef1234567890'; }; $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array()); $this->assertArrayHasKey('before', $s->getEvents()); } public function testAddsTheTokenAsAnAuthorizationHeader() { $fakeAuthFunc = function ($unused_scopes) { return '1/abcdef1234567890'; }; $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array()); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'scoped']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame( 'Bearer 1/abcdef1234567890', $request->getHeader('Authorization') ); } public function testUsesCachedAuthToken() { $cachedValue = '2/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) { return ''; }; $mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); $mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue($cachedValue)); // Run the test $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array(), $mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'scoped']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame( 'Bearer 2/abcdef1234567890', $request->getHeader('Authorization') ); } public function testGetsCachedAuthTokenUsingCacheOptions() { $prefix = 'test_prefix:'; $lifetime = '70707'; $cachedValue = '2/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) { return ''; }; $mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); $mockCache ->expects($this->once()) ->method('get') ->with($this->equalTo($prefix . self::TEST_SCOPE), $this->equalTo($lifetime)) ->will($this->returnValue($cachedValue)); // Run the test $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array('prefix' => $prefix, 'lifetime' => $lifetime), $mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'scoped']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame( 'Bearer 2/abcdef1234567890', $request->getHeader('Authorization') ); } public function testShouldSaveValueInCache() { $token = '2/abcdef1234567890'; $fakeAuthFunc = function ($unused_scopes) { return '2/abcdef1234567890'; }; $mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); $mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue(false)); $mockCache ->expects($this->once()) ->method('set') ->with($this->equalTo(self::TEST_SCOPE), $this->equalTo($token)) ->will($this->returnValue(false)); $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array(), $mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'scoped']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame( 'Bearer 2/abcdef1234567890', $request->getHeader('Authorization') ); } public function testShouldSaveValueInCacheWithSpecifiedPrefix() { $token = '2/abcdef1234567890'; $prefix = 'test_prefix:'; $fakeAuthFunc = function ($unused_scopes) { return '2/abcdef1234567890'; }; $mockCache = $this ->getMockBuilder('Google\Auth\CacheInterface') ->getMock(); $mockCache ->expects($this->once()) ->method('get') ->will($this->returnValue(false)); $mockCache ->expects($this->once()) ->method('set') ->with($this->equalTo($prefix . self::TEST_SCOPE), $this->equalTo($token)) ->will($this->returnValue(false)); // Run the test $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array('prefix' => $prefix), $mockCache); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'scoped']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame( 'Bearer 2/abcdef1234567890', $request->getHeader('Authorization') ); } public function testOnlyTouchesWhenAuthConfigScoped() { $fakeAuthFunc = function ($unused_scopes) { return '1/abcdef1234567890'; }; $s = new ScopedAccessTokenSubscriber($fakeAuthFunc, self::TEST_SCOPE, array()); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'notscoped']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertSame('', $request->getHeader('Authorization')); } } google-auth-library-php-0.5/tests/Subscriber/SimpleSubscriberTest.php000066400000000000000000000042061263462304500261220ustar00rootroot00000000000000onlyGuzzle5(); } /** * @expectedException InvalidArgumentException */ public function testRequiresADeveloperKey() { new SimpleSubscriber(['not_key' => 'a test key']); } public function testSubscribesToEvents() { $events = (new SimpleSubscriber(['key' => 'a test key']))->getEvents(); $this->assertArrayHasKey('before', $events); } public function testAddsTheKeyToTheQuery() { $s = new SimpleSubscriber(['key' => 'test_key']); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'simple']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertCount(1, $request->getQuery()); $this->assertTrue($request->getQuery()->hasKey('key')); $this->assertSame($request->getQuery()->get('key'), 'test_key'); } public function testOnlyTouchesWhenAuthConfigIsSimple() { $s = new SimpleSubscriber(['key' => 'test_key']); $client = new Client(); $request = $client->createRequest('GET', 'http://testing.org', ['auth' => 'notsimple']); $before = new BeforeEvent(new Transaction($client, $request)); $s->onBefore($before); $this->assertCount(0, $request->getQuery()); } } google-auth-library-php-0.5/tests/bootstrap.php000066400000000000000000000031721263462304500217200ustar00rootroot00000000000000 $handler]); return new \Google\Auth\HttpHandler\Guzzle6HttpHandler($client); } $client = new \GuzzleHttp\Client(); $client->getEmitter()->attach( new \GuzzleHttp\Subscriber\Mock($mockResponses) ); return new \Google\Auth\HttpHandler\Guzzle5HttpHandler($client); } google-auth-library-php-0.5/tests/fixtures/000077500000000000000000000000001263462304500210405ustar00rootroot00000000000000google-auth-library-php-0.5/tests/fixtures/.config/000077500000000000000000000000001263462304500223635ustar00rootroot00000000000000google-auth-library-php-0.5/tests/fixtures/.config/gcloud/000077500000000000000000000000001263462304500236405ustar00rootroot00000000000000google-auth-library-php-0.5/tests/fixtures/.config/gcloud/application_default_credentials.json000066400000000000000000000002421263462304500331150ustar00rootroot00000000000000{ "private_key_id": "key123", "private_key": "privatekey", "client_email": "hello@youarecool.com", "client_id": "client123", "type": "service_account" }google-auth-library-php-0.5/tests/fixtures/private.json000066400000000000000000000002421263462304500234030ustar00rootroot00000000000000{ "private_key_id": "key123", "private_key": "privatekey", "client_email": "hello@youarecool.com", "client_id": "client123", "type": "service_account" }google-auth-library-php-0.5/tests/fixtures/private.pem000066400000000000000000000015671263462304500232260ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDzU+jLTzW6154Joezxrd2+5pCNYP0HcaMoYqEyXfNRpkNE7wrQ UEG830o4Qcaae2BhqZoujwSW7RkR6h0Fkd0WTR8h5J8rSGNHv/1jJoUUjP9iZ/5S FAyIIyEYfDPqtnA4iF1QWO2lXWlEFSuZjwM/8jBmeGzoiw17akNThIw8NwIDAQAB AoGATpboVloEAY/IdFX/QGOmfhTb1T3hG3lheBa695iOkO2BRo9qT7PMN6NqxlbA PX7ht0lfCfCZS+HSOg4CR50/6WXHMSmwlvcjGuDIDKWjviQTTYE77MlVBQHw9WzY PfiRBbtouyPGQtO4rk42zkIILC6exBZ1vKpRPOmTAnxrjCECQQD+56r6hYcS6GNp NOWyv0eVFMBX4iNWAsRf9JVVvGDz2rVuhnkNiN73vfffDWvSXkCydL1jFmalgdQD gm77UZQHAkEA9F+CauU0aZsJ1SthQ6H0sDQ+eNRUgnz4itnkSC2C20fZ3DaSpCMC 0go81CcZOhftNO730ILqiS67C3d3rqLqUQJBAP10ROHMmz4Fq7MUUcClyPtHIuk/ hXskTTZL76DMKmrN8NDxDLSUf38+eJRkt+z4osPOp/E6eN3gdXr32nox50kCQCl8 hXGMU+eR0IuF/88xkY7Qb8KnmWlFuhQohZ7TSyHbAttl0GNZJkNuRYFm2duI8FZK M3wMnbCIZGy/7WuScOECQQCV+0yrf5dL1M2GHjJfwuTb00wRKalKQEH1v/kvE5vS FmdN7BPK5Ra50MaecMNoYqu9rmtyWRBn93dcvKrL57nY -----END RSA PRIVATE KEY----- google-auth-library-php-0.5/tests/fixtures/public.pem000066400000000000000000000004201263462304500230150ustar00rootroot00000000000000-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzU+jLTzW6154Joezxrd2+5pCN YP0HcaMoYqEyXfNRpkNE7wrQUEG830o4Qcaae2BhqZoujwSW7RkR6h0Fkd0WTR8h 5J8rSGNHv/1jJoUUjP9iZ/5SFAyIIyEYfDPqtnA4iF1QWO2lXWlEFSuZjwM/8jBm eGzoiw17akNThIw8NwIDAQAB -----END PUBLIC KEY----- google-auth-library-php-0.5/tests/fixtures2/000077500000000000000000000000001263462304500211225ustar00rootroot00000000000000google-auth-library-php-0.5/tests/fixtures2/.config/000077500000000000000000000000001263462304500224455ustar00rootroot00000000000000google-auth-library-php-0.5/tests/fixtures2/.config/gcloud/000077500000000000000000000000001263462304500237225ustar00rootroot00000000000000google-auth-library-php-0.5/tests/fixtures2/.config/gcloud/application_default_credentials.json000066400000000000000000000002101263462304500331720ustar00rootroot00000000000000{ "client_id": "client123", "client_secret": "clientSecret123", "refresh_token": "refreshToken123", "type": "authorized_user" } google-auth-library-php-0.5/tests/fixtures2/private.json000066400000000000000000000002101263462304500234600ustar00rootroot00000000000000{ "client_id": "client123", "client_secret": "clientSecret123", "refresh_token": "refreshToken123", "type": "authorized_user" } google-auth-library-php-0.5/tests/mocks/000077500000000000000000000000001263462304500203035ustar00rootroot00000000000000google-auth-library-php-0.5/tests/mocks/AppIdentityService.php000066400000000000000000000005151263462304500245700ustar00rootroot00000000000000 'xyz', 'expiration_time' => '2147483646', ); public static function getAccessToken($scope) { self::$scope = $scope; return self::$accessToken; } }