From 9333bea87be96d24b5eefa3fef60dddf2d8d3f54 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Wed, 19 Oct 2022 20:00:03 -0500 Subject: [PATCH] Configuration validator improvements (#657) * Configuration validator improvements * Adjust type in cookieSecure state check --- src/Configuration/SdkConfiguration.php | 346 +++++++++--------- src/Configuration/SdkState.php | 63 +++- src/Mixins/ConfigurableMixin.php | 73 +++- tests/Unit/API/AuthenticationTest.php | 2 +- .../API/Management/ManagementEndpointTest.php | 2 +- .../Configuration/SdkConfigurationTest.php | 26 +- tests/Unit/Store/CookieStoreTest.php | 6 +- tests/Unit/Store/Psr14StoreTest.php | 2 +- tests/Unit/Token/ParserTest.php | 2 +- tests/Unit/TokenTest.php | 2 +- tests/Unit/Utility/EventDispatcherTest.php | 2 +- tests/Unit/Utility/HttpRequestTest.php | 2 +- .../Utility/TransientStoreHandlerTest.php | 3 +- 13 files changed, 315 insertions(+), 216 deletions(-) diff --git a/src/Configuration/SdkConfiguration.php b/src/Configuration/SdkConfiguration.php index 6c065d26..f460755b 100644 --- a/src/Configuration/SdkConfiguration.php +++ b/src/Configuration/SdkConfiguration.php @@ -102,7 +102,7 @@ public function __construct( private array $scope = ['openid', 'profile', 'email'], private string $responseMode = 'query', private string $responseType = 'code', - private string $tokenAlgorithm = 'RS256', + private string $tokenAlgorithm = Token::ALGO_RS256, private ?string $tokenJwksUri = null, private ?int $tokenMaxAge = null, private int $tokenLeeway = 60, @@ -134,11 +134,10 @@ public function __construct( private ?ListenerProviderInterface $eventListenerProvider = null ) { if (null !== $configuration && [] !== $configuration) { - $configuration = $this->filterArrayMixed($configuration, true) ?? []; - $this->applyConfigurationState($configuration); + $this->applyConfiguration($configuration); } - $this->validateNamedParameters(); + $this->validateProperties(); $this->setupStateCookies(); $this->setupStateFactories(); @@ -190,6 +189,10 @@ public function pushAudience(array|string $audiences): ?array public function setCookieDomain(?string $cookieDomain): self { + if (null !== $cookieDomain && '' === trim($cookieDomain)) { + $cookieDomain = null; + } + $this->cookieDomain = $cookieDomain; return $this; } @@ -207,6 +210,10 @@ public function hasCookieDomain(): bool public function setCookieExpires(int $cookieExpires = 0): self { + if ($cookieExpires < 0) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('cookieExpires'); + } + $this->cookieExpires = $cookieExpires; return $this; } @@ -223,6 +230,10 @@ public function hasCookieExpires(): bool public function setCookiePath(string $cookiePath = '/'): self { + if ('' === trim($cookiePath)) { + $cookiePath = '/'; + } + $this->cookiePath = $cookiePath; return $this; } @@ -239,6 +250,10 @@ public function hasCookiePath(): bool public function setCookieSameSite(?string $cookieSameSite): self { + if (null !== $cookieSameSite && '' === trim($cookieSameSite)) { + $cookieSameSite = null; + } + $this->cookieSameSite = $cookieSameSite; return $this; } @@ -256,6 +271,10 @@ public function hasCookieSameSite(): bool public function setCookieSecret(?string $cookieSecret): self { + if (null !== $cookieSecret && '' === trim($cookieSecret)) { + $cookieSecret = null; + } + $this->cookieSecret = $cookieSecret; return $this; } @@ -289,6 +308,10 @@ public function hasCookieSecure(): bool public function setClientId(?string $clientId = null): self { + if (null !== $clientId && '' === trim($clientId)) { + $clientId = null; + } + $this->clientId = $clientId; return $this; } @@ -306,6 +329,10 @@ public function hasClientId(): bool public function setClientSecret(?string $clientSecret = null): self { + if (null !== $clientSecret && '' === trim($clientSecret)) { + $clientSecret = null; + } + $this->clientSecret = $clientSecret; return $this; } @@ -407,6 +434,10 @@ public function hasHttpClient(): bool public function setHttpMaxRetries(int $httpMaxRetries = 3): self { + if ($httpMaxRetries < 0) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('httpMaxRetries'); + } + $this->httpMaxRetries = $httpMaxRetries; return $this; } @@ -490,6 +521,10 @@ public function hasHttpTelemetry(): bool public function setManagementToken(?string $managementToken = null): self { + if (null !== $managementToken && '' === trim($managementToken)) { + $managementToken = null; + } + $this->managementToken = $managementToken; return $this; } @@ -660,6 +695,10 @@ public function hasRedirectUri(): bool public function setResponseMode(string $responseMode = 'query'): self { + if ('' === trim($responseMode)) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('responseMode'); + } + $this->responseMode = $responseMode; return $this; } @@ -676,6 +715,10 @@ public function hasResponseMode(): bool public function setResponseType(string $responseType = 'code'): self { + if ('' === trim($responseType)) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('responseMode'); + } + $this->responseType = $responseType; return $this; } @@ -746,6 +789,10 @@ public function hasSessionStorage(): bool public function setSessionStorageId(string $sessionStorageId = 'auth0_session'): self { + if ('' === trim($sessionStorageId)) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('sessionStorageId'); + } + $this->sessionStorageId = $sessionStorageId; return $this; } @@ -819,6 +866,10 @@ public function hasTokenCache(): bool public function setTokenCacheTtl(int $tokenCacheTtl = 60): self { + if ($tokenCacheTtl < 0) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('tokenCacheTtl'); + } + $this->tokenCacheTtl = $tokenCacheTtl; return $this; } @@ -835,6 +886,10 @@ public function hasTokenCacheTtl(): bool public function setTokenJwksUri(?string $tokenJwksUri = null): self { + if (null !== $tokenJwksUri && '' === trim($tokenJwksUri)) { + $tokenJwksUri = null; + } + $this->tokenJwksUri = $tokenJwksUri; return $this; } @@ -852,6 +907,10 @@ public function hasTokenJwksUri(): bool public function setTokenLeeway(int $tokenLeeway = 60): self { + if ($tokenLeeway < 0) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('tokenLeeway'); + } + $this->tokenLeeway = $tokenLeeway; return $this; } @@ -903,6 +962,10 @@ public function hasTransientStorage(): bool public function setTransientStorageId(string $transientStorageId = 'auth0_transient'): self { + if ('' === trim($transientStorageId)) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed('transientStorageId'); + } + $this->transientStorageId = $transientStorageId; return $this; } @@ -1106,177 +1169,6 @@ private function setupStateStorage(): void } } - private function validateNamedParameters(): void - { - if (self::STRATEGY_REGULAR !== $this->strategy) { - $this->setStrategy($this->strategy); - } - - if (null !== $this->domain) { - $this->setDomain($this->domain); - } - - if (null !== $this->customDomain) { - $this->setCustomDomain($this->customDomain); - } - - if (null !== $this->clientId) { - $this->setClientId($this->clientId); - } - - if (null !== $this->redirectUri) { - $this->setRedirectUri($this->redirectUri); - } - - if (null !== $this->clientSecret) { - $this->setClientSecret($this->clientSecret); - } - - if (null !== $this->audience) { - $this->setAudience($this->audience); - } - - if (null !== $this->organization) { - $this->setOrganization($this->organization); - } - - if (!$this->usePkce) { - $this->setUsePkce($this->usePkce); - } - - if (['openid', 'profile', 'email'] !== $this->scope) { - $this->setScope($this->scope); - } - - if ('query' !== $this->responseMode) { - $this->setResponseMode($this->responseMode); - } - - if ('code' !== $this->responseType) { - $this->setResponseType($this->responseType); - } - - if ('RS256' !== $this->tokenAlgorithm) { - $this->setTokenAlgorithm($this->tokenAlgorithm); - } - - if (null !== $this->tokenJwksUri) { - $this->setTokenJwksUri($this->tokenJwksUri); - } - - if (null !== $this->tokenMaxAge) { - $this->setTokenMaxAge($this->tokenMaxAge); - } - - if (60 !== $this->tokenLeeway) { - $this->setTokenLeeway($this->tokenLeeway); - } - - if (null !== $this->tokenCache) { - $this->setTokenCache($this->tokenCache); - } - - if (60 !== $this->tokenCacheTtl) { - $this->setTokenCacheTtl($this->tokenCacheTtl); - } - - if (null !== $this->httpClient) { - $this->setHttpClient($this->httpClient); - } - - if (3 !== $this->httpMaxRetries) { - $this->setHttpMaxRetries($this->httpMaxRetries); - } - - if (null !== $this->httpRequestFactory) { - $this->setHttpRequestFactory($this->httpRequestFactory); - } - - if (null !== $this->httpResponseFactory) { - $this->setHttpResponseFactory($this->httpResponseFactory); - } - - if (null !== $this->httpStreamFactory) { - $this->setHttpStreamFactory($this->httpStreamFactory); - } - - if ($this->httpTelemetry) { - $this->setHttpTelemetry($this->httpTelemetry); - } - - if (null !== $this->sessionStorage) { - $this->setSessionStorage($this->sessionStorage); - } - - if ('auth0_session' !== $this->sessionStorageId) { - $this->setSessionStorageId($this->sessionStorageId); - } - - if (null !== $this->cookieSecret) { - $this->setCookieSecret($this->cookieSecret); - } - - if (null !== $this->cookieDomain) { - $this->setCookieDomain($this->cookieDomain); - } - - if (0 !== $this->cookieExpires) { - $this->setCookieExpires($this->cookieExpires); - } - - if ('/' !== $this->cookiePath) { - $this->setCookiePath($this->cookiePath); - } - - if ($this->cookieSecure) { - $this->setCookieSecure($this->cookieSecure); - } - - if (null !== $this->cookieSameSite) { - $this->setCookieSameSite($this->cookieSameSite); - } - - if (!$this->persistUser) { - $this->setPersistUser($this->persistUser); - } - - if (!$this->persistIdToken) { - $this->setPersistIdToken($this->persistIdToken); - } - - if (!$this->persistAccessToken) { - $this->setPersistAccessToken($this->persistAccessToken); - } - - if (!$this->persistRefreshToken) { - $this->setPersistRefreshToken($this->persistRefreshToken); - } - - if (null !== $this->transientStorage) { - $this->setTransientStorage($this->transientStorage); - } - - if ('auth0_transient' !== $this->transientStorageId) { - $this->setTransientStorageId($this->transientStorageId); - } - - if ($this->queryUserInfo) { - $this->setQueryUserInfo($this->queryUserInfo); - } - - if (null !== $this->managementToken) { - $this->setManagementToken($this->managementToken); - } - - if (null !== $this->managementTokenCache) { - $this->setManagementTokenCache($this->managementTokenCache); - } - - if (null !== $this->eventListenerProvider) { - $this->setEventListenerProvider($this->eventListenerProvider); - } - } - /** * Setup SDK validators based on strategy type. */ @@ -1353,4 +1245,108 @@ private function validateStateWebApp(): void throw \Auth0\SDK\Exception\ConfigurationException::requiresCookieSecret(); } } + + /** + * @return array + * + * @psalm-suppress MissingClosureParamType + */ + private function getPropertyValidators(): array + { + return [ + 'strategy' => fn ($value) => is_string($value), + 'domain' => fn ($value) => is_string($value) || null === $value, + 'customDomain' => fn ($value) => is_string($value) || null === $value, + 'clientId' => fn ($value) => is_string($value) || null === $value, + 'redirectUri' => fn ($value) => is_string($value) || null === $value, + 'clientSecret' => fn ($value) => is_string($value) || null === $value, + 'audience' => fn ($value) => is_array($value) || null === $value, + 'organization' => fn ($value) => is_array($value) || null === $value, + 'usePkce' => fn ($value) => is_bool($value), + 'scope' => fn ($value) => is_array($value), + 'responseMode' => fn ($value) => is_string($value), + 'responseType' => fn ($value) => is_string($value), + 'tokenAlgorithm' => fn ($value) => is_string($value), + 'tokenJwksUri' => fn ($value) => is_string($value) || null === $value, + 'tokenMaxAge' => fn ($value) => is_int($value) || null === $value, + 'tokenLeeway' => fn ($value) => is_int($value), + 'tokenCache' => fn ($value) => $value instanceof CacheItemPoolInterface || null === $value, + 'tokenCacheTtl' => fn ($value) => is_int($value), + 'httpClient' => fn ($value) => $value instanceof ClientInterface || null === $value, + 'httpMaxRetries' => fn ($value) => is_int($value), + 'httpRequestFactory' => fn ($value) => $value instanceof RequestFactoryInterface || null === $value, + 'httpResponseFactory' => fn ($value) => $value instanceof ResponseFactoryInterface || null === $value, + 'httpStreamFactory' => fn ($value) => $value instanceof StreamFactoryInterface || null === $value, + 'httpTelemetry' => fn ($value) => is_bool($value), + 'sessionStorage' => fn ($value) => $value instanceof StoreInterface || null === $value, + 'sessionStorageId' => fn ($value) => is_string($value), + 'cookieSecret' => fn ($value) => is_string($value) || null === $value, + 'cookieDomain' => fn ($value) => is_string($value) || null === $value, + 'cookieExpires' => fn ($value) => is_int($value), + 'cookiePath' => fn ($value) => is_string($value), + 'cookieSecure' => fn ($value) => is_bool($value), + 'cookieSameSite' => fn ($value) => is_string($value) || null === $value, + 'persistUser' => fn ($value) => is_bool($value), + 'persistIdToken' => fn ($value) => is_bool($value), + 'persistAccessToken' => fn ($value) => is_bool($value), + 'persistRefreshToken' => fn ($value) => is_bool($value), + 'transientStorage' => fn ($value) => $value instanceof StoreInterface || null === $value, + 'transientStorageId' => fn ($value) => is_string($value), + 'queryUserInfo' => fn ($value) => is_bool($value), + 'managementToken' => fn ($value) => is_string($value) || null === $value, + 'managementTokenCache' => fn ($value) => $value instanceof CacheItemPoolInterface || null === $value, + 'eventListenerProvider' => fn ($value) => $value instanceof ListenerProviderInterface || null === $value, + ]; + } + + /** + * @return array + */ + private function getPropertyDefaults(): array + { + return [ + 'strategy' => self::STRATEGY_REGULAR, + 'domain' => null, + 'customDomain' => null, + 'clientId' => null, + 'redirectUri' => null, + 'clientSecret' => null, + 'audience' => null, + 'organization' => null, + 'usePkce' => true, + 'scope' => ['openid', 'profile', 'email'], + 'responseMode' => 'query', + 'responseType' => 'code', + 'tokenAlgorithm' => Token::ALGO_RS256, + 'tokenJwksUri' => null, + 'tokenMaxAge' => null, + 'tokenLeeway' => 60, + 'tokenCache' => null, + 'tokenCacheTtl' => 60, + 'httpClient' => null, + 'httpMaxRetries' => 3, + 'httpRequestFactory' => null, + 'httpResponseFactory' => null, + 'httpStreamFactory' => null, + 'httpTelemetry' => true, + 'sessionStorage' => null, + 'sessionStorageId' => 'auth0_session', + 'cookieSecret' => null, + 'cookieDomain' => null, + 'cookieExpires' => 0, + 'cookiePath' => '/', + 'cookieSecure' => false, + 'cookieSameSite' => null, + 'persistUser' => true, + 'persistIdToken' => true, + 'persistAccessToken' => true, + 'persistRefreshToken' => true, + 'transientStorage' => null, + 'transientStorageId' => 'auth0_transient', + 'queryUserInfo' => false, + 'managementToken' => null, + 'managementTokenCache' => null, + 'eventListenerProvider' => null, + ]; + } } diff --git a/src/Configuration/SdkState.php b/src/Configuration/SdkState.php index d99a5348..24fe4840 100644 --- a/src/Configuration/SdkState.php +++ b/src/Configuration/SdkState.php @@ -31,12 +31,19 @@ public function __construct( public ?array $user = null, public ?int $accessTokenExpiration = null ) { - $configuration = $configuration ?? []; - $this->applyConfigurationState($configuration); + if (null !== $configuration && [] !== $configuration) { + $this->applyConfiguration($configuration); + } + + $this->validateProperties(); } public function setIdToken(?string $idToken = null): self { + if (null !== $idToken && '' === trim($idToken)) { + $idToken = null; + } + $this->idToken = $idToken; return $this; } @@ -54,6 +61,10 @@ public function hasIdToken(): bool public function setAccessToken(?string $accessToken = null): self { + if (null !== $accessToken && '' === trim($accessToken)) { + $accessToken = null; + } + $this->accessToken = $accessToken; return $this; } @@ -74,6 +85,10 @@ public function hasAccessToken(): bool */ public function setAccessTokenScope(?array $accessTokenScope): self { + if (null !== $accessTokenScope && [] === $accessTokenScope) { + $accessTokenScope = null; + } + $this->accessTokenScope = $this->filterArray($accessTokenScope); return $this; } @@ -110,6 +125,10 @@ public function pushAccessTokenScope(array|string $scopes): ?array public function setRefreshToken(?string $refreshToken = null): self { + if (null !== $refreshToken && '' === trim($refreshToken)) { + $refreshToken = null; + } + $this->refreshToken = $refreshToken; return $this; } @@ -131,6 +150,10 @@ public function hasRefreshToken(): bool */ public function setUser(?array $user): self { + if (null !== $user && [] === $user) { + $user = null; + } + $this->user = $user; return $this; } @@ -151,6 +174,10 @@ public function hasUser(): bool public function setAccessTokenExpiration(?int $accessTokenExpiration = null): self { + if (null !== $accessTokenExpiration && $accessTokenExpiration < 0) { + $accessTokenExpiration = null; + } + $this->accessTokenExpiration = $accessTokenExpiration; return $this; } @@ -165,4 +192,36 @@ public function hasAccessTokenExpiration(): bool { return null !== $this->accessTokenExpiration; } + + /** + * @return array + * + * @psalm-suppress MissingClosureParamType + */ + private function getPropertyValidators(): array + { + return [ + 'idToken' => fn ($value) => is_string($value) || null === $value, + 'accessToken' => fn ($value) => is_string($value) || null === $value, + 'accessTokenScope' => fn ($value) => is_array($value) || null === $value, + 'refreshToken' => fn ($value) => is_string($value) || null === $value, + 'user' => fn ($value) => is_array($value) || null === $value, + 'accessTokenExpiration' => fn ($value) => is_int($value) || null === $value, + ]; + } + + /** + * @return array + */ + private function getPropertyDefaults(): array + { + return [ + 'idToken' => null, + 'accessToken' => null, + 'accessTokenScope' => null, + 'refreshToken' => null, + 'user' => null, + 'accessTokenExpiration' => null, + ]; + } } diff --git a/src/Mixins/ConfigurableMixin.php b/src/Mixins/ConfigurableMixin.php index 772c8c76..5b1cbed8 100644 --- a/src/Mixins/ConfigurableMixin.php +++ b/src/Mixins/ConfigurableMixin.php @@ -13,34 +13,81 @@ trait ConfigurableMixin * * @psalm-suppress MissingClosureParamType,MissingClosureReturnType */ - private function applyConfigurationState(?array $configuration): self + private function applyConfiguration(?array $configuration): self { if (null === $configuration) { return $this; } - foreach ($configuration as $configurationKey => $configurationValue) { - if (property_exists($this, $configurationKey)) { - $method = 'set' . ucfirst($configurationKey); + $validators = $this->getPropertyValidators(); + $defaults = $this->getPropertyDefaults(); - if (method_exists($this, $method)) { - $callback = function ($configurationValue) use ($method) { - // @phpstan-ignore-next-line - return $this->$method($configurationValue); - }; + foreach ($configuration as $configKey => $configuredValue) { + if (! property_exists($this, $configKey) || ! array_key_exists($configKey, $defaults)) { + continue; + } - call_user_func($callback, $configurationValue); - continue; - } + if (! isset($validators[$configKey]) || ! is_callable($validators[$configKey])) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed($configKey); + } + if ($validators[$configKey]($configuredValue) === false) { + throw \Auth0\SDK\Exception\ConfigurationException::validationFailed($configKey); + } + + $method = 'set' . ucfirst($configKey); + + if (method_exists($this, $method)) { // @phpstan-ignore-next-line - $this->$configurationKey = $configurationValue; + $callback = function ($configuredValue) use ($method) { + // @phpstan-ignore-next-line + return $this->$method($configuredValue); + }; + + call_user_func($callback, $configuredValue); + continue; } + + // @phpstan-ignore-next-line + $this->$configKey = $configuredValue; } return $this; } + /** + * @psalm-suppress MissingClosureParamType,MissingClosureReturnType + */ + private function validateProperties(): void + { + $defaults = $this->getPropertyDefaults(); + + foreach ($defaults as $configKey => $defaultValue) { + if (! property_exists($this, $configKey)) { + continue; + } + + // @phpstan-ignore-next-line + if ($this->$configKey === $defaultValue) { + continue; + } + + $method = 'set' . ucfirst($configKey); + + if (method_exists($this, $method)) { + // @phpstan-ignore-next-line + $callback = function ($value) use ($method) { + // @phpstan-ignore-next-line + return $this->$method($value); + }; + + // @phpstan-ignore-next-line + call_user_func($callback, $this->$configKey); + continue; + } + } + } + /** * @param mixed $value A value to compare against NULL. * @param null|Throwable $throwable Optional. A Throwable exception to raise if $value is NULL. diff --git a/tests/Unit/API/AuthenticationTest.php b/tests/Unit/API/AuthenticationTest.php index 995548f9..698b0b4f 100644 --- a/tests/Unit/API/AuthenticationTest.php +++ b/tests/Unit/API/AuthenticationTest.php @@ -30,7 +30,7 @@ test('__construct() accepts a configuration as an array', function(): void { $auth = new Authentication([ - 'strategy' => 'api', + 'strategy' => SdkConfiguration::STRATEGY_API, 'domain' => MockDomain::valid(), 'audience' => [uniqid()] ]); diff --git a/tests/Unit/API/Management/ManagementEndpointTest.php b/tests/Unit/API/Management/ManagementEndpointTest.php index 22f88b18..ae9d3ebd 100644 --- a/tests/Unit/API/Management/ManagementEndpointTest.php +++ b/tests/Unit/API/Management/ManagementEndpointTest.php @@ -17,7 +17,7 @@ beforeEach(function(): void { $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'domain' => MockDomain::valid() ]); diff --git a/tests/Unit/Configuration/SdkConfigurationTest.php b/tests/Unit/Configuration/SdkConfigurationTest.php index 40c87d9a..125822a5 100644 --- a/tests/Unit/Configuration/SdkConfigurationTest.php +++ b/tests/Unit/Configuration/SdkConfigurationTest.php @@ -46,7 +46,7 @@ test('__construct() does not accept invalid types from configuration array', function(): void { $config = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'domain' => MockDomain::invalid(), ]); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, sprintf(\Auth0\SDK\Exception\ConfigurationException::MSG_VALIDATION_FAILED, 'domain')); @@ -74,7 +74,7 @@ 'clientId' => $clientId, 'redirectUri' => $redirectUri, ]); -})->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_DOMAIN); +})->throws(\Auth0\SDK\Exception\ConfigurationException::class, sprintf(\Auth0\SDK\Exception\ConfigurationException::MSG_VALIDATION_FAILED, 'domain')); test('__construct() throws an exception if domain is an invalid uri', function(): void { $cookieSecret = uniqid(); @@ -143,7 +143,7 @@ 'redirectUri' => $redirectUri, 'tokenLeeway' => 'TEST' ]); -})->throws(\TypeError::class); +})->throws(\Auth0\SDK\Exception\ConfigurationException::class, sprintf(\Auth0\SDK\Exception\ConfigurationException::MSG_VALIDATION_FAILED, 'tokenLeeway')); test('successfully updates values', function(): void { @@ -192,7 +192,7 @@ test('a non-existent array value is ignored', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'domain' => MockDomain::valid(), 'clientId' => uniqid(), 'organization' => [], @@ -214,15 +214,12 @@ test('a `webapp` strategy requires a domain', function(): void { - $sdk = new SdkConfiguration([ - 'strategy' => 'webapp', - ]); + $sdk = new SdkConfiguration(); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_DOMAIN); test('a `webapp` strategy requires a client id', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'webapp', 'domain' => MockDomain::valid() ]); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_CLIENT_ID); @@ -230,7 +227,6 @@ test('a `webapp` strategy requires a client secret when HS256 is used', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'webapp', 'domain' => MockDomain::valid(), 'clientId' => uniqid(), 'tokenAlgorithm' => 'HS256' @@ -240,14 +236,14 @@ test('a `api` strategy requires a domain', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'api', + 'strategy' => SdkConfiguration::STRATEGY_API, ]); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_DOMAIN); test('a `api` strategy requires an audience', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'api', + 'strategy' => SdkConfiguration::STRATEGY_API, 'domain' => MockDomain::valid() ]); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_AUDIENCE); @@ -255,14 +251,14 @@ test('a `management` strategy requires a domain', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'management' + 'strategy' => SdkConfiguration::STRATEGY_MANAGEMENT_API ]); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_DOMAIN); test('a `management` strategy requires a client id if a management token is not provided', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'management', + 'strategy' => SdkConfiguration::STRATEGY_MANAGEMENT_API, 'domain' => MockDomain::valid() ]); })->throws(\Auth0\SDK\Exception\ConfigurationException::class, \Auth0\SDK\Exception\ConfigurationException::MSG_REQUIRES_CLIENT_ID); @@ -270,7 +266,7 @@ test('a `management` strategy requires a client secret if a management token is not provided', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'management', + 'strategy' => SdkConfiguration::STRATEGY_MANAGEMENT_API, 'domain' => MockDomain::valid(), 'clientId' => uniqid() ]); @@ -279,7 +275,7 @@ test('a `management` strategy does not require a client id or secret if a management token is provided', function(): void { $sdk = new SdkConfiguration([ - 'strategy' => 'management', + 'strategy' => SdkConfiguration::STRATEGY_MANAGEMENT_API, 'domain' => MockDomain::valid(), 'managementToken' => uniqid() ]); diff --git a/tests/Unit/Store/CookieStoreTest.php b/tests/Unit/Store/CookieStoreTest.php index 4b3bd053..52100541 100644 --- a/tests/Unit/Store/CookieStoreTest.php +++ b/tests/Unit/Store/CookieStoreTest.php @@ -14,7 +14,7 @@ $this->cookieSecret = uniqid() . bin2hex(random_bytes(32)); $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'cookieSecret' => $this->cookieSecret ]); @@ -158,7 +158,7 @@ test('encrypt() throws an exception if a cookie secret is not configured', function(): void { $this->configuration = new SdkConfiguration([ - 'strategy' => 'none' + 'strategy' => SdkConfiguration::STRATEGY_NONE, ]); $this->store = new CookieStore($this->configuration, $this->namespace); @@ -168,7 +168,7 @@ test('decrypt() throws an exception if a cookie secret is not configured', function(array $state): void { $this->configuration = new SdkConfiguration([ - 'strategy' => 'none' + 'strategy' => SdkConfiguration::STRATEGY_NONE, ]); $this->store = new CookieStore($this->configuration, $this->namespace); diff --git a/tests/Unit/Store/Psr14StoreTest.php b/tests/Unit/Store/Psr14StoreTest.php index 8e6c7cf2..f6a4e613 100644 --- a/tests/Unit/Store/Psr14StoreTest.php +++ b/tests/Unit/Store/Psr14StoreTest.php @@ -18,7 +18,7 @@ $this->listener = new MockPsr14StoreListener(); $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'eventListenerProvider' => $this->listener->setup() ]); }); diff --git a/tests/Unit/Token/ParserTest.php b/tests/Unit/Token/ParserTest.php index 92bee264..bd8dd943 100644 --- a/tests/Unit/Token/ParserTest.php +++ b/tests/Unit/Token/ParserTest.php @@ -14,7 +14,7 @@ $this->cache = new ArrayAdapter(); $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'tokenCache' => $this->cache ]); }); diff --git a/tests/Unit/TokenTest.php b/tests/Unit/TokenTest.php index bdcbd407..c6b4e8f3 100644 --- a/tests/Unit/TokenTest.php +++ b/tests/Unit/TokenTest.php @@ -14,7 +14,7 @@ $this->cache = new ArrayAdapter(); $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'tokenCache' => $this->cache ]); }); diff --git a/tests/Unit/Utility/EventDispatcherTest.php b/tests/Unit/Utility/EventDispatcherTest.php index ebcb8275..6a170c6e 100644 --- a/tests/Unit/Utility/EventDispatcherTest.php +++ b/tests/Unit/Utility/EventDispatcherTest.php @@ -27,7 +27,7 @@ public function isPropagationStopped(): bool { }); $configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'eventListenerProvider' => $listener ]); diff --git a/tests/Unit/Utility/HttpRequestTest.php b/tests/Unit/Utility/HttpRequestTest.php index 49397d51..7724b4cd 100644 --- a/tests/Unit/Utility/HttpRequestTest.php +++ b/tests/Unit/Utility/HttpRequestTest.php @@ -13,7 +13,7 @@ beforeEach(function(): void { $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, 'domain' => MockDomain::valid(), ]); }); diff --git a/tests/Unit/Utility/TransientStoreHandlerTest.php b/tests/Unit/Utility/TransientStoreHandlerTest.php index aeb55666..8c928d5d 100644 --- a/tests/Unit/Utility/TransientStoreHandlerTest.php +++ b/tests/Unit/Utility/TransientStoreHandlerTest.php @@ -5,6 +5,7 @@ use Auth0\SDK\Configuration\SdkConfiguration; use Auth0\SDK\Store\MemoryStore; use Auth0\SDK\Utility\TransientStoreHandler; +use Auth0\Tests\Utilities\MockDomain; uses()->group('utility', 'utility.transient_store_handler'); @@ -12,7 +13,7 @@ $this->namespace = uniqid(); $this->configuration = new SdkConfiguration([ - 'strategy' => 'none', + 'strategy' => SdkConfiguration::STRATEGY_NONE, ]); $this->store = new MemoryStore($this->configuration, $this->namespace);