archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-01 15:09:51 +00:00
Code Issues Projects Releases Wiki Activity

OIDC: Added testing of PKCE flow

Browse source 
Also compared full flow to RFC spec during this process
This commit is contained in:
Dan Brown 2024-01-27 16:41:15 +00:00
parent 3e9e196cda
commit 1dc094ffaf
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
1 changed files with 28 additions and 0 deletions

28
tests/Auth/OidcTest.php
View file

@ -655,6 +655,34 @@ class OidcTest extends TestCase
]); ]);
} }
public function test_pkce_used_on_authorize_and_access()
{
// Start auth
$resp = $this->post('/oidc/login');
$state = session()->get('oidc_state');
$pkceCode = session()->get('oidc_pkce_code');
$this->assertGreaterThan(30, strlen($pkceCode));
$expectedCodeChallenge = trim(strtr(base64_encode(hash('sha256', $pkceCode, true)), '+/', '-_'), '=');
$redirect = $resp->headers->get('Location');
$redirectParams = [];
parse_str(parse_url($redirect, PHP_URL_QUERY), $redirectParams);
$this->assertEquals($expectedCodeChallenge, $redirectParams['code_challenge']);
$this->assertEquals('S256', $redirectParams['code_challenge_method']);
$transactions = $this->mockHttpClient([$this->getMockAuthorizationResponse([
'email' => 'benny@example.com',
'sub' => 'benny1010101',
])]);
$this->get('/oidc/callback?code=SplxlOBeZQQYbYS6WxSbIA&state=' . $state);
$tokenRequest = $transactions->latestRequest();
$bodyParams = [];
parse_str($tokenRequest->getBody(), $bodyParams);
$this->assertEquals($pkceCode, $bodyParams['code_verifier']);
}
protected function withAutodiscovery() protected function withAutodiscovery()
{ {
config()->set([ config()->set([