Skip to content

Commit

Permalink
Ensure refresh token returned is new after use
Browse files Browse the repository at this point in the history
  • Loading branch information
@Sephster
Sephster committed Oct 14, 2024
1 parent b8e1830 commit 234aafe
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 7 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- Fixed bug where you could not omit a redirect uri even if one had not been specified during the auth request (PR #1428)
- Fixed bug where "state" parameter wasn't present on `invalid_scope` error response and wasn't on fragment part of `access_denied` redirect URI on Implicit grant (PR #1298)
- Fixed bug where disabling refresh token revocation via `revokeRefreshTokens(false)` unintentionally disables issuing new refresh token (PR #1449)
-

## [9.0.0] - released 2024-05-13
### Added
- Device Authorization Grant added (PR #1074)
Expand Down
15 changes: 9 additions & 6 deletions tests/Grant/RefreshTokenGrantTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -594,10 +594,10 @@ public function testRespondToRequestFinalizeScopes(): void
);

$serverRequest = (new ServerRequest())->withParsedBody([
'client_id' => 'foo',
'client_secret' => 'bar',
'refresh_token' => $encryptedOldRefreshToken,
'scope' => 'foo bar',
'client_id' => 'foo',
'client_secret' => 'bar',
'refresh_token' => $encryptedOldRefreshToken,
'scope' => 'foo bar',
]);

$responseType = new StubResponseType();
Expand Down Expand Up @@ -630,7 +630,7 @@ public function testRevokedRefreshToken(): void

$refreshTokenRepositoryMock = $this->getMockBuilder(RefreshTokenRepositoryInterface::class)->getMock();
$refreshTokenRepositoryMock->method('isRefreshTokenRevoked')
->will(self::onConsecutiveCalls(false, true));
->will(self::onConsecutiveCalls(false, true));
$refreshTokenRepositoryMock->expects(self::once())->method('revokeRefreshToken')->with(self::equalTo($refreshTokenId));

$oldRefreshToken = json_encode(
Expand Down Expand Up @@ -728,12 +728,14 @@ public function testUnrevokedRefreshToken(): void
'scope' => 'foo',
]);

$privateKey = new CryptKey('file://' . __DIR__ . '/../Stubs/private.key');

$grant = new RefreshTokenGrant($refreshTokenRepositoryMock);
$grant->setClientRepository($clientRepositoryMock);
$grant->setScopeRepository($scopeRepositoryMock);
$grant->setAccessTokenRepository($accessTokenRepositoryMock);
$grant->setEncryptionKey($this->cryptStub->getKey());
$grant->setPrivateKey($privateKey = new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
$grant->setPrivateKey($privateKey);
$grant->revokeRefreshTokens(false);

$responseType = new BearerTokenResponse();
Expand All @@ -750,5 +752,6 @@ public function testUnrevokedRefreshToken(): void
self::assertObjectHasProperty('expires_in', $json);
self::assertObjectHasProperty('access_token', $json);
self::assertObjectHasProperty('refresh_token', $json);
self::assertNotSame($json->refresh_token, $encryptedOldRefreshToken);
}
}

0 comments on commit 234aafe

Please sign in to comment.