stable

Clone or download

Read-only

OAuth2 access token are associated with scopes

Each resource accessible with an OAuth2 access token has a specific scope linked to it. For now the test endpoint introduced in 976a0efcc05dd92504875e66c14b6580a67c32c4 has been reused and is retricted to the 'demo' scope. To test you need to create an access token with the required scope: mysql > INSERT INTO oauth2_access_token (user_id, verifier) VALUES(<user_id>, SHA2('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 256)); mysql > INSERT INTO oauth2_access_token_scope (access_token_id, scope_key) VALUES(<token_autogenerated_id>, 'demo'); shell > curl \ -H 'Authorization: Bearer tlp-oauth2-at1-<token_autogenerated_id>.6161616161616161616161616161616161616161616161616161616161616161' \ https://tuleap.example.com/plugins/oauth2_server/testendpoint The definition of the scopes will be reused by refresh tokens and grants for the authorization code flow. To test with an invalid required scope, you edit the entry you added in the oauth2_access_token_scope table or remote it. This is part of story #14542: have OAuth2 flow Change-Id: Ic09e4f16dcab544740c8f51cf8f5fdb1c86ee173

Modified Files

Name
M plugins/git/phpunit/User/AccessKey/Scope/GitRepositoryAccessKeyScopeTest.php +3 −3 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +11 −0 Go to diff View file
M src/common/Authentication/Scope/AuthenticationScope.php +1 −1 Go to diff View file
A src/common/User/OAuth2/AccessToken/OAuth2AccessTokenDoesNotHaveRequiredScopeException.php +58 −0 Go to diff View file
M src/common/User/OAuth2/AccessToken/OAuth2AccessTokenVerifier.php +31 −1 Go to diff View file
A src/common/User/OAuth2/AccessToken/Scope/OAuth2AccessTokenScopeDAO.php +40 −0 Go to diff View file
A src/common/User/OAuth2/AccessToken/Scope/OAuth2AccessTokenScopeRetriever.php +68 −0 Go to diff View file
M src/common/User/OAuth2/ResourceServer/OAuth2ResourceServerMiddleware.php +20 −1 Go to diff View file
A src/common/User/OAuth2/Scope/DemoOAuth2Scope.php +95 −0 Go to diff View file
A src/common/User/OAuth2/Scope/InvalidOAuth2ScopeIdentifierException.php +36 −0 Go to diff View file
A src/common/User/OAuth2/Scope/OAuth2ScopeIdentifier.php +62 −0 Go to diff View file
M src/db/mysql/database_structure.sql +6 −0 Go to diff View file
A src/db/mysql/updates/2020/202002180940_create_oauth2_access_token_scope_table.php +46 −0 Go to diff View file
R tests/phpunit/common/User/AccessKey/Scope/AccessKeyScopeTestCase.php Go to diff View file
M tests/phpunit/common/User/AccessKey/Scope/RESTAccessKeyScopeTest.php +3 −2 Go to diff View file
A tests/phpunit/common/User/OAuth2/AccessToken/OAuth2AccessTokenDoesNotHaveRequiredScopeExceptionTest.php +78 −0 Go to diff View file
M tests/phpunit/common/User/OAuth2/AccessToken/OAuth2AccessTokenVerifierTest.php +118 −8 Go to diff View file
A tests/phpunit/common/User/OAuth2/AccessToken/Scope/OAuth2AccessTokenScopeRetrieverTest.php +98 −0 Go to diff View file
M tests/phpunit/common/User/OAuth2/ResourceServer/OAuth2ResourceServerMiddlewareTest.php +48 −0 Go to diff View file
A tests/phpunit/common/User/OAuth2/Scope/DemoOAuth2ScopeTest.php +33 −0 Go to diff View file
A tests/phpunit/common/User/OAuth2/Scope/OAuth2ScopeIdentifierTest.php +55 −0 Go to diff View file