Add Device Code tests

SimonVanacco · SimonVanacco · commit 047b46fa5552 · 2025-04-26T09:51:36.000+02:00
diff --git a/config/services.php b/config/services.php
@@ -302,6 +302,7 @@
                 service(AccessTokenManagerInterface::class),
                 service(RefreshTokenManagerInterface::class),
                 service(AuthorizationCodeManagerInterface::class),
+                service(DeviceCodeManagerInterface::class),
             ])
             ->tag('console.command', ['command' => 'league:oauth2-server:clear-expired-tokens'])
         ->alias(ClearExpiredTokensCommand::class, 'league.oauth2_server.command.clear_expired_tokens')
diff --git a/docs/index.md b/docs/index.md
@@ -6,7 +6,7 @@ For implementation into Symfony projects, please see [bundle documentation](basi
 
 ## Features
 
-* API endpoint for client authorization and token issuing
+* API endpoint for client authorization, device code and token issuing
 * Configurable client and token persistance (includes [Doctrine](https://www.doctrine-project.org/) support)
 * Integration with Symfony's [Security](https://symfony.com/doc/current/security.html) layer
 
diff --git a/src/Command/ClearExpiredTokensCommand.php b/src/Command/ClearExpiredTokensCommand.php
@@ -76,7 +76,7 @@ protected function configure(): void
             )
             ->addOption(
                 'device-codes',
-                'c',
+                'dc',
                 InputOption::VALUE_NONE,
                 'Clear expired device codes.'
             )
diff --git a/src/Manager/InMemory/DeviceCodeManager.php b/src/Manager/InMemory/DeviceCodeManager.php
@@ -16,7 +16,7 @@ final class DeviceCodeManager implements DeviceCodeManagerInterface
 
     public function find(string $identifier): ?DeviceCodeInterface
     {
-        return $this->accessTokens[$identifier] ?? null;
+        return $this->deviceCodes[$identifier] ?? null;
     }
 
     public function findByUserCode(string $code): ?DeviceCodeInterface
diff --git a/src/Service/CredentialsRevoker/DoctrineCredentialsRevoker.php b/src/Service/CredentialsRevoker/DoctrineCredentialsRevoker.php
@@ -122,8 +122,8 @@ public function revokeCredentialsForClient(AbstractClient $client): void
 
         $this->entityManager->createQueryBuilder()
             ->update(DeviceCode::class, 'dc')
-            ->set('ac.revoked', ':revoked')
-            ->where('ad.client = :client')
+            ->set('dc.revoked', ':revoked')
+            ->where('dc.client = :client')
             ->setParameter('client', $doctrineClient->getIdentifier(), 'string')
             ->setParameter('revoked', true)
             ->getQuery()
diff --git a/tests/Acceptance/AuthorizationEndpointTest.php b/tests/Acceptance/AuthorizationEndpointTest.php
@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\AuthorizationCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\DeviceCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\RefreshTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ScopeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\AuthorizationCode;
@@ -27,7 +28,8 @@ protected function setUp(): void
             $this->client->getContainer()->get(ClientManagerInterface::class),
             $this->client->getContainer()->get(AccessTokenManagerInterface::class),
             $this->client->getContainer()->get(RefreshTokenManagerInterface::class),
-            $this->client->getContainer()->get(AuthorizationCodeManagerInterface::class)
+            $this->client->getContainer()->get(AuthorizationCodeManagerInterface::class),
+            $this->client->getContainer()->get(DeviceCodeManagerInterface::class)
         );
     }
 
diff --git a/tests/Acceptance/CustomPersistenceManagerTest.php b/tests/Acceptance/CustomPersistenceManagerTest.php
@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\AuthorizationCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\DeviceCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\RefreshTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
 use League\Bundle\OAuth2ServerBundle\Model\AuthorizationCode;
@@ -19,6 +20,7 @@
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeAuthorizationCodeManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeClientManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeCredentialsRevoker;
+use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeDeviceCodeManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeRefreshTokenManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FixtureFactory;
 use League\Bundle\OAuth2ServerBundle\Tests\TestHelper;
@@ -34,6 +36,7 @@ class CustomPersistenceManagerTest extends AbstractAcceptanceTest
     private ClientManagerInterface&MockObject $clientManager;
     private RefreshTokenManagerInterface&MockObject $refreshTokenManager;
     private AuthorizationCodeManagerInterface&MockObject $authCodeManager;
+    private DeviceCodeManagerInterface&MockObject $deviceCodeManager;
 
     protected function setUp(): void
     {
@@ -42,6 +45,7 @@ protected function setUp(): void
         $this->clientManager = $this->createMock(ClientManagerInterface::class);
         $this->refreshTokenManager = $this->createMock(RefreshTokenManagerInterface::class);
         $this->authCodeManager = $this->createMock(AuthorizationCodeManagerInterface::class);
+        $this->deviceCodeManager = $this->createMock(DeviceCodeManagerInterface::class);
         $this->application = new Application($this->client->getKernel());
     }
 
@@ -52,6 +56,7 @@ public function testRegisteredServices(): void
         static::assertInstanceOf(FakeClientManager::class, $this->client->getContainer()->get(ClientManagerInterface::class));
         static::assertInstanceOf(FakeRefreshTokenManager::class, $this->client->getContainer()->get(RefreshTokenManagerInterface::class));
         static::assertInstanceOf(FakeCredentialsRevoker::class, $this->client->getContainer()->get(CredentialsRevokerInterface::class));
+        static::assertInstanceOf(FakeDeviceCodeManager::class, $this->client->getContainer()->get(DeviceCodeManagerInterface::class));
     }
 
     public function testSuccessfulClientCredentialsRequest(): void
@@ -154,6 +159,25 @@ public function testSuccessfulAuthorizationCodeRequest(): void
         static::assertResponseIsSuccessful();
     }
 
+    public function testSuccessfullDeviceCodeRequest(): void
+    {
+        $client = new Client('name', 'foo', 'secret');
+
+        $this->deviceCodeManager->expects(self::atLeastOnce())->method('find')->willReturn(null);
+        $this->deviceCodeManager->expects(self::atLeastOnce())->method('save');
+        $this->client->getContainer()->set('test.device_code_manager', $this->deviceCodeManager);
+
+        $this->clientManager->expects(self::atLeastOnce())->method('find')->with('foo')->willReturn($client);
+        $this->client->getContainer()->set('test.client_manager', $this->clientManager);
+
+        $this->client->request('POST', '/device-code', [
+            'client_id' => $client->getIdentifier(),
+        ]);
+
+        $this->client->getResponse();
+        static::assertResponseIsSuccessful();
+    }
+
     protected static function createKernel(array $options = []): KernelInterface
     {
         return new TestKernel(
@@ -167,6 +191,7 @@ protected static function createKernel(array $options = []): KernelInterface
                     'client_manager' => 'test.client_manager',
                     'refresh_token_manager' => 'test.refresh_token_manager',
                     'credentials_revoker' => 'test.credentials_revoker',
+                    'device_code_manager' => 'test.device_code_manager',
                 ],
             ]
         );
diff --git a/tests/Acceptance/DeviceCodeEndpointTest.php b/tests/Acceptance/DeviceCodeEndpointTest.php
@@ -56,14 +56,13 @@ public function testFailedWithUnkownClientRequest(): void
         $response = $this->client->getResponse();
 
         $this->assertSame(401, $response->getStatusCode());
-        $this->assertSame('application/json; charset=UTF-8', $response->headers->get('Content-Type'));
+        $this->assertSame('application/json', $response->headers->get('Content-Type'));
 
         $jsonResponse = json_decode($response->getContent(), true);
 
         $this->assertNotEmpty($jsonResponse['error']);
         $this->assertNotEmpty($jsonResponse['error_description']);
         $this->assertSame('invalid_client', $jsonResponse['error']);
-        $this->assertLessThanOrEqual(3600, $jsonResponse['expires_in']);
     }
 
 }
diff --git a/tests/Acceptance/DoctrineDeviceCodeManagerTest.php b/tests/Acceptance/DoctrineDeviceCodeManagerTest.php
@@ -38,7 +38,7 @@ public function testClearExpired(): void
         $this->assertSame(3, $doctrineDeviceCodeManager->clearExpired());
 
         $this->assertSame(
-            $testData['output'],
+            array_values($testData['output']),
             $em->getRepository(DeviceCode::class)->findBy([], ['identifier' => 'ASC'])
         );
     }
@@ -58,8 +58,8 @@ private function buildClearExpiredTestData($client): array
         ];
 
         return [
-            'input' => $validDeviceCodes + $expiredDeviceCodes,
             'output' => $validDeviceCodes,
+            'input' => $validDeviceCodes + $expiredDeviceCodes,
         ];
     }
 
diff --git a/tests/Acceptance/SecurityLayerTest.php b/tests/Acceptance/SecurityLayerTest.php
@@ -7,6 +7,7 @@
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\AuthorizationCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\DeviceCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\RefreshTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ScopeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FixtureFactory;
@@ -23,7 +24,8 @@ protected function setUp(): void
             $this->client->getContainer()->get(ClientManagerInterface::class),
             $this->client->getContainer()->get(AccessTokenManagerInterface::class),
             $this->client->getContainer()->get(RefreshTokenManagerInterface::class),
-            $this->client->getContainer()->get(AuthorizationCodeManagerInterface::class)
+            $this->client->getContainer()->get(AuthorizationCodeManagerInterface::class),
+            $this->client->getContainer()->get(DeviceCodeManagerInterface::class)
         );
     }
 
diff --git a/tests/Acceptance/TokenEndpointTest.php b/tests/Acceptance/TokenEndpointTest.php
@@ -30,7 +30,8 @@ protected function setUp(): void
             $this->client->getContainer()->get(ClientManagerInterface::class),
             $this->client->getContainer()->get(AccessTokenManagerInterface::class),
             $this->client->getContainer()->get(RefreshTokenManagerInterface::class),
-            $this->client->getContainer()->get(AuthorizationCodeManagerInterface::class)
+            $this->client->getContainer()->get(AuthorizationCodeManagerInterface::class),
+            $this->client->getContainer()->get(DeviceCodeManagerInterface::class)
         );
     }
 
@@ -372,6 +373,7 @@ public function testSuccessfulDeviceCodeRequestWithPublicClient(): void
 
         $this->client->request('POST', '/token', [
             'client_id' => $deviceCode->getClient()->getIdentifier(),
+            'client_secret' => 'top_secret',
             'grant_type' => 'urn:ietf:params:oauth:grant-type:device_code',
             'device_code' => $deviceCode->getIdentifier(),
         ]);
@@ -388,7 +390,6 @@ public function testSuccessfulDeviceCodeRequestWithPublicClient(): void
         $this->assertGreaterThan(0, $jsonResponse['expires_in']);
         $this->assertNotEmpty($jsonResponse['access_token']);
         $this->assertNotEmpty($jsonResponse['refresh_token']);
-        $this->assertSame($response->headers->get('foo'), 'bar');
 
         $this->assertTrue($wasRequestAccessTokenEventDispatched);
         $this->assertTrue($wasRequestRefreshTokenEventDispatched);
@@ -407,20 +408,20 @@ public function testFailedDeviceCodeRequestWithExpiredCode(): void
 
         $this->client->request('POST', '/token', [
             'client_id' => $deviceCode->getClient()->getIdentifier(),
+            'client_secret' => 'secret',
             'grant_type' => 'urn:ietf:params:oauth:grant-type:device_code',
             'device_code' => $deviceCode->getIdentifier(),
         ]);
 
         $response = $this->client->getResponse();
 
         $this->assertSame(400, $response->getStatusCode());
-        $this->assertSame('application/json; charset=UTF-8', $response->headers->get('Content-Type'));
+        $this->assertSame('application/json', $response->headers->get('Content-Type'));
 
         $jsonResponse = json_decode($response->getContent(), true);
 
         $this->assertSame('expired_token', $jsonResponse['error']);
         $this->assertSame('device_code', $jsonResponse['hint']);
-        $this->assertSame('bar', $response->headers->get('foo'));
     }
 
     public function testFailedDeviceCodeWithPendingCode(): void
@@ -439,13 +440,12 @@ public function testFailedDeviceCodeWithPendingCode(): void
         $response = $this->client->getResponse();
 
         $this->assertSame(400, $response->getStatusCode());
-        $this->assertSame('application/json; charset=UTF-8', $response->headers->get('Content-Type'));
+        $this->assertSame('application/json', $response->headers->get('Content-Type'));
 
         $jsonResponse = json_decode($response->getContent(), true);
 
         $this->assertSame('authorization_pending', $jsonResponse['error']);
         $this->assertSame('', $jsonResponse['hint']);
-        $this->assertSame('bar', $response->headers->get('foo'));
     }
 
 }
diff --git a/tests/Fixtures/FakeDeviceCodeManager.php b/tests/Fixtures/FakeDeviceCodeManager.php
@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Tests\Fixtures;
+
+use League\Bundle\OAuth2ServerBundle\Manager\DeviceCodeManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Model\DeviceCodeInterface;
+
+class FakeDeviceCodeManager implements DeviceCodeManagerInterface
+{
+    public function find(string $identifier): ?DeviceCodeInterface
+    {
+        return null;
+    }
+
+    public function findByUserCode(string $code): ?DeviceCodeInterface
+    {
+        return null;
+    }
+
+    public function save(DeviceCodeInterface $deviceCode, bool $persist = true): void
+    {
+    }
+
+    public function clearExpired(): int
+    {
+        return 0;
+    }
+}
diff --git a/tests/Fixtures/FixtureFactory.php b/tests/Fixtures/FixtureFactory.php
@@ -270,9 +270,9 @@ public static function createDeviceCodes(ClientManagerInterface $clientManager):
 
         $deviceCodes[] = new DeviceCode(
             self::FIXTURE_DEVICE_CODE,
-            new \DateTimeImmutable('+2 minute'),
+            new \DateTimeImmutable('+10 minute'),
             $clientManager->find(self::FIXTURE_CLIENT_FIRST),
-            self::FIXTURE_USER,
+            null,
             [],
             'XQMWNGSP',
             false,
@@ -284,9 +284,9 @@ public static function createDeviceCodes(ClientManagerInterface $clientManager):
 
         $deviceCodes[] = new DeviceCode(
             self::FIXTURE_DEVICE_CODE_PUBLIC_CLIENT,
-            new \DateTimeImmutable('+2 minute'),
+            new \DateTimeImmutable('+10 minute'),
             $clientManager->find(self::FIXTURE_PUBLIC_CLIENT),
-            self::FIXTURE_USER,
+            null,
             [],
             'XQMWNGSP',
             false,
@@ -298,7 +298,7 @@ public static function createDeviceCodes(ClientManagerInterface $clientManager):
 
         $deviceCodes[] = new DeviceCode(
             self::FIXTURE_DEVICE_CODE_APPROVED,
-            new \DateTimeImmutable('+2 minute'),
+            new \DateTimeImmutable('+10 minute'),
             $clientManager->find(self::FIXTURE_CLIENT_SECOND),
             self::FIXTURE_USER,
             [],
@@ -314,7 +314,7 @@ public static function createDeviceCodes(ClientManagerInterface $clientManager):
             self::FIXTURE_DEVICE_CODE_EXPIRED,
             new \DateTimeImmutable('-30 minute'),
             $clientManager->find(self::FIXTURE_CLIENT_FIRST),
-            self::FIXTURE_USER,
+            null,
             [],
             'XQMWNGSP',
             false,
diff --git a/tests/Integration/AuthorizationServerTest.php b/tests/Integration/AuthorizationServerTest.php
@@ -25,7 +25,8 @@ protected function setUp(): void
             $this->clientManager,
             $this->accessTokenManager,
             $this->refreshTokenManager,
-            $this->authCodeManager
+            $this->authCodeManager,
+            $this->deviceCodeManager
         );
     }
 
diff --git a/tests/Integration/ResourceServerTest.php b/tests/Integration/ResourceServerTest.php
@@ -18,7 +18,8 @@ protected function setUp(): void
             $this->clientManager,
             $this->accessTokenManager,
             $this->refreshTokenManager,
-            $this->authCodeManager
+            $this->authCodeManager,
+            $this->deviceCodeManager
         );
     }
 
diff --git a/tests/TestKernel.php b/tests/TestKernel.php
@@ -9,12 +9,14 @@
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\AuthorizationCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\DeviceCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\RefreshTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ScopeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeAccessTokenManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeAuthorizationCodeManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeClientManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeCredentialsRevoker;
+use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeDeviceCodeManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeGrant;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeRefreshTokenManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FixtureFactory;
@@ -159,6 +161,10 @@ public function registerContainerConfiguration(LoaderInterface $loader): void
                         'path' => '^/authorize',
                         'roles' => 'IS_AUTHENTICATED',
                     ],
+                    [
+                        'path' => '^/device-code',
+                        'roles' => 'IS_AUTHENTICATED',
+                    ],
                 ],
             ];
 
@@ -215,6 +221,11 @@ private function exposeManagerServices(ContainerBuilder $container): void
             ->getAlias(AuthorizationCodeManagerInterface::class)
             ->setPublic(true)
         ;
+
+        $container
+            ->getAlias(DeviceCodeManagerInterface::class)
+            ->setPublic(true)
+        ;
     }
 
     private function configureControllers(ContainerBuilder $container): void
@@ -242,6 +253,7 @@ private function configureCustomPersistenceServices(ContainerBuilder $container)
         $container->register('test.client_manager', FakeClientManager::class)->setPublic(true);
         $container->register('test.refresh_token_manager', FakeRefreshTokenManager::class)->setPublic(true);
         $container->register('test.credentials_revoker', FakeCredentialsRevoker::class)->setPublic(true);
+        $container->register('test.device_code_manager', FakeDeviceCodeManager::class)->setPublic(true);
     }
 
     private function registerFakeGrant(ContainerBuilder $container): void

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ protected function configure(): void`
`76`	`76`	`)`
`77`	`77`	`->addOption(`
`78`	`78`	`'device-codes',`
`79`		`- 'c',`
	`79`	`+ 'dc',`
`80`	`80`	`InputOption::VALUE_NONE,`
`81`	`81`	`'Clear expired device codes.'`
`82`	`82`	`)`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ final class DeviceCodeManager implements DeviceCodeManagerInterface`
`16`	`16`
`17`	`17`	`public function find(string $identifier): ?DeviceCodeInterface`
`18`	`18`	`{`
`19`		`- return $this->accessTokens[$identifier] ?? null;`
	`19`	`+ return $this->deviceCodes[$identifier] ?? null;`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`public function findByUserCode(string $code): ?DeviceCodeInterface`
Original file line number	Diff line number	Diff line change
`@@ -56,14 +56,13 @@ public function testFailedWithUnkownClientRequest(): void`
`56`	`56`	`$response = $this->client->getResponse();`
`57`	`57`
`58`	`58`	`$this->assertSame(401, $response->getStatusCode());`
`59`		`- $this->assertSame('application/json; charset=UTF-8', $response->headers->get('Content-Type'));`
	`59`	`+ $this->assertSame('application/json', $response->headers->get('Content-Type'));`
`60`	`60`
`61`	`61`	`$jsonResponse = json_decode($response->getContent(), true);`
`62`	`62`
`63`	`63`	`$this->assertNotEmpty($jsonResponse['error']);`
`64`	`64`	`$this->assertNotEmpty($jsonResponse['error_description']);`
`65`	`65`	`$this->assertSame('invalid_client', $jsonResponse['error']);`
`66`		`- $this->assertLessThanOrEqual(3600, $jsonResponse['expires_in']);`
`67`	`66`	`}`
`68`	`67`
`69`	`68`	`}`