knowndiaspora/external/facebook-sdk/tests/Entities/SignedRequestTest.php
2015-01-17 23:12:58 +01:00

164 lines
5.1 KiB
PHP
Executable File

<?php
use Facebook\Entities\SignedRequest;
class SignedRequestTest extends PHPUnit_Framework_TestCase
{
public $appSecret = 'foo_app_secret';
public $rawSignedRequest = 'U0_O1MqqNKUt32633zAkdd2Ce-jGVgRgJeRauyx_zC8=.eyJvYXV0aF90b2tlbiI6ImZvb190b2tlbiIsImFsZ29yaXRobSI6IkhNQUMtU0hBMjU2IiwiaXNzdWVkX2F0IjozMjEsImNvZGUiOiJmb29fY29kZSIsInN0YXRlIjoiZm9vX3N0YXRlIiwidXNlcl9pZCI6MTIzLCJmb28iOiJiYXIifQ==';
public $payloadData = array(
'oauth_token' => 'foo_token',
'algorithm' => 'HMAC-SHA256',
'issued_at' => 321,
'code' => 'foo_code',
'state' => 'foo_state',
'user_id' => 123,
'foo' => 'bar',
);
public function testValidSignedRequestsWillPassFormattingValidation()
{
$sr = SignedRequest::make($this->payloadData, $this->appSecret);
SignedRequest::validateFormat($sr);
}
/**
* @expectedException \Facebook\FacebookSDKException
*/
public function testInvalidSignedRequestsWillFailFormattingValidation()
{
SignedRequest::validateFormat('invalid_signed_request');
}
public function testSignatureAndPayloadCanBeSeparatedInSignedRequests()
{
list($sig, $payload) = SignedRequest::split('sig.payload');
$this->assertEquals('sig', $sig);
$this->assertEquals('payload', $payload);
}
public function testBase64EncodingIsUrlSafe()
{
$encodedData = SignedRequest::base64UrlEncode('aijkoprstADIJKLOPQTUVX1256!)]-:;"<>?.|~');
$this->assertEquals('YWlqa29wcnN0QURJSktMT1BRVFVWWDEyNTYhKV0tOjsiPD4_Lnx-', $encodedData);
}
public function testAUrlSafeBase64EncodedStringCanBeDecoded()
{
$decodedData = SignedRequest::base64UrlDecode('YWlqa29wcnN0QURJSktMT1BRVFVWWDEyNTYhKV0tOjsiPD4/Lnx+');
$this->assertEquals('aijkoprstADIJKLOPQTUVX1256!)]-:;"<>?.|~', $decodedData);
}
public function testAValidEncodedSignatureCanBeDecoded()
{
$decodedSig = SignedRequest::decodeSignature('c2ln');
$this->assertEquals('sig', $decodedSig);
}
/**
* @expectedException \Facebook\FacebookSDKException
*/
public function testAnImproperlyEncodedSignatureWillThrowAnException()
{
SignedRequest::decodeSignature('foo!');
}
public function testAValidEncodedPayloadCanBeDecoded()
{
$decodedPayload = SignedRequest::decodePayload('WyJwYXlsb2FkIl0=');
$this->assertEquals(array('payload'), $decodedPayload);
}
/**
* @expectedException \Facebook\FacebookSDKException
*/
public function testAnImproperlyEncodedPayloadWillThrowAnException()
{
SignedRequest::decodePayload('foo!');
}
public function testSignedRequestDataMustContainTheHmacSha256Algorithm()
{
SignedRequest::validateAlgorithm($this->payloadData);
}
/**
* @expectedException \Facebook\FacebookSDKException
*/
public function testNonApprovedAlgorithmsWillThrowAnException()
{
$signedRequestData = $this->payloadData;
$signedRequestData['algorithm'] = 'FOO-ALGORITHM';
SignedRequest::validateAlgorithm($signedRequestData);
}
public function testASignatureHashCanBeGeneratedFromBase64EncodedData()
{
$hashedSig = SignedRequest::hashSignature('WyJwYXlsb2FkIl0=', $this->appSecret);
$expectedSig = base64_decode('bFofyO2sERX73y8uvuX26SLodv0mZ+Zk18d8b3zhD+s=');
$this->assertEquals($expectedSig, $hashedSig);
}
public function testTwoBinaryStringsCanBeComparedForSignatureValidation()
{
$hashedSig = base64_decode('bFofyO2sERX73y8uvuX26SLodv0mZ+Zk18d8b3zhD+s=');
SignedRequest::validateSignature($hashedSig, $hashedSig);
}
/**
* @expectedException \Facebook\FacebookSDKException
*/
public function testNonSameBinaryStringsWillThrowAnExceptionForSignatureValidation()
{
$hashedSig1 = base64_decode('bFofyO2sERX73y8uvuX26SLodv0mZ+Zk18d8b3zhD+s=');
$hashedSig2 = base64_decode('GJy4HzkRtCeZA0cJjdZJtGfovcdxgl/AERI20S4MY7c=');
SignedRequest::validateSignature($hashedSig1, $hashedSig2);
}
public function testASignedRequestWillPassCsrfValidation()
{
SignedRequest::validateCsrf($this->payloadData, 'foo_state');
}
/**
* @expectedException \Facebook\FacebookSDKException
*/
public function testASignedRequestWithIncorrectCsrfDataWillThrowAnException()
{
SignedRequest::validateCsrf($this->payloadData, 'invalid_foo_state');
}
public function testARawSignedRequestCanBeValidatedAndDecoded()
{
$payload = SignedRequest::parse($this->rawSignedRequest, 'foo_state', $this->appSecret);
$this->assertEquals($this->payloadData, $payload);
}
public function testARawSignedRequestCanBeInjectedIntoTheConstructorToInstantiateANewEntity()
{
$signedRequest = new SignedRequest($this->rawSignedRequest, 'foo_state', $this->appSecret);
$rawSignedRequest = $signedRequest->getRawSignedRequest();
$payloadData = $signedRequest->getPayload();
$userId = $signedRequest->getUserId();
$hasOAuthData = $signedRequest->hasOAuthData();
$this->assertInstanceOf('\Facebook\Entities\SignedRequest', $signedRequest);
$this->assertEquals($this->rawSignedRequest, $rawSignedRequest);
$this->assertEquals($this->payloadData, $payloadData);
$this->assertEquals(123, $userId);
$this->assertTrue($hasOAuthData);
}
}