From dc332e839492fb768f4a9a23d2e0b5778135757c Mon Sep 17 00:00:00 2001 From: turegjorup Date: Thu, 11 Jun 2026 10:30:22 +0200 Subject: [PATCH] test: use RFC 2606 reserved domains in all test fixtures Replace real registrable domains (app.com, provider.com, other.com, test.com) with reserved names: provider.example.org for IdP-side URLs (metadata, authorization endpoint) and app.example.org for application-side URLs (redirect/callback, CLI login page). Co-Authored-By: Claude Fable 5 --- CHANGELOG.md | 5 +++++ tests/Command/UserLoginCommandTest.php | 4 ++-- tests/Controller/LoginControllerTest.php | 4 ++-- tests/DependencyInjection/ConfigurationTest.php | 8 ++++---- .../OpenIdConfigurationProviderManagerTest.php | 16 ++++++++-------- tests/Security/OpenIdLoginAuthenticatorTest.php | 4 ++-- tests/config/itkdev_openid_connect.yml | 8 ++++---- 7 files changed, 27 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b114a52..b135856 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +- Dev: test fixtures use RFC 2606 reserved domains only — + `provider.example.org` for IdP-side URLs (metadata, authorization) and + `app.example.org` for application-side URLs (redirect/callback, CLI + login), replacing real registrable domains (`app.com`, `provider.com`, + `other.com`, `test.com`). No effect on the published package. - Dev: added a test for `ItkDevOpenIdConnectBundle::getContainerExtension()` asserting the custom extension is created and memoized (same instance on repeated calls), prompted by mutation testing findings. No effect on the diff --git a/tests/Command/UserLoginCommandTest.php b/tests/Command/UserLoginCommandTest.php index 0c339c0..a0e9159 100644 --- a/tests/Command/UserLoginCommandTest.php +++ b/tests/Command/UserLoginCommandTest.php @@ -44,13 +44,13 @@ public function testExecuteSuccess(): void $this->stubUrlGenerator ->method('generate') - ->willReturn('https://app.com/login?loginToken=generated-token'); + ->willReturn('https://app.example.org/login?loginToken=generated-token'); $tester = new CommandTester($this->command); $result = $tester->execute(['username' => 'testuser']); $this->assertSame(Command::SUCCESS, $result); - $this->assertStringContainsString('https://app.com/login?loginToken=generated-token', $tester->getDisplay()); + $this->assertStringContainsString('https://app.example.org/login?loginToken=generated-token', $tester->getDisplay()); } public function testExecuteUserNotFound(): void diff --git a/tests/Controller/LoginControllerTest.php b/tests/Controller/LoginControllerTest.php index 86e2db4..5303680 100644 --- a/tests/Controller/LoginControllerTest.php +++ b/tests/Controller/LoginControllerTest.php @@ -33,7 +33,7 @@ public function testLogin(): void ->expects($this->exactly(1)) ->method('getAuthorizationUrl') ->with(['state' => 'abcd', 'nonce' => '1234', 'response_type' => 'code', 'scope' => 'openid email profile']) - ->willReturn('https://test.com'); + ->willReturn('https://provider.example.org/authorize'); $controller = $this->createController($mockProvider); @@ -58,7 +58,7 @@ public function testLogin(): void }); $response = $controller->login($request, $mockSession, 'test'); - $this->assertSame('https://test.com', $response->getTargetUrl()); + $this->assertSame('https://provider.example.org/authorize', $response->getTargetUrl()); } public function testUnknownProviderKeyMapsTo404(): void diff --git a/tests/DependencyInjection/ConfigurationTest.php b/tests/DependencyInjection/ConfigurationTest.php index 170f116..079a55d 100644 --- a/tests/DependencyInjection/ConfigurationTest.php +++ b/tests/DependencyInjection/ConfigurationTest.php @@ -66,7 +66,7 @@ public function testFullConfig(): void $input['user_provider'] = 'my_user_provider'; $input['openid_providers']['provider1']['options']['leeway'] = 30; $input['openid_providers']['provider1']['options']['cache_duration'] = 3600; - $input['openid_providers']['provider1']['options']['redirect_uri'] = 'https://app.com/callback'; + $input['openid_providers']['provider1']['options']['redirect_uri'] = 'https://app.example.org/callback'; $input['openid_providers']['provider1']['options']['allow_http'] = true; $config = $this->processor->processConfiguration( @@ -79,7 +79,7 @@ public function testFullConfig(): void $provider = $config['openid_providers']['provider1']['options']; $this->assertSame(30, $provider['leeway']); $this->assertSame(3600, $provider['cache_duration']); - $this->assertSame('https://app.com/callback', $provider['redirect_uri']); + $this->assertSame('https://app.example.org/callback', $provider['redirect_uri']); $this->assertTrue($provider['allow_http']); } @@ -100,7 +100,7 @@ public function testRedirectRouteConfig(): void public function testBothRedirectUriAndRouteThrows(): void { $input = $this->getMinimalConfig(); - $input['openid_providers']['provider1']['options']['redirect_uri'] = 'https://app.com/callback'; + $input['openid_providers']['provider1']['options']['redirect_uri'] = 'https://app.example.org/callback'; $input['openid_providers']['provider1']['options']['redirect_route'] = 'my_route'; $this->expectException(InvalidConfigurationException::class); @@ -186,7 +186,7 @@ public function testMultipleProviders(): void $input = $this->getMinimalConfig(); $input['openid_providers']['provider2'] = [ 'options' => [ - 'metadata_url' => 'https://other.com/.well-known/openid-configuration', + 'metadata_url' => 'https://other-provider.example.org/.well-known/openid-configuration', 'client_id' => 'other_id', 'client_secret' => 'other_secret', ], diff --git a/tests/Security/OpenIdConfigurationProviderManagerTest.php b/tests/Security/OpenIdConfigurationProviderManagerTest.php index cd6b4f4..7ffadf6 100644 --- a/tests/Security/OpenIdConfigurationProviderManagerTest.php +++ b/tests/Security/OpenIdConfigurationProviderManagerTest.php @@ -79,7 +79,7 @@ public function testGetProviderWithRedirectRoute(): void { $this->stubRouter ->method('generate') - ->willReturn('https://app.com/callback'); + ->willReturn('https://app.example.org/callback'); $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ @@ -96,7 +96,7 @@ public function testGetProviderWithRedirectRouteNoParameters(): void { $this->stubRouter ->method('generate') - ->willReturn('https://app.com/callback'); + ->willReturn('https://app.example.org/callback'); $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ @@ -112,7 +112,7 @@ public function testGetProviderWithLeeway(): void { $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ - 'redirect_uri' => 'https://app.com/callback', + 'redirect_uri' => 'https://app.example.org/callback', 'leeway' => 30, ], ]); @@ -125,7 +125,7 @@ public function testGetProviderWithCacheDuration(): void { $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ - 'redirect_uri' => 'https://app.com/callback', + 'redirect_uri' => 'https://app.example.org/callback', 'cache_duration' => 3600, ], ]); @@ -138,7 +138,7 @@ public function testGetProviderWithAllowHttp(): void { $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ - 'redirect_uri' => 'https://app.com/callback', + 'redirect_uri' => 'https://app.example.org/callback', 'allow_http' => true, ], ]); @@ -166,7 +166,7 @@ public function testGetProviderForwardsHttpClientOptions(): void { $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ - 'redirect_uri' => 'https://app.com/callback', + 'redirect_uri' => 'https://app.example.org/callback', 'http_client_options' => [ 'timeout' => 1.5, 'proxy' => 'http://proxy:8080', @@ -189,7 +189,7 @@ public function testGetProviderWithoutHttpClientOptionsLeavesGuzzleDefaults(): v { $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ - 'redirect_uri' => 'https://app.com/callback', + 'redirect_uri' => 'https://app.example.org/callback', ], ]); @@ -205,7 +205,7 @@ public function testGetProviderCachesInstance(): void { $manager = $this->createManager([ 'test' => $this->getBaseProviderConfig() + [ - 'redirect_uri' => 'https://app.com/callback', + 'redirect_uri' => 'https://app.example.org/callback', ], ]); diff --git a/tests/Security/OpenIdLoginAuthenticatorTest.php b/tests/Security/OpenIdLoginAuthenticatorTest.php index 320c0b2..6c66b04 100644 --- a/tests/Security/OpenIdLoginAuthenticatorTest.php +++ b/tests/Security/OpenIdLoginAuthenticatorTest.php @@ -110,7 +110,7 @@ public function testValidateClaimsSuccess(): void $stubProvider = $this->createStub(OpenIdConfigurationProvider::class); $claims = new \stdClass(); - $claims->email = 'test@test.com'; + $claims->email = 'test@example.org'; $claims->name = 'Test Tester'; $stubProvider->method('validateIdToken')->willReturn($claims); @@ -121,7 +121,7 @@ public function testValidateClaimsSuccess(): void $passport = $this->authenticator->authenticate($request); - $this->assertSame('test@test.com', $passport->getUser()->getUserIdentifier()); + $this->assertSame('test@example.org', $passport->getUser()->getUserIdentifier()); } private function setSessionOnRequest(Request $request, ?string $nonce = 'test_nonce'): void diff --git a/tests/config/itkdev_openid_connect.yml b/tests/config/itkdev_openid_connect.yml index 91c0f37..59d5054 100644 --- a/tests/config/itkdev_openid_connect.yml +++ b/tests/config/itkdev_openid_connect.yml @@ -7,14 +7,14 @@ itkdev_openid_connect: openid_providers: test_provider_1: options: - metadata_url: "https://provider.com/openid-configuration" + metadata_url: "https://provider.example.org/openid-configuration" client_id: "test_id" client_secret: "test_secret" - redirect_uri: "https://app.com/callback_uri" + redirect_uri: "https://app.example.org/callback_uri" test_provider_2: options: - metadata_url: "https://provider.com/openid-configuration" + metadata_url: "https://provider.example.org/openid-configuration" client_id: "test_id" leeway: 5 client_secret: "test_secret" - redirect_uri: "https://app.com/callback_uri" + redirect_uri: "https://app.example.org/callback_uri"