Skip to content

Commit 9fedae3

Browse files
authored
Merge pull request #53 from itk-dev/test/rfc2606-fixture-domains
test: use RFC 2606 reserved domains in fixtures and README example
2 parents d3b8c2b + 843d003 commit 9fedae3

3 files changed

Lines changed: 33 additions & 29 deletions

File tree

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1515

1616
### Changed
1717

18+
- Test fixtures and README examples use RFC 2606 reserved domains
19+
(`provider.example.org` for IdP-side URLs, `app.example.org` for
20+
application-side URLs) instead of invented registrable domains
21+
1822
- Strengthened constructor tests guided by mutation testing: the `jwt`
1923
collaborator is asserted to become the request factory, and `0` is
2024
asserted to be an accepted boundary value for `cacheDuration` and

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ require_once __DIR__.'/vendor/autoload.php';
6666
use ItkDev\OpenIdConnect\Security\OpenIdConfigurationProvider;
6767

6868
$provider = new OpenIdConfigurationProvider([
69-
'redirectUri' => 'https://some.url', // Absolute url to where the user is redirected after a successful login
69+
'redirectUri' => 'https://app.example.org', // Absolute url to where the user is redirected after a successful login
7070
'openIDConnectMetadataUrl' => 'https:/.../openid-configuration', // url to OpenId Discovery document
7171
'cacheItemPool' => 'Psr6/CacheItemPoolInterface', // Implementation of CacheItemPoolInterface for caching above discovery document
7272
'clientId' => 'client_id', // Client id assigned by authorizer

tests/Security/OpenIdConfigurationProviderTest.php

Lines changed: 28 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ class OpenIdConfigurationProviderTest extends TestCase
3535

3636
private const CLIENT_ID = 'test_client_id';
3737
private const CLIENT_SECRET = 'test_client_secret';
38-
private const REDIRECT_URI = 'https://redirect.url';
38+
private const REDIRECT_URI = 'https://app.example.org';
3939
private const NONCE = '12345678';
4040

4141
private OpenIdConfigurationProvider $provider;
@@ -44,7 +44,7 @@ public function setUp(): void
4444
{
4545
parent::setUp();
4646

47-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
47+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
4848
$jwks_uri = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/discovery/v2.0/keys?p=test-policy';
4949

5050
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
@@ -106,7 +106,7 @@ public function testConstructCacheDuration(): void
106106

107107
$provider = new OpenIdConfigurationProvider([
108108
'cacheItemPool' => $mockCacheItemPool,
109-
'openIDConnectMetadataUrl' => 'https://some.url/openid-configuration',
109+
'openIDConnectMetadataUrl' => 'https://provider.example.org/openid-configuration',
110110
'cacheDuration' => -10,
111111
], []);
112112
}
@@ -120,7 +120,7 @@ public function testConstructLeeway(): void
120120

121121
$provider = new OpenIdConfigurationProvider([
122122
'cacheItemPool' => $mockCacheItemPool,
123-
'openIDConnectMetadataUrl' => 'https://some.url/openid-configuration',
123+
'openIDConnectMetadataUrl' => 'https://provider.example.org/openid-configuration',
124124
'leeway' => -10,
125125
], []);
126126
}
@@ -133,7 +133,7 @@ public function testConstructZeroCacheDurationAndLeewayAccepted(): void
133133
// tolerate no clock skew. Only negative values are rejected.
134134
$provider = new OpenIdConfigurationProvider([
135135
'cacheItemPool' => $mockCacheItemPool,
136-
'openIDConnectMetadataUrl' => 'https://some.url/openid-configuration',
136+
'openIDConnectMetadataUrl' => 'https://provider.example.org/openid-configuration',
137137
'cacheDuration' => 0,
138138
'leeway' => 0,
139139
], []);
@@ -148,7 +148,7 @@ public function testConstructWiresJwtCollaboratorAsRequestFactory(): void
148148

149149
$provider = new OpenIdConfigurationProvider([
150150
'cacheItemPool' => $mockCacheItemPool,
151-
'openIDConnectMetadataUrl' => 'https://some.url/openid-configuration',
151+
'openIDConnectMetadataUrl' => 'https://provider.example.org/openid-configuration',
152152
], [
153153
'jwt' => $requestFactory,
154154
]);
@@ -364,11 +364,11 @@ public function testConstructHttpUrlNotAllowed(): void
364364
$mockCacheItemPool = $this->createStub(CacheItemPoolInterface::class);
365365

366366
$this->expectException(IllegalSchemeException::class);
367-
$this->expectExceptionMessage('OpenIDConnectMetadataUrl must use https: http://some.url/openid-configuration');
367+
$this->expectExceptionMessage('OpenIDConnectMetadataUrl must use https: http://provider.example.org/openid-configuration');
368368

369369
new OpenIdConfigurationProvider([
370370
'cacheItemPool' => $mockCacheItemPool,
371-
'openIDConnectMetadataUrl' => 'http://some.url/openid-configuration',
371+
'openIDConnectMetadataUrl' => 'http://provider.example.org/openid-configuration',
372372
], []);
373373
}
374374

@@ -383,7 +383,7 @@ public function testConstructHttpUrlAllowed(): void
383383

384384
$provider = new OpenIdConfigurationProvider([
385385
'cacheItemPool' => $mockCacheItemPool,
386-
'openIDConnectMetadataUrl' => 'http://some.url/openid-configuration',
386+
'openIDConnectMetadataUrl' => 'http://provider.example.org/openid-configuration',
387387
'allowHttp' => true,
388388
'clientId' => self::CLIENT_ID,
389389
'clientSecret' => self::CLIENT_SECRET,
@@ -518,7 +518,7 @@ public function testValidateIdTokenArrayAudienceInvalid(): void
518518
public function testGetIdTokenSuccess(): void
519519
{
520520
$tokenEndpoint = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/oauth2/v2.0/token?p=test-policy';
521-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
521+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
522522
$jwks_uri = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/discovery/v2.0/keys?p=test-policy';
523523

524524
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
@@ -568,7 +568,7 @@ public function testGetIdTokenSuccess(): void
568568

569569
public function testGetIdTokenFailure(): void
570570
{
571-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
571+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
572572

573573
$mockHttpClient = $this->createStub(ClientInterface::class);
574574
// PSR-18 transport stub — Guzzle's real exceptions need a RequestInterface
@@ -608,7 +608,7 @@ public function testGetIdTokenFailure(): void
608608
public function testGetIdTokenRejectsInvalidJsonResponse(): void
609609
{
610610
$tokenEndpoint = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/oauth2/v2.0/token?p=test-policy';
611-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
611+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
612612

613613
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
614614

@@ -663,7 +663,7 @@ public function testGetIdTokenRejectsInvalidJsonResponse(): void
663663
public function testGetIdTokenRejectsResponseWithoutStringIdToken(): void
664664
{
665665
$tokenEndpoint = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/oauth2/v2.0/token?p=test-policy';
666-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
666+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
667667

668668
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
669669

@@ -726,7 +726,7 @@ public function testGetConfigurationCacheHit(): void
726726
$mockHttpClient = $this->createStub(ClientInterface::class);
727727

728728
$provider = new OpenIdConfigurationProvider([
729-
'openIDConnectMetadataUrl' => 'https://some.url/openid-configuration',
729+
'openIDConnectMetadataUrl' => 'https://provider.example.org/openid-configuration',
730730
'cacheItemPool' => $mockCacheItemPool,
731731
'clientId' => self::CLIENT_ID,
732732
'clientSecret' => self::CLIENT_SECRET,
@@ -758,7 +758,7 @@ public function testGetConfigurationNonStringValue(): void
758758
$mockCacheItemPool->method('getItem')->willReturn($mockCacheItem);
759759

760760
$provider = new OpenIdConfigurationProvider([
761-
'openIDConnectMetadataUrl' => 'https://some.url/openid-configuration',
761+
'openIDConnectMetadataUrl' => 'https://provider.example.org/openid-configuration',
762762
'cacheItemPool' => $mockCacheItemPool,
763763
'clientId' => self::CLIENT_ID,
764764
'clientSecret' => self::CLIENT_SECRET,
@@ -776,7 +776,7 @@ public function testGetConfigurationNonStringValue(): void
776776

777777
public function testFetchJsonResourceNon200(): void
778778
{
779-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
779+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
780780

781781
$mockStream = $this->createStub(StreamInterface::class);
782782
$mockStream->method('getContents')->willReturn('');
@@ -805,14 +805,14 @@ public function testFetchJsonResourceNon200(): void
805805
]);
806806

807807
$this->expectException(HttpException::class);
808-
$this->expectExceptionMessage('Cannot access json resource: https://some.url/openid-configuration');
808+
$this->expectExceptionMessage('Cannot access json resource: https://provider.example.org/openid-configuration');
809809

810810
$provider->getBaseAuthorizationUrl();
811811
}
812812

813813
public function testFetchJsonResourceClientException(): void
814814
{
815-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
815+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
816816

817817
$mockHttpClient = $this->createStub(ClientInterface::class);
818818
$exception = new class('Connection refused') extends \RuntimeException implements ClientExceptionInterface {
@@ -849,7 +849,7 @@ public function testFetchJsonResourceClientException(): void
849849

850850
public function testFetchJsonResourceInvalidJson(): void
851851
{
852-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
852+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
853853

854854
$mockStream = $this->createStub(StreamInterface::class);
855855
$mockStream->method('getContents')->willReturn('not valid json{{{');
@@ -938,7 +938,7 @@ public function testGetJwtVerificationKeysRejectsRsaWithoutStringExpOrModulus():
938938

939939
public function testGetJwtVerificationKeysRejectsNonStringKid(): void
940940
{
941-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
941+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
942942
$jwks_uri = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/discovery/v2.0/keys?p=test-policy';
943943

944944
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
@@ -985,7 +985,7 @@ public function testGetJwtVerificationKeysRejectsNonStringKid(): void
985985

986986
public function testGetJwtVerificationKeysUnsupportedKeyType(): void
987987
{
988-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
988+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
989989
$jwks_uri = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/discovery/v2.0/keys?p=test-policy';
990990

991991
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
@@ -1031,7 +1031,7 @@ public function testGetJwtVerificationKeysUnsupportedKeyType(): void
10311031

10321032
public function testGetJwtVerificationKeysCacheHit(): void
10331033
{
1034-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1034+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
10351035

10361036
$configuration = $this->loadMockFixture('mockOpenIDConfiguration.json');
10371037

@@ -1078,7 +1078,7 @@ public function testGetJwtVerificationKeysCacheHit(): void
10781078

10791079
public function testGetConfigurationCachesFetchedDocument(): void
10801080
{
1081-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1081+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
10821082
$configuration = $this->loadMockFixture('mockOpenIDConfiguration.json');
10831083

10841084
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
@@ -1115,7 +1115,7 @@ public function testGetConfigurationCachesFetchedDocument(): void
11151115

11161116
public function testGetJwtVerificationKeysCachesFetchedKeys(): void
11171117
{
1118-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1118+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
11191119
$configuration = $this->loadMockFixture('mockOpenIDConfiguration.json');
11201120

11211121
$mockKeysResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDValidationKeys.json');
@@ -1194,7 +1194,7 @@ public function testGetJwtVerificationKeysBuildsAllJwksKeys(): void
11941194

11951195
public function testGetConfigurationCacheInvalidArgument(): void
11961196
{
1197-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1197+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
11981198

11991199
$exception = new class('Invalid cache key') extends \InvalidArgumentException implements \Psr\Cache\InvalidArgumentException {
12001200
};
@@ -1227,7 +1227,7 @@ public function testGetConfigurationCacheInvalidArgument(): void
12271227

12281228
public function testGetJwtVerificationKeysCacheInvalidArgument(): void
12291229
{
1230-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1230+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
12311231
$configuration = $this->loadMockFixture('mockOpenIDConfiguration.json');
12321232

12331233
$configCacheItem = $this->createStub(CacheItemInterface::class);
@@ -1272,7 +1272,7 @@ public function testGetJwtVerificationKeysCacheInvalidArgument(): void
12721272

12731273
public function testBase64urlDecodeFailure(): void
12741274
{
1275-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1275+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
12761276
$jwks_uri = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/discovery/v2.0/keys?p=test-policy';
12771277

12781278
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');
@@ -1348,7 +1348,7 @@ private function loadMockFixture(string $filename): array
13481348
*/
13491349
private function createProviderWithCustomJwks(string $jwksJson): OpenIdConfigurationProvider
13501350
{
1351-
$openIDConnectMetadataUrl = 'https://some.url/openid-configuration';
1351+
$openIDConnectMetadataUrl = 'https://provider.example.org/openid-configuration';
13521352
$jwks_uri = 'https://azure_b2c_test.b2clogin.com/azure_b2c_test.onmicrosoft.com/discovery/v2.0/keys?p=test-policy';
13531353

13541354
$mockConfigResponse = $this->getMockHttpSuccessResponse('/../MockData/mockOpenIDConfiguration.json');

0 commit comments

Comments
 (0)