PLAT-2949 - Support Regenerate OAuth Secret (#14)

* regenerate oauth client method * tests and new exceptions * docblock update * tailor exception * typo * add admin version const * fix imports * fixes * add integration test * remove integration test * pr * remove admin host * remove old test * fix tests * tidy * move to new url * add integration test * fix test * Cleanup * add log statement
techfromsage · Jul 2, 2019 · 86b5a84 · 86b5a84
1 parent 7e4609d
commit 86b5a84
Show file tree

Hide file tree

Showing 5 changed files with 185 additions and 1 deletion.
diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
   "name": "talis/talis-php",
   "description": "This is a php client library for talis api's",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "keywords": [
     "persona",
     "echo",

diff --git a/src/Talis/Persona/Client/InvalidPayloadException.php b/src/Talis/Persona/Client/InvalidPayloadException.php
@@ -0,0 +1,9 @@
+<?php
+namespace Talis\Persona\Client;
+
+/**
+ * Payload sent back from Persona is in a unexpected format
+ */
+class InvalidPayloadException extends \Exception
+{
+}
diff --git a/src/Talis/Persona/Client/OAuthClients.php b/src/Talis/Persona/Client/OAuthClients.php
@@ -105,4 +105,37 @@ protected function personaGetOAuthClient($url, $token)
     {
         return $this->performRequest($url, ['bearerToken' => $token]);
     }
+
+    /**
+     * Generate and append or replace a oauth client's secret.
+     * @param string $clientId oauth client (persona user guid is also a oauth client id)
+     * @param string $token Persona oauth token
+     * @return string new oauth client secret
+     * @throws \Exception Persona communication issues
+     */
+    public function regenerateSecret($clientId, $token)
+    {
+        $host = $this->getPersonaHost();
+        $resp = $this->performRequest(
+            "$host/clients/$clientId/secret",
+            [
+                'method' => 'POST',
+                'bearerToken' => $token,
+                'expectResponse' => true,
+            ]
+        );
+
+        if (isset($resp['secret'])) {
+            return $resp['secret'];
+        } else {
+            $this->getLogger()->error(
+                'invalid payload format from persona',
+                ['payload' => $resp]
+            );
+
+            throw new InvalidPayloadException(
+                'invalid payload format from persona'
+            );
+        }
+    }
 }
diff --git a/test/integration/Persona/OAuthClientsIntegrationTest.php b/test/integration/Persona/OAuthClientsIntegrationTest.php
@@ -181,4 +181,42 @@ public function testGetOAuthClientInvalidTokenThrowsException()
 
         $personaClient->getOAuthClient('123', '456');
     }
+
+    public function testGenerateSecretForUser()
+    {
+        $tokenDetails = $this->personaClientTokens->obtainNewToken(
+            $this->clientId,
+            $this->clientSecret,
+            ['useCache' => false]
+        );
+
+        $this->assertArrayHasKey('access_token', $tokenDetails);
+        $token = $tokenDetails['access_token'];
+
+        $gupid = uniqid('trapdoor:');
+        $email = uniqid() . '@example.com';
+        $user = $this->personaClientUser->createUser(
+            $gupid,
+            ['name' => 'Sarah Connor', 'email' => $email],
+            $token
+        );
+
+        $client = $this->personaClientOAuthClient->getOAuthClient(
+            $user['guid'],
+            $token
+        );
+
+        $secret = $this->personaClientOAuthClient->regenerateSecret(
+            $user['guid'],
+            $token
+        );
+
+        $userTokenDetails = $this->personaClientTokens->obtainNewToken(
+            $user['guid'],
+            $secret,
+            ['useCache' => false]
+        );
+
+        $this->assertArrayHasKey('access_token', $userTokenDetails);
+    }
 }
diff --git a/test/unit/Persona/OAuthClientsTest.php b/test/unit/Persona/OAuthClientsTest.php
@@ -1,6 +1,7 @@
 <?php
 
 use Talis\Persona\Client\OAuthClients;
+use Talis\Persona\Client\InvalidPayloadException;
 
 $appRoot = dirname(dirname(dirname(__DIR__)));
 if (!defined('APPROOT')) {
@@ -266,4 +267,107 @@ public function testUpdateOAuthClientPutSucceeds()
             )
         );
     }
+
+    public function testRegenerateSecretNon200Exception()
+    {
+        $oauthClient = $this->getMock(
+            'Talis\Persona\Client\OAuthClients',
+            ['performRequest'],
+            [
+                [
+                    'userAgent' => 'unittest',
+                    'persona_host' => 'localhost',
+                    'persona_admin_host' => 'localhost',
+                    'cacheBackend' => $this->cacheBackend,
+                ]
+            ]
+        );
+
+        $oauthClient->expects($this->once())
+            ->method('performRequest')
+            ->with(
+                'localhost/3/clients/clientId/secret',
+                [
+                    'method' => 'POST',
+                    'bearerToken' => 'token',
+                    'expectResponse' => true,
+                ]
+            )
+            ->will(
+                $this->throwException(
+                    new \Exception('Did not retrieve successful response code')
+                )
+            );
+
+        $this->setExpectedException(
+            'Exception',
+            'Did not retrieve successful response code'
+        );
+        $oauthClient->regenerateSecret('clientId', 'token');
+    }
+
+    public function testRegenerateSecretInvalidResponsePayload()
+    {
+        $oauthClient = $this->getMock(
+            'Talis\Persona\Client\OAuthClients',
+            ['performRequest'],
+            [
+                [
+                    'userAgent' => 'unittest',
+                    'persona_host' => 'localhost',
+                    'persona_admin_host' => 'localhost',
+                    'cacheBackend' => $this->cacheBackend,
+                ]
+            ]
+        );
+
+        $oauthClient->expects($this->once())
+            ->method('performRequest')
+            ->with(
+                'localhost/3/clients/clientId/secret',
+                [
+                    'method' => 'POST',
+                    'bearerToken' => 'token',
+                    'expectResponse' => true,
+                ]
+            )
+            ->willReturn(['invalid' => 'body']);
+
+        $this->setExpectedException(
+            'Talis\Persona\Client\InvalidPayloadException',
+            'invalid payload format from persona'
+        );
+        $oauthClient->regenerateSecret('clientId', 'token');
+    }
+
+    public function testRegenerateSecretHappyPath()
+    {
+        $oauthClient = $this->getMock(
+            'Talis\Persona\Client\OAuthClients',
+            ['performRequest'],
+            [
+                [
+                    'userAgent' => 'unittest',
+                    'persona_host' => 'localhost',
+                    'persona_admin_host' => 'localhost',
+                    'cacheBackend' => $this->cacheBackend,
+                ]
+            ]
+        );
+
+        $oauthClient->expects($this->once())
+            ->method('performRequest')
+            ->with(
+                'localhost/3/clients/clientId/secret',
+                [
+                    'method' => 'POST',
+                    'bearerToken' => 'token',
+                    'expectResponse' => true,
+                ]
+            )
+            ->willReturn(['secret' => 'new secret']);
+
+        $secret = $oauthClient->regenerateSecret('clientId', 'token');
+        $this->assertEquals('new secret', $secret);
+    }
 }