Ensure slim app stops on authorization error

chadicus · Sep 9, 2015 · 5e7cec6 · 5e7cec6
1 parent a56cdef
commit 5e7cec6
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 4 deletions.
diff --git a/src/Authorization.php b/src/Authorization.php
@@ -35,8 +35,8 @@ public function call(array $scope = null)
         $scope = empty($scope) ? null : implode(' ', $scope);
         if (!$this->server->verifyResourceRequest(MessageBridge::newOauth2Request($this->app->request()), null, $scope)) {
             MessageBridge::mapResponse($this->server->getResponse(), $this->app->response());
-            return;
-        }
+            $this->app->stop();
+        } //@codeCoverageIgnore since stop() throws
 
         $this->app->token = $this->server->getResourceController()->getToken();
 

diff --git a/tests/AuthorizationTest.php b/tests/AuthorizationTest.php
@@ -114,15 +114,21 @@ public function callExpiredToken()
         );
 
         $slim = self::getSlimInstance();
-        $slim->get('/foo', function() {});
+        $slim->get('/foo', function() {
+            throw new \Exception('This will not get executed');
+        });
         $slim->add(new Authorization($server));
 
         $env = \Slim\Environment::getInstance();
         $slim->request = new \Slim\Http\Request($env);
         $slim->request->headers->set('Authorization', 'Bearer atokenvalue');
         $slim->response = new \Slim\Http\Response();
 
-        $slim->run();
+        try {
+            $slim->run();
+        } catch (\Slim\Exception\Stop $e) {
+            //ignore this error
+        }
 
         $this->assertSame(401, $slim->response->status());
         $this->assertSame('{"error":"expired_token","error_description":"The access token provided has expired"}', $slim->response->body());
@@ -309,6 +315,54 @@ public function invoke()
         $this->assertSame(200, $slim->response->status());
     }
 
+    /**
+     * Verify behavior of call without access token
+     *
+     * @test
+     * @covers ::call
+     *
+     * @return void
+     */
+    public function callNoTokenProvided()
+    {
+        $storage = new \OAuth2\Storage\Memory([]);
+
+        $server = new \OAuth2\Server(
+            $storage,
+            [
+                'enforce_state'   => true,
+                'allow_implicit'  => false,
+                'access_lifetime' => 3600
+            ]
+        );
+
+        \Slim\Environment::mock(
+            [
+                'CONTENT_TYPE' => 'application/json',
+                'PATH_INFO' => '/foo',
+            ]
+        );
+
+        $slim = self::getSlimInstance();
+        $authorization = new Authorization($server);
+        $authorization->setApplication($slim);
+        $slim->get('/foo', $authorization, function() {
+            echo json_encode(['success' => true]);
+        });
+
+        $env = \Slim\Environment::getInstance();
+        $slim->request = new \Slim\Http\Request($env);
+        $slim->response = new \Slim\Http\Response();
+
+        try {
+            $slim->run();
+        } catch (\Slim\Exception\Stop $e) {
+            //ignore this error
+        }
+
+        $this->assertSame(401, $slim->response->status());
+    }
+
     /**
      * Helper method to return a new instance of \Slim\Slim.
      *