Steam provider cleanup

Author: codemasher

examples/get-token/Steam.php

@@ -25,7 +25,7 @@
 	header('Location: '.$provider->getAuthorizationURL());
 }
 // step 3: receive the access token
-elseif(isset($_GET['openid_sig']) && isset($_GET['openid_signed'])){
+elseif(isset($_GET['openid_sig'], $_GET['openid_signed'], $_GET['openid_claimed_id'])){
 	// the Steam provider takes the whole $_GET array as it uses multiple of the query parameters
 	$token = $provider->getAccessToken($_GET);
 
@@ -44,11 +44,10 @@
 	// use the file storage from now on
 	$provider->setStorage($factory->getFileStorage());
 
-	$data      = $provider->me();
-	$token     = $provider->getAccessTokenFromStorage(); // the user's steamid is stored as access token
-	$tokenJSON = $token->toJSON();
+	$token = $provider->getAccessTokenFromStorage(); // the user's steamid is stored as access token
 
-	printf('<pre>%s</pre><textarea cols="120" rows="5" onclick="this.select();">%s</textarea>', $data, $tokenJSON);
+	printf('<pre>%s</pre>', print_r($provider->me(), true));
+	printf('<textarea cols="120" rows="5" onclick="this.select();">%s</textarea>', $token->toJSON());
 }
 // step 1 (optional): display a login link
 else{

src/Providers/Steam.php

@@ -11,17 +11,17 @@
 
 namespace chillerlan\OAuth\Providers;
 
-use chillerlan\HTTP\Utils\QueryUtil;
+use chillerlan\HTTP\Utils\{MessageUtil, QueryUtil, UriUtil};
 use chillerlan\OAuth\Core\{AccessToken, AuthenticatedUser, OAuthProvider, UserInfo};
-use chillerlan\HTTP\Utils\UriUtil;
 use Psr\Http\Message\{RequestInterface, ResponseInterface, UriInterface};
-use function explode, intval, preg_replace;
+use function explode, intval, str_replace;
 
 /**
  * Steam OpenID
  *
  * @see https://steamcommunity.com/dev
  * @see https://partner.steamgames.com/doc/webapi_overview
+ * @see https://partner.steamgames.com/doc/features/auth
  * @see https://steamwebapi.azurewebsites.net/
  */
 class Steam extends OAuthProvider implements UserInfo{
@@ -54,9 +54,22 @@ public function getAuthorizationURL(array|null $params = null, array|null $scope
 	}
 
 	/**
-	 *
+	 * Obtains an "authentication token" (the steamID64)
+	 */
+	public function getAccessToken(array $urlQuery):AccessToken{
+		$body     = $this->getAccessTokenRequestBodyParams($urlQuery);
+		$response = $this->sendAccessTokenRequest($this->accessTokenURL, $body);
+		$token    = $this->parseTokenResponse($response, $urlQuery['openid_claimed_id']);
+
+		$this->storage->storeAccessToken($token, $this->name);
+
+		return $token;
+	}
+
+	/**
+	 * prepares the request body parameters for the access token request
 	 */
-	public function getAccessToken(array $received):AccessToken{
+	protected function getAccessTokenRequestBodyParams(array $received):array{
 
 		$body = [
 			'openid.mode' => 'check_authentication',
@@ -68,33 +81,27 @@ public function getAccessToken(array $received):AccessToken{
 			$body['openid.'.$item] = $received['openid_'.$item];
 		}
 
+		return $body;
+	}
+
+	/**
+	 * sends a request to the access token endpoint $url with the given $params as URL query
+	 */
+	protected function sendAccessTokenRequest(string $url, array $body):ResponseInterface{
+
 		$request = $this->requestFactory
-			->createRequest('POST', $this->accessTokenURL)
+			->createRequest('POST', $url)
 			->withHeader('Content-Type', 'application/x-www-form-urlencoded')
 			->withBody($this->streamFactory->createStream(QueryUtil::build($body)));
 
-		$token = $this->parseTokenResponse($this->http->sendRequest($request));
-		$id    = preg_replace('/[^\d]/', '', $received['openid_claimed_id']);
-
-		// as this method is intended for one-time authentication only we'll not receive a token.
-		// instead we're gonna save the verified steam user id as token as it is required
-		// for several "authenticated" endpoints.
-		$token->accessToken = $id;
-		$token->extraParams = [
-			'claimed_id' => $received['openid_claimed_id'],
-			'id_int'     => intval($id),
-		];
-
-		$this->storage->storeAccessToken($token, $this->name);
-
-		return $token;
+		return $this->http->sendRequest($request);
 	}
 
 	/**
 	 * @throws \chillerlan\OAuth\Providers\ProviderException
 	 */
-	protected function parseTokenResponse(ResponseInterface $response):AccessToken{
-		$data = explode("\x0a", (string)$response->getBody());
+	protected function parseTokenResponse(ResponseInterface $response, string $claimed_id):AccessToken{
+		$data = explode("\x0a", MessageUtil::getContents($response));
 
 		if(!isset($data[1]) || !str_starts_with($data[1], 'is_valid')){
 			throw new ProviderException('unable to parse token response');
@@ -104,17 +111,24 @@ protected function parseTokenResponse(ResponseInterface $response):AccessToken{
 			throw new ProviderException('invalid id');
 		}
 
-		// the response is only validation, so we'll just return an empty token and add the id in the next step
 		$token = $this->createAccessToken();
+		$id    = str_replace('https://steamcommunity.com/openid/id/', '', $claimed_id);
 
-		$token->accessToken = 'SteamID';
+		// as this method is intended for one-time authentication only we'll not receive a token.
+		// instead we're gonna save the verified steam user id as token as it is required
+		// for several "authenticated" endpoints.
+		$token->accessToken = $id;
 		$token->expires     = AccessToken::NEVER_EXPIRES;
+		$token->extraParams = [
+			'claimed_id' => $claimed_id,
+			'id_int'     => intval($id),
+		];
 
 		return $token;
 	}
 
 	/**
-	 *
+	 * @inheritDoc
 	 */
 	public function getRequestAuthorization(RequestInterface $request, AccessToken|null $token = null):RequestInterface{
 		$uri = UriUtil::withQueryValue($request->getUri(), 'key', $this->options->secret);

tests/Providers/Unit/SteamTest.php

@@ -11,23 +11,125 @@
 
 namespace chillerlan\OAuthTest\Providers\Unit;
 
+use chillerlan\HTTP\Utils\MessageUtil;
+use chillerlan\OAuth\Providers\ProviderException;
 use chillerlan\OAuth\Providers\Steam;
+use function rawurlencode, sprintf;
 
 /**
  * @property \chillerlan\OAuth\Providers\Steam $provider
  */
 final class SteamTest extends OAuthProviderUnitTestAbstract{
 
+	protected const ID_VALID   = "ns:http://specs.openid.net/auth/2.0\x0ais_valid:true\x0a";
+	protected const ID_INVALID = "ns:http://specs.openid.net/auth/2.0\x0ais_valid:false\x0a";
+
+	// array from $_GET during the callback
+	protected const OPENID_CALLBACK = [
+		'openid_ns'             => 'http://specs.openid.net/auth/2.0',
+		'openid_mode'           => 'id_res',
+		'openid_op_endpoint'    => 'https://steamcommunity.com/openid/login',
+		'openid_claimed_id'     => 'https://steamcommunity.com/openid/id/69420',
+		'openid_identity'       => 'https://steamcommunity.com/openid/id/69420',
+		'openid_return_to'      => 'https://smiley.codes/oauth/',
+		'openid_response_nonce' => '2021-03-16T06:40:46ZtLLZ4JqhLZ2IULBg8x2P8YitHQY=',
+		'openid_assoc_handle'   => '1234567890',
+		'openid_signed'         => 'signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle',
+		'openid_sig'            => '7WEtj64YlaJLNqL6M0gZvVmOLFg=',
+	];
+
+
 	protected function getProviderFQCN():string{
 		return Steam::class;
 	}
 
-	public function testRequest():void{
-		$this::markTestIncomplete();
+	/*
+	 * auth URL
+	 */
+
+	public function testGetAuthURL():void{
+		$query = $this->provider->getAuthorizationURL()->getQuery();
+
+		$this::assertStringContainsString('openid.mode=checkid_setup', $query);
+		$this::assertStringContainsString(sprintf('openid.return_to=%s', rawurlencode($this->options->callbackURL)), $query);
+		$this::assertStringContainsString(sprintf('openid.realm=%s', rawurlencode($this->options->key)), $query);
+	}
+
+
+	/*
+	 * token response parser
+	 */
+
+	public function testParseAccessTokenResponse():void{
+		$body     = $this->streamFactory->createStream($this::ID_VALID);
+		$response = $this->responseFactory->createResponse()->withBody($body);
+
+		/** @var \chillerlan\OAuth\Core\AccessToken $token */
+		$token = $this->invokeReflectionMethod('parseTokenResponse', [$response, 'https://steamcommunity.com/openid/id/69420']);
+
+		$this::assertSame('69420', $token->accessToken);
+	}
+
+	public function testParseTokenResponseNoDataException():void{
+		$this->expectException(ProviderException::class);
+		$this->expectExceptionMessage('unable to parse token response');
+
+		$this->invokeReflectionMethod('parseTokenResponse', [$this->responseFactory->createResponse(), 'nope']);
+	}
+
+	public function testParseTokenResponseInvalidIdException():void{
+		$this->expectException(ProviderException::class);
+		$this->expectExceptionMessage('invalid id');
+
+		$body     = $this->streamFactory->createStream($this::ID_INVALID);
+		$response = $this->responseFactory->createResponse()->withBody($body);
+
+		$this->invokeReflectionMethod('parseTokenResponse', [$response, 'nope']);
 	}
 
-	public function testMeUnknownErrorException():void{
-		$this->markTestSkipped('N/A');
+
+	/*
+	 * access token
+	 */
+
+	public function testGetAccessToken():void{
+		$this->setMockResponse($this->streamFactory->createStream($this::ID_VALID));
+
+		$token = $this->provider->getAccessToken($this::OPENID_CALLBACK);
+
+		$this->assertSame('69420', $token->accessToken);
+	}
+
+	public function testGetAccessTokenRequestBodyParams():void{
+		$params = $this->invokeReflectionMethod('getAccessTokenRequestBodyParams', [$this::OPENID_CALLBACK]);
+
+		$this::assertArrayHasKey('openid.sig', $params);
+		$this::assertSame('check_authentication', $params['openid.mode']);
+	}
+
+
+	/*
+	 * request
+	 */
+
+	public function testRequest():void{
+
+		$response = $this->provider
+			->storeAccessToken($this->getTestToken())
+			->request(
+				path           : '/',
+				method         : 'post',
+				// coverage
+				body           : ['foo' => 'bar'],
+				headers        : ['Content-Type' => 'application/json'],
+				protocolVersion: '1.1',
+			)
+		;
+
+		$data = MessageUtil::decodeJSON($response, true);
+
+		$this::assertSame('{"foo":"bar"}', $data['body']);
+		$this::assertArrayHasKey('key', $data['request']['params']);
 	}
 
 	public function testGetRequestAuthorizationInvalidTokenException():void{