[Security] Fix OIDC-related test cases

nicolas-grekas · nicolas-grekas · commit 4df753b891d4 · 2023-04-17T09:37:12.000+02:00
diff --git a/Tests/AccessToken/Oidc/OidcTokenHandlerTest.php b/Tests/AccessToken/Oidc/OidcTokenHandlerTest.php
@@ -23,6 +23,9 @@
 use Symfony\Component\Security\Http\AccessToken\Oidc\OidcTokenHandler;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 
+/**
+ * @requires extension openssl
+ */
 class OidcTokenHandlerTest extends TestCase
 {
     private const AUDIENCE = 'Symfony OIDC';
@@ -64,7 +67,7 @@ public function testGetsUserIdentifierFromSignedToken(string $claim, string $exp
         $this->assertEquals($claims['sub'], $actualUser->getUserIdentifier());
     }
 
-    public function getClaims(): iterable
+    public static function getClaims(): iterable
     {
         yield ['sub', 'e21bf182-1538-406e-8ccb-e25a17aba39f'];
         yield ['email', 'foo@example.com'];
@@ -90,13 +93,13 @@ public function testThrowsAnErrorIfTokenIsInvalid(string $token)
         ))->getUserBadgeFrom($token);
     }
 
-    public function getInvalidTokens(): iterable
+    public static function getInvalidTokens(): iterable
     {
         // Invalid token
         yield ['invalid'];
         // Token is expired
         yield [
-            $this->buildJWS(json_encode([
+            self::buildJWS(json_encode([
                 'iat' => time() - 3600,
                 'nbf' => time() - 3600,
                 'exp' => time() - 3590,
@@ -108,7 +111,7 @@ public function getInvalidTokens(): iterable
         ];
         // Invalid audience
         yield [
-            $this->buildJWS(json_encode([
+            self::buildJWS(json_encode([
                 'iat' => time(),
                 'nbf' => time(),
                 'exp' => time() + 3590,
@@ -141,25 +144,25 @@ public function testThrowsAnErrorIfUserPropertyIsMissing()
 
         (new OidcTokenHandler(
             new ES256(),
-            $this->getJWK(),
+            self::getJWK(),
             $loggerMock,
             'email',
             self::AUDIENCE
         ))->getUserBadgeFrom($token);
     }
 
-    private function buildJWS(string $payload): string
+    private static function buildJWS(string $payload): string
     {
         return (new CompactSerializer())->serialize((new JWSBuilder(new AlgorithmManager([
             new ES256(),
         ])))->create()
             ->withPayload($payload)
-            ->addSignature($this->getJWK(), ['alg' => 'ES256'])
+            ->addSignature(self::getJWK(), ['alg' => 'ES256'])
             ->build()
         );
     }
 
-    private function getJWK(): JWK
+    private static function getJWK(): JWK
     {
         // tip: use https://mkjwk.org/ to generate a JWK
         return new JWK([
diff --git a/Tests/AccessToken/Oidc/OidcUserInfoTokenHandlerTest.php b/Tests/AccessToken/Oidc/OidcUserInfoTokenHandlerTest.php
@@ -54,7 +54,7 @@ public function testGetsUserIdentifierFromOidcServerResponse(string $claim, stri
         $this->assertEquals($claims['sub'], $actualUser->getUserIdentifier());
     }
 
-    public function getClaims(): iterable
+    public static function getClaims(): iterable
     {
         yield ['sub', 'e21bf182-1538-406e-8ccb-e25a17aba39f'];
         yield ['email', 'foo@example.com'];

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public function testGetsUserIdentifierFromOidcServerResponse(string $claim, stri`
`54`	`54`	`$this->assertEquals($claims['sub'], $actualUser->getUserIdentifier());`
`55`	`55`	`}`
`56`	`56`
`57`		`- public function getClaims(): iterable`
	`57`	`+ public static function getClaims(): iterable`
`58`	`58`	`{`
`59`	`59`	`yield ['sub', 'e21bf182-1538-406e-8ccb-e25a17aba39f'];`
`60`	`60`	`yield ['email', 'foo@example.com'];`