From b9d912a8033759c51ff396c39637cf4290d842fc Mon Sep 17 00:00:00 2001
From: Antonio Pauletich <antonio.pauletich95@gmail.com>
Date: Sun, 19 May 2019 01:33:56 +0200
Subject: [PATCH] Make the enabled grant types configurable

---
 DependencyInjection/Configuration.php         | 12 +++
 .../TrikoderOAuth2Extension.php               | 30 ++++---
 README.md                                     |  9 ++
 Tests/Unit/ExtensionTest.php                  | 88 +++++++++++++++++++
 phpunit.xml.dist                              |  3 +
 5 files changed, 130 insertions(+), 12 deletions(-)
 create mode 100644 Tests/Unit/ExtensionTest.php

diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
index 5bdb37fc..8d5f0de2 100644
--- a/DependencyInjection/Configuration.php
+++ b/DependencyInjection/Configuration.php
@@ -59,6 +59,18 @@ private function createAuthorizationServerNode(): NodeDefinition
                     ->cannotBeEmpty()
                     ->defaultValue('P1M')
                 ->end()
+                ->booleanNode('enable_client_credentials_grant')
+                    ->info('Whether to enable the client credentials grant')
+                    ->defaultTrue()
+                ->end()
+                ->booleanNode('enable_password_grant')
+                    ->info('Whether to enable the password grant')
+                    ->defaultTrue()
+                ->end()
+                ->booleanNode('enable_refresh_token_grant')
+                    ->info('Whether to enable the refresh token grant')
+                    ->defaultTrue()
+                ->end()
             ->end()
         ;
 
diff --git a/DependencyInjection/TrikoderOAuth2Extension.php b/DependencyInjection/TrikoderOAuth2Extension.php
index 5a5b4dd8..27e772b4 100644
--- a/DependencyInjection/TrikoderOAuth2Extension.php
+++ b/DependencyInjection/TrikoderOAuth2Extension.php
@@ -143,20 +143,26 @@ private function configureAuthorizationServer(ContainerBuilder $container, array
             ->replaceArgument('$encryptionKey', $config['encryption_key'])
         ;
 
-        $authorizationServer->addMethodCall('enableGrantType', [
-            new Reference('league.oauth2.server.grant.client_credentials_grant'),
-            new Definition(DateInterval::class, [$config['access_token_ttl']]),
-        ]);
+        if ($config['enable_client_credentials_grant']) {
+            $authorizationServer->addMethodCall('enableGrantType', [
+                new Reference('league.oauth2.server.grant.client_credentials_grant'),
+                new Definition(DateInterval::class, [$config['access_token_ttl']]),
+            ]);
+        }
 
-        $authorizationServer->addMethodCall('enableGrantType', [
-            new Reference('league.oauth2.server.grant.password_grant'),
-            new Definition(DateInterval::class, [$config['access_token_ttl']]),
-        ]);
+        if ($config['enable_password_grant']) {
+            $authorizationServer->addMethodCall('enableGrantType', [
+                new Reference('league.oauth2.server.grant.password_grant'),
+                new Definition(DateInterval::class, [$config['access_token_ttl']]),
+            ]);
+        }
 
-        $authorizationServer->addMethodCall('enableGrantType', [
-            new Reference('league.oauth2.server.grant.refresh_token_grant'),
-            new Definition(DateInterval::class, [$config['access_token_ttl']]),
-        ]);
+        if ($config['enable_refresh_token_grant']) {
+            $authorizationServer->addMethodCall('enableGrantType', [
+                new Reference('league.oauth2.server.grant.refresh_token_grant'),
+                new Definition(DateInterval::class, [$config['access_token_ttl']]),
+            ]);
+        }
 
         $this->configureGrants($container, $config);
     }
diff --git a/README.md b/README.md
index 99bd5d1c..f8144efc 100644
--- a/README.md
+++ b/README.md
@@ -65,6 +65,15 @@ This package is currently in the active development.
             # How long the issued refresh token should be valid for.
             # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
             refresh_token_ttl: P1M
+         
+            # Whether to enable the client credentials grant
+            enable_client_credentials_grant: true
+         
+            # Whether to enable the password grant
+            enable_password_grant: true
+         
+            # Whether to enable the refresh token grant
+            enable_refresh_token_grant: true
 
         resource_server:
 
diff --git a/Tests/Unit/ExtensionTest.php b/Tests/Unit/ExtensionTest.php
new file mode 100644
index 00000000..f519b78c
--- /dev/null
+++ b/Tests/Unit/ExtensionTest.php
@@ -0,0 +1,88 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Tests\Unit;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Trikoder\Bundle\OAuth2Bundle\DependencyInjection\TrikoderOAuth2Extension;
+use Trikoder\Bundle\OAuth2Bundle\Manager\InMemory\ScopeManager;
+use Trikoder\Bundle\OAuth2Bundle\Manager\ScopeManagerInterface;
+
+final class ExtensionTest extends TestCase
+{
+    /**
+     * @dataProvider grantsProvider
+     */
+    public function testEnablingAndDisablingGrants(string $referenceId, string $grantKey, bool $shouldTheGrantBeEnabled): void
+    {
+        $container = new ContainerBuilder();
+
+        $this->setupContainer($container);
+
+        $extension = new TrikoderOAuth2Extension();
+
+        $extension->load($this->getValidConfiguration([$grantKey => $shouldTheGrantBeEnabled]), $container);
+
+        $authorizationServer = $container->getDefinition('league.oauth2.server.authorization_server');
+        $methodCalls = $authorizationServer->getMethodCalls();
+        $isGrantEnabled = false;
+
+        foreach ($methodCalls as $methodCall) {
+            if ('enableGrantType' === $methodCall[0] && $referenceId === (string) $methodCall[1][0]) {
+                $isGrantEnabled = true;
+                break;
+            }
+        }
+
+        $this->assertSame($shouldTheGrantBeEnabled, $isGrantEnabled);
+    }
+
+    public function grantsProvider(): iterable
+    {
+        yield 'Client credentials grant can be enabled' => [
+                'league.oauth2.server.grant.client_credentials_grant', 'enable_client_credentials_grant', true,
+            ];
+        yield 'Client credentials grant can be disabled' => [
+                'league.oauth2.server.grant.client_credentials_grant', 'enable_client_credentials_grant', false,
+            ];
+        yield 'Password grant can be enabled' => [
+                'league.oauth2.server.grant.password_grant', 'enable_password_grant', true,
+            ];
+        yield 'Password grant can be disabled' => [
+                'league.oauth2.server.grant.password_grant', 'enable_password_grant', false,
+            ];
+        yield 'Refresh token grant can be enabled' => [
+                'league.oauth2.server.grant.refresh_token_grant', 'enable_refresh_token_grant', true,
+            ];
+        yield 'Refresh token grant can be disabled' => [
+                'league.oauth2.server.grant.refresh_token_grant', 'enable_refresh_token_grant', false,
+            ];
+    }
+
+    private function getValidConfiguration(array $options): array
+    {
+        return [
+            [
+                'authorization_server' => [
+                    'private_key' => 'foo',
+                    'encryption_key' => 'foo',
+                    'enable_client_credentials_grant' => $options['enable_client_credentials_grant'] ?? true,
+                    'enable_password_grant' => $options['enable_password_grant'] ?? true,
+                    'enable_refresh_token_grant' => $options['enable_refresh_token_grant'] ?? true,
+                ],
+                'resource_server' => [
+                    'public_key' => 'foo',
+                ],
+                'persistence' => [],
+            ],
+        ];
+    }
+
+    private function setupContainer(ContainerBuilder $container): void
+    {
+        $container->register(ScopeManager::class);
+        $container->setAlias(ScopeManagerInterface::class, ScopeManager::class);
+    }
+}
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index d689c7eb..ef848162 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -15,6 +15,9 @@
     </php>
 
     <testsuites>
+        <testsuite name="unit">
+            <directory>./Tests/Unit</directory>
+        </testsuite>
         <testsuite name="acceptance">
             <directory>./Tests/Acceptance</directory>
         </testsuite>