Spaces:
No application file
No application file
File size: 4,377 Bytes
d2897cd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
<?php
declare(strict_types=1);
namespace Mautic\ApiBundle\Tests\Functional;
use Mautic\CoreBundle\Test\IsolatedTestTrait;
use Mautic\CoreBundle\Test\MauticMysqlTestCase;
use PHPUnit\Framework\Assert;
use Symfony\Component\HttpFoundation\Request;
/**
* This test must run in a separate process because it sets the global constant
* MAUTIC_INSTALLER which breaks other tests.
*
* @runTestsInSeparateProcesses
*
* @preserveGlobalState disabled
*/
final class Oauth2Test extends MauticMysqlTestCase
{
use IsolatedTestTrait;
protected function setUp(): void
{
$this->useCleanupRollback = false;
parent::setUp();
}
public function testAuthWithInvalidCredentials(): void
{
$this->client->enableReboot();
// Disable the default logging in via username and password.
$this->clientServer = [];
$this->setUpSymfony($this->configParams);
$this->client->request(
Request::METHOD_POST,
'/oauth/v2/token',
[
'grant_type' => 'client_credentials',
'client_id' => 'unicorn',
'client_secret' => 'secretUnicorn',
]
);
$response = $this->client->getResponse();
Assert::assertSame(400, $response->getStatusCode(), $response->getContent());
Assert::assertSame(
'{"errors":[{"message":"The client credentials are invalid","code":400,"type":"invalid_client"}]}',
$response->getContent()
);
}
public function testAuthWithInvalidAccessToken(): void
{
$this->client->enableReboot();
// Disable the default logging in via username and password.
$this->clientServer = [];
$this->setUpSymfony($this->configParams);
$this->client->request(
Request::METHOD_GET,
'/api/users',
[],
[],
[
'HTTP_Authorization' => 'Bearer unicorn_token',
],
);
$response = $this->client->getResponse();
Assert::assertSame(401, $response->getStatusCode(), $response->getContent());
Assert::assertSame('{"errors":[{"message":"The access token provided is invalid.","code":401,"type":"invalid_grant"}]}', $response->getContent());
}
public function testAuthWorkflow(): void
{
$this->client->disableReboot();
// Create OAuth2 credentials.
$crawler = $this->client->request(Request::METHOD_GET, 's/credentials/new');
$saveButton = $crawler->selectButton('Save');
$form = $saveButton->form();
$form['client[name]']->setValue('Auth Test');
$form['client[redirectUris]']->setValue('https://test.org');
$crawler = $this->client->submit($form);
Assert::assertTrue($this->client->getResponse()->isOk(), $this->client->getResponse()->getContent());
$clientPublicKey = $crawler->filter('input#client_publicId')->attr('value');
$clientSecretKey = $crawler->filter('input#client_secret')->attr('value');
// Disable the default logging in via username and password.
$this->clientServer = [];
$this->setUpSymfony($this->configParams);
// Get the access token.
$this->client->request(
Request::METHOD_POST,
'/oauth/v2/token',
[
'grant_type' => 'client_credentials',
'client_id' => $clientPublicKey,
'client_secret' => $clientSecretKey,
],
);
$response = $this->client->getResponse();
Assert::assertSame(200, $response->getStatusCode(), $response->getContent());
$payload = json_decode($response->getContent(), true);
$accessToken = $payload['access_token'];
Assert::assertNotEmpty($accessToken);
// Test that the access token works by fetching users via API.
$this->client->request(
Request::METHOD_GET,
'/api/users',
[],
[],
[
'HTTP_Authorization' => "Bearer {$accessToken}",
],
);
$response = $this->client->getResponse();
Assert::assertSame(200, $response->getStatusCode());
Assert::assertStringContainsString('"users":[', $response->getContent());
}
}
|