2016-02-14 23:20:10 +05:30
|
|
|
<?php
|
2019-08-23 13:58:04 +05:30
|
|
|
declare(strict_types=1);
|
|
|
|
|
2019-02-21 01:28:52 +05:30
|
|
|
namespace api\tests\functional\oauth;
|
2016-02-14 23:20:10 +05:30
|
|
|
|
2019-08-02 05:59:20 +05:30
|
|
|
use api\rbac\Permissions as P;
|
2019-02-21 01:28:52 +05:30
|
|
|
use api\tests\_pages\OauthRoute;
|
|
|
|
use api\tests\FunctionalTester;
|
2016-02-14 23:20:10 +05:30
|
|
|
|
2017-06-12 17:04:39 +05:30
|
|
|
class AuthCodeCest {
|
2016-02-14 23:20:10 +05:30
|
|
|
|
|
|
|
/**
|
|
|
|
* @var OauthRoute
|
|
|
|
*/
|
|
|
|
private $route;
|
|
|
|
|
|
|
|
public function _before(FunctionalTester $I) {
|
|
|
|
$this->route = new OauthRoute($I);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testValidateRequest(FunctionalTester $I) {
|
|
|
|
$this->testOauthParamsValidation($I, 'validate');
|
|
|
|
}
|
|
|
|
|
2016-05-10 17:37:32 +05:30
|
|
|
public function testCompleteValidationAction(FunctionalTester $I) {
|
2017-01-24 04:30:08 +05:30
|
|
|
$I->amAuthenticated();
|
2016-02-14 23:20:10 +05:30
|
|
|
$I->wantTo('validate all oAuth params on complete request');
|
|
|
|
$this->testOauthParamsValidation($I, 'complete');
|
|
|
|
}
|
|
|
|
|
2016-05-10 17:37:32 +05:30
|
|
|
public function testCompleteActionOnWrongConditions(FunctionalTester $I) {
|
2017-01-24 04:30:08 +05:30
|
|
|
$I->amAuthenticated();
|
2016-02-14 23:20:10 +05:30
|
|
|
|
2016-11-24 03:29:44 +05:30
|
|
|
$I->wantTo('get accept_required if I don\'t require any scope, but this is first time request');
|
2016-02-14 23:20:10 +05:30
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code'
|
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'accept_required',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$I->wantTo('get accept_required if I require some scopes on first time');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 22:36:16 +05:30
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 23:20:10 +05:30
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'accept_required',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-05-10 17:37:32 +05:30
|
|
|
public function testCompleteActionSuccess(FunctionalTester $I) {
|
2017-01-24 04:30:08 +05:30
|
|
|
$I->amAuthenticated();
|
2016-02-14 23:20:10 +05:30
|
|
|
$I->wantTo('get auth code if I require some scope and pass accept field');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 22:36:16 +05:30
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 23:20:10 +05:30
|
|
|
), ['accept' => true]);
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
|
|
|
|
$I->wantTo('get auth code if I don\'t require any scope and don\'t pass accept field, but previously have ' .
|
|
|
|
'successful request');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code'
|
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
|
|
|
|
$I->wantTo('get auth code if I require some scopes and don\'t pass accept field, but previously have successful ' .
|
|
|
|
'request with same scopes');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 22:36:16 +05:30
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 23:20:10 +05:30
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
}
|
|
|
|
|
2016-05-10 17:37:32 +05:30
|
|
|
public function testAcceptRequiredOnNewScope(FunctionalTester $I) {
|
2017-01-24 04:30:08 +05:30
|
|
|
$I->amAuthenticated();
|
2016-02-14 23:20:10 +05:30
|
|
|
$I->wantTo('get accept_required if I have previous successful request, but now require some new scope');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 22:36:16 +05:30
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 23:20:10 +05:30
|
|
|
), ['accept' => true]);
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 22:36:16 +05:30
|
|
|
[P::MINECRAFT_SERVER_SESSION, 'account_info']
|
2016-02-14 23:20:10 +05:30
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'accept_required',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-05-10 17:37:32 +05:30
|
|
|
public function testCompleteActionWithDismissState(FunctionalTester $I) {
|
2017-01-24 04:30:08 +05:30
|
|
|
$I->amAuthenticated();
|
2016-02-14 23:20:10 +05:30
|
|
|
$I->wantTo('get access_denied error if I pass accept in false state');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 22:36:16 +05:30
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 23:20:10 +05:30
|
|
|
), ['accept' => false]);
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'access_denied',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
}
|
|
|
|
|
|
|
|
private function buildQueryParams(
|
|
|
|
$clientId = null,
|
|
|
|
$redirectUri = null,
|
|
|
|
$responseType = null,
|
|
|
|
$scopes = [],
|
|
|
|
$state = null,
|
|
|
|
$customData = []
|
|
|
|
) {
|
|
|
|
$params = $customData;
|
|
|
|
if ($clientId !== null) {
|
|
|
|
$params['client_id'] = $clientId;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($redirectUri !== null) {
|
|
|
|
$params['redirect_uri'] = $redirectUri;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($responseType !== null) {
|
|
|
|
$params['response_type'] = $responseType;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($state !== null) {
|
|
|
|
$params['state'] = $state;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!empty($scopes)) {
|
|
|
|
if (is_array($scopes)) {
|
|
|
|
$scopes = implode(',', $scopes);
|
|
|
|
}
|
|
|
|
|
|
|
|
$params['scope'] = $scopes;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $params;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function testOauthParamsValidation(FunctionalTester $I, $action) {
|
|
|
|
$I->wantTo('check behavior on invalid request without one or few params');
|
|
|
|
$this->route->$action($this->buildQueryParams());
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_request',
|
|
|
|
'parameter' => 'client_id',
|
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$I->wantTo('check behavior on invalid client id');
|
|
|
|
$this->route->$action($this->buildQueryParams('non-exists-client', 'http://some-resource.by', 'code'));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_client',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$I->wantTo('check behavior on invalid response type');
|
|
|
|
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'kitty'));
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'unsupported_response_type',
|
|
|
|
'parameter' => 'kitty',
|
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
|
|
|
|
$I->wantTo('check behavior on some invalid scopes');
|
|
|
|
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
2017-09-19 22:36:16 +05:30
|
|
|
P::MINECRAFT_SERVER_SESSION,
|
2016-02-14 23:20:10 +05:30
|
|
|
'some_wrong_scope',
|
|
|
|
]));
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_scope',
|
|
|
|
'parameter' => 'some_wrong_scope',
|
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
2016-12-10 02:12:07 +05:30
|
|
|
|
|
|
|
$I->wantTo('check behavior on request internal scope');
|
|
|
|
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
2017-09-19 22:36:16 +05:30
|
|
|
P::MINECRAFT_SERVER_SESSION,
|
|
|
|
P::BLOCK_ACCOUNT,
|
2016-12-10 02:12:07 +05:30
|
|
|
]));
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_scope',
|
2017-09-19 22:36:16 +05:30
|
|
|
'parameter' => P::BLOCK_ACCOUNT,
|
2016-12-10 02:12:07 +05:30
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
2016-02-14 23:20:10 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
}
|