2016-05-30 05:14:17 +05:30
|
|
|
<?php
|
2019-07-26 19:34:57 +05:30
|
|
|
declare(strict_types=1);
|
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
namespace api\tests\unit\components\User;
|
2016-05-30 05:14:17 +05:30
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
use api\components\User\JwtIdentity;
|
2019-02-23 04:41:57 +05:30
|
|
|
use api\tests\unit\TestCase;
|
2019-08-02 05:59:20 +05:30
|
|
|
use Carbon\Carbon;
|
2019-02-23 04:41:57 +05:30
|
|
|
use common\tests\fixtures\AccountFixture;
|
2019-12-10 04:08:09 +05:30
|
|
|
use common\tests\fixtures\OauthClientFixture;
|
|
|
|
use common\tests\fixtures\OauthSessionFixture;
|
2019-08-02 05:59:20 +05:30
|
|
|
use yii\web\UnauthorizedHttpException;
|
2016-05-30 05:14:17 +05:30
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
class JwtIdentityTest extends TestCase {
|
2016-05-30 05:14:17 +05:30
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
public function _fixtures(): array {
|
2016-05-30 05:14:17 +05:30
|
|
|
return [
|
2016-05-30 23:41:22 +05:30
|
|
|
'accounts' => AccountFixture::class,
|
2019-12-10 04:08:09 +05:30
|
|
|
'oauthClients' => OauthClientFixture::class,
|
|
|
|
'oauthSessions' => OauthSessionFixture::class,
|
2016-05-30 05:14:17 +05:30
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
public function testFindIdentityByAccessToken(): void {
|
2019-08-02 05:59:20 +05:30
|
|
|
$token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.4Oidvuo4spvUf9hkpHR72eeqZUh2Zbxh_L8Od3vcgTj--0iOrcOEp6zwmEW6vF7BTHtjz2b3mXce61bqsCjXjQ';
|
|
|
|
/** @var JwtIdentity $identity */
|
2017-09-19 22:36:16 +05:30
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken($token);
|
2019-02-26 04:56:02 +05:30
|
|
|
$this->assertSame($token, $identity->getId());
|
2024-12-02 15:40:55 +05:30
|
|
|
$this->assertSame($token, $identity->getToken()->toString());
|
2019-08-02 05:59:20 +05:30
|
|
|
/** @var \common\models\Account $account */
|
|
|
|
$account = $this->tester->grabFixture('accounts', 'admin');
|
|
|
|
$this->assertSame($account->id, $identity->getAccount()->id);
|
2016-07-27 18:47:41 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-08-02 05:59:20 +05:30
|
|
|
* @dataProvider getFindIdentityByAccessTokenInvalidCases
|
2016-07-27 18:47:41 +05:30
|
|
|
*/
|
2024-12-02 15:40:55 +05:30
|
|
|
public function testFindIdentityByAccessTokenInvalidCases(string $token, string $expectedExceptionMessage): void {
|
2019-08-02 05:59:20 +05:30
|
|
|
$this->expectException(UnauthorizedHttpException::class);
|
|
|
|
$this->expectExceptionMessage($expectedExceptionMessage);
|
|
|
|
JwtIdentity::findIdentityByAccessToken($token);
|
2016-07-27 18:47:41 +05:30
|
|
|
}
|
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
public function getFindIdentityByAccessTokenInvalidCases(): iterable {
|
2019-08-02 05:59:20 +05:30
|
|
|
yield 'expired token' => [
|
|
|
|
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MDMzNDIsImV4cCI6MTU2NDYwNjk0Miwic3ViIjoiZWx5fDEifQ.36cDWyiXRArv-lgK_S5dyC5m_Ddytwkb78tMrxcPcbWEpoeg2VtwPC7zr6NI0cd0CuLw6InC2hZ9Ey95SSOsHw',
|
|
|
|
'Token expired',
|
|
|
|
];
|
|
|
|
yield 'iat from future' => [
|
|
|
|
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTc3NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ._6hj6XUSmSLibgT9ZE1Pokf4oI9r-d6tEc1z2J-fBlr1710Qiso5yNcXqb3Z_xy7Qtemyq8jOlOZA8DvmkVBrg',
|
|
|
|
'Incorrect token',
|
|
|
|
];
|
2019-12-10 04:08:09 +05:30
|
|
|
yield 'revoked by oauth client' => [
|
2019-12-13 16:25:09 +05:30
|
|
|
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudF9pbmZvLG1pbmVjcmFmdF9zZXJ2ZXJfc2Vzc2lvbiIsImlhdCI6MTU2NDYxMDUwMCwic3ViIjoiZWx5fDEiLCJjbGllbnRfaWQiOiJ0bGF1bmNoZXIifQ.qmiPOjI8jGAQdP5LoAVHO8L75Ly7fRcrTB_iYsUgQ4azgsPnLEhvG7dUnQ9utEd3RK5swDpaZ0bXf90vRbvnmg',
|
2019-12-10 04:08:09 +05:30
|
|
|
'Token has been revoked',
|
|
|
|
];
|
|
|
|
yield 'revoked by unauthorized minecraft launcher' => [
|
2019-12-11 16:46:11 +05:30
|
|
|
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoibWluZWNyYWZ0X3NlcnZlcl9zZXNzaW9uIiwiZWx5LWNsaWVudC10b2tlbiI6IllBTVhneTBBcEI5Z2dUX1VYNjNJaTdKcGtNd2ZwTmxaaE8yVVVEeEZ3YTFmZ2g4dksyN0RtV25vN2xqbk1pWWJwQ1VuS09YVnR2V1YtVVg1dWRQVVFsLU4xY3BBZlJBX2EtZW1BZyIsImlhdCI6MTU2NDYxMDUwMCwic3ViIjoiZWx5fDEifQ.LtE9cQJ4z5dGVkDZl50M2HZH6kOYHgGz2RIycS_lzU9YLhosQ3ux7i2KI7qGI7BNuxO5zJ1OkxF2r9Qc240EpA',
|
2019-12-10 04:08:09 +05:30
|
|
|
'Token has been revoked',
|
|
|
|
];
|
2019-08-02 05:59:20 +05:30
|
|
|
yield 'invalid signature' => [
|
|
|
|
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.yth31f2PyhUkYSfBlizzUXWIgOvxxk8gNP-js0z8g1OT5rig40FPTIkgsZRctAwAAlj6QoIWW7-hxLTcSb2vmw',
|
|
|
|
'Incorrect token',
|
|
|
|
];
|
|
|
|
yield 'empty token' => ['', 'Incorrect token'];
|
2016-05-30 05:14:17 +05:30
|
|
|
}
|
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
public function testGetAccount(): void {
|
2019-08-02 05:59:20 +05:30
|
|
|
// Token with sub claim
|
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.4Oidvuo4spvUf9hkpHR72eeqZUh2Zbxh_L8Od3vcgTj--0iOrcOEp6zwmEW6vF7BTHtjz2b3mXce61bqsCjXjQ');
|
|
|
|
$this->assertSame(1, $identity->getAccount()->id);
|
|
|
|
|
|
|
|
// Sub presented, but account not exists
|
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDk5OTk5In0.1pAnhkR-_ZqzjLBR-PNIMJUXRSUK3aYixrFNKZg2ynPNPiDvzh8U-iBTT6XRfMP5nvfXZucRpoPVoiXtx40CUQ');
|
|
|
|
$this->assertNull($identity->getAccount());
|
|
|
|
|
2019-12-09 22:01:54 +05:30
|
|
|
// Sub contains invalid value
|
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoxMjM0fQ.yigP5nWFdX0ktbuZC_Unb9bWxpAVd7Nv8Fb1Vsa0t5WkVA88VbhPi2P-CenbDOy8ngwoGV9m3c3upMs2V3gqvw');
|
|
|
|
$this->assertNull($identity->getAccount());
|
|
|
|
|
2019-08-02 05:59:20 +05:30
|
|
|
// Token without sub claim
|
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Mn0.QxmYgSflZOQmhzYRr8bowU767yu4yKgTVaho0MPuyCmUfZO_0O0SQASMKVILf-wlT0ODTTG7vD753a2MTAmPmw');
|
|
|
|
$this->assertNull($identity->getAccount());
|
|
|
|
}
|
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
public function testGetAssignedPermissions(): void {
|
2019-08-02 05:59:20 +05:30
|
|
|
// Token with ely-scopes claim
|
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoicGVybTEscGVybTIscGVybTMiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.MO6T92EOFcZSPIdK8VBUG0qyV-pdayzOPQmpWLPwpl1933E9ann9GdV49piX1IfLHeCHVGThm5_v7AJgyZ5Oaw');
|
|
|
|
$this->assertSame(['perm1', 'perm2', 'perm3'], $identity->getAssignedPermissions());
|
|
|
|
|
|
|
|
// Token without sub claim
|
|
|
|
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.jsjv2dDetSxu4xivlHoTeDUhqsl-cxSI6SktufJhwR9wqDgQCVIONiqQCUzTzyTwyAz4Ztvel4lKjMCstdJOEw');
|
|
|
|
$this->assertSame([], $identity->getAssignedPermissions());
|
|
|
|
}
|
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
protected function _before(): void {
|
2019-08-02 05:59:20 +05:30
|
|
|
parent::_before();
|
|
|
|
Carbon::setTestNow(Carbon::create(2019, 8, 1, 1, 2, 22, 'Europe/Minsk'));
|
|
|
|
}
|
2016-05-30 05:14:17 +05:30
|
|
|
|
2024-12-02 15:40:55 +05:30
|
|
|
protected function _after(): void {
|
2019-08-02 05:59:20 +05:30
|
|
|
parent::_after();
|
|
|
|
Carbon::setTestNow();
|
2016-05-30 05:14:17 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
}
|