2016-02-14 20:50:10 +03:00
|
|
|
<?php
|
2019-02-20 22:58:52 +03:00
|
|
|
namespace api\tests\functional\oauth;
|
2016-02-14 20:50:10 +03:00
|
|
|
|
2017-09-19 20:06:16 +03:00
|
|
|
use common\rbac\Permissions as P;
|
2019-02-20 22:58:52 +03:00
|
|
|
use api\tests\_pages\OauthRoute;
|
|
|
|
use api\tests\FunctionalTester;
|
2016-02-14 20:50:10 +03:00
|
|
|
|
2017-06-12 14:34:39 +03:00
|
|
|
class AuthCodeCest {
|
2016-02-14 20:50:10 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @var OauthRoute
|
|
|
|
*/
|
|
|
|
private $route;
|
|
|
|
|
|
|
|
public function _before(FunctionalTester $I) {
|
|
|
|
$this->route = new OauthRoute($I);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testValidateRequest(FunctionalTester $I) {
|
|
|
|
$this->testOauthParamsValidation($I, 'validate');
|
|
|
|
|
|
|
|
$I->wantTo('validate and obtain information about new auth request');
|
|
|
|
$this->route->validate($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-10-18 02:37:01 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION, 'account_info', 'account_email'],
|
2016-02-14 20:50:10 +03:00
|
|
|
'test-state'
|
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
'oAuth' => [
|
|
|
|
'client_id' => 'ely',
|
|
|
|
'redirect_uri' => 'http://ely.by',
|
|
|
|
'response_type' => 'code',
|
2017-10-18 02:37:01 +03:00
|
|
|
'scope' => 'minecraft_server_session,account_info,account_email',
|
2016-02-14 20:50:10 +03:00
|
|
|
'state' => 'test-state',
|
|
|
|
],
|
|
|
|
'client' => [
|
|
|
|
'id' => 'ely',
|
|
|
|
'name' => 'Ely.by',
|
|
|
|
'description' => 'Всем знакомое елуби',
|
|
|
|
],
|
|
|
|
'session' => [
|
|
|
|
'scopes' => [
|
|
|
|
'minecraft_server_session',
|
2017-10-18 02:37:01 +03:00
|
|
|
'account_info',
|
|
|
|
'account_email',
|
2016-02-14 20:50:10 +03:00
|
|
|
],
|
|
|
|
],
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testValidateWithDescriptionReplaceRequest(FunctionalTester $I) {
|
2017-01-24 02:00:08 +03:00
|
|
|
$I->amAuthenticated();
|
2016-02-14 20:50:10 +03:00
|
|
|
$I->wantTo('validate and get information with description replacement');
|
|
|
|
$this->route->validate($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
|
|
|
null,
|
|
|
|
null,
|
|
|
|
[
|
|
|
|
'description' => 'all familiar eliby',
|
|
|
|
]
|
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'client' => [
|
|
|
|
'description' => 'all familiar eliby',
|
|
|
|
],
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-05-10 15:07:32 +03:00
|
|
|
public function testCompleteValidationAction(FunctionalTester $I) {
|
2017-01-24 02:00:08 +03:00
|
|
|
$I->amAuthenticated();
|
2016-02-14 20:50:10 +03:00
|
|
|
$I->wantTo('validate all oAuth params on complete request');
|
|
|
|
$this->testOauthParamsValidation($I, 'complete');
|
|
|
|
}
|
|
|
|
|
2016-05-10 15:07:32 +03:00
|
|
|
public function testCompleteActionOnWrongConditions(FunctionalTester $I) {
|
2017-01-24 02:00:08 +03:00
|
|
|
$I->amAuthenticated();
|
2016-02-14 20:50:10 +03:00
|
|
|
|
2016-11-24 00:59:44 +03:00
|
|
|
$I->wantTo('get accept_required if I don\'t require any scope, but this is first time request');
|
2016-02-14 20:50:10 +03:00
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code'
|
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'accept_required',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$I->wantTo('get accept_required if I require some scopes on first time');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 20:06:16 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 20:50:10 +03:00
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'accept_required',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-05-10 15:07:32 +03:00
|
|
|
public function testCompleteActionSuccess(FunctionalTester $I) {
|
2017-01-24 02:00:08 +03:00
|
|
|
$I->amAuthenticated();
|
2016-02-14 20:50:10 +03:00
|
|
|
$I->wantTo('get auth code if I require some scope and pass accept field');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 20:06:16 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 20:50:10 +03:00
|
|
|
), ['accept' => true]);
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
|
|
|
|
$I->wantTo('get auth code if I don\'t require any scope and don\'t pass accept field, but previously have ' .
|
|
|
|
'successful request');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code'
|
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
|
|
|
|
$I->wantTo('get auth code if I require some scopes and don\'t pass accept field, but previously have successful ' .
|
|
|
|
'request with same scopes');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 20:06:16 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 20:50:10 +03:00
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(200);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => true,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
}
|
|
|
|
|
2016-05-10 15:07:32 +03:00
|
|
|
public function testAcceptRequiredOnNewScope(FunctionalTester $I) {
|
2017-01-24 02:00:08 +03:00
|
|
|
$I->amAuthenticated();
|
2016-02-14 20:50:10 +03:00
|
|
|
$I->wantTo('get accept_required if I have previous successful request, but now require some new scope');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 20:06:16 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 20:50:10 +03:00
|
|
|
), ['accept' => true]);
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 20:06:16 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION, 'account_info']
|
2016-02-14 20:50:10 +03:00
|
|
|
));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'accept_required',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-05-10 15:07:32 +03:00
|
|
|
public function testCompleteActionWithDismissState(FunctionalTester $I) {
|
2017-01-24 02:00:08 +03:00
|
|
|
$I->amAuthenticated();
|
2016-02-14 20:50:10 +03:00
|
|
|
$I->wantTo('get access_denied error if I pass accept in false state');
|
|
|
|
$this->route->complete($this->buildQueryParams(
|
|
|
|
'ely',
|
|
|
|
'http://ely.by',
|
|
|
|
'code',
|
2017-09-19 20:06:16 +03:00
|
|
|
[P::MINECRAFT_SERVER_SESSION]
|
2016-02-14 20:50:10 +03:00
|
|
|
), ['accept' => false]);
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'access_denied',
|
|
|
|
'parameter' => '',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
}
|
|
|
|
|
|
|
|
private function buildQueryParams(
|
|
|
|
$clientId = null,
|
|
|
|
$redirectUri = null,
|
|
|
|
$responseType = null,
|
|
|
|
$scopes = [],
|
|
|
|
$state = null,
|
|
|
|
$customData = []
|
|
|
|
) {
|
|
|
|
$params = $customData;
|
|
|
|
if ($clientId !== null) {
|
|
|
|
$params['client_id'] = $clientId;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($redirectUri !== null) {
|
|
|
|
$params['redirect_uri'] = $redirectUri;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($responseType !== null) {
|
|
|
|
$params['response_type'] = $responseType;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($state !== null) {
|
|
|
|
$params['state'] = $state;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!empty($scopes)) {
|
|
|
|
if (is_array($scopes)) {
|
|
|
|
$scopes = implode(',', $scopes);
|
|
|
|
}
|
|
|
|
|
|
|
|
$params['scope'] = $scopes;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $params;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function testOauthParamsValidation(FunctionalTester $I, $action) {
|
|
|
|
$I->wantTo('check behavior on invalid request without one or few params');
|
|
|
|
$this->route->$action($this->buildQueryParams());
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_request',
|
|
|
|
'parameter' => 'client_id',
|
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$I->wantTo('check behavior on invalid client id');
|
|
|
|
$this->route->$action($this->buildQueryParams('non-exists-client', 'http://some-resource.by', 'code'));
|
|
|
|
$I->canSeeResponseCodeIs(401);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_client',
|
|
|
|
'statusCode' => 401,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$I->wantTo('check behavior on invalid response type');
|
|
|
|
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'kitty'));
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'unsupported_response_type',
|
|
|
|
'parameter' => 'kitty',
|
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
|
|
|
|
|
|
|
$I->wantTo('check behavior on some invalid scopes');
|
|
|
|
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
2017-09-19 20:06:16 +03:00
|
|
|
P::MINECRAFT_SERVER_SESSION,
|
2016-02-14 20:50:10 +03:00
|
|
|
'some_wrong_scope',
|
|
|
|
]));
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_scope',
|
|
|
|
'parameter' => 'some_wrong_scope',
|
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
2016-12-09 23:42:07 +03:00
|
|
|
|
|
|
|
$I->wantTo('check behavior on request internal scope');
|
|
|
|
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
2017-09-19 20:06:16 +03:00
|
|
|
P::MINECRAFT_SERVER_SESSION,
|
|
|
|
P::BLOCK_ACCOUNT,
|
2016-12-09 23:42:07 +03:00
|
|
|
]));
|
|
|
|
$I->canSeeResponseCodeIs(400);
|
|
|
|
$I->canSeeResponseIsJson();
|
|
|
|
$I->canSeeResponseContainsJson([
|
|
|
|
'success' => false,
|
|
|
|
'error' => 'invalid_scope',
|
2017-09-19 20:06:16 +03:00
|
|
|
'parameter' => P::BLOCK_ACCOUNT,
|
2016-12-09 23:42:07 +03:00
|
|
|
'statusCode' => 400,
|
|
|
|
]);
|
|
|
|
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
2016-02-14 20:50:10 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|