From 7241e93fe56b50f752d78450ea4078104b402ca3 Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Thu, 5 Jan 2017 02:01:31 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D1=8B=20=D1=82=D0=B5=D1=81=D1=82=D1=8B=20=D0=B4=D0=BB?=
 =?UTF-8?q?=D1=8F=20oauth=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8=D0=B7?=
 =?UTF-8?q?=D0=B0=D1=86=D0=B8=D0=B8=20=D0=BF=D0=BE=20client=5Fcredentials?=
 =?UTF-8?q?=20grant=20type?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 composer.json                                 |   2 +-
 .../OauthClientCredentialsGrantCest.php       | 120 ++++++++++++++++++
 2 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 tests/codeception/api/functional/OauthClientCredentialsGrantCest.php

diff --git a/composer.json b/composer.json
index 689fbe4..2734f1e 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,7 @@
         "yiisoft/yii2": "2.0.10",
         "yiisoft/yii2-swiftmailer": "*",
         "ramsey/uuid": "^3.5.0",
-        "league/oauth2-server": "dev-improvements#b9277ccd664dcb80a766b73674d21de686cb9dda",
+        "league/oauth2-server": "dev-improvements#fbaa9b0bd3d8050235ba7dde90f731764122bc20",
         "yiisoft/yii2-redis": "~2.0.0",
         "guzzlehttp/guzzle": "^6.0.0",
         "php-amqplib/php-amqplib": "^2.6.2",
diff --git a/tests/codeception/api/functional/OauthClientCredentialsGrantCest.php b/tests/codeception/api/functional/OauthClientCredentialsGrantCest.php
new file mode 100644
index 0000000..e27ccbb
--- /dev/null
+++ b/tests/codeception/api/functional/OauthClientCredentialsGrantCest.php
@@ -0,0 +1,120 @@
+<?php
+namespace tests\codeception\api;
+
+use common\models\OauthScope as S;
+use tests\codeception\api\_pages\OauthRoute;
+use tests\codeception\api\functional\_steps\OauthSteps;
+
+class OauthClientCredentialsGrantCest {
+
+    /**
+     * @var OauthRoute
+     */
+    private $route;
+
+    public function _before(FunctionalTester $I) {
+        $this->route = new OauthRoute($I);
+    }
+
+    public function testIssueTokenWithWrongArgs(FunctionalTester $I) {
+        $I->wantTo('check behavior on on request without any credentials');
+        $this->route->issueToken($this->buildParams());
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseContainsJson([
+            'error' => 'invalid_request',
+        ]);
+
+        $I->wantTo('check behavior on passing invalid client_id');
+        $this->route->issueToken($this->buildParams(
+            'invalid-client',
+            'invalid-secret',
+            ['invalid-scope']
+        ));
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseContainsJson([
+            'error' => 'invalid_client',
+        ]);
+
+        $I->wantTo('check behavior on passing invalid client_secret');
+        $this->route->issueToken($this->buildParams(
+            'ely',
+            'invalid-secret',
+            ['invalid-scope']
+        ));
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseContainsJson([
+            'error' => 'invalid_client',
+        ]);
+
+        $I->wantTo('check behavior on passing invalid client_secret');
+        $this->route->issueToken($this->buildParams(
+            'ely',
+            'invalid-secret',
+            ['invalid-scope']
+        ));
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseContainsJson([
+            'error' => 'invalid_client',
+        ]);
+    }
+
+    public function testIssueTokenWithPublicScopes(OauthSteps $I) {
+        // TODO: у нас пока нет публичных скоупов, поэтому тест прогоняется с пустым набором
+        $this->route->issueToken($this->buildParams(
+            'ely',
+            'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
+            []
+        ));
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'token_type' => 'Bearer',
+        ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.access_token');
+        $I->canSeeResponseJsonMatchesJsonPath('$.expires_in');
+    }
+
+    public function testIssueTokenWithInternalScopes(OauthSteps $I) {
+        $this->route->issueToken($this->buildParams(
+            'ely',
+            'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
+            [S::ACCOUNT_BLOCK]
+        ));
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'invalid_scope',
+        ]);
+
+        $this->route->issueToken($this->buildParams(
+            'trusted-client',
+            'tXBbyvMcyaOgHMOAXBpN2EC7uFoJAaL9',
+            [S::ACCOUNT_BLOCK]
+        ));
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'token_type' => 'Bearer',
+        ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.access_token');
+        $I->canSeeResponseJsonMatchesJsonPath('$.expires_in');
+    }
+
+    private function buildParams($clientId = null, $clientSecret = null, array $scopes = null) {
+        $params = ['grant_type' => 'client_credentials'];
+        if ($clientId !== null) {
+            $params['client_id'] = $clientId;
+        }
+
+        if ($clientSecret !== null) {
+            $params['client_secret'] = $clientSecret;
+        }
+
+        if ($scopes !== null) {
+            $params['scope'] = implode(',', $scopes);
+        }
+
+        return $params;
+    }
+
+}