Перенесены тесты со старого authserver, исправлены ошибки в коде

tests/codeception/api/_pages/AuthserverRoute.php

@@ -0,0 +1,36 @@
+<?php
+namespace tests\codeception\api\_pages;
+
+use yii\codeception\BasePage;
+
+/**
+ * @property \tests\codeception\api\FunctionalTester $actor
+ */
+class AuthserverRoute extends BasePage {
+
+    public function authenticate($params) {
+        $this->route = ['authserver/authentication/authenticate'];
+        $this->actor->sendPOST($this->getUrl(), $params);
+    }
+
+    public function refresh($params) {
+        $this->route = ['authserver/authentication/refresh'];
+        $this->actor->sendPOST($this->getUrl(), $params);
+    }
+
+    public function validate($params) {
+        $this->route = ['authserver/authentication/validate'];
+        $this->actor->sendPOST($this->getUrl(), $params);
+    }
+
+    public function invalidate($params) {
+        $this->route = ['authserver/authentication/invalidate'];
+        $this->actor->sendPOST($this->getUrl(), $params);
+    }
+
+    public function signout($params) {
+        $this->route = ['authserver/authentication/signout'];
+        $this->actor->sendPOST($this->getUrl(), $params);
+    }
+
+}

tests/codeception/api/_pages/ContactPage.php

@@ -1,26 +0,0 @@
-<?php
-
-namespace tests\codeception\api\_pages;
-
-use yii\codeception\BasePage;
-
-/**
- * Represents contact page
- * @property \tests\codeception\api\FunctionalTester $actor
- */
-class ContactPage extends BasePage {
-
-    public $route = 'site/contact';
-
-    /**
-     * @param array $contactData
-     */
-    public function submit(array $contactData) {
-        foreach ($contactData as $field => $value) {
-            $inputType = $field === 'body' ? 'textarea' : 'input';
-            $this->actor->fillField($inputType . '[name="ContactForm[' . $field . ']"]', $value);
-        }
-        $this->actor->click('contact-button');
-    }
-
-}

tests/codeception/api/functional/_steps/AuthserverSteps.php

@@ -0,0 +1,24 @@
+<?php
+namespace tests\codeception\api\functional\_steps;
+
+use Ramsey\Uuid\Uuid;
+use tests\codeception\api\_pages\AuthserverRoute;
+use tests\codeception\api\FunctionalTester;
+
+class AuthserverSteps extends FunctionalTester {
+
+    public function amAuthenticated() {
+        $route = new AuthserverRoute($this);
+        $clientToken = Uuid::uuid4()->toString();
+        $route->authenticate([
+            'username' => 'admin',
+            'password' => 'password_0',
+            'clientToken' => $clientToken,
+        ]);
+
+        $accessToken = $this->grabDataFromResponseByJsonPath('$.accessToken')[0];
+
+        return [$accessToken, $clientToken];
+    }
+
+}

tests/codeception/api/functional/authserver/AuthorizationCest.php

@@ -0,0 +1,96 @@
+<?php
+namespace tests\codeception\api\functional\authserver;
+
+use tests\codeception\api\_pages\AuthserverRoute;
+use Ramsey\Uuid\Uuid;
+use tests\codeception\api\FunctionalTester;
+
+class AuthorizationCest {
+
+    /**
+     * @var AuthserverRoute
+     */
+    private $route;
+
+    public function _before(FunctionalTester $I) {
+        $this->route = new AuthserverRoute($I);
+    }
+
+    public function byName(FunctionalTester $I) {
+        $I->wantTo('authenticate by username and password');
+        $this->route->authenticate([
+            'username' => 'admin',
+            'password' => 'password_0',
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+
+        $this->testSuccessResponse($I);
+    }
+
+    public function byEmail(FunctionalTester $I) {
+        $I->wantTo('authenticate by email and password');
+        $this->route->authenticate([
+            'username' => 'admin@ely.by',
+            'password' => 'password_0',
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+
+        $this->testSuccessResponse($I);
+    }
+
+    public function wrongArguments(FunctionalTester $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $this->route->authenticate([
+            'key' => 'value',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function wrongNicknameAndPassword(FunctionalTester $I) {
+        $I->wantTo('authenticate by username and password with wrong data');
+        $this->route->authenticate([
+            'username' => 'nonexistent_user',
+            'password' => 'nonexistent_password',
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid credentials. Invalid nickname or password.',
+        ]);
+    }
+
+    public function bannedAccount(FunctionalTester $I) {
+        $I->wantTo('authenticate in suspended account');
+        $this->route->authenticate([
+            'username' => 'Banned',
+            'password' => 'password_0',
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'This account has been suspended.',
+        ]);
+    }
+
+    private function testSuccessResponse(FunctionalTester $I) {
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseJsonMatchesJsonPath('$.accessToken');
+        $I->canSeeResponseJsonMatchesJsonPath('$.clientToken');
+        $I->canSeeResponseJsonMatchesJsonPath('$.availableProfiles[0].id');
+        $I->canSeeResponseJsonMatchesJsonPath('$.availableProfiles[0].name');
+        $I->canSeeResponseJsonMatchesJsonPath('$.availableProfiles[0].legacy');
+        $I->canSeeResponseJsonMatchesJsonPath('$.selectedProfile.id');
+        $I->canSeeResponseJsonMatchesJsonPath('$.selectedProfile.name');
+        $I->canSeeResponseJsonMatchesJsonPath('$.selectedProfile.legacy');
+    }
+
+}

tests/codeception/api/functional/authserver/InvalidateCest.php

@@ -0,0 +1,53 @@
+<?php
+namespace tests\codeception\api\functional\authserver;
+
+use Ramsey\Uuid\Uuid;
+use tests\codeception\api\_pages\AuthserverRoute;
+use tests\codeception\api\functional\_steps\AuthserverSteps;
+
+class InvalidateCest {
+
+    /**
+     * @var AuthserverRoute
+     */
+    private $route;
+
+    public function _before(AuthserverSteps $I) {
+        $this->route = new AuthserverRoute($I);
+    }
+
+    public function invalidate(AuthserverSteps $I) {
+        $I->wantTo('invalidate my token');
+        list($accessToken, $clientToken) = $I->amAuthenticated();
+        $this->route->invalidate([
+            'accessToken' => $accessToken,
+            'clientToken' => $clientToken,
+        ]);
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseEquals('');
+    }
+
+    public function wrongArguments(AuthserverSteps $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $this->route->invalidate([
+            'key' => 'value',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function wrongAccessTokenOrClientToken(AuthserverSteps $I) {
+        $I->wantTo('invalidate by wrong client and access token');
+        $this->route->invalidate([
+            'accessToken' => Uuid::uuid4()->toString(),
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseEquals('');
+    }
+
+}

tests/codeception/api/functional/authserver/RefreshCest.php

@@ -0,0 +1,77 @@
+<?php
+namespace tests\codeception\api\functional\authserver;
+
+use Ramsey\Uuid\Uuid;
+use tests\codeception\api\_pages\AuthserverRoute;
+use tests\codeception\api\functional\_steps\AuthserverSteps;
+
+class RefreshCest {
+
+    /**
+     * @var AuthserverRoute
+     */
+    private $route;
+
+    public function _before(AuthserverSteps $I) {
+        $this->route = new AuthserverRoute($I);
+    }
+
+    public function refresh(AuthserverSteps $I) {
+        $I->wantTo('refresh my accessToken');
+        list($accessToken, $clientToken) = $I->amAuthenticated();
+        $this->route->refresh([
+            'accessToken' => $accessToken,
+            'clientToken' => $clientToken,
+        ]);
+
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseJsonMatchesJsonPath('$.accessToken');
+        $I->canSeeResponseJsonMatchesJsonPath('$.clientToken');
+        $I->canSeeResponseJsonMatchesJsonPath('$.selectedProfile.id');
+        $I->canSeeResponseJsonMatchesJsonPath('$.selectedProfile.name');
+        $I->canSeeResponseJsonMatchesJsonPath('$.selectedProfile.legacy');
+        $I->cantSeeResponseJsonMatchesJsonPath('$.availableProfiles');
+    }
+
+    public function wrongArguments(AuthserverSteps $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $this->route->refresh([
+            'key' => 'value',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function wrongAccessToken(AuthserverSteps $I) {
+        $I->wantTo('get error on wrong access or client tokens');
+        $this->route->refresh([
+            'accessToken' => Uuid::uuid4()->toString(),
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid token.',
+        ]);
+    }
+
+    public function refreshTokenFromBannedUser(AuthserverSteps $I) {
+        $I->wantTo('refresh token from suspended account');
+        $this->route->refresh([
+            'accessToken' => '918ecb41-616c-40ee-a7d2-0b0ef0d0d732',
+            'clientToken' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'This account has been suspended.',
+        ]);
+    }
+
+}

tests/codeception/api/functional/authserver/SignoutCest.php

@@ -0,0 +1,75 @@
+<?php
+namespace tests\codeception\api\functional\authserver;
+
+use tests\codeception\api\_pages\AuthserverRoute;
+use tests\codeception\api\functional\_steps\AuthserverSteps;
+
+class SignoutCest {
+
+    /**
+     * @var AuthserverRoute
+     */
+    private $route;
+
+    public function _before(AuthserverSteps $I) {
+        $this->route = new AuthserverRoute($I);
+    }
+
+    public function byName(AuthserverSteps $I) {
+        $I->wantTo('signout by nickname and password');
+        $this->route->signout([
+            'username' => 'admin',
+            'password' => 'password_0',
+        ]);
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseEquals('');
+    }
+
+    public function byEmail(AuthserverSteps $I) {
+        $I->wantTo('signout by email and password');
+        $this->route->signout([
+            'username' => 'admin@ely.by',
+            'password' => 'password_0',
+        ]);
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseEquals('');
+    }
+
+    public function wrongArguments(AuthserverSteps $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $this->route->signout([
+            'key' => 'value',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function wrongNicknameAndPassword(AuthserverSteps $I) {
+        $I->wantTo('signout by nickname and password with wrong data');
+        $this->route->signout([
+            'username' => 'nonexistent_user',
+            'password' => 'nonexistent_password',
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid credentials. Invalid nickname or password.',
+        ]);
+    }
+
+    public function bannedAccount(AuthserverSteps $I) {
+        $I->wantTo('signout from banned account');
+        $this->route->signout([
+            'username' => 'Banned',
+            'password' => 'password_0',
+        ]);
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseEquals('');
+    }
+
+}

tests/codeception/api/functional/authserver/ValidateCest.php

@@ -0,0 +1,69 @@
+<?php
+namespace tests\codeception\api\functional\authserver;
+
+use Ramsey\Uuid\Uuid;
+use tests\codeception\api\_pages\AuthserverRoute;
+use tests\codeception\api\functional\_steps\AuthserverSteps;
+
+class ValidateCest {
+
+    /**
+     * @var AuthserverRoute
+     */
+    private $route;
+
+    public function _before(AuthserverSteps $I) {
+        $this->route = new AuthserverRoute($I);
+    }
+
+    public function validate(AuthserverSteps $I) {
+        $I->wantTo('validate my accessToken');
+        list($accessToken) = $I->amAuthenticated();
+        $this->route->validate([
+            'accessToken' => $accessToken,
+        ]);
+        $I->seeResponseCodeIs(200);
+        $I->canSeeResponseEquals('');
+    }
+
+    public function wrongArguments(AuthserverSteps $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $this->route->validate([
+            'key' => 'value',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function wrongAccessToken(AuthserverSteps $I) {
+        $I->wantTo('get error on wrong accessToken');
+        $this->route->validate([
+            'accessToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid token.',
+        ]);
+    }
+
+    public function expiredAccessToken(AuthserverSteps $I) {
+        $I->wantTo('get error on expired accessToken');
+        $this->route->validate([
+            // Заведомо истёкший токен из дампа
+            'accessToken' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Token expired.',
+        ]);
+    }
+
+}

tests/codeception/common/_support/FixtureHelper.php

@@ -6,6 +6,7 @@ use Codeception\TestCase;
 use tests\codeception\common\fixtures\AccountFixture;
 use tests\codeception\common\fixtures\AccountSessionFixture;
 use tests\codeception\common\fixtures\EmailActivationFixture;
+use tests\codeception\common\fixtures\MinecraftAccessKeyFixture;
 use tests\codeception\common\fixtures\OauthClientFixture;
 use tests\codeception\common\fixtures\OauthSessionFixture;
 use tests\codeception\common\fixtures\UsernameHistoryFixture;
@@ -59,6 +60,7 @@ class FixtureHelper extends Module {
                 'class' => OauthSessionFixture::class,
                 'dataFile' => '@tests/codeception/common/fixtures/data/oauth-sessions.php',
             ],
+            'minecraftAccessKeys' => MinecraftAccessKeyFixture::class,
         ];
     }
 

tests/codeception/common/fixtures/data/accounts.php

@@ -120,4 +120,17 @@ return [
         'created_at' => 1470499952,
         'updated_at' => 1470499952,
     ],
+    'banned-account' => [
+        'id' => 10,
+        'uuid' => 'd2e7360e-50cf-4b9b-baa0-c4440a150795',
+        'username' => 'Banned',
+        'email' => 'banned@ely.by',
+        'password_hash' => '$2y$13$2rYkap5T6jG8z/mMK8a3Ou6aZxJcmAaTha6FEuujvHEmybSHRzW5e', # password_0
+        'password_hash_strategy' => \common\models\Account::PASS_HASH_STRATEGY_YII2,
+        'lang' => 'en',
+        'status' => \common\models\Account::STATUS_BANNED,
+        'rules_agreement_version' => \common\LATEST_RULES_VERSION,
+        'created_at' => 1472682343,
+        'updated_at' => 1472682343,
+    ],
 ];

tests/codeception/common/fixtures/data/minecraft-access-keys.php

@@ -1,10 +1,24 @@
 <?php
 return [
-    [
+    'admin-token' => [
         'access_token' => 'e7bb6648-2183-4981-9b86-eba5e7f87b42',
         'client_token' => '6f380440-0c05-47bd-b7c6-d011f1b5308f',
         'account_id' => 1,
+        'created_at' => time() - 10,
+        'updated_at' => time() - 10,
+    ],
+    'expired-token' => [
+        'access_token' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
+        'client_token' => '47fb164a-2332-42c1-8bad-549e67bb210c',
+        'account_id' => 1,
         'created_at' => 1472423530,
         'updated_at' => 1472423530,
     ],
+    'banned-token' => [
+        'access_token' => '918ecb41-616c-40ee-a7d2-0b0ef0d0d732',
+        'client_token' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
+        'account_id' => 10,
+        'created_at' => time() - 10,
+        'updated_at' => time() - 10,
+    ],
 ];