Implemented features to revoke access for previously authorized OAuth 2.0 clients

2025-05-31 14:11:46 +05:30 · 2020-09-30 20:30:04 +03:00
parent 2a4f29801d
commit b904d5d314
12 changed files with 240 additions and 34 deletions
--- a/api/tests/functional/accounts/GetAuthorizedClientsCest.php
+++ b/api/tests/functional/accounts/GetAuthorizedClientsCest.php
@@ -0,0 +1,40 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional\accounts;
+
+use api\tests\FunctionalTester;
+
+class GetAuthorizedClientsCest {
+
+    public function testGet(FunctionalTester $I) {
+        $id = $I->amAuthenticated('admin');
+        $I->sendGET("/api/v1/accounts/{$id}/oauth2/authorized");
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            [
+                'id' => 'test1',
+                'name' => 'Test1',
+                'description' => 'Some description',
+                'scopes' => ['minecraft_server_session', 'obtain_own_account_info'],
+                'authorizedAt' => 1479944472,
+                'lastUsedAt' => 1479944472,
+            ],
+        ]);
+        $I->cantSeeResponseJsonMatchesJsonPath('$.[?(@.id="tlauncher")]');
+    }
+
+    public function testGetForNotOwnIdentity(FunctionalTester $I) {
+        $I->amAuthenticated('admin');
+        $I->sendGET('/api/v1/accounts/2/oauth2/authorized');
+        $I->canSeeResponseCodeIs(403);
+        $I->canSeeResponseContainsJson([
+            'name' => 'Forbidden',
+            'message' => 'You are not allowed to perform this action.',
+            'code' => 0,
+            'status' => 403,
+        ]);
+    }
+
+}
--- a/api/tests/functional/accounts/RevokeAuthorizedClientCest.php
+++ b/api/tests/functional/accounts/RevokeAuthorizedClientCest.php
@@ -0,0 +1,45 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional\accounts;
+
+use api\tests\FunctionalTester;
+
+class RevokeAuthorizedClientCest {
+
+    public function testRevokeAuthorizedClient(FunctionalTester $I) {
+        $id = $I->amAuthenticated('admin');
+        $I->sendDELETE("/api/v1/accounts/{$id}/oauth2/authorized/test1");
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'success' => true,
+        ]);
+
+        $I->sendGET("/api/v1/accounts/{$id}/oauth2/authorized");
+        $I->cantSeeResponseJsonMatchesJsonPath('$.[?(@.id="test1")]');
+    }
+
+    public function testRevokeAlreadyRevokedClient(FunctionalTester $I) {
+        $id = $I->amAuthenticated('admin');
+        $I->sendDELETE("/api/v1/accounts/{$id}/oauth2/authorized/tlauncher");
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'success' => true,
+        ]);
+    }
+
+    public function testRevokeForNotOwnIdentity(FunctionalTester $I) {
+        $I->amAuthenticated('admin');
+        $I->sendDELETE('/api/v1/accounts/2/oauth2/authorized/test1');
+        $I->canSeeResponseCodeIs(403);
+        $I->canSeeResponseContainsJson([
+            'name' => 'Forbidden',
+            'message' => 'You are not allowed to perform this action.',
+            'code' => 0,
+            'status' => 403,
+        ]);
+    }
+
+}