mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Объединены сущности для авторизации посредством JWT токенов и токенов, выданных через oAuth2.
Все действия, связанные с аккаунтами, теперь вызываются через url `/api/v1/accounts/<id>/<action>`. Добавлена вменяемая система разграничения прав на основе RBAC. Теперь oAuth2 токены генерируются как случайная строка в 40 символов длинной, а не UUID. Исправлен баг с неправильным временем жизни токена в ответе успешного запроса аутентификации. Теперь все unit тесты можно успешно прогнать без наличия интернета.
This commit is contained in:
ErickSkrauch
@@ -1,24 +1,24 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\internal;
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\InternalRoute;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
class BanCest {
|
||||
class AccountBanCest {
|
||||
|
||||
/**
|
||||
* @var InternalRoute
|
||||
* @var AccountsRoute
|
||||
*/
|
||||
private $route;
|
||||
|
||||
public function _before(FunctionalTester $I) {
|
||||
$this->route = new InternalRoute($I);
|
||||
$this->route = new AccountsRoute($I);
|
||||
}
|
||||
|
||||
public function testBanAccount(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::ACCOUNT_BLOCK]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([P::BLOCK_ACCOUNT]);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->ban(1);
|
||||
@@ -30,7 +30,7 @@ class BanCest {
|
||||
}
|
||||
|
||||
public function testBanBannedAccount(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::ACCOUNT_BLOCK]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([P::BLOCK_ACCOUNT]);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->ban(10);
|
||||
@@ -1,24 +1,24 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\internal;
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\InternalRoute;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
class PardonCest {
|
||||
class AccountPardonCest {
|
||||
|
||||
/**
|
||||
* @var InternalRoute
|
||||
* @var AccountsRoute
|
||||
*/
|
||||
private $route;
|
||||
|
||||
public function _before(FunctionalTester $I) {
|
||||
$this->route = new InternalRoute($I);
|
||||
$this->route = new AccountsRoute($I);
|
||||
}
|
||||
|
||||
public function testPardonAccount(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::ACCOUNT_BLOCK]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([P::BLOCK_ACCOUNT]);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->pardon(10);
|
||||
@@ -30,7 +30,7 @@ class PardonCest {
|
||||
}
|
||||
|
||||
public function testPardonNotBannedAccount(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::ACCOUNT_BLOCK]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([P::BLOCK_ACCOUNT]);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->pardon(1);
|
||||
@@ -17,7 +17,7 @@ class AccountsAcceptRulesCest {
|
||||
|
||||
public function testCurrent(FunctionalTester $I) {
|
||||
$I->amAuthenticated('Veleyaba');
|
||||
$this->route->acceptRules();
|
||||
$this->route->acceptRules(9);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -19,7 +19,7 @@ class AccountsChangeEmailConfirmNewEmailCest {
|
||||
$I->wantTo('change my email and get changed value');
|
||||
$I->amAuthenticated('CrafterGameplays');
|
||||
|
||||
$this->route->changeEmailConfirmNewEmail('H28HBDCHHAG2HGHGHS');
|
||||
$this->route->changeEmail(8, 'H28HBDCHHAG2HGHGHS');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -17,9 +17,9 @@ class AccountsChangeEmailInitializeCest {
|
||||
|
||||
public function testChangeEmailInitialize(FunctionalTester $I) {
|
||||
$I->wantTo('send current email confirmation');
|
||||
$I->amAuthenticated();
|
||||
$id = $I->amAuthenticated();
|
||||
|
||||
$this->route->changeEmailInitialize('password_0');
|
||||
$this->route->changeEmailInitialize($id, 'password_0');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -29,9 +29,9 @@ class AccountsChangeEmailInitializeCest {
|
||||
|
||||
public function testChangeEmailInitializeFrequencyError(FunctionalTester $I) {
|
||||
$I->wantTo('see change email request frequency error');
|
||||
$I->amAuthenticated('ILLIMUNATI');
|
||||
$id = $I->amAuthenticated('ILLIMUNATI');
|
||||
|
||||
$this->route->changeEmailInitialize('password_0');
|
||||
$this->route->changeEmailInitialize($id, 'password_0');
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use Codeception\Specify;
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
use tests\codeception\common\helpers\Mock;
|
||||
use yii\validators\EmailValidator;
|
||||
|
||||
class AccountsChangeEmailSubmitNewEmailCest {
|
||||
|
||||
@@ -17,10 +18,12 @@ class AccountsChangeEmailSubmitNewEmailCest {
|
||||
}
|
||||
|
||||
public function testSubmitNewEmail(FunctionalTester $I) {
|
||||
$I->wantTo('submit new email');
|
||||
$I->amAuthenticated('ILLIMUNATI');
|
||||
Mock::func(EmailValidator::class, 'checkdnsrr')->andReturnTrue();
|
||||
|
||||
$this->route->changeEmailSubmitNewEmail('H27HBDCHHAG2HGHGHS', 'my-new-email@ely.by');
|
||||
$I->wantTo('submit new email');
|
||||
$id = $I->amAuthenticated('ILLIMUNATI');
|
||||
|
||||
$this->route->changeEmailSubmitNewEmail($id, 'H27HBDCHHAG2HGHGHS', 'my-new-email@ely.by');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use Codeception\Specify;
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
@@ -18,9 +17,9 @@ class AccountsChangeLangCest {
|
||||
|
||||
public function testSubmitNewEmail(FunctionalTester $I) {
|
||||
$I->wantTo('change my account language');
|
||||
$I->amAuthenticated();
|
||||
$id = $I->amAuthenticated();
|
||||
|
||||
$this->route->changeLang('ru');
|
||||
$this->route->changeLanguage($id, 'ru');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use Codeception\Specify;
|
||||
use common\models\Account;
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\_pages\AuthenticationRoute;
|
||||
@@ -27,9 +26,9 @@ class AccountsChangePasswordCest {
|
||||
|
||||
public function testChangePassword(FunctionalTester $I) {
|
||||
$I->wantTo('change my password');
|
||||
$I->amAuthenticated();
|
||||
$id = $I->amAuthenticated();
|
||||
|
||||
$this->route->changePassword('password_0', 'new-password', 'new-password');
|
||||
$this->route->changePassword($id, 'password_0', 'new-password', 'new-password');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use Codeception\Specify;
|
||||
use common\models\Account;
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -26,9 +25,9 @@ class AccountsChangeUsernameCest {
|
||||
|
||||
public function testChangeUsername(FunctionalTester $I) {
|
||||
$I->wantTo('change my nickname');
|
||||
$I->amAuthenticated();
|
||||
$id = $I->amAuthenticated();
|
||||
|
||||
$this->route->changeUsername('password_0', 'bruce_wayne');
|
||||
$this->route->changeUsername($id, 'password_0', 'bruce_wayne');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -38,9 +37,9 @@ class AccountsChangeUsernameCest {
|
||||
|
||||
public function testChangeUsernameNotAvailable(FunctionalTester $I) {
|
||||
$I->wantTo('see, that nickname "in use" is not available');
|
||||
$I->amAuthenticated();
|
||||
$id = $I->amAuthenticated();
|
||||
|
||||
$this->route->changeUsername('password_0', 'Jon');
|
||||
$this->route->changeUsername($id, 'password_0', 'Jon');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -1,55 +0,0 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
class AccountsCurrentCest {
|
||||
|
||||
/**
|
||||
* @var AccountsRoute
|
||||
*/
|
||||
private $route;
|
||||
|
||||
public function _before(FunctionalTester $I) {
|
||||
$this->route = new AccountsRoute($I);
|
||||
}
|
||||
|
||||
public function testCurrent(FunctionalTester $I) {
|
||||
$I->amAuthenticated();
|
||||
|
||||
$this->route->current();
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'id' => 1,
|
||||
'username' => 'Admin',
|
||||
'email' => 'admin@ely.by',
|
||||
'lang' => 'en',
|
||||
'isActive' => true,
|
||||
'hasMojangUsernameCollision' => false,
|
||||
'shouldAcceptRules' => false,
|
||||
'isOtpEnabled' => false,
|
||||
]);
|
||||
$I->canSeeResponseJsonMatchesJsonPath('$.passwordChangedAt');
|
||||
}
|
||||
|
||||
public function testExpiredCurrent(FunctionalTester $I) {
|
||||
// Устанавливаем заведомо истёкший токен
|
||||
$I->amBearerAuthenticated(
|
||||
'eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiO' .
|
||||
'jE0NjQ2Mjc1NDUsImV4cCI6MTQ2NDYzMTE0NSwianRpIjoxfQ.9c1mm0BK-cuW1qh15F12s2Fh37IN43YeeZeU4DFtlrE'
|
||||
);
|
||||
|
||||
$this->route->current();
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'name' => 'Unauthorized',
|
||||
'message' => 'Token expired',
|
||||
'code' => 0,
|
||||
'status' => 401,
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
||||
93
tests/codeception/api/functional/AccountsGetCest.php
Normal file
93
tests/codeception/api/functional/AccountsGetCest.php
Normal file
@@ -0,0 +1,93 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use tests\codeception\api\_pages\AccountsRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
class AccountsGetCest {
|
||||
|
||||
/**
|
||||
* @var AccountsRoute
|
||||
*/
|
||||
private $route;
|
||||
|
||||
public function _before(FunctionalTester $I) {
|
||||
$this->route = new AccountsRoute($I);
|
||||
}
|
||||
|
||||
public function testGetInfo(FunctionalTester $I) {
|
||||
$accountId = $I->amAuthenticated();
|
||||
|
||||
$this->route->get($accountId);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'id' => 1,
|
||||
'uuid' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||
'username' => 'Admin',
|
||||
'isOtpEnabled' => false,
|
||||
'email' => 'admin@ely.by',
|
||||
'lang' => 'en',
|
||||
'isActive' => true,
|
||||
'hasMojangUsernameCollision' => false,
|
||||
'shouldAcceptRules' => false,
|
||||
'elyProfileLink' => 'http://ely.by/u1',
|
||||
]);
|
||||
$I->canSeeResponseJsonMatchesJsonPath('$.passwordChangedAt');
|
||||
}
|
||||
|
||||
public function testGetWithNotAcceptedLatestRules(FunctionalTester $I) {
|
||||
$accountId = $I->amAuthenticated('Veleyaba');
|
||||
|
||||
$this->route->get($accountId);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'id' => 9,
|
||||
'uuid' => '410462d3-8e71-47cc-bac6-64f77f88cf80',
|
||||
'username' => 'Veleyaba',
|
||||
'email' => 'veleyaba@gmail.com',
|
||||
'isOtpEnabled' => false,
|
||||
'lang' => 'en',
|
||||
'isActive' => true,
|
||||
'hasMojangUsernameCollision' => false,
|
||||
'shouldAcceptRules' => true,
|
||||
'elyProfileLink' => 'http://ely.by/u9',
|
||||
]);
|
||||
$I->canSeeResponseJsonMatchesJsonPath('$.passwordChangedAt');
|
||||
}
|
||||
|
||||
public function testGetInfoWithExpiredToken(FunctionalTester $I) {
|
||||
// Устанавливаем заведомо истёкший токен
|
||||
$I->amBearerAuthenticated(
|
||||
// TODO: обновить токен
|
||||
'eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiO' .
|
||||
'jE0NjQ2Mjc1NDUsImV4cCI6MTQ2NDYzMTE0NSwianRpIjoxfQ.9c1mm0BK-cuW1qh15F12s2Fh37IN43YeeZeU4DFtlrE'
|
||||
);
|
||||
|
||||
$this->route->get(1);
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'name' => 'Unauthorized',
|
||||
'message' => 'Token expired',
|
||||
'code' => 0,
|
||||
'status' => 401,
|
||||
]);
|
||||
}
|
||||
|
||||
public function testGetInfoNotCurrentAccount(FunctionalTester $I) {
|
||||
$I->amAuthenticated();
|
||||
|
||||
$this->route->get(10);
|
||||
$I->canSeeResponseCodeIs(403);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'name' => 'Forbidden',
|
||||
'message' => 'You are not allowed to perform this action.',
|
||||
'code' => 0,
|
||||
'status' => 403,
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace codeception\api\functional;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\IdentityInfoRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -30,7 +29,7 @@ class IdentityInfoCest {
|
||||
}
|
||||
|
||||
public function testGetInfo(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessToken([S::ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessToken(['account_info']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
$this->route->info();
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
@@ -47,7 +46,7 @@ class IdentityInfoCest {
|
||||
}
|
||||
|
||||
public function testGetInfoWithEmail(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessToken([S::ACCOUNT_INFO, S::ACCOUNT_EMAIL]);
|
||||
$accessToken = $I->getAccessToken(['account_info', 'account_email']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
$this->route->info();
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
|
||||
@@ -21,7 +21,7 @@ class RecoverPasswordCest {
|
||||
$jwt = $I->grabDataFromResponseByJsonPath('$.access_token')[0];
|
||||
$I->amBearerAuthenticated($jwt);
|
||||
$accountRoute = new AccountsRoute($I);
|
||||
$accountRoute->current();
|
||||
$accountRoute->get(5);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->notLoggedIn();
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional;
|
||||
|
||||
use Codeception\Specify;
|
||||
use tests\codeception\api\_pages\SignupRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
|
||||
@@ -16,8 +16,8 @@ class TwoFactorAuthCredentialsCest {
|
||||
}
|
||||
|
||||
public function testGetCredentials(FunctionalTester $I) {
|
||||
$I->amAuthenticated();
|
||||
$this->route->credentials();
|
||||
$accountId = $I->amAuthenticated();
|
||||
$this->route->credentials($accountId);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseJsonMatchesJsonPath('$.secret');
|
||||
|
||||
@@ -17,9 +17,9 @@ class TwoFactorAuthDisableCest {
|
||||
}
|
||||
|
||||
public function testFails(FunctionalTester $I) {
|
||||
$I->amAuthenticated('AccountWithEnabledOtp');
|
||||
$accountId = $I->amAuthenticated('AccountWithEnabledOtp');
|
||||
|
||||
$this->route->disable();
|
||||
$this->route->disable($accountId);
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
@@ -28,7 +28,7 @@ class TwoFactorAuthDisableCest {
|
||||
],
|
||||
]);
|
||||
|
||||
$this->route->disable('123456', 'invalid_password');
|
||||
$this->route->disable($accountId, '123456', 'invalid_password');
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
@@ -37,8 +37,8 @@ class TwoFactorAuthDisableCest {
|
||||
],
|
||||
]);
|
||||
|
||||
$I->amAuthenticated('AccountWithOtpSecret');
|
||||
$this->route->disable('123456', 'invalid_password');
|
||||
$accountId = $I->amAuthenticated('AccountWithOtpSecret');
|
||||
$this->route->disable($accountId, '123456', 'invalid_password');
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
@@ -48,9 +48,9 @@ class TwoFactorAuthDisableCest {
|
||||
}
|
||||
|
||||
public function testSuccessEnable(FunctionalTester $I) {
|
||||
$I->amAuthenticated('AccountWithEnabledOtp');
|
||||
$accountId = $I->amAuthenticated('AccountWithEnabledOtp');
|
||||
$totp = TOTP::create('BBBB');
|
||||
$this->route->disable($totp->now(), 'password_0');
|
||||
$this->route->disable($accountId, $totp->now(), 'password_0');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -17,9 +17,9 @@ class TwoFactorAuthEnableCest {
|
||||
}
|
||||
|
||||
public function testFails(FunctionalTester $I) {
|
||||
$I->amAuthenticated('AccountWithOtpSecret');
|
||||
$accountId = $I->amAuthenticated('AccountWithOtpSecret');
|
||||
|
||||
$this->route->enable();
|
||||
$this->route->enable($accountId);
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
@@ -28,7 +28,7 @@ class TwoFactorAuthEnableCest {
|
||||
],
|
||||
]);
|
||||
|
||||
$this->route->enable('123456', 'invalid_password');
|
||||
$this->route->enable($accountId, '123456', 'invalid_password');
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
@@ -37,8 +37,8 @@ class TwoFactorAuthEnableCest {
|
||||
],
|
||||
]);
|
||||
|
||||
$I->amAuthenticated('AccountWithEnabledOtp');
|
||||
$this->route->enable('123456', 'invalid_password');
|
||||
$accountId = $I->amAuthenticated('AccountWithEnabledOtp');
|
||||
$this->route->enable($accountId, '123456', 'invalid_password');
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'errors' => [
|
||||
@@ -48,9 +48,9 @@ class TwoFactorAuthEnableCest {
|
||||
}
|
||||
|
||||
public function testSuccessEnable(FunctionalTester $I) {
|
||||
$I->amAuthenticated('AccountWithOtpSecret');
|
||||
$accountId = $I->amAuthenticated('AccountWithOtpSecret');
|
||||
$totp = TOTP::create('AAAA');
|
||||
$this->route->enable($totp->now(), 'password_0');
|
||||
$this->route->enable($accountId, $totp->now(), 'password_0');
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
|
||||
@@ -1,14 +1,13 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\_steps;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use api\components\OAuth2\Storage\ScopeStorage as S;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
class OauthSteps extends FunctionalTester {
|
||||
|
||||
public function getAuthCode(array $permissions = []) {
|
||||
// TODO: по идее можно напрямую сделать запись в базу, что ускорит процесс тестирования
|
||||
$this->amAuthenticated();
|
||||
$route = new OauthRoute($this);
|
||||
$route->complete([
|
||||
@@ -32,7 +31,6 @@ class OauthSteps extends FunctionalTester {
|
||||
}
|
||||
|
||||
public function getRefreshToken(array $permissions = []) {
|
||||
// TODO: по идее можно напрямую сделать запись в базу, что ускорит процесс тестирования
|
||||
$authCode = $this->getAuthCode(array_merge([S::OFFLINE_ACCESS], $permissions));
|
||||
$response = $this->issueToken($authCode);
|
||||
|
||||
|
||||
@@ -1,15 +1,16 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\_steps;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use Faker\Provider\Uuid;
|
||||
use tests\codeception\api\_pages\SessionServerRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
class SessionServerSteps extends \tests\codeception\api\FunctionalTester {
|
||||
class SessionServerSteps extends FunctionalTester {
|
||||
|
||||
public function amJoined($byLegacy = false) {
|
||||
$oauthSteps = new OauthSteps($this->scenario);
|
||||
$accessToken = $oauthSteps->getAccessToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$accessToken = $oauthSteps->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$route = new SessionServerRoute($this);
|
||||
$serverId = Uuid::uuid();
|
||||
$username = 'Admin';
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\internal;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\InternalRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -18,7 +17,7 @@ class InfoCest {
|
||||
}
|
||||
|
||||
public function testGetInfoById(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::INTERNAL_ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant(['internal_account_info']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->info('id', 1);
|
||||
@@ -26,7 +25,7 @@ class InfoCest {
|
||||
}
|
||||
|
||||
public function testGetInfoByUuid(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::INTERNAL_ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant(['internal_account_info']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->info('uuid', 'df936908-b2e1-544d-96f8-2977ec213022');
|
||||
@@ -34,7 +33,7 @@ class InfoCest {
|
||||
}
|
||||
|
||||
public function testGetInfoByUsername(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::INTERNAL_ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant(['internal_account_info']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->info('username', 'admin');
|
||||
@@ -42,7 +41,7 @@ class InfoCest {
|
||||
}
|
||||
|
||||
public function testInvalidParams(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::INTERNAL_ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant(['internal_account_info']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->info('', '');
|
||||
@@ -50,7 +49,7 @@ class InfoCest {
|
||||
}
|
||||
|
||||
public function testAccountNotFound(OauthSteps $I) {
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant([S::INTERNAL_ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessTokenByClientCredentialsGrant(['internal_account_info']);
|
||||
$I->amBearerAuthenticated($accessToken);
|
||||
|
||||
$this->route->info('username', 'this-user-not-exists');
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -72,7 +71,7 @@ class AccessTokenCest {
|
||||
}
|
||||
|
||||
public function testIssueTokenWithRefreshToken(OauthSteps $I) {
|
||||
$authCode = $I->getAuthCode([S::OFFLINE_ACCESS]);
|
||||
$authCode = $I->getAuthCode(['offline_access']);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$authCode,
|
||||
'ely',
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
@@ -24,7 +24,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION],
|
||||
[P::MINECRAFT_SERVER_SESSION],
|
||||
'test-state'
|
||||
));
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
@@ -101,7 +101,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
));
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -119,7 +119,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
), ['accept' => true]);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -146,7 +146,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
));
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -162,13 +162,13 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
), ['accept' => true]);
|
||||
$this->route->complete($this->buildQueryParams(
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::ACCOUNT_INFO]
|
||||
[P::MINECRAFT_SERVER_SESSION, 'account_info']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -186,7 +186,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
), ['accept' => false]);
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -270,7 +270,7 @@ class AuthCodeCest {
|
||||
|
||||
$I->wantTo('check behavior on some invalid scopes');
|
||||
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
||||
S::MINECRAFT_SERVER_SESSION,
|
||||
P::MINECRAFT_SERVER_SESSION,
|
||||
'some_wrong_scope',
|
||||
]));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
@@ -285,15 +285,15 @@ class AuthCodeCest {
|
||||
|
||||
$I->wantTo('check behavior on request internal scope');
|
||||
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
||||
S::MINECRAFT_SERVER_SESSION,
|
||||
S::ACCOUNT_BLOCK,
|
||||
P::MINECRAFT_SERVER_SESSION,
|
||||
P::BLOCK_ACCOUNT,
|
||||
]));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'error' => 'invalid_scope',
|
||||
'parameter' => S::ACCOUNT_BLOCK,
|
||||
'parameter' => P::BLOCK_ACCOUNT,
|
||||
'statusCode' => 400,
|
||||
]);
|
||||
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -79,7 +78,7 @@ class ClientCredentialsCest {
|
||||
$this->route->issueToken($this->buildParams(
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::ACCOUNT_BLOCK]
|
||||
['account_block']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
@@ -90,7 +89,7 @@ class ClientCredentialsCest {
|
||||
$this->route->issueToken($this->buildParams(
|
||||
'trusted-client',
|
||||
'tXBbyvMcyaOgHMOAXBpN2EC7uFoJAaL9',
|
||||
[S::ACCOUNT_BLOCK]
|
||||
['account_block']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use api\components\OAuth2\Storage\ScopeStorage as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -40,23 +41,23 @@ class RefreshTokenCest {
|
||||
}
|
||||
|
||||
public function testRefreshTokenWithSameScopes(OauthSteps $I) {
|
||||
$refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$refreshToken = $I->getRefreshToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
));
|
||||
$this->canSeeRefreshTokenSuccess($I);
|
||||
}
|
||||
|
||||
public function testRefreshTokenTwice(OauthSteps $I) {
|
||||
$refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$refreshToken = $I->getRefreshToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
));
|
||||
$this->canSeeRefreshTokenSuccess($I);
|
||||
|
||||
@@ -64,18 +65,18 @@ class RefreshTokenCest {
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
));
|
||||
$this->canSeeRefreshTokenSuccess($I);
|
||||
}
|
||||
|
||||
public function testRefreshTokenWithNewScopes(OauthSteps $I) {
|
||||
$refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$refreshToken = $I->getRefreshToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS, S::ACCOUNT_EMAIL]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS, 'account_email']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\sessionserver;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use Faker\Provider\Uuid;
|
||||
use tests\codeception\api\_pages\SessionServerRoute;
|
||||
use tests\codeception\api\functional\_steps\AuthserverSteps;
|
||||
@@ -43,7 +43,7 @@ class JoinCest {
|
||||
|
||||
public function joinByOauth2Token(OauthSteps $I) {
|
||||
$I->wantTo('join to server, using modern oAuth2 generated token');
|
||||
$accessToken = $I->getAccessToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->join([
|
||||
'accessToken' => $accessToken,
|
||||
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||
@@ -54,7 +54,7 @@ class JoinCest {
|
||||
|
||||
public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) {
|
||||
$I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission');
|
||||
$accessToken = $I->getAccessToken([S::ACCOUNT_INFO, S::ACCOUNT_EMAIL]);
|
||||
$accessToken = $I->getAccessToken(['account_info', 'account_email']);
|
||||
$this->route->join([
|
||||
'accessToken' => $accessToken,
|
||||
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\functional\sessionserver;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use Faker\Provider\Uuid;
|
||||
use tests\codeception\api\_pages\SessionServerRoute;
|
||||
use tests\codeception\api\functional\_steps\AuthserverSteps;
|
||||
@@ -43,7 +43,7 @@ class JoinLegacyCest {
|
||||
|
||||
public function joinByOauth2Token(OauthSteps $I) {
|
||||
$I->wantTo('join to server using modern oAuth2 generated token with new launcher session format');
|
||||
$accessToken = $I->getAccessToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->joinLegacy([
|
||||
'sessionId' => 'token:' . $accessToken . ':' . 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||
'user' => 'Admin',
|
||||
@@ -74,7 +74,7 @@ class JoinLegacyCest {
|
||||
|
||||
public function joinWithAccessTokenWithoutMinecraftPermission(OauthSteps $I) {
|
||||
$I->wantTo('join to some server with wrong accessToken');
|
||||
$accessToken = $I->getAccessToken([S::ACCOUNT_INFO]);
|
||||
$accessToken = $I->getAccessToken(['account_info']);
|
||||
$this->route->joinLegacy([
|
||||
'sessionId' => 'token:' . $accessToken . ':' . 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||
'user' => 'Admin',
|
||||
|
||||
Reference in New Issue
Block a user