mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Fixed almost everything, but all functional tests are broken at the last minute :(
This commit is contained in:
ErickSkrauch
@@ -4,17 +4,16 @@ declare(strict_types=1);
|
||||
namespace codeception\api\unit\components\User;
|
||||
|
||||
use api\components\User\Component;
|
||||
use api\components\User\IdentityFactory;
|
||||
use api\components\User\JwtIdentity;
|
||||
use api\components\User\Oauth2Identity;
|
||||
use api\tests\unit\TestCase;
|
||||
use common\models\Account;
|
||||
use common\models\AccountSession;
|
||||
use common\tests\fixtures\AccountFixture;
|
||||
use common\tests\fixtures\AccountSessionFixture;
|
||||
use common\tests\fixtures\MinecraftAccessKeyFixture;
|
||||
use Emarref\Jwt\Claim;
|
||||
use Emarref\Jwt\Jwt;
|
||||
use Yii;
|
||||
use yii\web\Request;
|
||||
use Lcobucci\JWT\Claim\Basic;
|
||||
use Lcobucci\JWT\Token;
|
||||
|
||||
class ComponentTest extends TestCase {
|
||||
|
||||
@@ -36,53 +35,37 @@ class ComponentTest extends TestCase {
|
||||
];
|
||||
}
|
||||
|
||||
// TODO: move test to refresh token form
|
||||
public function testRenewJwtAuthenticationToken() {
|
||||
$userIP = '192.168.0.1';
|
||||
$this->mockRequest($userIP);
|
||||
/** @var AccountSession $session */
|
||||
$session = $this->tester->grabFixture('sessions', 'admin');
|
||||
$result = $this->component->renewJwtAuthenticationToken($session);
|
||||
$this->assertSame($session, $result->getSession());
|
||||
$this->assertSame($session->account_id, $result->getAccount()->id);
|
||||
$session->refresh(); // reload data from db
|
||||
$this->assertEqualsWithDelta(time(), $session->last_refreshed_at, 3);
|
||||
$this->assertSame($userIP, $session->getReadableIp());
|
||||
$payloads = (new Jwt())->deserialize($result->getJwt())->getPayload();
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$this->assertEqualsWithDelta(time(), $payloads->findClaimByName(Claim\IssuedAt::NAME)->getValue(), 3);
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$this->assertEqualsWithDelta(time() + 3600, $payloads->findClaimByName('exp')->getValue(), 3);
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$this->assertSame('ely|1', $payloads->findClaimByName('sub')->getValue());
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$this->assertSame('accounts_web_user', $payloads->findClaimByName('ely-scopes')->getValue());
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$this->assertSame($session->id, $payloads->findClaimByName('jti')->getValue(), 'session has not changed');
|
||||
}
|
||||
|
||||
public function testGetActiveSession() {
|
||||
/** @var Account $account */
|
||||
$account = $this->tester->grabFixture('accounts', 'admin');
|
||||
/** @var AccountSession $session */
|
||||
$session = $this->tester->grabFixture('sessions', 'admin');
|
||||
$token = $this->component->createJwtAuthenticationToken($account, $session);
|
||||
$jwt = $this->component->serializeToken($token);
|
||||
// User is guest
|
||||
$component = new Component();
|
||||
$this->assertNull($component->getActiveSession());
|
||||
|
||||
/** @var Component|\PHPUnit\Framework\MockObject\MockObject $component */
|
||||
$component = $this->getMockBuilder(Component::class)
|
||||
->setMethods(['getIsGuest'])
|
||||
->getMock();
|
||||
// Identity is a Oauth2Identity
|
||||
$component->setIdentity(mock(Oauth2Identity::class));
|
||||
$this->assertNull($component->getActiveSession());
|
||||
|
||||
$component
|
||||
->method('getIsGuest')
|
||||
->willReturn(false);
|
||||
// Identity is correct, but have no jti claim
|
||||
/** @var JwtIdentity|\Mockery\MockInterface $identity */
|
||||
$identity = mock(JwtIdentity::class);
|
||||
$identity->shouldReceive('getToken')->andReturn(new Token());
|
||||
$component->setIdentity($identity);
|
||||
$this->assertNull($component->getActiveSession());
|
||||
|
||||
$this->mockAuthorizationHeader($jwt);
|
||||
// Identity is correct and has jti claim, but there is no associated session
|
||||
/** @var JwtIdentity|\Mockery\MockInterface $identity */
|
||||
$identity = mock(JwtIdentity::class);
|
||||
$identity->shouldReceive('getToken')->andReturn(new Token([], ['jti' => new Basic('jti', 999999)]));
|
||||
$component->setIdentity($identity);
|
||||
$this->assertNull($component->getActiveSession());
|
||||
|
||||
$foundSession = $component->getActiveSession();
|
||||
$this->assertInstanceOf(AccountSession::class, $foundSession);
|
||||
$this->assertSame($session->id, $foundSession->id);
|
||||
// Identity is correct, has jti claim and associated session exists
|
||||
/** @var JwtIdentity|\Mockery\MockInterface $identity */
|
||||
$identity = mock(JwtIdentity::class);
|
||||
$identity->shouldReceive('getToken')->andReturn(new Token([], ['jti' => new Basic('jti', 1)]));
|
||||
$component->setIdentity($identity);
|
||||
$session = $component->getActiveSession();
|
||||
$this->assertNotNull($session);
|
||||
$this->assertSame(1, $session->id);
|
||||
}
|
||||
|
||||
public function testTerminateSessions() {
|
||||
@@ -95,7 +78,6 @@ class ComponentTest extends TestCase {
|
||||
|
||||
/** @var Account $account */
|
||||
$account = $this->tester->grabFixture('accounts', 'admin');
|
||||
$component->createJwtAuthenticationToken($account);
|
||||
|
||||
// Dry run: no sessions should be removed
|
||||
$component->terminateSessions($account, Component::KEEP_MINECRAFT_SESSIONS | Component::KEEP_SITE_SESSIONS);
|
||||
@@ -119,24 +101,4 @@ class ComponentTest extends TestCase {
|
||||
$this->assertEmpty($account->getMinecraftAccessKeys()->all());
|
||||
}
|
||||
|
||||
private function mockRequest($userIP = '127.0.0.1') {
|
||||
/** @var Request|\Mockery\MockInterface $request */
|
||||
$request = mock(Request::class . '[getHostInfo,getUserIP]')->makePartial();
|
||||
$request->shouldReceive('getHostInfo')->andReturn('http://localhost');
|
||||
$request->shouldReceive('getUserIP')->andReturn($userIP);
|
||||
|
||||
Yii::$app->set('request', $request);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $bearerToken
|
||||
*/
|
||||
private function mockAuthorizationHeader($bearerToken = null) {
|
||||
if ($bearerToken !== null) {
|
||||
$bearerToken = 'Bearer ' . $bearerToken;
|
||||
}
|
||||
|
||||
Yii::$app->request->headers->set('Authorization', $bearerToken);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -5,9 +5,9 @@ namespace codeception\api\unit\components\User;
|
||||
|
||||
use api\components\User\JwtIdentity;
|
||||
use api\tests\unit\TestCase;
|
||||
use Carbon\Carbon;
|
||||
use common\tests\fixtures\AccountFixture;
|
||||
use Emarref\Jwt\Claim\Expiration as ExpirationClaim;
|
||||
use Yii;
|
||||
use yii\web\UnauthorizedHttpException;
|
||||
|
||||
class JwtIdentityTest extends TestCase {
|
||||
|
||||
@@ -18,40 +18,77 @@ class JwtIdentityTest extends TestCase {
|
||||
}
|
||||
|
||||
public function testFindIdentityByAccessToken() {
|
||||
$token = $this->generateToken();
|
||||
$token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.4Oidvuo4spvUf9hkpHR72eeqZUh2Zbxh_L8Od3vcgTj--0iOrcOEp6zwmEW6vF7BTHtjz2b3mXce61bqsCjXjQ';
|
||||
/** @var JwtIdentity $identity */
|
||||
$identity = JwtIdentity::findIdentityByAccessToken($token);
|
||||
$this->assertSame($token, $identity->getId());
|
||||
$this->assertSame($this->tester->grabFixture('accounts', 'admin')['id'], $identity->getAccount()->id);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \yii\web\UnauthorizedHttpException
|
||||
* @expectedExceptionMessage Token expired
|
||||
*/
|
||||
public function testFindIdentityByAccessTokenWithExpiredToken() {
|
||||
$expiredToken = $this->generateToken(time() - 3600);
|
||||
JwtIdentity::findIdentityByAccessToken($expiredToken);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \yii\web\UnauthorizedHttpException
|
||||
* @expectedExceptionMessage Incorrect token
|
||||
*/
|
||||
public function testFindIdentityByAccessTokenWithEmptyToken() {
|
||||
JwtIdentity::findIdentityByAccessToken('');
|
||||
}
|
||||
|
||||
private function generateToken(int $expiresAt = null): string {
|
||||
/** @var \api\components\User\Component $component */
|
||||
$component = Yii::$app->user;
|
||||
$this->assertSame($token, (string)$identity->getToken());
|
||||
/** @var \common\models\Account $account */
|
||||
$account = $this->tester->grabFixture('accounts', 'admin');
|
||||
$token = $component->createJwtAuthenticationToken($account);
|
||||
if ($expiresAt !== null) {
|
||||
$token->addClaim(new ExpirationClaim($expiresAt));
|
||||
}
|
||||
$this->assertSame($account->id, $identity->getAccount()->id);
|
||||
}
|
||||
|
||||
return $component->serializeToken($token);
|
||||
/**
|
||||
* @dataProvider getFindIdentityByAccessTokenInvalidCases
|
||||
*/
|
||||
public function testFindIdentityByAccessTokenInvalidCases(string $token, string $expectedExceptionMessage) {
|
||||
$this->expectException(UnauthorizedHttpException::class);
|
||||
$this->expectExceptionMessage($expectedExceptionMessage);
|
||||
JwtIdentity::findIdentityByAccessToken($token);
|
||||
}
|
||||
|
||||
public function getFindIdentityByAccessTokenInvalidCases() {
|
||||
yield 'expired token' => [
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MDMzNDIsImV4cCI6MTU2NDYwNjk0Miwic3ViIjoiZWx5fDEifQ.36cDWyiXRArv-lgK_S5dyC5m_Ddytwkb78tMrxcPcbWEpoeg2VtwPC7zr6NI0cd0CuLw6InC2hZ9Ey95SSOsHw',
|
||||
'Token expired',
|
||||
];
|
||||
yield 'iat from future' => [
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTc3NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ._6hj6XUSmSLibgT9ZE1Pokf4oI9r-d6tEc1z2J-fBlr1710Qiso5yNcXqb3Z_xy7Qtemyq8jOlOZA8DvmkVBrg',
|
||||
'Incorrect token',
|
||||
];
|
||||
yield 'invalid signature' => [
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.yth31f2PyhUkYSfBlizzUXWIgOvxxk8gNP-js0z8g1OT5rig40FPTIkgsZRctAwAAlj6QoIWW7-hxLTcSb2vmw',
|
||||
'Incorrect token',
|
||||
];
|
||||
yield 'invalid sub' => [
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoxMjM0fQ.yigP5nWFdX0ktbuZC_Unb9bWxpAVd7Nv8Fb1Vsa0t5WkVA88VbhPi2P-CenbDOy8ngwoGV9m3c3upMs2V3gqvw',
|
||||
'Incorrect token',
|
||||
];
|
||||
yield 'empty token' => ['', 'Incorrect token'];
|
||||
}
|
||||
|
||||
public function testGetAccount() {
|
||||
// Token with sub claim
|
||||
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.4Oidvuo4spvUf9hkpHR72eeqZUh2Zbxh_L8Od3vcgTj--0iOrcOEp6zwmEW6vF7BTHtjz2b3mXce61bqsCjXjQ');
|
||||
$this->assertSame(1, $identity->getAccount()->id);
|
||||
|
||||
// Sub presented, but account not exists
|
||||
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDk5OTk5In0.1pAnhkR-_ZqzjLBR-PNIMJUXRSUK3aYixrFNKZg2ynPNPiDvzh8U-iBTT6XRfMP5nvfXZucRpoPVoiXtx40CUQ');
|
||||
$this->assertNull($identity->getAccount());
|
||||
|
||||
// Token without sub claim
|
||||
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Mn0.QxmYgSflZOQmhzYRr8bowU767yu4yKgTVaho0MPuyCmUfZO_0O0SQASMKVILf-wlT0ODTTG7vD753a2MTAmPmw');
|
||||
$this->assertNull($identity->getAccount());
|
||||
}
|
||||
|
||||
public function testGetAssignedPermissions() {
|
||||
// Token with ely-scopes claim
|
||||
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJlbHktc2NvcGVzIjoicGVybTEscGVybTIscGVybTMiLCJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.MO6T92EOFcZSPIdK8VBUG0qyV-pdayzOPQmpWLPwpl1933E9ann9GdV49piX1IfLHeCHVGThm5_v7AJgyZ5Oaw');
|
||||
$this->assertSame(['perm1', 'perm2', 'perm3'], $identity->getAssignedPermissions());
|
||||
|
||||
// Token without sub claim
|
||||
$identity = JwtIdentity::findIdentityByAccessToken('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE1NjQ2MTA1NDIsImV4cCI6MTU2NDYxNDE0Miwic3ViIjoiZWx5fDEifQ.jsjv2dDetSxu4xivlHoTeDUhqsl-cxSI6SktufJhwR9wqDgQCVIONiqQCUzTzyTwyAz4Ztvel4lKjMCstdJOEw');
|
||||
$this->assertSame([], $identity->getAssignedPermissions());
|
||||
}
|
||||
|
||||
protected function _before() {
|
||||
parent::_before();
|
||||
Carbon::setTestNow(Carbon::create(2019, 8, 1, 1, 2, 22, 'Europe/Minsk'));
|
||||
}
|
||||
|
||||
protected function _after() {
|
||||
parent::_after();
|
||||
Carbon::setTestNow();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user