From 775d42115a96e294d0b1aa864810776726ef7b05 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Sun, 5 Apr 2015 18:18:09 +0100
Subject: [PATCH] More client credentials test

---
 tests/api/ClientCredentialsCept.php             |  2 +-
 .../ClientCredentialsInvalidClientIdCept.php    | 17 +++++++++++++++++
 ...ClientCredentialsInvalidClientSecretCept.php | 17 +++++++++++++++++
 .../ClientCredentialsMissingClientIdCept.php    | 15 +++++++++++++++
 ...ClientCredentialsMissingClientSecretCept.php | 16 ++++++++++++++++
 5 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 tests/api/ClientCredentialsInvalidClientIdCept.php
 create mode 100644 tests/api/ClientCredentialsInvalidClientSecretCept.php
 create mode 100644 tests/api/ClientCredentialsMissingClientIdCept.php
 create mode 100644 tests/api/ClientCredentialsMissingClientSecretCept.php

diff --git a/tests/api/ClientCredentialsCept.php b/tests/api/ClientCredentialsCept.php
index f1a3ad20..f0eff536 100644
--- a/tests/api/ClientCredentialsCept.php
+++ b/tests/api/ClientCredentialsCept.php
@@ -2,7 +2,7 @@
 $I = new ApiTester($scenario);
 $I->wantTo('get an access token using the client credentials grant');
 $I->sendPOST(
-    'access_token',
+    'client_credentials.php/access_token',
     [
         'grant_type'    => 'client_credentials',
         'client_id'     => 'myawesomeapp',
diff --git a/tests/api/ClientCredentialsInvalidClientIdCept.php b/tests/api/ClientCredentialsInvalidClientIdCept.php
new file mode 100644
index 00000000..97f9fce4
--- /dev/null
+++ b/tests/api/ClientCredentialsInvalidClientIdCept.php
@@ -0,0 +1,17 @@
+<?php
+$I = new ApiTester($scenario);
+$I->wantTo('get an access token using the client credentials grant, invalid client id');
+$I->sendPOST(
+    'client_credentials.php/access_token',
+    [
+        'grant_type'    => 'client_credentials',
+        'client_id'     => 'myawesomeapp-wrong',
+        'client_secret' => 'foobar'
+    ]
+);
+$I->canSeeResponseCodeIs(401);
+$I->canSeeResponseIsJson();
+$I->seeResponseContainsJson([
+    'error'   => 'invalid_client',
+    'message' => 'Client authentication failed.'
+]);
diff --git a/tests/api/ClientCredentialsInvalidClientSecretCept.php b/tests/api/ClientCredentialsInvalidClientSecretCept.php
new file mode 100644
index 00000000..fe4f88fc
--- /dev/null
+++ b/tests/api/ClientCredentialsInvalidClientSecretCept.php
@@ -0,0 +1,17 @@
+<?php
+$I = new ApiTester($scenario);
+$I->wantTo('get an access token using the client credentials grant, invalid client secret');
+$I->sendPOST(
+    'client_credentials.php/access_token',
+    [
+        'grant_type'    => 'client_credentials',
+        'client_id'     => 'myawesomeapp',
+        'client_secret' => 'foobar'
+    ]
+);
+$I->canSeeResponseCodeIs(401);
+$I->canSeeResponseIsJson();
+$I->seeResponseContainsJson([
+    'error'   => 'invalid_client',
+    'message' => 'Client authentication failed.'
+]);
diff --git a/tests/api/ClientCredentialsMissingClientIdCept.php b/tests/api/ClientCredentialsMissingClientIdCept.php
new file mode 100644
index 00000000..68135cdb
--- /dev/null
+++ b/tests/api/ClientCredentialsMissingClientIdCept.php
@@ -0,0 +1,15 @@
+<?php
+$I = new ApiTester($scenario);
+$I->wantTo('get an access token using the client credentials grant, missing client id');
+$I->sendPOST(
+    'client_credentials.php/access_token',
+    [
+        'grant_type' => 'client_credentials'
+    ]
+);
+$I->canSeeResponseCodeIs(400);
+$I->canSeeResponseIsJson();
+$I->seeResponseContainsJson([
+    'error'   => 'invalid_request',
+    'message' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "client_id" parameter.'
+]);
diff --git a/tests/api/ClientCredentialsMissingClientSecretCept.php b/tests/api/ClientCredentialsMissingClientSecretCept.php
new file mode 100644
index 00000000..369e22d6
--- /dev/null
+++ b/tests/api/ClientCredentialsMissingClientSecretCept.php
@@ -0,0 +1,16 @@
+<?php
+$I = new ApiTester($scenario);
+$I->wantTo('get an access token using the client credentials grant, missing client secret');
+$I->sendPOST(
+    'client_credentials.php/access_token',
+    [
+        'grant_type' => 'client_credentials',
+        'client_id'  => 'myawesomeapp'
+    ]
+);
+$I->canSeeResponseCodeIs(400);
+$I->canSeeResponseIsJson();
+$I->seeResponseContainsJson([
+    'error'   => 'invalid_request',
+    'message' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "client_secret" parameter.'
+]);