Added auth functional tests

examples/relational/other_grants.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace OAuth2Server\RelationalExample;
+
+use \Orno\Http\Request;
+use \Orno\Http\Response;
+use \Orno\Http\JsonResponse;
+use \Orno\Http\Exception\MethodNotAllowedException;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+// use \League\OAuth2\Server\Exception;
+use \RelationalExample\Storage;
+use \RelationalExample\Model;
+
+include __DIR__.'/vendor/autoload.php';
+
+// Routing setup
+$router = new \Orno\Route\RouteCollection;
+
+// Set up the OAuth 2.0 resource server
+$server = new \League\OAuth2\Server\AuthorizationServer;
+$server->setSessionStorage(new Storage\SessionStorage);
+$server->setAccessTokenStorage(new Storage\AccessTokenStorage);
+$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage);
+$server->setClientStorage(new Storage\ClientStorage);
+$server->setScopeStorage(new Storage\ScopeStorage);
+$server->setAuthCodeStorage(new Storage\AuthCodeStorage);
+
+$clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant();
+$server->addGrantType($clientCredentials);
+$passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
+$server->addGrantType($passwordGrant);
+$refrehTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant();
+$server->addGrantType($refrehTokenGrant);
+
+$request = (new Request)->createFromGlobals();
+$server->setRequest($request);
+
+$router->post('/access_token', function (Request $request) use ($server) {
+
+    try {
+
+        $response = $server->issueAccessToken();
+        return new Response(json_encode($response), 200);
+
+    } catch (\Exception $e) {
+
+        return new Response(
+            json_encode([
+                'error'     =>  $e->errorType,
+                'message'   =>  $e->getMessage()
+            ]),
+            $e->httpStatusCode,
+            $e->getHttpHeaders()
+        );
+
+    }
+
+});
+
+$dispatcher = $router->getDispatcher();
+$response = $dispatcher->dispatch($request->getMethod(), $request->getPathInfo());
+$response->send();

tests/_support/AuthHelper.php

@@ -0,0 +1,22 @@
+<?php
+namespace Codeception\Module;
+
+// here you can define custom actions
+// all public methods declared in helper class will be available in $I
+
+class AuthHelper extends \Codeception\Module
+{
+    function seeJsonKeyExists($key)
+    {
+        $json = $this->getModule('REST')->grabResponse();
+        $array = json_decode($json);
+        $this->assertTrue(array_key_exists($key, $array));
+    }
+
+    function seeJsonKeyDoesNotExists($key)
+    {
+        $json = $this->getModule('REST')->grabResponse();
+        $array = json_decode($json);
+        $this->assertFalse(array_key_exists($key, $array));
+    }
+}

tests/auth.suite.yml

@@ -0,0 +1,8 @@
+class_name: AuthTester
+modules:
+    enabled: [PhpBrowser, REST, AuthHelper]
+    config:
+      PhpBrowser:
+          url: http://localhost:8000/
+      REST:
+          url: http://localhost:8000/

tests/auth/AuthCodeCept.php

@@ -0,0 +1,24 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with an authorization code');
+$I->sendGET('authcode_grant.php/authorize?client_id=testclient&redirect_uri=http%3A%2F%2Fexample.com%2Fredirect&response_type=code&scope=basic');
+$I->seeResponseCodeIs(200);
+$I->seeHttpHeader('Location');
+
+$location = $I->grabHttpHeader('Location');
+$urlParts = parse_url($location);
+parse_str($urlParts['query'], $queryString);
+
+$I->sendPOST('authcode_grant.php/access_token', [
+    'client_id'     => 'testclient',
+    'redirect_uri'  => 'http://example.com/redirect',
+    'client_secret' => 'secret',
+    'code'          => $queryString['code'],
+    'grant_type'    => 'authorization_code'
+]);
+$I->seeResponseCodeIs(200);
+$I->seeResponseIsJson();
+$I->seeJsonKeyExists('expires_in');
+$I->seeJsonKeyExists('access_token');
+$I->seeResponseContainsJson(['token_type' => 'Bearer']);
+$I->seeJsonKeyDoesNotExists('foobar');

tests/auth/ClientCredentialsCept.php

@@ -0,0 +1,14 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with client credentials');
+$I->sendPOST('other_grants.php/access_token', [
+    'client_id'     => 'testclient',
+    'client_secret' => 'secret',
+    'grant_type'    => 'client_credentials'
+]);
+$I->seeResponseCodeIs(200);
+$I->seeResponseIsJson();
+$I->seeJsonKeyExists('expires_in');
+$I->seeJsonKeyExists('access_token');
+$I->seeResponseContainsJson(['token_type' => 'Bearer']);
+$I->seeJsonKeyDoesNotExists('foobar');

tests/auth/PasswordGrantMissingPasswordCept.php

@@ -0,0 +1,11 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with resource owner credentials');
+$I->sendPOST('other_grants.php/access_token', [
+    'client_id'     => 'testclient',
+    'client_secret' => 'secret',
+    'grant_type'    => 'password',
+    'username'      => 'alexbilbie'
+]);
+$I->seeResponseCodeIs(400);
+$I->seeResponseIsJson();

tests/auth/PasswordGrantMissingUsernameCept.php

@@ -0,0 +1,15 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with resource owner credentials');
+$I->sendPOST('other_grants.php/access_token', [
+    'client_id'     => 'testclient',
+    'client_secret' => 'secret',
+    'grant_type'    => 'password'
+]);
+$I->seeResponseCodeIs(400);
+$I->seeResponseIsJson();
+$I->seeResponseContainsJson([
+    'error' => 'invalid_request',
+    'message' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter
+                 more than once, or is otherwise malformed. Check the "username" parameter.'
+]);

tests/auth/_bootstrap.php

@@ -0,0 +1,2 @@
+<?php
+// Here you can initialize variables that will be available to your tests