Added auth functional tests

tests/_support/AuthHelper.php

@@ -0,0 +1,22 @@
+<?php
+namespace Codeception\Module;
+
+// here you can define custom actions
+// all public methods declared in helper class will be available in $I
+
+class AuthHelper extends \Codeception\Module
+{
+    function seeJsonKeyExists($key)
+    {
+        $json = $this->getModule('REST')->grabResponse();
+        $array = json_decode($json);
+        $this->assertTrue(array_key_exists($key, $array));
+    }
+
+    function seeJsonKeyDoesNotExists($key)
+    {
+        $json = $this->getModule('REST')->grabResponse();
+        $array = json_decode($json);
+        $this->assertFalse(array_key_exists($key, $array));
+    }
+}

tests/auth.suite.yml

@@ -0,0 +1,8 @@
+class_name: AuthTester
+modules:
+    enabled: [PhpBrowser, REST, AuthHelper]
+    config:
+      PhpBrowser:
+          url: http://localhost:8000/
+      REST:
+          url: http://localhost:8000/

tests/auth/AuthCodeCept.php

@@ -0,0 +1,24 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with an authorization code');
+$I->sendGET('authcode_grant.php/authorize?client_id=testclient&redirect_uri=http%3A%2F%2Fexample.com%2Fredirect&response_type=code&scope=basic');
+$I->seeResponseCodeIs(200);
+$I->seeHttpHeader('Location');
+
+$location = $I->grabHttpHeader('Location');
+$urlParts = parse_url($location);
+parse_str($urlParts['query'], $queryString);
+
+$I->sendPOST('authcode_grant.php/access_token', [
+    'client_id'     => 'testclient',
+    'redirect_uri'  => 'http://example.com/redirect',
+    'client_secret' => 'secret',
+    'code'          => $queryString['code'],
+    'grant_type'    => 'authorization_code'
+]);
+$I->seeResponseCodeIs(200);
+$I->seeResponseIsJson();
+$I->seeJsonKeyExists('expires_in');
+$I->seeJsonKeyExists('access_token');
+$I->seeResponseContainsJson(['token_type' => 'Bearer']);
+$I->seeJsonKeyDoesNotExists('foobar');

tests/auth/ClientCredentialsCept.php

@@ -0,0 +1,14 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with client credentials');
+$I->sendPOST('other_grants.php/access_token', [
+    'client_id'     => 'testclient',
+    'client_secret' => 'secret',
+    'grant_type'    => 'client_credentials'
+]);
+$I->seeResponseCodeIs(200);
+$I->seeResponseIsJson();
+$I->seeJsonKeyExists('expires_in');
+$I->seeJsonKeyExists('access_token');
+$I->seeResponseContainsJson(['token_type' => 'Bearer']);
+$I->seeJsonKeyDoesNotExists('foobar');

tests/auth/PasswordGrantMissingPasswordCept.php

@@ -0,0 +1,11 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with resource owner credentials');
+$I->sendPOST('other_grants.php/access_token', [
+    'client_id'     => 'testclient',
+    'client_secret' => 'secret',
+    'grant_type'    => 'password',
+    'username'      => 'alexbilbie'
+]);
+$I->seeResponseCodeIs(400);
+$I->seeResponseIsJson();

tests/auth/PasswordGrantMissingUsernameCept.php

@@ -0,0 +1,15 @@
+<?php
+$I = new AuthTester($scenario);
+$I->wantTo('get an access token with resource owner credentials');
+$I->sendPOST('other_grants.php/access_token', [
+    'client_id'     => 'testclient',
+    'client_secret' => 'secret',
+    'grant_type'    => 'password'
+]);
+$I->seeResponseCodeIs(400);
+$I->seeResponseIsJson();
+$I->seeResponseContainsJson([
+    'error' => 'invalid_request',
+    'message' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter
+                 more than once, or is otherwise malformed. Check the "username" parameter.'
+]);

tests/auth/_bootstrap.php

@@ -0,0 +1,2 @@
+<?php
+// Here you can initialize variables that will be available to your tests