Created
April 28, 2015 18:15
-
-
Save amitaibu/1bed7e60ff8f73cc9132 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @file | |
| * Contains RestfulTokenAuthenticationTestCase. | |
| */ | |
| class RestfulTokenAuthenticationTestCase extends DrupalWebTestCase { | |
| public static function getInfo() { | |
| return array( | |
| 'name' => 'Token Authentication', | |
| 'description' => 'Test the request authentication with a token.', | |
| 'group' => 'RESTful', | |
| ); | |
| } | |
| function setUp() { | |
| parent::setUp('restful_example', 'restful_token_auth', 'entityreference'); | |
| } | |
| /** | |
| * Test authenticating a user. | |
| */ | |
| function testAuthentication() { | |
| // Create user. | |
| $user1 = $this->drupalCreateUser(); | |
| $this->drupalLogin($user1); | |
| // Create "Article" node. | |
| $title1 = $this->randomName(); | |
| $settings = array( | |
| 'type' => 'article', | |
| 'title' => $title1, | |
| 'uid' => $user1->uid, | |
| ); | |
| $node1 = $this->drupalCreateNode($settings); | |
| $id= $node1->nid; | |
| // Get a token for the user, using the handler. | |
| $handler = restful_get_restful_handler('access_token'); | |
| $result = $handler->get(); | |
| $access_token = $result['access_token']; | |
| $refresh_token = $result['refresh_token']; | |
| $this->assertNotNull($access_token); | |
| $this->assertNotNull($refresh_token); | |
| // Assert the token did not change. | |
| $result = $handler->get(); | |
| $this->assertEqual($access_token, $result['access_token'], 'Access token did not change.'); | |
| // Get a "protected" resource without the access token. | |
| $handler = restful_get_restful_handler('articles', 1, 3); | |
| try { | |
| $handler->get($id); | |
| $this->fail('"Unauthorized" exception not thrown.'); | |
| } | |
| catch (\RestfulUnauthorizedException $e) { | |
| $this->pass('"Unauthorized" exception was thrown.'); | |
| } | |
| // Get a "protected" resource with invalid access token. | |
| try { | |
| $handler->get($id, array('access_token' => 'invalid')); | |
| $this->fail('"Unauthorized" exception not thrown.'); | |
| } | |
| catch (\RestfulUnauthorizedException $e) { | |
| $this->pass('"Unauthorized" exception was thrown.'); | |
| } | |
| // Get a "protected" resource with refresh token as access token. | |
| try { | |
| $handler->get($id, array('access_token' => $refresh_token)); | |
| $this->fail('"Unauthorized" exception not thrown.'); | |
| } | |
| catch (\RestfulUnauthorizedException $e) { | |
| $this->pass('"Unauthorized" exception was thrown.'); | |
| } | |
| // Get a "protected" resource with refresh token. | |
| try { | |
| $handler->get($id, array('refresh_token' => $refresh_token)); | |
| $this->fail('"Unauthorized" exception not thrown.'); | |
| } | |
| catch (\RestfulUnauthorizedException $e) { | |
| $this->pass('"Unauthorized" exception was thrown.'); | |
| } | |
| // Get a "protected" resource with the access token. | |
| $response = $handler->get($id, array('access_token' => $access_token)); | |
| $result = $response[0]; | |
| $this->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid access token.'); | |
| // Set the expiration token to the past. | |
| $query = new \EntityFieldQuery(); | |
| $result = $query | |
| ->entityCondition('entity_type', 'restful_token_auth') | |
| ->entityCondition('bundle', 'access_token') | |
| ->propertyCondition('token', $access_token) | |
| ->execute(); | |
| if (empty($result['restful_token_auth'])) { | |
| $this->fail('No token was found.'); | |
| } | |
| // Load the token. | |
| $access_id = key($result['restful_token_auth']); | |
| $token = entity_load_single('restful_token_auth', $access_id); | |
| $token->expire = REQUEST_TIME - 60 * 24; | |
| $token->save(); | |
| // Make a GET request to trigger a deletion of the token. | |
| // Clear the restful handler, to make sure the user set by RESTful is | |
| // cleared. | |
| drupal_static_reset('restful_get_restful_handler'); | |
| $handler = restful_get_restful_handler('articles', 1, 3); | |
| try { | |
| $handler->get($id, array('access_token' => $access_token)); | |
| $this->fail('"Unauthorized" exception not thrown for expired token.'); | |
| } | |
| catch (\RestfulUnauthorizedException $e) { | |
| $this->pass('"Unauthorized" exception was thrown for expired token.'); | |
| } | |
| // Make sure the token was deleted. | |
| $query = new \EntityFieldQuery(); | |
| $count = $query | |
| ->entityCondition('entity_type', 'restful_token_auth') | |
| ->entityCondition('bundle', 'access_token') | |
| ->propertyCondition('token', $access_token) | |
| ->count() | |
| ->execute(); | |
| $this->assertFalse($count, 'The token was deleted.'); | |
| // Test the refresh capabilities. | |
| $handler = restful_get_restful_handler('refresh_token'); | |
| $result = $handler->get($refresh_token); | |
| $this->assertNotNull($result['access_token'], 'A new access token granted for a valid refresh token.'); | |
| $this->assertNotNull($result['refresh_token'], 'A new refresh token granted for a valid refresh token.'); | |
| $this->assertNotEqual($refresh_token, $result['refresh_token']); | |
| // Test invalid refresh token. | |
| try { | |
| $handler->get('invalid'); | |
| $this->fail('"Bad Request" exception not thrown.'); | |
| } | |
| catch (\RestfulBadRequestException $e) { | |
| $this->pass('"Bad Request" exception was thrown.'); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment