|
<?php |
|
/** |
|
* (c) Artem Ostretsov <[email protected]> |
|
*/ |
|
|
|
namespace ApiBundle\Tests; |
|
|
|
|
|
use Liip\FunctionalTestBundle\Test\WebTestCase; |
|
use AppBundle\Tests\TestHelper; |
|
|
|
class OAuthAuthorizationTest extends WebTestCase |
|
{ |
|
/** |
|
* {@inheritdoc} |
|
*/ |
|
protected function setUp() |
|
{ |
|
// TestHelper is my own class constisted of frequently used static methods |
|
$this->loadFixtures(TestHelper::getFixturesClasses($this->getContainer())); |
|
} |
|
|
|
public function testAuthorizationWorkflow() |
|
{ |
|
$em = $this->getContainer()->get('doctrine.orm.default_entity_manager'); |
|
$apiHost = $this->getContainer()->getParameter('api_domain'); |
|
$oAuthClient1 = $em->getRepository('ApiBundle:OAuthClient')->find(1); |
|
|
|
// request to the echo action should ended up with 401 error code: unauthorized access |
|
$client = self::createClient([], [ |
|
'HTTP_HOST' => $apiHost |
|
]); |
|
|
|
$echoUrl = '/open-api/v1/echo/test'; |
|
$client->request('GET', $echoUrl); |
|
$this->assertEquals(401, $client->getResponse()->getStatusCode()); |
|
$response = json_decode($client->getResponse()->getContent(), true); |
|
$this->assertEquals('access_denied', $response['error']); |
|
|
|
// obtaining access token |
|
$url = sprintf( |
|
'/oauth/v2/token?client_id=%s&client_secret=%s&username=%s&password=%s&grant_type=password', |
|
$oAuthClient1->getPublicId(), |
|
$oAuthClient1->getSecret(), |
|
'[email protected]', // existed username |
|
'user_password' // and corresponding password |
|
); |
|
$client->request('POST', $url); |
|
|
|
$this->assertEquals(200, $client->getResponse()->getStatusCode()); |
|
$response = json_decode($client->getResponse()->getContent(), true); |
|
$this->assertArrayHasKey('access_token', $response); |
|
$this->assertArrayHasKey('expires_in', $response); |
|
$this->assertEquals(3600, $response['expires_in']); |
|
$this->assertArrayHasKey('token_type', $response); |
|
$this->assertArrayHasKey('scope', $response); |
|
$this->assertArrayHasKey('refresh_token', $response); |
|
// we've also got the refresh token; it can be used only once and we will test it later |
|
$refreshToken = $response['refresh_token']; |
|
|
|
// request to the echo action but already with the access token |
|
$echoUrl = sprintf('/open-api/v1/echo/test?access_token=%s', $response['access_token']); |
|
$client->request('GET', $echoUrl); |
|
// 200 status code |
|
$this->assertEquals(200, $client->getResponse()->getStatusCode()); |
|
$response = json_decode($client->getResponse()->getContent(), true); |
|
$this->assertEquals('test', $response['response']); |
|
|
|
// refresh request to the token endpoint |
|
$url = sprintf( |
|
'/oauth/v2/token?client_id=%s&client_secret=%s&refresh_token=%s&grant_type=refresh_token', |
|
$oAuthClient1->getPublicId(), |
|
$oAuthClient1->getSecret(), |
|
$refreshToken |
|
); |
|
$client->request('POST', $url); |
|
// access token is recieved |
|
$this->assertEquals(200, $client->getResponse()->getStatusCode()); |
|
$response = json_decode($client->getResponse()->getContent(), true); |
|
$this->assertArrayHasKey('access_token', $response); |
|
$this->assertArrayHasKey('expires_in', $response); |
|
$this->assertEquals(3600, $response['expires_in']); |
|
$this->assertArrayHasKey('token_type', $response); |
|
$this->assertArrayHasKey('scope', $response); |
|
$this->assertArrayHasKey('refresh_token', $response); |
|
|
|
// extra refresh request with the same refresh token will end up with 400 status code: bad request |
|
$client->request('GET', $url); |
|
$this->assertEquals(400, $client->getResponse()->getStatusCode()); |
|
} |
|
} |
