Spaces:

chrisbryan17
/

mautic

No application file

App Files Files Community

mautic / app /bundles /ApiBundle /Tests /Functional /Oauth2Test.php

chrisbryan17

Upload folder using huggingface_hub

d2897cd verified over 1 year ago

raw

history blame contribute delete

4.38 kB

	<?php

	declare(strict_types=1);

	namespace Mautic\ApiBundle\Tests\Functional;

	use Mautic\CoreBundle\Test\IsolatedTestTrait;
	use Mautic\CoreBundle\Test\MauticMysqlTestCase;
	use PHPUnit\Framework\Assert;
	use Symfony\Component\HttpFoundation\Request;

	/**
	* This test must run in a separate process because it sets the global constant
	* MAUTIC_INSTALLER which breaks other tests.
	*
	* @runTestsInSeparateProcesses
	*
	* @preserveGlobalState disabled
	*/
	final class Oauth2Test extends MauticMysqlTestCase
	{
	use IsolatedTestTrait;

	protected function setUp(): void
	{
	$this->useCleanupRollback = false;

	parent::setUp();
	}

	public function testAuthWithInvalidCredentials(): void
	{
	$this->client->enableReboot();

	// Disable the default logging in via username and password.
	$this->clientServer = [];
	$this->setUpSymfony($this->configParams);

	$this->client->request(
	Request::METHOD_POST,
	'/oauth/v2/token',
	[
	'grant_type' => 'client_credentials',
	'client_id' => 'unicorn',
	'client_secret' => 'secretUnicorn',
	]
	);

	$response = $this->client->getResponse();
	Assert::assertSame(400, $response->getStatusCode(), $response->getContent());
	Assert::assertSame(
	'{"errors":[{"message":"The client credentials are invalid","code":400,"type":"invalid_client"}]}',
	$response->getContent()
	);
	}

	public function testAuthWithInvalidAccessToken(): void
	{
	$this->client->enableReboot();

	// Disable the default logging in via username and password.
	$this->clientServer = [];
	$this->setUpSymfony($this->configParams);

	$this->client->request(
	Request::METHOD_GET,
	'/api/users',
	[],
	[],
	[
	'HTTP_Authorization' => 'Bearer unicorn_token',
	],
	);

	$response = $this->client->getResponse();
	Assert::assertSame(401, $response->getStatusCode(), $response->getContent());
	Assert::assertSame('{"errors":[{"message":"The access token provided is invalid.","code":401,"type":"invalid_grant"}]}', $response->getContent());
	}

	public function testAuthWorkflow(): void
	{
	$this->client->disableReboot();

	// Create OAuth2 credentials.
	$crawler = $this->client->request(Request::METHOD_GET, 's/credentials/new');
	$saveButton = $crawler->selectButton('Save');
	$form = $saveButton->form();
	$form['client[name]']->setValue('Auth Test');
	$form['client[redirectUris]']->setValue('https://test.org');

	$crawler = $this->client->submit($form);
	Assert::assertTrue($this->client->getResponse()->isOk(), $this->client->getResponse()->getContent());

	$clientPublicKey = $crawler->filter('input#client_publicId')->attr('value');
	$clientSecretKey = $crawler->filter('input#client_secret')->attr('value');

	// Disable the default logging in via username and password.
	$this->clientServer = [];
	$this->setUpSymfony($this->configParams);

	// Get the access token.
	$this->client->request(
	Request::METHOD_POST,
	'/oauth/v2/token',
	[
	'grant_type' => 'client_credentials',
	'client_id' => $clientPublicKey,
	'client_secret' => $clientSecretKey,
	],
	);

	$response = $this->client->getResponse();
	Assert::assertSame(200, $response->getStatusCode(), $response->getContent());
	$payload = json_decode($response->getContent(), true);
	$accessToken = $payload['access_token'];
	Assert::assertNotEmpty($accessToken);

	// Test that the access token works by fetching users via API.
	$this->client->request(
	Request::METHOD_GET,
	'/api/users',
	[],
	[],
	[
	'HTTP_Authorization' => "Bearer {$accessToken}",
	],
	);

	$response = $this->client->getResponse();
	Assert::assertSame(200, $response->getStatusCode());
	Assert::assertStringContainsString('"users":[', $response->getContent());
	}
	}