Skip to content

Commit e27a847

Browse files
dash8xdash8x
committed
- Added additional tests
1 parent 6e5c397 commit e27a847

12 files changed

Lines changed: 416 additions & 21 deletions

File tree

phpunit.xml.dist

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,5 +32,6 @@
3232
<env name="QUEUE_CONNECTION" value="sync"/>
3333
<env name="SESSION_DRIVER" value="array"/>
3434
<env name="TELESCOPE_ENABLED" value="false"/>
35+
<env name="AUTH_MODEL" value="Javaabu\Passport\Tests\TestSupport\Models\User"/>
3536
</php>
3637
</phpunit>

src/Http/Middleware/AuthenticateOAuthClient.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
use Laravel\Passport\Http\Middleware\CheckToken;
2222
use Laravel\Passport\Passport;
2323
use Laravel\Passport\TransientToken;
24+
use Symfony\Component\HttpFoundation\Response;
2425

2526
class AuthenticateOAuthClient
2627
{
@@ -54,7 +55,7 @@ public function __construct(
5455
*
5556
* @throws AuthenticationException
5657
*/
57-
public function handle($request, Closure $next, ...$scopes)
58+
public function handle(Request $request, Closure $next, string ...$scopes): Response
5859
{
5960
try {
6061
$api_guards = $this->getApiGuards();
@@ -78,7 +79,7 @@ public function handle($request, Closure $next, ...$scopes)
7879
}, ...$api_guards);
7980
} catch (AuthenticationException $e) {
8081
try {
81-
//authentication failed, try client auth
82+
// authentication failed, try client auth
8283
return app(CheckToken::class)->handle($request, $next, ...$scopes);
8384
} catch (AuthenticationException $e) {
8485
$this->authenticateViaCookie();
@@ -99,7 +100,7 @@ protected function getApiGuards(): array
99100
protected function authenticateViaCookie(): ?Authenticatable
100101
{
101102
if (! $token = $this->getTokenViaCookie()) {
102-
return null;
103+
throw new AuthenticationException();
103104
}
104105

105106
// If this user exists, we will return this user and attach a "transient" token to

src/Http/Middleware/CreateFreshApiToken.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ public function __construct(
5656
* @param string|null $guard
5757
* @return mixed
5858
*/
59-
public function handle(Request $request, Closure $next, ?string $guard = null): BaseResponse0
59+
public function handle(Request $request, Closure $next, ?string $guard = null): BaseResponse
6060
{
6161
$this->guard = $guard;
6262

@@ -67,7 +67,7 @@ public function handle(Request $request, Closure $next, ?string $guard = null):
6767
$identifier = ($user && $user->is_active) ? $user->getPassportCookieIdentifier() : null;
6868

6969
$response->withCookie($this->cookieFactory->make(
70-
$identifier,
70+
$identifier ?: '',
7171
$request->session()->token()
7272
));
7373
}

src/Traits/HasUserIdentifier.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,11 @@ public function makeUserIdentifier($id, $user_type)
5656

5757
public function getPassportUserProvider($user_type): ?PassportUserProvider
5858
{
59+
// fix for when not using morph map
60+
if (class_exists($user_type)) {
61+
$user_type = Str::lower(class_basename($user_type));
62+
}
63+
5964
$provider = Str::plural($user_type);
6065

6166
// check if provider exists

tests/Feature/OAuthControllerTest.php

Lines changed: 223 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,223 @@
1+
<?php
2+
3+
namespace Javaabu\Passport\Tests\Feature;
4+
5+
use Javaabu\Passport\Tests\TestSupport\Models\User;
6+
use Illuminate\Foundation\Testing\RefreshDatabase;
7+
use Javaabu\Passport\Tests\TestSupport\Enums\UserStatuses;
8+
use Javaabu\Passport\Tests\TestCase;
9+
use Laravel\Passport\ClientRepository;
10+
11+
class OAuthControllerTest extends TestCase
12+
{
13+
use RefreshDatabase;
14+
15+
public function test_it_can_generate_a_client_credentials_access_token()
16+
{
17+
$user = $this->getUser();
18+
$client = (new ClientRepository())->createClientCredentialsGrantClient(
19+
'Test Client',
20+
);
21+
22+
$this->json('post', '/oauth/token', [
23+
'client_id' => $client->id,
24+
'client_secret' => $client->plainSecret,
25+
'grant_type' => 'client_credentials',
26+
'scope' => '*',
27+
])
28+
->assertStatus(200)
29+
->assertJsonStructure([
30+
'token_type',
31+
'expires_in',
32+
'access_token',
33+
])
34+
->assertJson([
35+
'token_type' => 'Bearer',
36+
]);
37+
}
38+
39+
public function test_it_can_generate_a_password_grant_access_token_for_an_admin()
40+
{
41+
$user = $this->getUser();
42+
$client = (new ClientRepository())->createPasswordGrantClient(
43+
'Test Client',
44+
'users',
45+
);
46+
47+
$this->json('post', '/oauth/token', [
48+
'client_id' => $client->id,
49+
'client_secret' => $client->plainSecret,
50+
'grant_type' => 'password',
51+
'username' => $user->email,
52+
'password' => 'password',
53+
'scope' => '*',
54+
])
55+
->assertStatus(200)
56+
->assertJsonStructure([
57+
'token_type',
58+
'expires_in',
59+
'access_token',
60+
'refresh_token',
61+
])
62+
->assertJson([
63+
'token_type' => 'Bearer',
64+
]);
65+
}
66+
67+
public function test_it_wont_grant_a_password_access_token_for_an_admin_with_incorrect_password()
68+
{
69+
$user = $this->getUser();
70+
$client = (new ClientRepository())->createPasswordGrantClient(
71+
'Test Client',
72+
'users'
73+
);
74+
75+
$this->json('post', '/oauth/token', [
76+
'client_id' => $client->id,
77+
'client_secret' => $client->plainSecret,
78+
'grant_type' => 'password',
79+
'username' => $user->email,
80+
'password' => 'wrong password',
81+
'scope' => '*',
82+
])
83+
->assertStatus(400)
84+
->assertJson([
85+
'error' => 'invalid_grant',
86+
]);
87+
}
88+
89+
public function test_it_can_authorize_an_admin()
90+
{
91+
$this->withoutExceptionHandling();
92+
93+
$user = $this->getUser();
94+
$this->actingAsApiUser($user);
95+
96+
$this->json('get', '/users/profile')
97+
->assertStatus(200)
98+
->assertJson([
99+
'name' => $user->name,
100+
]);
101+
}
102+
103+
public function test_it_wont_allow_an_inactive_admin()
104+
{
105+
$user = $this->getUser();
106+
$user->status = UserStatuses::PENDING;
107+
$user->save();
108+
109+
$this->actingAsApiUser($user);
110+
111+
$this->json('get', '/users/profile')
112+
->assertStatus(403)
113+
->assertJson([
114+
'message' => 'Account not activated',
115+
]);
116+
117+
$this->json('get', '/test')
118+
->assertStatus(403)
119+
->assertJson([
120+
'message' => 'Account not activated',
121+
]);
122+
}
123+
124+
public function test_it_can_authorize_a_client_access_token_from_auth_header()
125+
{
126+
$access_token = $this->getClientAccessToken();
127+
128+
$this->json('get', '/test', [], [
129+
'Authorization' => "Bearer $access_token",
130+
])
131+
->assertStatus(200)
132+
->assertJsonFragment([
133+
'It works',
134+
]);
135+
}
136+
137+
public function test_it_can_authorize_a_user_from_an_auth_token_cookie()
138+
{
139+
$user = $this->getUser();
140+
$access_cookie = $this->getOAuthCookie($user);
141+
142+
// check if it doesn't work without an auth cookie
143+
$this->json('get', '/users/profile')
144+
->assertStatus(401)
145+
->assertDontSee($user->name);
146+
147+
$this->jsonApi('get', '/users/profile', [], $access_cookie)
148+
->assertStatus(200)
149+
->assertJson([
150+
'name' => $user->name,
151+
]);
152+
}
153+
154+
public function test_it_can_authorize_client_credentials_from_an_auth_token_cookie()
155+
{
156+
$access_cookie = $this->getOAuthCookie(null);
157+
158+
$this->jsonApi('get', '/test', [], $access_cookie)
159+
->assertStatus(200)
160+
->assertJsonFragment([
161+
'It works',
162+
]);
163+
}
164+
165+
public function test_it_generates_a_valid_token_cookie_for_inactive_users()
166+
{
167+
$user = $this->getUser();
168+
$user->status = UserStatuses::PENDING;
169+
$user->save();
170+
171+
$this->actingAs($user, 'web');
172+
173+
$access_cookie = $this->get('/verify')
174+
->headers
175+
->getCookies()[0];
176+
177+
// check if it doesn't work without an auth cookie
178+
$this->json('get', '/test')
179+
->assertStatus(401)
180+
->assertDontSee('It works');
181+
182+
// make sure can't access active routes
183+
$this->jsonApi('get', '/users/profile', [], $access_cookie->getValue())
184+
->assertStatus(401)
185+
->assertDontSee($user->name);
186+
187+
$this->jsonApi('get', '/test', [], $access_cookie->getValue())
188+
->assertStatus(200)
189+
->assertJsonFragment([
190+
'It works',
191+
]);
192+
}
193+
194+
public function test_it_generates_a_valid_token_cookie_for_active_users()
195+
{
196+
$user = $this->getUser();
197+
198+
$this->actingAs($user, 'web');
199+
200+
$access_cookie = $this->get('/dashboard')
201+
->assertStatus(200)
202+
->headers
203+
->getCookies()[0];
204+
205+
// check if it doesn't work without an auth cookie
206+
$this->json('get', '/test')
207+
->assertStatus(401)
208+
->assertDontSee('It works');
209+
210+
//make sure can't access active routes
211+
$this->jsonApi('get', '/users/profile', [], $access_cookie->getValue())
212+
->assertStatus(200)
213+
->assertJsonFragment([
214+
'name' => $user->name,
215+
]);
216+
217+
$this->jsonApi('get', '/test', [], $access_cookie->getValue())
218+
->assertStatus(200)
219+
->assertJsonFragment([
220+
'It works',
221+
]);
222+
}
223+
}

tests/Feature/OauthClientTest.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,13 @@
22

33
namespace Javaabu\Passport\Tests\Feature;
44

5+
use Illuminate\Foundation\Testing\RefreshDatabase;
56
use Javaabu\Passport\Tests\TestCase;
67
use Laravel\Passport\ClientRepository;
78

89
class OauthClientTest extends TestCase
910
{
11+
use RefreshDatabase;
1012

1113
public function test_it_can_generate_a_client_credentials_access_token()
1214
{

0 commit comments

Comments
 (0)