|
| 1 | +<?php |
| 2 | + |
| 3 | +namespace Laravel\Passport\Tests\Feature; |
| 4 | + |
| 5 | +use Carbon\CarbonImmutable; |
| 6 | +use Illuminate\Contracts\Hashing\Hasher; |
| 7 | +use Illuminate\Database\Eloquent\Factory; |
| 8 | +use Illuminate\Database\Schema\Blueprint; |
| 9 | +use Illuminate\Support\Facades\Schema; |
| 10 | +use Laravel\Passport\Client; |
| 11 | +use Laravel\Passport\ClientRepository; |
| 12 | +use Laravel\Passport\HasApiTokens; |
| 13 | +use Laravel\Passport\Token; |
| 14 | +use Laravel\Passport\TokenRepository; |
| 15 | +use Lcobucci\JWT\Parser; |
| 16 | + |
| 17 | +class AccessTokenControllerTest extends PassportTestCase |
| 18 | +{ |
| 19 | + protected function setUp(): void |
| 20 | + { |
| 21 | + parent::setUp(); |
| 22 | + |
| 23 | + Schema::create('users', function (Blueprint $table) { |
| 24 | + $table->increments('id'); |
| 25 | + $table->string('email')->unique(); |
| 26 | + $table->string('password'); |
| 27 | + $table->dateTime('created_at'); |
| 28 | + $table->dateTime('updated_at'); |
| 29 | + }); |
| 30 | + } |
| 31 | + |
| 32 | + protected function tearDown(): void |
| 33 | + { |
| 34 | + Schema::dropIfExists('users'); |
| 35 | + |
| 36 | + parent::tearDown(); |
| 37 | + } |
| 38 | + |
| 39 | + protected function getUserClass(): ?string |
| 40 | + { |
| 41 | + return User::class; |
| 42 | + } |
| 43 | + |
| 44 | + public function testGettingAccessTokenWithPasswordGrant() |
| 45 | + { |
| 46 | + $this->withoutExceptionHandling(); |
| 47 | + |
| 48 | + $password = 'foobar123'; |
| 49 | + $user = new User(); |
| 50 | + $user-> email = '[email protected]'; |
| 51 | + $user->password = $this->app->make(Hasher::class)->make($password); |
| 52 | + $user->save(); |
| 53 | + |
| 54 | + /** @var Client $client */ |
| 55 | + $client = $this->app->make(Factory::class)->of(Client::class)->state('password_client')->create(['user_id' => $user->id]); |
| 56 | + |
| 57 | + $response = $this->post( |
| 58 | + '/oauth/token', |
| 59 | + [ |
| 60 | + 'grant_type' => 'password', |
| 61 | + 'client_id' => $client->id, |
| 62 | + 'client_secret' => $client->secret, |
| 63 | + 'username' => $user->email, |
| 64 | + 'password' => $password, |
| 65 | + ] |
| 66 | + ); |
| 67 | + |
| 68 | + $response->assertOk(); |
| 69 | + |
| 70 | + $response->assertHeader('pragma', 'no-cache'); |
| 71 | + $response->assertHeader('cache-control', 'no-store, private'); |
| 72 | + $response->assertHeader('content-type', 'application/json; charset=UTF-8'); |
| 73 | + |
| 74 | + $decodedResponse = $response->decodeResponseJson(); |
| 75 | + |
| 76 | + $this->assertArrayHasKey('token_type', $decodedResponse); |
| 77 | + $this->assertArrayHasKey('expires_in', $decodedResponse); |
| 78 | + $this->assertArrayHasKey('access_token', $decodedResponse); |
| 79 | + $this->assertArrayHasKey('refresh_token', $decodedResponse); |
| 80 | + $this->assertSame('Bearer', $decodedResponse['token_type']); |
| 81 | + $expiresInSeconds = 31622400; |
| 82 | + $this->assertEqualsWithDelta($expiresInSeconds, $decodedResponse['expires_in'], 5); |
| 83 | + |
| 84 | + $jwtAccessToken = (new Parser())->parse($decodedResponse['access_token']); |
| 85 | + $this->assertTrue($this->app->make(ClientRepository::class)->findActive($jwtAccessToken->getClaim('aud'))->is($client)); |
| 86 | + $this->assertTrue($this->app->make('auth')->createUserProvider()->retrieveById($jwtAccessToken->getClaim('sub'))->is($user)); |
| 87 | + |
| 88 | + $token = $this->app->make(TokenRepository::class)->find($jwtAccessToken->getClaim('jti')); |
| 89 | + $this->assertInstanceOf(Token::class, $token); |
| 90 | + $this->assertFalse($token->revoked); |
| 91 | + $this->assertTrue($token->user->is($user)); |
| 92 | + $this->assertTrue($token->client->is($client)); |
| 93 | + $this->assertNull($token->name); |
| 94 | + $this->assertLessThanOrEqual(5, CarbonImmutable::now()->addSeconds($expiresInSeconds)->diffInSeconds($token->expires_at)); |
| 95 | + } |
| 96 | + |
| 97 | + public function testGettingAccessTokenWithPasswordGrantWithInvalidPassword() |
| 98 | + { |
| 99 | + $password = 'foobar123'; |
| 100 | + $user = new User(); |
| 101 | + $user-> email = '[email protected]'; |
| 102 | + $user->password = $this->app->make(Hasher::class)->make($password); |
| 103 | + $user->save(); |
| 104 | + |
| 105 | + /** @var Client $client */ |
| 106 | + $client = $this->app->make(Factory::class)->of(Client::class)->state('password_client')->create(['user_id' => $user->id]); |
| 107 | + |
| 108 | + $response = $this->post( |
| 109 | + '/oauth/token', |
| 110 | + [ |
| 111 | + 'grant_type' => 'password', |
| 112 | + 'client_id' => $client->id, |
| 113 | + 'client_secret' => $client->secret, |
| 114 | + 'username' => $user->email, |
| 115 | + 'password' => $password.'foo', |
| 116 | + ] |
| 117 | + ); |
| 118 | + |
| 119 | + $response->assertStatus(400); |
| 120 | + |
| 121 | + $response->assertHeader('cache-control', 'no-cache, private'); |
| 122 | + $response->assertHeader('content-type', 'application/json'); |
| 123 | + |
| 124 | + $decodedResponse = $response->decodeResponseJson(); |
| 125 | + |
| 126 | + $this->assertArrayNotHasKey('token_type', $decodedResponse); |
| 127 | + $this->assertArrayNotHasKey('expires_in', $decodedResponse); |
| 128 | + $this->assertArrayNotHasKey('access_token', $decodedResponse); |
| 129 | + $this->assertArrayNotHasKey('refresh_token', $decodedResponse); |
| 130 | + |
| 131 | + $this->assertArrayHasKey('error', $decodedResponse); |
| 132 | + $this->assertSame('invalid_grant', $decodedResponse['error']); |
| 133 | + $this->assertArrayHasKey('error_description', $decodedResponse); |
| 134 | + $this->assertArrayHasKey('hint', $decodedResponse); |
| 135 | + $this->assertArrayHasKey('message', $decodedResponse); |
| 136 | + |
| 137 | + $this->assertSame(0, Token::count()); |
| 138 | + } |
| 139 | + |
| 140 | + public function testGettingAccessTokenWithPasswordGrantWithInvalidClientSecret() |
| 141 | + { |
| 142 | + $password = 'foobar123'; |
| 143 | + $user = new User(); |
| 144 | + $user-> email = '[email protected]'; |
| 145 | + $user->password = $this->app->make(Hasher::class)->make($password); |
| 146 | + $user->save(); |
| 147 | + |
| 148 | + /** @var Client $client */ |
| 149 | + $client = $this->app->make(Factory::class)->of(Client::class)->state('password_client')->create(['user_id' => $user->id]); |
| 150 | + |
| 151 | + $response = $this->post( |
| 152 | + '/oauth/token', |
| 153 | + [ |
| 154 | + 'grant_type' => 'password', |
| 155 | + 'client_id' => $client->id, |
| 156 | + 'client_secret' => $client->secret.'foo', |
| 157 | + 'username' => $user->email, |
| 158 | + 'password' => $password, |
| 159 | + ] |
| 160 | + ); |
| 161 | + |
| 162 | + $response->assertStatus(401); |
| 163 | + |
| 164 | + $response->assertHeader('cache-control', 'no-cache, private'); |
| 165 | + $response->assertHeader('content-type', 'application/json'); |
| 166 | + |
| 167 | + $decodedResponse = $response->decodeResponseJson(); |
| 168 | + |
| 169 | + $this->assertArrayNotHasKey('token_type', $decodedResponse); |
| 170 | + $this->assertArrayNotHasKey('expires_in', $decodedResponse); |
| 171 | + $this->assertArrayNotHasKey('access_token', $decodedResponse); |
| 172 | + $this->assertArrayNotHasKey('refresh_token', $decodedResponse); |
| 173 | + |
| 174 | + $this->assertArrayHasKey('error', $decodedResponse); |
| 175 | + $this->assertSame('invalid_client', $decodedResponse['error']); |
| 176 | + $this->assertArrayHasKey('error_description', $decodedResponse); |
| 177 | + $this->assertSame('Client authentication failed', $decodedResponse['error_description']); |
| 178 | + $this->assertArrayNotHasKey('hint', $decodedResponse); |
| 179 | + $this->assertArrayHasKey('message', $decodedResponse); |
| 180 | + $this->assertSame('Client authentication failed', $decodedResponse['message']); |
| 181 | + |
| 182 | + $this->assertSame(0, Token::count()); |
| 183 | + } |
| 184 | +} |
| 185 | + |
| 186 | +class User extends \Illuminate\Foundation\Auth\User |
| 187 | +{ |
| 188 | + use HasApiTokens; |
| 189 | +} |
0 commit comments