Resolves #2. Implemented authlib-injector support

2025-05-31 14:11:46 +05:30 · 2021-03-03 15:04:42 +01:00
parent 10ab237d1d
commit 4856695940
17 changed files with 505 additions and 87 deletions
--- a/api/tests/functional/authlibInjector/HasJoinedCest.php
+++ b/api/tests/functional/authlibInjector/HasJoinedCest.php
@@ -0,0 +1,52 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional\authlibInjector;
+
+use api\tests\functional\_steps\SessionServerSteps;
+use api\tests\FunctionalTester;
+use function Ramsey\Uuid\v4 as uuid;
+
+class HasJoinedCest {
+
+    public function hasJoined(SessionServerSteps $I) {
+        $I->wantTo('check hasJoined user to some server');
+        [$username, $serverId] = $I->amJoined();
+
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
+            'username' => $username,
+            'serverId' => $serverId,
+        ]);
+
+        $I->seeResponseCodeIs(200);
+        $I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022', true);
+    }
+
+    public function wrongArguments(FunctionalTester $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
+            'wrong' => 'argument',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function hasJoinedWithNoJoinOperation(FunctionalTester $I) {
+        $I->wantTo('hasJoined to some server without join call');
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
+            'username' => 'some-username',
+            'serverId' => uuid(),
+        ]);
+        $I->seeResponseCodeIs(401);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid token.',
+        ]);
+    }
+
+}
--- a/api/tests/functional/authlibInjector/IndexCest.php
+++ b/api/tests/functional/authlibInjector/IndexCest.php
@@ -0,0 +1,30 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional\authlibInjector;
+
+use api\tests\FunctionalTester;
+
+class IndexCest {
+
+    public function index(FunctionalTester $I) {
+        $I->sendGet('/api/authlib-injector');
+        $I->seeResponseCodeIs(200);
+        $I->canSeeResponseContainsJson([
+            'meta' => [
+                'serverName' => 'Ely.by',
+                'implementationName' => 'Account Ely.by adapter for the authlib-injector library',
+                'implementationVersion' => '1.0.0',
+                'feature.no_mojang_namespace' => true,
+                'links' => [
+                    'homepage' => 'https://ely.by',
+                    'register' => 'https://account.ely.by/register',
+                ],
+            ],
+            'skinDomains' => ['ely.by', '.ely.by'],
+            'signaturePublickey' => "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANbUpVCZkMKpfvYZ08W3lumdAaYxLBnm\nUDlzHBQH3DpYef5WCO32TDU6feIJ58A0lAywgtZ4wwi2dGHOz/1hAvcCAwEAAQ==\n-----END PUBLIC KEY-----",
+        ]);
+        $I->canSeeHttpHeader('X-Accel-Expires');
+    }
+
+}
--- a/api/tests/functional/authlibInjector/JoinCest.php
+++ b/api/tests/functional/authlibInjector/JoinCest.php
@@ -0,0 +1,147 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional\authlibInjector;
+
+use api\rbac\Permissions as P;
+use api\tests\functional\_steps\AuthserverSteps;
+use api\tests\functional\_steps\OauthSteps;
+use api\tests\FunctionalTester;
+use Codeception\Example;
+use function Ramsey\Uuid\v4 as uuid;
+
+class JoinCest {
+
+    public function joinByLegacyAuthserver(AuthserverSteps $I) {
+        $I->wantTo('join to server, using legacy authserver access token');
+        [$accessToken] = $I->amAuthenticated();
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => $accessToken,
+            'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
+            'serverId' => uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
+    public function joinByPassJsonInPost(AuthserverSteps $I) {
+        $I->wantTo('join to server, passing data in body as encoded json');
+        [$accessToken] = $I->amAuthenticated();
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => $accessToken,
+            'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
+            'serverId' => uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
+    /**
+     * @example ["df936908-b2e1-544d-96f8-2977ec213022"]
+     * @example ["df936908b2e1544d96f82977ec213022"]
+     */
+    public function joinByOauth2Token(OauthSteps $I, Example $case) {
+        $I->wantTo('join to server, using modern oAuth2 generated token');
+        $accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => $accessToken,
+            'selectedProfile' => $case[0],
+            'serverId' => uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
+    public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) {
+        $I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission');
+        $accessToken = $I->getAccessToken(['account_info', 'account_email']);
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => $accessToken,
+            'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
+            'serverId' => uuid(),
+        ]);
+        $I->seeResponseCodeIs(401);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'The token does not have required scope.',
+        ]);
+    }
+
+    public function joinWithExpiredToken(FunctionalTester $I) {
+        $I->wantTo('join to some server with expired accessToken');
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
+            'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
+            'serverId' => uuid(),
+        ]);
+        $I->seeResponseCodeIs(401);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Expired access_token.',
+        ]);
+    }
+
+    public function wrongArguments(FunctionalTester $I) {
+        $I->wantTo('get error on wrong amount of arguments');
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'wrong' => 'argument',
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function joinWithWrongAccessToken(FunctionalTester $I) {
+        $I->wantTo('join to some server with wrong accessToken');
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => uuid(),
+            'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
+            'serverId' => uuid(),
+        ]);
+        $I->seeResponseCodeIs(401);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid access_token.',
+        ]);
+    }
+
+    public function joinWithNilUuids(FunctionalTester $I) {
+        $I->wantTo('join to some server with nil accessToken and selectedProfile');
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => '00000000-0000-0000-0000-000000000000',
+            'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
+            'serverId' => uuid(),
+        ]);
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'credentials can not be null.',
+        ]);
+    }
+
+    public function joinByAccountMarkedForDeletion(FunctionalTester $I) {
+        $I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
+            'accessToken' => '239ba889-7020-4383-8d99-cd8c8aab4a2f',
+            'selectedProfile' => '6383de63-8f85-4ed5-92b7-5401a1fa68cd',
+            'serverId' => uuid(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Invalid credentials',
+        ]);
+    }
+
+    private function expectSuccessResponse(FunctionalTester $I) {
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'id' => 'OK',
+        ]);
+    }
+
+}
--- a/api/tests/functional/authlibInjector/ProfileCest.php
+++ b/api/tests/functional/authlibInjector/ProfileCest.php
@@ -0,0 +1,56 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional\authlibInjector;
+
+use api\tests\functional\_steps\SessionServerSteps;
+use api\tests\FunctionalTester;
+use Codeception\Example;
+use function Ramsey\Uuid\v4;
+
+class ProfileCest {
+
+    /**
+     * @example ["df936908-b2e1-544d-96f8-2977ec213022"]
+     * @example ["df936908b2e1544d96f82977ec213022"]
+     */
+    public function getProfile(SessionServerSteps $I, Example $case) {
+        $I->sendGET("/api/authlib-injector/sessionserver/session/minecraft/profile/{$case[0]}");
+        $I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', false);
+    }
+
+    public function getProfileSigned(SessionServerSteps $I) {
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/df936908b2e1544d96f82977ec213022?unsigned=false');
+        $I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', true);
+    }
+
+    public function directCallWithoutUuidPart(FunctionalTester $I) {
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/');
+        $I->canSeeResponseCodeIs(404);
+    }
+
+    public function callWithInvalidUuid(FunctionalTester $I) {
+        $I->wantTo('call profile route with invalid uuid string');
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/bla-bla-bla');
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'IllegalArgumentException',
+            'errorMessage' => 'Invalid uuid format.',
+        ]);
+    }
+
+    public function getProfileWithNonexistentUuid(FunctionalTester $I) {
+        $I->wantTo('get info about nonexistent uuid');
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/' . v4());
+        $I->canSeeResponseCodeIs(204);
+        $I->canSeeResponseEquals('');
+    }
+
+    public function getProfileOfAccountMarkedForDeletion(FunctionalTester $I) {
+        $I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/6383de63-8f85-4ed5-92b7-5401a1fa68cd');
+        $I->canSeeResponseCodeIs(204);
+        $I->canSeeResponseEquals('');
+    }
+
+}