mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Fix revokation validation. Add additional tests cases
This commit is contained in:
ErickSkrauch
@@ -9,9 +9,12 @@ use api\components\User\LegacyOAuth2Identity;
|
||||
use api\tests\unit\TestCase;
|
||||
use common\models\Account;
|
||||
use common\models\AccountSession;
|
||||
use common\models\OauthClient;
|
||||
use common\tests\fixtures\AccountFixture;
|
||||
use common\tests\fixtures\AccountSessionFixture;
|
||||
use common\tests\fixtures\MinecraftAccessKeyFixture;
|
||||
use common\tests\fixtures\OauthClientFixture;
|
||||
use common\tests\fixtures\OauthSessionFixture;
|
||||
use Lcobucci\JWT\Claim\Basic;
|
||||
use Lcobucci\JWT\Token;
|
||||
|
||||
@@ -32,6 +35,8 @@ class ComponentTest extends TestCase {
|
||||
'accounts' => AccountFixture::class,
|
||||
'sessions' => AccountSessionFixture::class,
|
||||
'minecraftSessions' => MinecraftAccessKeyFixture::class,
|
||||
'oauthClients' => OauthClientFixture::class,
|
||||
'oauthSessions' => OauthSessionFixture::class,
|
||||
];
|
||||
}
|
||||
|
||||
@@ -88,7 +93,7 @@ class ComponentTest extends TestCase {
|
||||
$component->terminateSessions($account, Component::KEEP_SITE_SESSIONS);
|
||||
$this->assertEmpty($account->getMinecraftAccessKeys()->all());
|
||||
$this->assertNotEmpty($account->getSessions()->all());
|
||||
// TODO: write test about invalidating new minecraft access tokens based on JWT
|
||||
$this->assertEqualsWithDelta(time(), $account->getOauthSessions()->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER])->one()->revoked_at, 5);
|
||||
|
||||
// All sessions should be removed except the current one
|
||||
$component->terminateSessions($account, Component::KEEP_CURRENT_SESSION);
|
||||
|
||||
@@ -5,14 +5,12 @@ namespace codeception\api\unit\models\authentication;
|
||||
|
||||
use api\models\authentication\RefreshTokenForm;
|
||||
use api\tests\unit\TestCase;
|
||||
use Codeception\Specify;
|
||||
use common\models\AccountSession;
|
||||
use common\tests\fixtures\AccountSessionFixture;
|
||||
use Yii;
|
||||
use yii\web\Request;
|
||||
|
||||
class RefreshTokenFormTest extends TestCase {
|
||||
use Specify;
|
||||
|
||||
public function _fixtures(): array {
|
||||
return [
|
||||
@@ -21,9 +19,8 @@ class RefreshTokenFormTest extends TestCase {
|
||||
}
|
||||
|
||||
public function testRenew() {
|
||||
/** @var Request|\Mockery\MockInterface $request */
|
||||
$request = mock(Request::class . '[getUserIP]')->makePartial();
|
||||
$request->shouldReceive('getUserIP')->andReturn('10.1.2.3');
|
||||
$request = $this->createPartialMock(Request::class, ['getUserIP']);
|
||||
$request->method('getUserIP')->willReturn('10.1.2.3');
|
||||
Yii::$app->set('request', $request);
|
||||
|
||||
$model = new RefreshTokenForm();
|
||||
|
||||
@@ -6,7 +6,10 @@ namespace codeception\api\unit\modules\authserver\models;
|
||||
use api\modules\authserver\exceptions\ForbiddenOperationException;
|
||||
use api\modules\authserver\models\AuthenticationForm;
|
||||
use api\tests\unit\TestCase;
|
||||
use common\models\OauthClient;
|
||||
use common\models\OauthSession;
|
||||
use common\tests\fixtures\AccountFixture;
|
||||
use common\tests\fixtures\OauthClientFixture;
|
||||
use Ramsey\Uuid\Uuid;
|
||||
|
||||
class AuthenticationFormTest extends TestCase {
|
||||
@@ -14,6 +17,7 @@ class AuthenticationFormTest extends TestCase {
|
||||
public function _fixtures(): array {
|
||||
return [
|
||||
'accounts' => AccountFixture::class,
|
||||
'oauthClients' => OauthClientFixture::class,
|
||||
];
|
||||
}
|
||||
|
||||
@@ -28,14 +32,18 @@ class AuthenticationFormTest extends TestCase {
|
||||
$this->assertSame('df936908-b2e1-544d-96f8-2977ec213022', $result['selectedProfile']['id']);
|
||||
$this->assertSame('Admin', $result['selectedProfile']['name']);
|
||||
$this->assertFalse($result['selectedProfile']['legacy']);
|
||||
$this->assertTrue(OauthSession::find()->andWhere([
|
||||
'account_id' => 1,
|
||||
'client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER,
|
||||
])->exists());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider getInvalidCredentialsCases
|
||||
*/
|
||||
public function testAuthenticateByWrongNicknamePass(string $expectedFieldError, string $login, string $password) {
|
||||
public function testAuthenticateByWrongNicknamePass(string $expectedExceptionMessage, string $login, string $password) {
|
||||
$this->expectException(ForbiddenOperationException::class);
|
||||
$this->expectExceptionMessage("Invalid credentials. Invalid {$expectedFieldError} or password.");
|
||||
$this->expectExceptionMessage($expectedExceptionMessage);
|
||||
|
||||
$authForm = new AuthenticationForm();
|
||||
$authForm->username = $login;
|
||||
@@ -45,19 +53,10 @@ class AuthenticationFormTest extends TestCase {
|
||||
}
|
||||
|
||||
public function getInvalidCredentialsCases() {
|
||||
yield ['nickname', 'wrong-username', 'wrong-password'];
|
||||
yield ['email', 'wrong-email@ely.by', 'wrong-password'];
|
||||
}
|
||||
|
||||
public function testAuthenticateByValidCredentialsIntoBlockedAccount() {
|
||||
$this->expectException(ForbiddenOperationException::class);
|
||||
$this->expectExceptionMessage('This account has been suspended.');
|
||||
|
||||
$authForm = new AuthenticationForm();
|
||||
$authForm->username = 'Banned';
|
||||
$authForm->password = 'password_0';
|
||||
$authForm->clientToken = Uuid::uuid4()->toString();
|
||||
$authForm->authenticate();
|
||||
yield ['Invalid credentials. Invalid nickname or password.', 'wrong-username', 'wrong-password'];
|
||||
yield ['Invalid credentials. Invalid email or password.', 'wrong-email@ely.by', 'wrong-password'];
|
||||
yield ['This account has been suspended.', 'Banned', 'password_0'];
|
||||
yield ['Account protected with two factor auth.', 'AccountWithEnabledOtp', 'password_0'];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user