mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Объединены сущности для авторизации посредством JWT токенов и токенов, выданных через oAuth2.
Все действия, связанные с аккаунтами, теперь вызываются через url `/api/v1/accounts/<id>/<action>`. Добавлена вменяемая система разграничения прав на основе RBAC. Теперь oAuth2 токены генерируются как случайная строка в 40 символов длинной, а не UUID. Исправлен баг с неправильным временем жизни токена в ответе успешного запроса аутентификации. Теперь все unit тесты можно успешно прогнать без наличия интернета.
This commit is contained in:
ErickSkrauch
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -72,7 +71,7 @@ class AccessTokenCest {
|
||||
}
|
||||
|
||||
public function testIssueTokenWithRefreshToken(OauthSteps $I) {
|
||||
$authCode = $I->getAuthCode([S::OFFLINE_ACCESS]);
|
||||
$authCode = $I->getAuthCode(['offline_access']);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$authCode,
|
||||
'ely',
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
|
||||
@@ -24,7 +24,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION],
|
||||
[P::MINECRAFT_SERVER_SESSION],
|
||||
'test-state'
|
||||
));
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
@@ -101,7 +101,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
));
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -119,7 +119,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
), ['accept' => true]);
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -146,7 +146,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
));
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -162,13 +162,13 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
), ['accept' => true]);
|
||||
$this->route->complete($this->buildQueryParams(
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::ACCOUNT_INFO]
|
||||
[P::MINECRAFT_SERVER_SESSION, 'account_info']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -186,7 +186,7 @@ class AuthCodeCest {
|
||||
'ely',
|
||||
'http://ely.by',
|
||||
'code',
|
||||
[S::MINECRAFT_SERVER_SESSION]
|
||||
[P::MINECRAFT_SERVER_SESSION]
|
||||
), ['accept' => false]);
|
||||
$I->canSeeResponseCodeIs(401);
|
||||
$I->canSeeResponseContainsJson([
|
||||
@@ -270,7 +270,7 @@ class AuthCodeCest {
|
||||
|
||||
$I->wantTo('check behavior on some invalid scopes');
|
||||
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
||||
S::MINECRAFT_SERVER_SESSION,
|
||||
P::MINECRAFT_SERVER_SESSION,
|
||||
'some_wrong_scope',
|
||||
]));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
@@ -285,15 +285,15 @@ class AuthCodeCest {
|
||||
|
||||
$I->wantTo('check behavior on request internal scope');
|
||||
$this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
|
||||
S::MINECRAFT_SERVER_SESSION,
|
||||
S::ACCOUNT_BLOCK,
|
||||
P::MINECRAFT_SERVER_SESSION,
|
||||
P::BLOCK_ACCOUNT,
|
||||
]));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'success' => false,
|
||||
'error' => 'invalid_scope',
|
||||
'parameter' => S::ACCOUNT_BLOCK,
|
||||
'parameter' => P::BLOCK_ACCOUNT,
|
||||
'statusCode' => 400,
|
||||
]);
|
||||
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -79,7 +78,7 @@ class ClientCredentialsCest {
|
||||
$this->route->issueToken($this->buildParams(
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::ACCOUNT_BLOCK]
|
||||
['account_block']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
@@ -90,7 +89,7 @@ class ClientCredentialsCest {
|
||||
$this->route->issueToken($this->buildParams(
|
||||
'trusted-client',
|
||||
'tXBbyvMcyaOgHMOAXBpN2EC7uFoJAaL9',
|
||||
[S::ACCOUNT_BLOCK]
|
||||
['account_block']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(200);
|
||||
$I->canSeeResponseIsJson();
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\oauth;
|
||||
|
||||
use common\models\OauthScope as S;
|
||||
use api\components\OAuth2\Storage\ScopeStorage as S;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\_pages\OauthRoute;
|
||||
use tests\codeception\api\functional\_steps\OauthSteps;
|
||||
use tests\codeception\api\FunctionalTester;
|
||||
@@ -40,23 +41,23 @@ class RefreshTokenCest {
|
||||
}
|
||||
|
||||
public function testRefreshTokenWithSameScopes(OauthSteps $I) {
|
||||
$refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$refreshToken = $I->getRefreshToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
));
|
||||
$this->canSeeRefreshTokenSuccess($I);
|
||||
}
|
||||
|
||||
public function testRefreshTokenTwice(OauthSteps $I) {
|
||||
$refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$refreshToken = $I->getRefreshToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
));
|
||||
$this->canSeeRefreshTokenSuccess($I);
|
||||
|
||||
@@ -64,18 +65,18 @@ class RefreshTokenCest {
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
|
||||
));
|
||||
$this->canSeeRefreshTokenSuccess($I);
|
||||
}
|
||||
|
||||
public function testRefreshTokenWithNewScopes(OauthSteps $I) {
|
||||
$refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
|
||||
$refreshToken = $I->getRefreshToken([P::MINECRAFT_SERVER_SESSION]);
|
||||
$this->route->issueToken($this->buildParams(
|
||||
$refreshToken,
|
||||
'ely',
|
||||
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
|
||||
[S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS, S::ACCOUNT_EMAIL]
|
||||
[P::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS, 'account_email']
|
||||
));
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
|
||||
Reference in New Issue
Block a user