0
0
mirror of https://github.com/salesagility/SuiteCRM.git synced 2024-12-27 22:47:48 +00:00
salesagility_SuiteCRM/tests/api/v8/OAuth2Cest.php
2023-07-18 15:53:47 +01:00

109 lines
3.2 KiB
PHP

<?php
/**
* Class JwtCest
* Tests Jwt Token Authentication
* @see https://tools.ietf.org/html/rfc7519
*/
#[\AllowDynamicProperties]
class OAuth2Cest
{
/**
* As a Rest API Client, I want to ensure that I get the correct response when I send incorrect details
* @param ApiTester $I
* @param \Helper\PhpBrowserDriverHelper $browserDriverHelper
*
* HTTP Verb: POST
* URL: /api/oauth/access_token
* @throws \Codeception\Exception\ModuleException
*/
public function TestScenarioInvalidLogin(ApiTester $I, \Helper\PhpBrowserDriverHelper $browserDriverHelper)
{
$I->sendPOST(
$browserDriverHelper->getInstanceURL().'/api/oauth/access_token',
array(
'username' => '',
'password' => ''
)
);
$I->seeResponseCodeIs(400);
}
/**
* I want to ensure that I get the correct response when I send incorrect client details
* @param ApiTester $I
* @param \Helper\PhpBrowserDriverHelper $browserDriverHelper
*
* HTTP Verb: POST
* URL: /api/oauth/access_token
* @throws \Codeception\Exception\ModuleException
*/
public function TestScenarioInvalidClient(ApiTester $I, \Helper\PhpBrowserDriverHelper $browserDriverHelper)
{
$I->sendPOST(
$I->getInstanceURL().'/api/oauth/access_token',
array(
'username' => $I->getAdminUser(),
'password' => $I->getAdminPassword(),
'grant_type' => 'password',
'scope' => '',
'client_id' => '',
'client_secret' => ''
)
);
$I->seeResponseCodeIs(401);
}
/**
* I want to make sure only the allowed grant types can be requested for any client
* @param ApiTester $I
*
* HTTP Verb: POST
* URL: /api/oauth/access_token
* @throws \Codeception\Exception\ModuleException
*/
public function TestScenarioGrantTypeNotAllowed(ApiTester $I)
{
$I->sendPOST(
$I->getInstanceURL().'/api/oauth/access_token',
array(
'grant_type' => 'password',
'client_id' => $I->getPasswordGrantClientId(),
'client_secret' => $I->getPasswordGrantClientSecret(),
)
);
$I->canSeeResponseIsJson();
$I->seeResponseCodeIs(400);
}
/**
* As a Rest API Client, I want to login so that I can get a JWT token
* @param ApiTester $I
*
* HTTP Verb: POST
* URL: /api/oauth/access_token
* @throws \Codeception\Exception\ModuleException
*/
public function TestScenarioLoginWithPasswordGrant(ApiTester $I)
{
$I->loginAsAdminWithPassword();
}
/**
* I want to be able to login with Client Credentials grant type
* @param ApiTester $I
*
* HTTP Verb: POST
* URL: /api/oauth/access_token
* @throws \Codeception\Exception\ModuleException
*/
public function TestScenarioLoginWithClientCredentialsGrant(ApiTester $I)
{
$I->loginAsAdminWithClientCredentials();
// Now log back in with password grant
$I->loginAsAdminWithPassword();
}
}