RevocationEndpointTest - Code Metrics - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

RevocationEndpointTest A
last analyzed 2020-09-21 22:19 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	106
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	57
dl	0
loc	106
rs	10
c	0
b	0
f	0
wmc	7

6 Methods

Rating	Name	Size	Complexity
A	theClientIsNotAuthenticated()	7	1
A	theTokenParameterIsNotSet()	7	1
A	aAccessTokenThatOwnsToAnotherClientIsNotRevoked()	25	1
A	anUnknownTokenIsNotFound()	7	1
A	setUp()	6	2
A	aAccessTokenIsCorrectlyRevoked()	26	1

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2019 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\ServerBundle\Tests\Functional\Revocation\AccessToken;

use OAuth2Framework\Component\Core\AccessToken\AccessTokenRepository;
use OAuth2Framework\Component\Core\Client\ClientId;
use OAuth2Framework\Component\Core\DataBag\DataBag;
use OAuth2Framework\Component\Core\UserAccount\UserAccountId;
use OAuth2Framework\Component\TokenRevocationEndpoint\TokenRevocationEndpoint;
use OAuth2Framework\ServerBundle\Tests\TestBundle\Entity\AccessToken;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;

/**
 * @group ServerBundle
 * @group Functional
 * @group Grant
 * @group Revocation
 *
 * @internal
 */
class RevocationEndpointTest extends WebTestCase
{
    protected function setUp(): void
    {
        if (!class_exists(TokenRevocationEndpoint::class)) {
            static::markTestSkipped('The component "oauth2-framework/token-revocation-endpoint" is not installed.');
        }
        parent::setUp();
    }

    /**
     * @test
     */
    public function theClientIsNotAuthenticated()
    {
        $client = static::createClient();
        $client->request('POST', '/token/revoke', [], [], ['HTTPS' => 'on'], null);
        $response = $client->getResponse();
        static::assertEquals(400, $response->getStatusCode());
        static::assertEquals('{"error":"invalid_client","error_description":"Client authentication failed."}', $response->getContent());
    }

    /**
     * @test
     */
    public function theTokenParameterIsNotSet()
    {
        $client = static::createClient();
        $client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret'], [], ['HTTPS' => 'on'], null);
        $response = $client->getResponse();
        static::assertEquals(400, $response->getStatusCode());
        static::assertEquals('{"error":"invalid_request","error_description":"The parameter \"token\" is missing."}', $response->getContent());
    }

    /**
     * @test
     */
    public function anUnknownTokenIsNotFound()
    {
        $client = static::createClient();
        $client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret', 'token' => 'FOO'], [], ['HTTPS' => 'on'], null);
        $response = $client->getResponse();
        static::assertEquals(200, $response->getStatusCode());
        static::assertEquals('', $response->getContent());
    }

    /**
     * @test
     * @group FOO
     */
    public function aAccessTokenIsCorrectlyRevoked()
    {
        $client = static::createClient();
        $container = $client->getContainer();

        /** @var AccessTokenRepository $accessTokenRepository */
        $accessTokenRepository = $container->get(\OAuth2Framework\ServerBundle\Tests\TestBundle\Repository\AccessTokenRepository::class);
        $accessToken = $accessTokenRepository->create(
            new ClientId('CLIENT_ID_3'),
            new UserAccountId('john.1'),
            new \DateTimeImmutable('now +1 hour'),
            new DataBag([]),
            new DataBag([]),
            null
        );
        $accessTokenId = $accessToken->getId();
        $accessTokenRepository->save($accessToken);

        $client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret', 'token' => $accessTokenId->getValue()], [], ['HTTPS' => 'on'], null);
        $response = $client->getResponse();
        static::assertEquals(200, $response->getStatusCode());
        static::assertEquals('', $response->getContent());

        $newAccessToken = $accessTokenRepository->find($accessTokenId);
        static::assertInstanceOf(AccessToken::class, $newAccessToken);
        self::AssertTrue($newAccessToken->isRevoked());
    }

    /**
     * @test
     */
    public function aAccessTokenThatOwnsToAnotherClientIsNotRevoked()
    {
        $client = static::createClient();
        $container = $client->getContainer();
        /** @var AccessTokenRepository $accessTokenRepository */
        $accessTokenRepository = $container->get(\OAuth2Framework\ServerBundle\Tests\TestBundle\Repository\AccessTokenRepository::class);
        $accessToken = $accessTokenRepository->create(
            new ClientId('CLIENT_ID_2'),
            new UserAccountId('john.1'),
            new \DateTimeImmutable('now +1 hour'),
            new DataBag([]),
            new DataBag([]),
            null
        );
        $accessTokenId = $accessToken->getId();
        $accessTokenRepository->save($accessToken);

        $client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret', 'token' => $accessTokenId->getValue()], [], ['HTTPS' => 'on'], null);
        $response = $client->getResponse();
        static::assertEquals(400, $response->getStatusCode());
        static::assertEquals('{"error":"invalid_request","error_description":"The parameter \"token\" is invalid."}', $response->getContent());

        $newAccessToken = $accessTokenRepository->find($accessTokenId);
        static::assertInstanceOf(AccessToken::class, $newAccessToken);
        self::AssertFalse($newAccessToken->isRevoked());
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2019 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\ServerBundle\Tests\Functional\Revocation\AccessToken;
15
16			use OAuth2Framework\Component\Core\AccessToken\AccessTokenRepository;
17			use OAuth2Framework\Component\Core\Client\ClientId;
18			use OAuth2Framework\Component\Core\DataBag\DataBag;
19			use OAuth2Framework\Component\Core\UserAccount\UserAccountId;
20			use OAuth2Framework\Component\TokenRevocationEndpoint\TokenRevocationEndpoint;
21			use OAuth2Framework\ServerBundle\Tests\TestBundle\Entity\AccessToken;
22			use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
23
24			/**
25			* @group ServerBundle
26			* @group Functional
27			* @group Grant
28			* @group Revocation
29			*
30			* @internal
31			*/
32			class RevocationEndpointTest extends WebTestCase
33			{
34			protected function setUp(): void
35			{
36			if (!class_exists(TokenRevocationEndpoint::class)) {
37			static::markTestSkipped('The component "oauth2-framework/token-revocation-endpoint" is not installed.');
38			}
39			parent::setUp();
40			}
41
42			/**
43			* @test
44			*/
45			public function theClientIsNotAuthenticated()
46			{
47			$client = static::createClient();
48			$client->request('POST', '/token/revoke', [], [], ['HTTPS' => 'on'], null);
49			$response = $client->getResponse();
50			static::assertEquals(400, $response->getStatusCode());
51			static::assertEquals('{"error":"invalid_client","error_description":"Client authentication failed."}', $response->getContent());
52			}
53
54			/**
55			* @test
56			*/
57			public function theTokenParameterIsNotSet()
58			{
59			$client = static::createClient();
60			$client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret'], [], ['HTTPS' => 'on'], null);
61			$response = $client->getResponse();
62			static::assertEquals(400, $response->getStatusCode());
63			static::assertEquals('{"error":"invalid_request","error_description":"The parameter \"token\" is missing."}', $response->getContent());
64			}
65
66			/**
67			* @test
68			*/
69			public function anUnknownTokenIsNotFound()
70			{
71			$client = static::createClient();
72			$client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret', 'token' => 'FOO'], [], ['HTTPS' => 'on'], null);
73			$response = $client->getResponse();
74			static::assertEquals(200, $response->getStatusCode());
75			static::assertEquals('', $response->getContent());
76			}
77
78			/**
79			* @test
80			* @group FOO
81			*/
82			public function aAccessTokenIsCorrectlyRevoked()
83			{
84			$client = static::createClient();
85			$container = $client->getContainer();
86
87			/** @var AccessTokenRepository $accessTokenRepository */
88			$accessTokenRepository = $container->get(\OAuth2Framework\ServerBundle\Tests\TestBundle\Repository\AccessTokenRepository::class);
89			$accessToken = $accessTokenRepository->create(
90			new ClientId('CLIENT_ID_3'),
91			new UserAccountId('john.1'),
92			new \DateTimeImmutable('now +1 hour'),
93			new DataBag([]),
94			new DataBag([]),
95			null
96			);
97			$accessTokenId = $accessToken->getId();
98			$accessTokenRepository->save($accessToken);
99
100			$client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret', 'token' => $accessTokenId->getValue()], [], ['HTTPS' => 'on'], null);
101			$response = $client->getResponse();
102			static::assertEquals(200, $response->getStatusCode());
103			static::assertEquals('', $response->getContent());
104
105			$newAccessToken = $accessTokenRepository->find($accessTokenId);
106			static::assertInstanceOf(AccessToken::class, $newAccessToken);
107			self::AssertTrue($newAccessToken->isRevoked());
108			}
109
110			/**
111			* @test
112			*/
113			public function aAccessTokenThatOwnsToAnotherClientIsNotRevoked()
114			{
115			$client = static::createClient();
116			$container = $client->getContainer();
117			/** @var AccessTokenRepository $accessTokenRepository */
118			$accessTokenRepository = $container->get(\OAuth2Framework\ServerBundle\Tests\TestBundle\Repository\AccessTokenRepository::class);
119			$accessToken = $accessTokenRepository->create(
120			new ClientId('CLIENT_ID_2'),
121			new UserAccountId('john.1'),
122			new \DateTimeImmutable('now +1 hour'),
123			new DataBag([]),
124			new DataBag([]),
125			null
126			);
127			$accessTokenId = $accessToken->getId();
128			$accessTokenRepository->save($accessToken);
129
130			$client->request('POST', '/token/revoke', ['client_id' => 'CLIENT_ID_3', 'client_secret' => 'secret', 'token' => $accessTokenId->getValue()], [], ['HTTPS' => 'on'], null);
131			$response = $client->getResponse();
132			static::assertEquals(400, $response->getStatusCode());
133			static::assertEquals('{"error":"invalid_request","error_description":"The parameter \"token\" is invalid."}', $response->getContent());
134
135			$newAccessToken = $accessTokenRepository->find($accessTokenId);
136			static::assertInstanceOf(AccessToken::class, $newAccessToken);
137			self::AssertFalse($newAccessToken->isRevoked());
138			}
139			}
140

OAuth2-Framework / oauth2-framework

RevocationEndpointTest A last analyzed 2020-09-21 22:19 UTC

Complexity

Size/Duplication

Importance

6 Methods

Duplication Side-by-Side

Filter issues like

RevocationEndpointTest A
last analyzed 2020-09-21 22:19 UTC