SecurityBundleTest::anApiRequestIsReceivedButTheTokenDoesNotHaveTheRequiredScope() - Code Metrics - Inspection of "Server Bundle updated" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( ec502b...7a4e00 )

by Florent

created 2018-04-18 21:45 UTC

anApiRequestIsReceivedButTheTokenDoesNotHaveTheRequiredScope() B

↳ Parent: SecurityBundleTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	26
Code Lines	20

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	26
rs	8.8571
c	0
b	0
f	0
cc	1
eloc	20
nc	1
nop	0

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\ServerBundle\Tests\Functional;

use OAuth2Framework\Component\Core\AccessToken\AccessToken;
use OAuth2Framework\Component\Core\AccessToken\AccessTokenId;
use OAuth2Framework\Component\Core\Client\ClientId;
use OAuth2Framework\Component\Core\DataBag\DataBag;
use OAuth2Framework\Component\Core\ResourceServer\ResourceServerId;
use OAuth2Framework\Component\Core\UserAccount\UserAccountId;
use OAuth2Framework\ServerBundle\Tests\TestBundle\Entity\AccessTokenRepository;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;

/**
 * @group Firewall
 */
class SecurityBundleTest extends WebTestCase
{
    /**
     * @test
     */
    public function anApiRequestWithoutAccessTokenIsReceived()
    {
        $client = static::createClient();
        $client->request('GET', '/api/hello/World');
        $response = $client->getResponse();
        self::assertEquals(200, $response->getStatusCode());
        self::assertEquals('{"name":"World","message":"Hello World!"}', $response->getContent());
    }

    /**
     * @test
     */
    public function anApiRequestIsReceivedWithAnUnsupportedTokenType()
    {
        $client = static::createClient();
        $client->request('GET', '/api/hello/World', [], [], ['HTTPS' => 'on', 'HTTP_AUTHORIZATION' => 'POP UNKNOWN_ACCESS_TOKEN_ID']);
        $response = $client->getResponse();
        self::assertEquals(200, $response->getStatusCode());
        self::assertEquals('{"name":"World","message":"Hello World!"}', $response->getContent());
    }

    /**
     * @test
     */
    public function anApiRequestIsReceivedButTheTokenDoesNotExist()
    {
        $client = static::createClient();
        $client->request('GET', '/api/hello/World', [], [], ['HTTPS' => 'on', 'HTTP_AUTHORIZATION' => 'Bearer UNKNOWN_ACCESS_TOKEN_ID']);
        $response = $client->getResponse();
        self::assertEquals(401, $response->getStatusCode());
        self::assertEquals('', $response->getContent());
        self::assertTrue($response->headers->has('www-authenticate'));
    }

    /**
     * @test
     */
    public function anApiRequestIsReceivedButTheTokenDoesNotHaveTheRequiredScope()
    {
        $client = static::createClient();
        /** @var AccessTokenRepository $accessTokenRepository */
        $accessTokenRepository = $client->getContainer()->get(AccessTokenRepository::class);

        $accessToken = AccessToken::createEmpty();
        $accessToken = $accessToken->create(
            AccessTokenId::create('ACCESS_TOKEN_WITH_INSUFFICIENT_SCOPE'),
            UserAccountId::create('USER_ACCOUNT_ID'),
            ClientId::create('CLIENT_ID'),
            DataBag::create([
                'token_type' => 'Bearer',
                'scope' => 'openid',
            ]),
            DataBag::create([]),
            new \DateTimeImmutable('now +1 hour'),
            ResourceServerId::create('RESOURCE_SERVER_iD')
        );
        $accessToken->eraseMessages();
        $accessTokenRepository->save($accessToken);

        $client->request('GET', '/api/hello-profile', [], [], ['HTTPS' => 'on', 'HTTP_AUTHORIZATION' => 'Bearer ACCESS_TOKEN_WITH_INSUFFICIENT_SCOPE']);
        $response = $client->getResponse();
        self::assertEquals(403, $response->getStatusCode());
        self::assertEquals('{"scope":"profile openid","error":"access_denied","error_description":"Insufficient scope. The required scope is \"profile openid\""}', $response->getContent());
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\ServerBundle\Tests\Functional;
15
16			use OAuth2Framework\Component\Core\AccessToken\AccessToken;
17			use OAuth2Framework\Component\Core\AccessToken\AccessTokenId;
18			use OAuth2Framework\Component\Core\Client\ClientId;
19			use OAuth2Framework\Component\Core\DataBag\DataBag;
20			use OAuth2Framework\Component\Core\ResourceServer\ResourceServerId;
21			use OAuth2Framework\Component\Core\UserAccount\UserAccountId;
22			use OAuth2Framework\ServerBundle\Tests\TestBundle\Entity\AccessTokenRepository;
23			use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
24
25			/**
26			* @group Firewall
27			*/
28			class SecurityBundleTest extends WebTestCase
29			{
30			/**
31			* @test
32			*/
33			public function anApiRequestWithoutAccessTokenIsReceived()
34			{
35			$client = static::createClient();
36			$client->request('GET', '/api/hello/World');
37			$response = $client->getResponse();
38			self::assertEquals(200, $response->getStatusCode());
39			self::assertEquals('{"name":"World","message":"Hello World!"}', $response->getContent());
40			}
41
42			/**
43			* @test
44			*/
45			public function anApiRequestIsReceivedWithAnUnsupportedTokenType()
46			{
47			$client = static::createClient();
48			$client->request('GET', '/api/hello/World', [], [], ['HTTPS' => 'on', 'HTTP_AUTHORIZATION' => 'POP UNKNOWN_ACCESS_TOKEN_ID']);
49			$response = $client->getResponse();
50			self::assertEquals(200, $response->getStatusCode());
51			self::assertEquals('{"name":"World","message":"Hello World!"}', $response->getContent());
52			}
53
54			/**
55			* @test
56			*/
57			public function anApiRequestIsReceivedButTheTokenDoesNotExist()
58			{
59			$client = static::createClient();
60			$client->request('GET', '/api/hello/World', [], [], ['HTTPS' => 'on', 'HTTP_AUTHORIZATION' => 'Bearer UNKNOWN_ACCESS_TOKEN_ID']);
61			$response = $client->getResponse();
62			self::assertEquals(401, $response->getStatusCode());
63			self::assertEquals('', $response->getContent());
64			self::assertTrue($response->headers->has('www-authenticate'));
65			}
66
67			/**
68			* @test
69			*/
70			public function anApiRequestIsReceivedButTheTokenDoesNotHaveTheRequiredScope()
71			{
72			$client = static::createClient();
73			/** @var AccessTokenRepository $accessTokenRepository */
74			$accessTokenRepository = $client->getContainer()->get(AccessTokenRepository::class);
			0 ignored issues – show Comprehensibility Naming introduced 2018-04-18 21:51 UTC by Report Bug Copy Issue Report The variable name `$accessTokenRepository` exceeds the maximum configured length of `20`. Very long variable names usually make code harder to read. It is therefore recommended not to make variable names too verbose. Loading history...
75			$accessToken = AccessToken::createEmpty();
76			$accessToken = $accessToken->create(
77			AccessTokenId::create('ACCESS_TOKEN_WITH_INSUFFICIENT_SCOPE'),
78			UserAccountId::create('USER_ACCOUNT_ID'),
79			ClientId::create('CLIENT_ID'),
80			DataBag::create([
81			'token_type' => 'Bearer',
82			'scope' => 'openid',
83			]),
84			DataBag::create([]),
85			new \DateTimeImmutable('now +1 hour'),
86			ResourceServerId::create('RESOURCE_SERVER_iD')
87			);
88			$accessToken->eraseMessages();
89			$accessTokenRepository->save($accessToken);
90
91			$client->request('GET', '/api/hello-profile', [], [], ['HTTPS' => 'on', 'HTTP_AUTHORIZATION' => 'Bearer ACCESS_TOKEN_WITH_INSUFFICIENT_SCOPE']);
92			$response = $client->getResponse();
93			self::assertEquals(403, $response->getStatusCode());
94			self::assertEquals('{"scope":"profile openid","error":"access_denied","error_description":"Insufficient scope. The required scope is \"profile openid\""}', $response->getContent());
95			}
96			}
97

OAuth2-Framework / oauth2-framework

Push — master ( ec502b...7a4e00 )

anApiRequestIsReceivedButTheTokenDoesNotHaveTheRequiredScope() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like