ResourceOwnerPasswordCredentialsCest::accessTokenRequestInvalid() - Code Metrics - Inspection of "Fixauth8 (#6)" - ROAResearch/yii2-oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 36be2d...32b990 )

by Carlos

created 2022-10-28 20:46 UTC

accessTokenRequestInvalid() A

↳ Parent: ResourceOwnerPasswordCredentialsCest

Complexity

Conditions	1
Paths	1

Size

Total Lines	17
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
cc	1
eloc	11
nc	1
nop	1
dl	0
loc	17
rs	9.9
c	4
b	0
f	0

<?php

use app\fixtures\{UserFixture, OauthScopesFixture};
use Codeception\Util\HttpCode;
use roaresearch\yii2\oauth2server\fixtures\OauthClientsFixture;
use yii\helpers\Json;

/**
 * @author Christopher CM <[email protected]>
 */
class ResourceOwnerPasswordCredentialsCest
{
    public static $token;
    public static $scopeToken;

    public function fixtures(ApiTester $I): void
    {
        $I->haveFixtures([
            'user' => UserFixture::class,
            'scopes' => OauthScopesFixture::class,
            'clients' => OauthClientsFixture::class,
        ]);
    }

    /**
     * @depends fixtures
     */
    public function accessTokenRequest(ApiTester $I): void
    {
        $I->wantTo('Request a new access token.');
        $I->amHttpAuthenticated('testclient', 'testpass');

        $I->sendPOST('/oauth2/token', [
            'grant_type' => 'password',
            'username' => 'erau',
            'password' => 'password_0',
        ]);

        $I->seeResponseCodeIs(HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseMatchesJsonType([
            'access_token' => 'string:regex(/[0-9a-f]{40}/)',
            'refresh_token' => 'string:regex(/[0-9a-f]{40}/)',
        ]);

        self::$token = $I->grabDataFromResponseByJsonPath('$.access_token')[0];
    }

    /**
     * @depends fixtures
     */
    public function accessTokenRequestInvalid(ApiTester $I): void
    {
        $I->wantTo('Request a new access token with invalid credentials.');
        $I->amHttpAuthenticated('testclient', 'testpass');

        $I->sendPOST('/oauth2/token', [
            'grant_type' => 'password',
            'username' => 'wrong_user',
            'password' => 'password_0',
        ]);

        $I->seeResponseCodeIs(HttpCode::UNAUTHORIZED);
        $I->seeResponseIsJson();

        $I->seeResponseMatchesJsonType([
            'name' => 'string',
            'message' => 'string',
        ]);
    }

    /**
     * @depends fixtures
     */
    public function accessTokenRequestWithScopes(ApiTester $I): void
    {
        $I->wantTo('Request a new access token with scope.');
        $I->amHttpAuthenticated('testclient', 'testpass');

        $I->sendPOST('/oauth2/token', [
            'grant_type' => 'password',
            'username' => 'erau',
            'password' => 'password_0',
            'scope' => 'user',
        ]);

        $I->seeResponseCodeIs(HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseMatchesJsonType([
            'access_token' => 'string:regex(/[0-9a-f]{40}/)',
            'refresh_token' => 'string:regex(/[0-9a-f]{40}/)',
        ]);

        self::$scopeToken = $I->grabDataFromResponseByJsonPath(
            '$.access_token'
        )[0];
    }

    /**
     * @depends accessTokenRequest
     * @depends accessTokenRequestWithScopes
     */
    public function requestToResource(ApiTester $I): void
    {
        $I->wantTo('Request a resource controller.');
        $I->sendGET('/site/index', [
            'accessToken' => self::$token,
        ]);

         $I->seeResponseCodeIs(HttpCode::OK);
    }

    /**
     * @depends accessTokenRequest
     */
    public function failedScopedRequest(ApiTester $I): void
    {
        $I->wantTo('Fail on a resource controller with scope.');
        $I->sendGET('/site/user', [
            'accessToken' => self::$token,
        ]);

        $I->seeResponseCodeIs(HttpCode::FORBIDDEN);
    }

    /**
     * @depends accessTokenRequest
     */
    public function successScopedRequest(ApiTester $I): void
    {
        $I->wantTo('Success on a resource controller with scope.');
        $I->sendGET('/site/user', [
            'accessToken' => self::$scopeToken,
        ]);

         $I->seeResponseCodeIs(HttpCode::OK);
    }

    /**
     * @depends fixtures
     * @depends SingleUseTokenCest:singleUseRequest
     */
    public function requestToResourceIvalid(ApiTester $I): void
    {
        $I->wantTo('Request a resource controller with invalid token.');

        $I->sendGET('/site/index', [
            'accessToken' => 'InvalidToken',
        ]);

        $I->seeResponseCodeIs(HttpCode::UNAUTHORIZED);
        $I->seeResponseIsJson();
        $I->seeResponseContainsJson([
            'name' => 'Unauthorized',
            'message' => 'Your request was made with invalid credentials.',
        ]);
    }
}


1			<?php
2
3			use app\fixtures\{UserFixture, OauthScopesFixture};
4			use Codeception\Util\HttpCode;
5			use roaresearch\yii2\oauth2server\fixtures\OauthClientsFixture;
6			use yii\helpers\Json;
7
8			/**
9			* @author Christopher CM <[email protected]>
10			*/
11			class ResourceOwnerPasswordCredentialsCest
12			{
13			public static $token;
14			public static $scopeToken;
15
16			public function fixtures(ApiTester $I): void
17			{
18			$I->haveFixtures([
19			'user' => UserFixture::class,
20			'scopes' => OauthScopesFixture::class,
21			'clients' => OauthClientsFixture::class,
22			]);
23			}
24
25			/**
26			* @depends fixtures
27			*/
28			public function accessTokenRequest(ApiTester $I): void
29			{
30			$I->wantTo('Request a new access token.');
31			$I->amHttpAuthenticated('testclient', 'testpass');
32
33			$I->sendPOST('/oauth2/token', [
34			'grant_type' => 'password',
35			'username' => 'erau',
36			'password' => 'password_0',
37			]);
38
39			$I->seeResponseCodeIs(HttpCode::OK);
40			$I->seeResponseIsJson();
41			$I->seeResponseMatchesJsonType([
42			'access_token' => 'string:regex(/[0-9a-f]{40}/)',
43			'refresh_token' => 'string:regex(/[0-9a-f]{40}/)',
44			]);
45
46			self::$token = $I->grabDataFromResponseByJsonPath('$.access_token')[0];
47			}
48
49			/**
50			* @depends fixtures
51			*/
52			public function accessTokenRequestInvalid(ApiTester $I): void
53			{
54			$I->wantTo('Request a new access token with invalid credentials.');
55			$I->amHttpAuthenticated('testclient', 'testpass');
56
57			$I->sendPOST('/oauth2/token', [
58			'grant_type' => 'password',
59			'username' => 'wrong_user',
60			'password' => 'password_0',
61			]);
62
63			$I->seeResponseCodeIs(HttpCode::UNAUTHORIZED);
64			$I->seeResponseIsJson();
65
66			$I->seeResponseMatchesJsonType([
67			'name' => 'string',
68			'message' => 'string',
69			]);
70			}
71
72			/**
73			* @depends fixtures
74			*/
75			public function accessTokenRequestWithScopes(ApiTester $I): void
76			{
77			$I->wantTo('Request a new access token with scope.');
78			$I->amHttpAuthenticated('testclient', 'testpass');
79
80			$I->sendPOST('/oauth2/token', [
81			'grant_type' => 'password',
82			'username' => 'erau',
83			'password' => 'password_0',
84			'scope' => 'user',
85			]);
86
87			$I->seeResponseCodeIs(HttpCode::OK);
88			$I->seeResponseIsJson();
89			$I->seeResponseMatchesJsonType([
90			'access_token' => 'string:regex(/[0-9a-f]{40}/)',
91			'refresh_token' => 'string:regex(/[0-9a-f]{40}/)',
92			]);
93
94			self::$scopeToken = $I->grabDataFromResponseByJsonPath(
95			'$.access_token'
96			)[0];
97			}
98
99			/**
100			* @depends accessTokenRequest
101			* @depends accessTokenRequestWithScopes
102			*/
103			public function requestToResource(ApiTester $I): void
104			{
105			$I->wantTo('Request a resource controller.');
106			$I->sendGET('/site/index', [
107			'accessToken' => self::$token,
108			]);
109
110			$I->seeResponseCodeIs(HttpCode::OK);
111			}
112
113			/**
114			* @depends accessTokenRequest
115			*/
116			public function failedScopedRequest(ApiTester $I): void
117			{
118			$I->wantTo('Fail on a resource controller with scope.');
119			$I->sendGET('/site/user', [
120			'accessToken' => self::$token,
121			]);
122
123			$I->seeResponseCodeIs(HttpCode::FORBIDDEN);
124			}
125
126			/**
127			* @depends accessTokenRequest
128			*/
129			public function successScopedRequest(ApiTester $I): void
130			{
131			$I->wantTo('Success on a resource controller with scope.');
132			$I->sendGET('/site/user', [
133			'accessToken' => self::$scopeToken,
134			]);
135
136			$I->seeResponseCodeIs(HttpCode::OK);
137			}
138
139			/**
140			* @depends fixtures
141			* @depends SingleUseTokenCest:singleUseRequest
142			*/
143			public function requestToResourceIvalid(ApiTester $I): void
144			{
145			$I->wantTo('Request a resource controller with invalid token.');
146
147			$I->sendGET('/site/index', [
148			'accessToken' => 'InvalidToken',
149			]);
150
151			$I->seeResponseCodeIs(HttpCode::UNAUTHORIZED);
152			$I->seeResponseIsJson();
153			$I->seeResponseContainsJson([
154			'name' => 'Unauthorized',
155			'message' => 'Your request was made with invalid credentials.',
156			]);
157			}
158			}
159

ROAResearch / yii2-oauth2-server

Push — master ( 36be2d...32b990 )

accessTokenRequestInvalid() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like