You are here

class OAuth2ServerTestCase in OAuth2 Server 7

Test basic API.

Hierarchy

Expanded class hierarchy of OAuth2ServerTestCase

File

tests/oauth2_server.test, line 11
OAuth2 tests.

View source
class OAuth2ServerTestCase extends DrupalWebTestCase {
  protected $profile = 'testing';

  /**
   * The client key of the test client.
   *
   * @var string
   */
  protected $client_key = 'test_client';

  /**
   * The client secret of the test client.
   *
   * @var string
   */
  protected $client_secret = 'test_secret';

  /**
   * The public key X.509 certificate used for all tests with encryption.
   *
   * @var string
   */
  protected $public_key = '-----BEGIN CERTIFICATE-----
MIIDMDCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADB0MS0wKwYDVQQDEyRodHRw
czovL21hcmtldHBsYWNlLmludGVybmFsLmMtZy5pby8xCzAJBgNVBAYTAkFVMRMw
EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQwHhcNMTQwMTIxMTYyMzAyWhcNMTQwMTIzMTYyMzAyWjB0MS0wKwYDVQQD
EyRodHRwczovL21hcmtldHBsYWNlLmludGVybmFsLmMtZy5pby8xCzAJBgNVBAYT
AkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRn
aXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANVMpjmyWlaD
6N1x1O4cf5PB6fXjq4dx1zKh/znG/zMJhkaT0TNJDD+3zfpJYFFxZGrbde+dYinL
jDK+ROvq7+h+93r0eWrld+R/kNWgILJtWwXQACPDd0pVtdOiSSd90QSEfRZyyYCl
n8RvVIPdPbGiPtDQGDwV5Dc5WcupdJNBAgMBAAGjgdEwgc4wHQYDVR0OBBYEFO4C
ZtCI7/REm9UO+PFpbAAsHHOUMIGeBgNVHSMEgZYwgZOAFO4CZtCI7/REm9UO+PFp
bAAsHHOUoXikdjB0MS0wKwYDVQQDEyRodHRwczovL21hcmtldHBsYWNlLmludGVy
bmFsLmMtZy5pby8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCAQAwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQQFAAOBgQCSCeFzNdUeFh0yNVatOdQpm2du1v7A4NXpdWL5
tXJQpv3Vgohc9f2GrVr1np270aJ3rzmSrWugZRHx0A3zhuYTNsapacvIOqmffPHd
0IZVnRgXnHPqwnWqMWuNtb8DglEEjKarjnOos/RbGvbirWsAJObxnt9kfI5wUOoA
0mYehA==
-----END CERTIFICATE-----';

  /**
   * The private key used for all tests with encryption.
   *
   * @var string
   */
  protected $private_key = '-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDVTKY5slpWg+jdcdTuHH+Twen146uHcdcyof85xv8zCYZGk9Ez
SQw/t836SWBRcWRq23XvnWIpy4wyvkTr6u/ofvd69Hlq5Xfkf5DVoCCybVsF0AAj
w3dKVbXTokknfdEEhH0WcsmApZ/Eb1SD3T2xoj7Q0Bg8FeQ3OVnLqXSTQQIDAQAB
AoGAa/aEHKgd+bSC5bN8Z5mdKZj5ZzB53fDNUB+XJBOJkLe9c3PWa/MJdCcA5zLE
wfR3M28p3sL2sNkKeZS9JfyguU0QQzMhrnJZMSwPzrcUEVcRI/3vCvgnWr/4UFBW
JQpdWGvmk9MNg83y/ddnIBHEQRI9POz/dt/4L58Vq5YUy8ECQQDuWHV2nMmvuAiW
/s+D+S8arhfUyupNEVhNvpqMxK/25s4rUHGadIWm2TPStWEyxQGE4Om4bcw8KOLw
iAeKQ/qFAkEA5RlDJHz0CEgW4+bM+rOIi+tLB2C+TLzKH0eDGpeImAdsk4Z53Lxm
22iZm3DtkEqrrl+bYiaQVFovtbd5wmS4jQJBALFlcXfo1kxNA0evO7CUZLTM4rvk
k2LtB/ZFaS5grj9sJgMjCorVMyyt+N5ZVZC+BJVr+Ujln98e51nzRPlqAykCQQC/
9rT94/2O2ujjOcdT4g9uPk/19KhAIIi0QPWn2IVJ7h6aVrnRrcP54OGlD7DfkNHe
IJpQWcPiClejygMqUb8ZAkEA6SFArj46gwFaERr+D8wMizfZdxhzEuMMG3angAuV
1VPFI7qyv4rtDVATTk8RXeXUcP7l3JaQbqh+Jf0d1eSUpg==
-----END RSA PRIVATE KEY-----';
  public static function getInfo() {
    return array(
      'name' => 'OAuth2 Server',
      'description' => 'Tests basic OAuth2 Server functionality.',
      'group' => 'OAuth2',
    );
  }
  public function setUp() {
    parent::setUp('oauth2_server', 'oauth2_server_test');

    // Set the keys so that the module can see them.
    $keys = array(
      'public_key' => $this->public_key,
      'private_key' => $this->private_key,
    );
    variable_set('oauth2_server_keys', $keys);
    variable_set('oauth2_server_keys_last_generated', REQUEST_TIME);

    // Create the server and client.
    $server = entity_create('oauth2_server', array());
    $server->name = 'test';
    $server->label = 'Test';
    $server->settings = array(
      'default_scope' => 'basic',
      'enforce_state' => TRUE,
      'allow_implicit' => TRUE,
      'use_openid_connect' => TRUE,
      'use_crypto_tokens' => FALSE,
      'store_encrypted_token_string' => FALSE,
      'require_exact_redirect_uri' => TRUE,
      'grant_types' => array(
        'authorization_code' => 'authorization_code',
        'client_credentials' => 'client_credentials',
        'urn:ietf:params:oauth:grant-type:jwt-bearer' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        'refresh_token' => 'refresh_token',
        'password' => 'password',
      ),
      'always_issue_new_refresh_token' => TRUE,
      'access_lifetime' => 3600,
      'id_lifetime' => 3600,
      'refresh_token_lifetime' => 1209600,
    );
    $server
      ->save();
    $client = entity_create('oauth2_server_client', array());
    $client->server = $server->name;
    $client->label = 'Test client';
    $client->client_key = $this->client_key;
    $client->client_secret = oauth2_server_hash_client_secret($this->client_secret);
    $client->public_key = $this->public_key;

    // The module supports entering multiple redirect uris separated by a
    // newline. Both a dummy and the real uri are specified to confirm that
    // validation passes.
    $client->redirect_uri = 'https://google.com' . "\n" . url('authorized', array(
      'absolute' => TRUE,
    ));
    $client->automatic_authorization = TRUE;
    $client
      ->save();
    $scopes = array(
      'basic' => 'Basic',
      'admin' => 'Admin',
      'forbidden' => 'Forbidden',
      'openid' => 'OpenID Connect',
      'email' => 'email',
      'phone' => 'phone',
      'profile' => 'Profile',
      'offline_access' => 'Offline Access',
    );
    foreach ($scopes as $scope_name => $scope_label) {
      $scope = entity_create('oauth2_server_scope', array());
      $scope->server = $server->name;
      $scope->name = $scope_name;
      $scope->description = '';
      $scope
        ->save();
    }
  }

  /**
   * Performs an authorization request and returns it.
   *
   * Used to test authorization, the implicit flow, and the authorization_code
   * grant type.
   *
   * @return
   *   The return value of $this->httpRequest().
   */
  protected function authorizationCodeRequest($response_type, $scope = NULL) {
    $query = array(
      'response_type' => $response_type,
      'client_id' => $this->client_key,
      'state' => drupal_get_token($this->client_key),
      // The "authorized" url doesn't actually exist, but we don't need it.
      'redirect_uri' => url('authorized', array(
        'absolute' => TRUE,
      )),
      // OpenID Connect requests require a nonce. Others ignore it.
      'nonce' => 'test',
    );
    if ($scope) {
      $query['scope'] = $scope;
    }
    $authorize_url = url('oauth2/authorize', array(
      'absolute' => TRUE,
      'query' => $query,
    ));
    return $this
      ->httpRequest($authorize_url);
  }

  /**
   * Tests the authorization part of the flow.
   */
  public function testAuthorization() {

    // Create a user, log him in, and retry the request.
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);
    $result = $this
      ->authorizationCodeRequest('code');

    // Test the redirect_uri and authorization code.
    $authorize_redirect = FALSE;
    $redirect_uri = url('authorized', array(
      'absolute' => TRUE,
    ));

    // Rather than assuming that clean URLs are enabled let's assume that if
    // they are not enabled then the q argument is first.
    if ($result->code == 302 && strpos($result->redirect_url, $redirect_uri, 0) === 0) {
      $authorize_redirect = TRUE;
    }
    $this
      ->assertTrue($authorize_redirect, 'User was properly redirected to the "redirect_uri".');
    $redirect_url_parts = explode('?', $result->redirect_url);
    $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
    $redirect_url_params += array(
      'code' => '',
    );
    $this
      ->assertTrue($redirect_url_params['code'], 'The server returned an authorization code');
    $valid_token = drupal_valid_token($redirect_url_params['state'], $this->client_key);
    $this
      ->assertTrue($valid_token, 'The server returned a valid state');
  }

  /**
   * Tests the implicit flow.
   */
  function testImplicitFlow() {
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);
    $result = $this
      ->authorizationCodeRequest('token');
    $this
      ->assertEqual($result->code, 302, 'The implicit flow request completed successfully');
    $redirect_url_parts = explode('#', $result->redirect_url);
    $response = drupal_get_query_array($redirect_url_parts[1]);
    $this
      ->assertTokenResponse($response, FALSE);

    // We have received an access token. Verify it.
    // See http://drupal.org/node/1958718.
    if (!empty($response['access_token'])) {
      $verification_url = url('oauth2/tokens/' . $response['access_token'], array(
        'absolute' => TRUE,
      ));
      $result = $this
        ->httpRequest($verification_url);
      $verification_response = json_decode($result->data);
      $this
        ->assertEqual($result->code, 200, 'The provided access token was successfully verified.');
      $this
        ->assertEqual($verification_response->scope, urldecode($response['scope']), 'The provided scope matches the scope of the verified access token.');
    }
  }

  /**
   * Tests the "Authorization code" grant type.
   */
  public function testAuthorizationCodeGrantType() {
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);

    // Perform authorization and get the code.
    $result = $this
      ->authorizationCodeRequest('code');
    $redirect_url_parts = explode('?', $result->redirect_url);
    $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
    $authorization_code = $redirect_url_params['code'];
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'authorization_code',
      'code' => $authorization_code,
      'redirect_uri' => url('authorized', array(
        'absolute' => TRUE,
      )),
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        // Instead of the Authorization header, the server also supports
        // passing the client key and client secret inside the request body
        // ($data['client_id'] and $data['client_secret']) for all grant types,
        // but it is not recommended and should be limited to clients unable
        // to directly utilize the HTTP Basic authentication scheme.
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);
    $this
      ->assertTokenResponse($response);
  }

  /**
   * Tests the "Client credentials" grant type.
   */
  public function testClientCredentialsGrantType() {
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'client_credentials',
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);
    $this
      ->assertTokenResponse($response, FALSE);
  }

  /**
   * Tests the "JWT bearer" grant type.
   */
  public function testJwtBearerGrantType() {
    $jwt_util = new OAuth2\Encryption\Jwt();
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $jwt_data = array(
      'iss' => $this->client_key,
      'exp' => time() + 1000,
      'iat' => time(),
      'sub' => $user->uid,
      'aud' => $token_url,
      'jti' => '123456',
    );
    $data = array(
      'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
      'assertion' => $jwt_util
        ->encode($jwt_data, $this->private_key, 'RS256'),
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);
    $this
      ->assertTokenResponse($response, FALSE);
  }

  /**
   * Tests the "User credentials" grant type.
   */
  public function testPasswordGrantType() {
    $result = $this
      ->passwordGrantRequest();
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);
    $this
      ->assertTokenResponse($response);
  }

  /**
   * Tests the "Refresh token" grant type.
   */
  public function testRefreshTokenGrantType() {

    // Do a password grant first, in order to get the refresh token.
    $result = $this
      ->passwordGrantRequest();
    $response = json_decode($result->data);
    $refresh_token = $response->refresh_token;
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'refresh_token',
      'refresh_token' => $refresh_token,
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);

    // The response will include a new refresh_token because
    // always_issue_new_refresh_token is TRUE.
    $this
      ->assertTokenResponse($response);
  }

  /**
   * Tests scopes.
   */
  public function testScopes() {

    // The default scope returned by oauth2_server_default_scope().
    $result = $this
      ->passwordGrantRequest();
    $response = json_decode($result->data);
    $this
      ->assertEqual($response->scope, 'basic admin', 'The correct default scope was returned.');

    // A non-existent scope.
    $result = $this
      ->passwordGrantRequest('invalid_scope');
    $response = json_decode($result->data);
    $error = isset($response->error) && $response->error == 'invalid_scope';
    $this
      ->assertTrue($error, 'Invalid scope correctly detected.');

    // A scope forbidden by oauth2_server_scope_access.
    // @see oauth2_server_test_entity_query_alter()
    $result = $this
      ->passwordGrantRequest('forbidden');
    $response = json_decode($result->data);
    $error = isset($response->error) && $response->error == 'invalid_scope';
    $this
      ->assertTrue($error, 'Inaccessible scope correctly detected.');

    // A specific requested scope.
    $result = $this
      ->passwordGrantRequest('admin');
    $response = json_decode($result->data);
    $this
      ->assertEqual($response->scope, 'admin', 'The correct scope was returned.');
  }

  /**
   * Tests the OpenID Connect authorization code flow.
   */
  function testOpenIdConnectAuthorizationCodeFlow() {
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);

    // Perform authorization without the offline_access scope.
    // No refresh_token should be returned from the /token endpoint.
    $result = $this
      ->authorizationCodeRequest('code', 'openid');
    $redirect_url_parts = explode('?', $result->redirect_url);
    $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
    $authorization_code = $redirect_url_params['code'];
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'authorization_code',
      'code' => $authorization_code,
      'redirect_uri' => url('authorized', array(
        'absolute' => TRUE,
      )),
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);
    $this
      ->assertTokenResponse($response, FALSE);
    if (!empty($response->id_token)) {
      $this
        ->assertIdToken($response->id_token);
    }
    else {
      $this
        ->assertTrue(FALSE, 'The token request returned an id_token.');
    }

    // Perform authorization witho the offline_access scope.
    // A refresh_token should be returned from the /token endpoint.
    $result = $this
      ->authorizationCodeRequest('code', 'openid offline_access');
    $redirect_url_parts = explode('?', $result->redirect_url);
    $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
    $authorization_code = $redirect_url_params['code'];
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'authorization_code',
      'code' => $authorization_code,
      'redirect_uri' => url('authorized', array(
        'absolute' => TRUE,
      )),
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);
    $this
      ->assertTokenResponse($response);
    if (!empty($response->id_token)) {
      $this
        ->assertIdToken($response->id_token);
    }
    else {
      $this
        ->assertTrue(FALSE, 'The token request returned an id_token.');
    }
  }

  /**
   * Tests the OpenID Connect implicit flow.
   */
  function testOpenIdConnectImplicitFlow() {
    $account = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($account);
    $result = $this
      ->authorizationCodeRequest('id_token', 'openid email');
    $this
      ->assertEqual($result->code, 302, 'The "id_token" implicit flow request completed successfully');
    $redirect_url_parts = explode('#', $result->redirect_url);
    $response = drupal_get_query_array($redirect_url_parts[1]);
    if (!empty($response['id_token'])) {
      $this
        ->assertIdToken($response['id_token'], FALSE, $account);
    }
    else {
      $this
        ->assertTrue(FALSE, 'The token request returned an id_token.');
    }
    $result = $this
      ->authorizationCodeRequest('token id_token', 'openid email profile phone');
    $this
      ->assertEqual($result->code, 302, 'The "token id_token" implicit flow request completed successfully');
    $redirect_url_parts = explode('#', $result->redirect_url);
    $response = drupal_get_query_array($redirect_url_parts[1]);
    $this
      ->assertTokenResponse($response, FALSE);
    if (!empty($response['id_token'])) {
      $this
        ->assertIdToken($response['id_token'], TRUE);
    }
    else {
      $this
        ->assertTrue(FALSE, 'The token request returned an id_token.');
    }

    // Add a timezone to the account, to test the 'zoneinfo' claim.
    user_save($account, array(
      'timezone' => 'Europe/London',
    ));

    // Request OpenID Connect user information (claims).
    $query = array(
      'access_token' => $response['access_token'],
    );
    $info_url = url('oauth2/UserInfo', array(
      'absolute' => TRUE,
      'query' => $query,
    ));
    $result = $this
      ->httpRequest($info_url);
    $response = json_decode($result->data);
    $expected_claims = array(
      'sub' => $account->uid,
      'email' => $account->mail,
      'email_verified' => TRUE,
      'phone_number' => '123456',
      'phone_number_verified' => FALSE,
      'preferred_username' => $account->name,
      'name' => format_username($account),
      'zoneinfo' => $account->timezone,
    );
    foreach ($expected_claims as $claim => $expected_value) {
      $this
        ->assertEqual($response->{$claim}, $expected_value, 'The UserInfo endpoint returned a valid "' . $claim . '" claim');
    }
  }

  /**
   * Tests that the OpenID Connect 'sub' property affects user info 'sub' claim.
   */
  public function testOpenIdConnectNonDefaultSub() {
    variable_set('oauth2_server_user_sub_property', 'name');
    $result = $this
      ->passwordGrantRequest('openid');
    $response = json_decode($result->data);
    $access_token = $response->access_token;
    $query = array(
      'access_token' => $access_token,
    );
    $info_url = url('oauth2/UserInfo', array(
      'absolute' => TRUE,
      'query' => $query,
    ));
    $result = $this
      ->httpRequest($info_url);
    $response = json_decode($result->data, TRUE);
    $this
      ->assertEqual($this->loggedInUser->name, $response['sub'], 'The UserInfo "sub" is now the user\'s name.');
  }

  /**
   * Tests that the OpenID Connect 'sub' property affects ID token 'sub' claim.
   */
  public function testOpenIdConnectNonDefaultSubInIdToken() {
    variable_set('oauth2_server_user_sub_property', 'name');

    // This is the authorization code grant type flow.
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);
    $result = $this
      ->authorizationCodeRequest('code', 'openid offline_access');
    $redirect_url_parts = explode('?', $result->redirect_url);
    $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
    $authorization_code = $redirect_url_params['code'];

    // Get tokens using the authorization code.
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'authorization_code',
      'code' => $authorization_code,
      'redirect_uri' => url('authorized', array(
        'absolute' => TRUE,
      )),
    );
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($token_url, $options);
    $response = json_decode($result->data);
    $parts = explode('.', $response->id_token);
    $claims = json_decode(oauth2_server_base64url_decode($parts[1]), TRUE);
    $this
      ->assertEqual($this->loggedInUser->name, $claims['sub'], 'The ID token "sub" is now the user\'s name.');
  }

  /**
   * Tests crypto tokens.
   */
  public function testCryptoTokens() {

    // Enable crypto tokens.
    $server = oauth2_server_load('test');
    $server->settings['use_crypto_tokens'] = TRUE;
    $server
      ->save();
    $result = $this
      ->passwordGrantRequest();
    $this
      ->assertEqual($result->code, 200, 'The token request completed successfully');
    $response = json_decode($result->data);

    // The refresh token is contained inside the crypto token.
    $this
      ->assertTokenResponse($response, FALSE);
    $verified = FALSE;
    if (substr_count($response->access_token, '.') == 2) {

      // Verify the JTW Access token following the instructions from
      // http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens
      list($header, $payload, $signature) = explode('.', $response->access_token);

      // The signature is "url safe base64 encoded".
      $signature = base64_decode(strtr($signature, '-_,', '+/'));
      $payload_to_verify = utf8_decode($header . '.' . $payload);
      $verified = openssl_verify($payload_to_verify, $signature, $this->public_key, 'sha256');
    }
    $this
      ->assertTrue($verified, 'The JWT Access Token is valid.');
  }

  /**
   * Tests revoking an access token.
   */
  public function testRevoke() {
    $result = $this
      ->passwordGrantRequest();
    $response = json_decode($result->data);
    $access_token = $response->access_token;
    $resource_request_options = array(
      'headers' => array(
        'Authorization' => 'Bearer ' . $access_token,
      ),
    );
    $resource_url = url('oauth2_test/resource/admin', array(
      'absolute' => TRUE,
    ));
    $result = $this
      ->httpRequest($resource_url, $resource_request_options);
    $this
      ->assertEqual($result->code, 200, 'Token works before revocation.');

    // Revoke the access token.
    $revoke_url = url('oauth2/revoke', array(
      'absolute' => TRUE,
    ));
    $revoke_options = array(
      'method' => 'POST',
      'data' => http_build_query(array(
        'token' => $access_token,
        'token_type_hint' => 'access_token',
      )),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    $result = $this
      ->httpRequest($revoke_url, $revoke_options);

    // Note: a valid revoke request will always return 200 even if the token was
    // invalid (see https://tools.ietf.org/html/rfc7009#section-2.2).
    $this
      ->assertEqual(200, $result->code, 'Revoke request succeeded');
    $result = $this
      ->httpRequest($resource_url, $resource_request_options);
    $this
      ->assertEqual($result->code, 401, 'Token no longer works after revocation.');
  }

  /**
   * Tests resource requests.
   */
  public function testResourceRequests() {
    $result = $this
      ->passwordGrantRequest('admin');
    $response = json_decode($result->data);
    $access_token = $response->access_token;

    // Check resource access with no access token.
    $resource_url = url('oauth2_test/resource/admin', array(
      'absolute' => TRUE,
    ));
    $result = $this
      ->httpRequest($resource_url);
    $this
      ->assertEqual($result->code, 401, 'Missing access token correctly detected.');

    // Check resource access with an insufficient scope.
    $query = array(
      'access_token' => $access_token,
    );
    $resource_url = url('oauth2_test/resource/forbidden', array(
      'absolute' => TRUE,
      'query' => $query,
    ));
    $result = $this
      ->httpRequest($resource_url);
    $response = json_decode($result->data);
    $error = isset($response->error) && $response->error == 'insufficient_scope';
    $this
      ->assertTrue($error, 'Insufficient scope correctly detected.');

    // Check resource access with the access token in the url.
    $query = array(
      'access_token' => $access_token,
    );
    $resource_url = url('oauth2_test/resource/admin', array(
      'absolute' => TRUE,
      'query' => $query,
    ));
    $result = $this
      ->httpRequest($resource_url);
    $this
      ->assertEqual($result->code, 200, 'Access token in the URL correctly detected.');

    // Check resource access with the access token in the header.
    $resource_url = url('oauth2_test/resource/admin', array(
      'absolute' => TRUE,
    ));
    $options = array(
      'headers' => array(
        'Authorization' => 'Bearer ' . $access_token,
      ),
    );
    $result = $this
      ->httpRequest($resource_url, $options);
    $this
      ->assertEqual($result->code, 200, 'Access token in the header correctly detected.');
  }

  /**
   * Test that access is denied when using a token for a blocked user.
   */
  public function testBlockedUserTokenFails() {

    // Get a normal access token for a normal user.
    $result = $this
      ->passwordGrantRequest('admin');
    $response = json_decode($result->data);
    $access_token = $response->access_token;

    // Check resource access while the user is active.
    $resource_url = url('oauth2_test/resource/admin', array(
      'absolute' => TRUE,
    ));
    $options = array(
      'headers' => array(
        'Authorization' => 'Bearer ' . $access_token,
      ),
    );
    $result = $this
      ->httpRequest($resource_url, $options);
    $this
      ->assertEqual($result->code, 200, 'An active user is correctly authenticated.');

    // Block the user.
    user_save($this->loggedInUser, array(
      'status' => 0,
    ));

    // Check resource access while the user is blocked.
    $resource_url = url('oauth2_test/resource/admin', array(
      'absolute' => TRUE,
    ));
    $options = array(
      'headers' => array(
        'Authorization' => 'Bearer ' . $access_token,
      ),
    );
    $result = $this
      ->httpRequest($resource_url, $options);
    $this
      ->assertEqual($result->code, 403, 'A blocked user is denied access with 403 Forbidden.');
  }

  /**
   * Performs a password grant request and returns it.
   *
   * Used to test the grant itself, as well as a helper for other tests
   * (since it's a fast way of getting an access token).
   *
   * @param $scope
   *   An optional scope to request.
   *
   * @return
   *   The return value of $this->httpRequest().
   */
  protected function passwordGrantRequest($scope = NULL) {
    $user = $this
      ->drupalCreateUser(array(
      'use oauth2 server',
    ));
    $this
      ->drupalLogin($user);
    $token_url = url('oauth2/token', array(
      'absolute' => TRUE,
    ));
    $data = array(
      'grant_type' => 'password',
      'username' => $user->name,
      'password' => $user->pass_raw,
    );
    if ($scope) {
      $data['scope'] = $scope;
    }
    $options = array(
      'method' => 'POST',
      'data' => http_build_query($data),
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded',
        'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
      ),
    );
    return $this
      ->httpRequest($token_url, $options);
  }

  /**
   * Performs a drupal_http_request() with additional parameters.
   *
   * Passes along all cookies. This ensures that the test user has access
   * to the oauth2 endpoints.
   *
   * @param $url
   *   $url: A string containing a fully qualified URI.
   * @param $options
   *   The options array passed along to drupal_http_request().
   *
   * @return
   *   The result object as returned by drupal_http_request().
   */
  protected function httpRequest($url, array $options = array()) {

    // Forward cookies.
    $cookie_string = '';
    foreach ($this->cookies as $name => $data) {
      $cookie_string .= $name . '=' . $data['value'] . ';';
    }
    $options['headers']['Cookie'] = $cookie_string;

    // Set other general options.
    $options += array(
      'max_redirects' => 0,
    );
    return drupal_http_request($url, $options);
  }

  /**
   * Assert that the given id_token response has the expected values.
   *
   * @param $id_token
   *   The id_token.
   * @param $has_at_hash
   *   Whether the token is supposed to contain the at_hash claim.
   * @param $account
   *   The account of the authenticated user, if the id_token is supposed
   *   to contain user claims.
   */
  protected function assertIdToken($id_token, $has_at_hash = FALSE, $account = NULL) {
    $parts = explode('.', $id_token);
    list($headerb64, $claims64, $signatureb64) = $parts;
    $claims = json_decode(oauth2_server_base64url_decode($claims64), TRUE);
    $signature = oauth2_server_base64url_decode($signatureb64);
    $payload = utf8_decode($headerb64 . '.' . $claims64);
    $verified = openssl_verify($payload, $signature, $this->public_key, 'sha256');
    $this
      ->assertTrue($verified, 'The id_token has a valid signature.');
    $this
      ->assertTrue(array_key_exists('iss', $claims), 'The id_token contains an "iss" claim.');
    $this
      ->assertTrue(array_key_exists('sub', $claims), 'The id_token contains a "sub" claim.');
    $this
      ->assertTrue(array_key_exists('aud', $claims), 'The id_token contains an "aud" claim.');
    $this
      ->assertTrue(array_key_exists('iat', $claims), 'The id_token contains an "iat" claim.');
    $this
      ->assertTrue(array_key_exists('exp', $claims), 'The id_token contains an "exp" claim.');
    $this
      ->assertTrue(array_key_exists('auth_time', $claims), 'The id_token contains an "auth_time" claim.');
    $this
      ->assertTrue(array_key_exists('nonce', $claims), 'The id_token contains a "nonce" claim');
    if ($has_at_hash) {
      $this
        ->assertTrue(array_key_exists('at_hash', $claims), 'The id_token contains an "at_hash" claim.');
    }
    if ($account) {
      $this
        ->assertTrue(array_key_exists('email', $claims), 'The id_token contains an "email" claim.');
      $this
        ->assertTrue(array_key_exists('email_verified', $claims), 'The id_token contains an "email_verified" claim.');
    }
    $this
      ->assertEqual($claims['aud'], $this->client_key, 'The id_token "aud" claim contains the expected client_id.');
    $this
      ->assertEqual($claims['nonce'], 'test', 'The id_token "nonce" claim contains the expected nonce.');
    if ($account) {
      $this
        ->assertEqual($claims['email'], $account->mail);
    }
  }

  /**
   * Assert that the given token response has the expected values.
   *
   * @param $response
   *   The response (either an object decoded from a json string or the
   *   query string taken from the url in case of the implicit flow).
   * @param $has_refresh_token
   *   A boolean indicating whether this response should have a refresh token.
   */
  protected function assertTokenResponse($response, $has_refresh_token = TRUE) {

    // Make sure we have an array.
    $response = (array) $response;
    $this
      ->assertTrue(array_key_exists('access_token', $response), 'The "access token" value is present in the return values');
    $this
      ->assertTrue(array_key_exists('expires_in', $response), 'The "expires_in" value is present in the return values');
    $this
      ->assertTrue(array_key_exists('token_type', $response), 'The "token_type" value is present in the return values');
    $this
      ->assertTrue(array_key_exists('scope', $response), 'The "scope" value is present in the return values');
    if ($has_refresh_token) {
      $this
        ->assertTrue(array_key_exists('refresh_token', $response), 'The "refresh_token" value is present in the return values');
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DrupalTestCase::$assertions protected property Assertions thrown in that test case.
DrupalTestCase::$databasePrefix protected property The database prefix of this test run.
DrupalTestCase::$originalFileDirectory protected property The original file directory, before it was changed for testing purposes.
DrupalTestCase::$results public property Current results of this test case.
DrupalTestCase::$setup protected property Flag to indicate whether the test has been set up.
DrupalTestCase::$setupDatabasePrefix protected property
DrupalTestCase::$setupEnvironment protected property
DrupalTestCase::$skipClasses protected property This class is skipped when looking for the source of an assertion.
DrupalTestCase::$testId protected property The test run ID.
DrupalTestCase::$timeLimit protected property Time limit for the test.
DrupalTestCase::$useSetupInstallationCache public property Whether to cache the installation part of the setUp() method.
DrupalTestCase::$useSetupModulesCache public property Whether to cache the modules installation part of the setUp() method.
DrupalTestCase::$verboseDirectoryUrl protected property URL to the verbose output file directory.
DrupalTestCase::assert protected function Internal helper: stores the assert.
DrupalTestCase::assertEqual protected function Check to see if two values are equal.
DrupalTestCase::assertFalse protected function Check to see if a value is false (an empty string, 0, NULL, or FALSE).
DrupalTestCase::assertIdentical protected function Check to see if two values are identical.
DrupalTestCase::assertNotEqual protected function Check to see if two values are not equal.
DrupalTestCase::assertNotIdentical protected function Check to see if two values are not identical.
DrupalTestCase::assertNotNull protected function Check to see if a value is not NULL.
DrupalTestCase::assertNull protected function Check to see if a value is NULL.
DrupalTestCase::assertTrue protected function Check to see if a value is not false (not an empty string, 0, NULL, or FALSE).
DrupalTestCase::deleteAssert public static function Delete an assertion record by message ID.
DrupalTestCase::error protected function Fire an error assertion. 1
DrupalTestCase::errorHandler public function Handle errors during test runs. 1
DrupalTestCase::exceptionHandler protected function Handle exceptions.
DrupalTestCase::fail protected function Fire an assertion that is always negative.
DrupalTestCase::generatePermutations public static function Converts a list of possible parameters into a stack of permutations.
DrupalTestCase::getAssertionCall protected function Cycles through backtrace until the first non-assertion method is found.
DrupalTestCase::getDatabaseConnection public static function Returns the database connection to the site running Simpletest.
DrupalTestCase::insertAssert public static function Store an assertion from outside the testing context.
DrupalTestCase::pass protected function Fire an assertion that is always positive.
DrupalTestCase::randomName public static function Generates a random string containing letters and numbers.
DrupalTestCase::randomString public static function Generates a random string of ASCII characters of codes 32 to 126.
DrupalTestCase::run public function Run all tests in this class.
DrupalTestCase::verbose protected function Logs a verbose message in a text file.
DrupalWebTestCase::$additionalCurlOptions protected property Additional cURL options.
DrupalWebTestCase::$content protected property The content of the page currently loaded in the internal browser.
DrupalWebTestCase::$cookieFile protected property The current cookie file used by cURL.
DrupalWebTestCase::$cookies protected property The cookies of the page currently loaded in the internal browser.
DrupalWebTestCase::$curlHandle protected property The handle of the current cURL connection.
DrupalWebTestCase::$drupalSettings protected property The value of the Drupal.settings JavaScript variable for the page currently loaded in the internal browser.
DrupalWebTestCase::$elements protected property The parsed version of the page.
DrupalWebTestCase::$generatedTestFiles protected property Whether the files were copied to the test files directory.
DrupalWebTestCase::$headers protected property The headers of the page currently loaded in the internal browser.
DrupalWebTestCase::$httpauth_credentials protected property HTTP authentication credentials (<username>:<password>).
DrupalWebTestCase::$httpauth_method protected property HTTP authentication method
DrupalWebTestCase::$loggedInUser protected property The current user logged in using the internal browser.
DrupalWebTestCase::$originalShutdownCallbacks protected property The original shutdown handlers array, before it was cleaned for testing purposes.
DrupalWebTestCase::$originalUser protected property The original user, before it was changed to a clean uid = 1 for testing purposes.
DrupalWebTestCase::$plainTextContent protected property The content of the page currently loaded in the internal browser (plain text version).
DrupalWebTestCase::$redirect_count protected property The number of redirects followed during the handling of a request.
DrupalWebTestCase::$session_id protected property The current session ID, if available.
DrupalWebTestCase::$session_name protected property The current session name, if available.
DrupalWebTestCase::$url protected property The URL currently loaded in the internal browser.
DrupalWebTestCase::assertField protected function Asserts that a field exists with the given name or ID.
DrupalWebTestCase::assertFieldById protected function Asserts that a field exists in the current page with the given ID and value.
DrupalWebTestCase::assertFieldByName protected function Asserts that a field exists in the current page with the given name and value.
DrupalWebTestCase::assertFieldByXPath protected function Asserts that a field exists in the current page by the given XPath.
DrupalWebTestCase::assertFieldChecked protected function Asserts that a checkbox field in the current page is checked.
DrupalWebTestCase::assertLink protected function Pass if a link with the specified label is found, and optional with the specified index.
DrupalWebTestCase::assertLinkByHref protected function Pass if a link containing a given href (part) is found.
DrupalWebTestCase::assertMail protected function Asserts that the most recently sent e-mail message has the given value.
DrupalWebTestCase::assertMailPattern protected function Asserts that the most recently sent e-mail message has the pattern in it.
DrupalWebTestCase::assertMailString protected function Asserts that the most recently sent e-mail message has the string in it.
DrupalWebTestCase::assertNoDuplicateIds protected function Asserts that each HTML ID is used for just a single element.
DrupalWebTestCase::assertNoField protected function Asserts that a field does not exist with the given name or ID.
DrupalWebTestCase::assertNoFieldById protected function Asserts that a field does not exist with the given ID and value.
DrupalWebTestCase::assertNoFieldByName protected function Asserts that a field does not exist with the given name and value.
DrupalWebTestCase::assertNoFieldByXPath protected function Asserts that a field doesn't exist or its value doesn't match, by XPath.
DrupalWebTestCase::assertNoFieldChecked protected function Asserts that a checkbox field in the current page is not checked.
DrupalWebTestCase::assertNoLink protected function Pass if a link with the specified label is not found.
DrupalWebTestCase::assertNoLinkByHref protected function Pass if a link containing a given href (part) is not found.
DrupalWebTestCase::assertNoOptionSelected protected function Asserts that a select option in the current page is not checked.
DrupalWebTestCase::assertNoPattern protected function Will trigger a pass if the perl regex pattern is not present in raw content.
DrupalWebTestCase::assertNoRaw protected function Pass if the raw text is NOT found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated.
DrupalWebTestCase::assertNoResponse protected function Asserts the page did not return the specified response code.
DrupalWebTestCase::assertNoText protected function Pass if the text is NOT found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents.
DrupalWebTestCase::assertNoTitle protected function Pass if the page title is not the given string.
DrupalWebTestCase::assertNoUniqueText protected function Pass if the text is found MORE THAN ONCE on the text version of the page.
DrupalWebTestCase::assertOptionSelected protected function Asserts that a select option in the current page is checked.
DrupalWebTestCase::assertPattern protected function Will trigger a pass if the Perl regex pattern is found in the raw content.
DrupalWebTestCase::assertRaw protected function Pass if the raw text IS found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated.
DrupalWebTestCase::assertResponse protected function Asserts the page responds with the specified response code.
DrupalWebTestCase::assertText protected function Pass if the text IS found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents.
DrupalWebTestCase::assertTextHelper protected function Helper for assertText and assertNoText.
DrupalWebTestCase::assertThemeOutput protected function Asserts themed output.
DrupalWebTestCase::assertTitle protected function Pass if the page title is the given string.
DrupalWebTestCase::assertUniqueText protected function Pass if the text is found ONLY ONCE on the text version of the page.
DrupalWebTestCase::assertUniqueTextHelper protected function Helper for assertUniqueText and assertNoUniqueText.
DrupalWebTestCase::assertUrl protected function Pass if the internal browser's URL matches the given path.
DrupalWebTestCase::buildXPathQuery protected function Builds an XPath query.
DrupalWebTestCase::changeDatabasePrefix protected function Changes the database connection to the prefixed one.
DrupalWebTestCase::checkForMetaRefresh protected function Check for meta refresh tag and if found call drupalGet() recursively. This function looks for the http-equiv attribute to be set to "Refresh" and is case-sensitive.
DrupalWebTestCase::checkPermissions protected function Check to make sure that the array of permissions are valid.
DrupalWebTestCase::clickLink protected function Follows a link by name.
DrupalWebTestCase::constructFieldXpath protected function Helper function: construct an XPath for the given set of attributes and value.
DrupalWebTestCase::copySetupCache protected function Copy the setup cache from/to another table and files directory.
DrupalWebTestCase::cronRun protected function Runs cron in the Drupal installed by Simpletest.
DrupalWebTestCase::curlClose protected function Close the cURL handler and unset the handler.
DrupalWebTestCase::curlExec protected function Initializes and executes a cURL request.
DrupalWebTestCase::curlHeaderCallback protected function Reads headers and registers errors received from the tested site.
DrupalWebTestCase::curlInitialize protected function Initializes the cURL connection.
DrupalWebTestCase::drupalCompareFiles protected function Compare two files based on size and file name.
DrupalWebTestCase::drupalCreateContentType protected function Creates a custom content type based on default settings.
DrupalWebTestCase::drupalCreateNode protected function Creates a node based on default settings.
DrupalWebTestCase::drupalCreateRole protected function Creates a role with specified permissions.
DrupalWebTestCase::drupalCreateUser protected function Create a user with a given set of permissions.
DrupalWebTestCase::drupalGet protected function Retrieves a Drupal path or an absolute path.
DrupalWebTestCase::drupalGetAJAX protected function Retrieve a Drupal path or an absolute path and JSON decode the result.
DrupalWebTestCase::drupalGetContent protected function Gets the current raw HTML of requested page.
DrupalWebTestCase::drupalGetHeader protected function Gets the value of an HTTP response header. If multiple requests were required to retrieve the page, only the headers from the last request will be checked by default. However, if TRUE is passed as the second argument, all requests will be processed…
DrupalWebTestCase::drupalGetHeaders protected function Gets the HTTP response headers of the requested page. Normally we are only interested in the headers returned by the last request. However, if a page is redirected or HTTP authentication is in use, multiple requests will be required to retrieve the…
DrupalWebTestCase::drupalGetMails protected function Gets an array containing all e-mails sent during this test case.
DrupalWebTestCase::drupalGetNodeByTitle function Get a node from the database based on its title.
DrupalWebTestCase::drupalGetSettings protected function Gets the value of the Drupal.settings JavaScript variable for the currently loaded page.
DrupalWebTestCase::drupalGetTestFiles protected function Get a list files that can be used in tests.
DrupalWebTestCase::drupalGetToken protected function Generate a token for the currently logged in user.
DrupalWebTestCase::drupalHead protected function Retrieves only the headers for a Drupal path or an absolute path.
DrupalWebTestCase::drupalLogin protected function Log in a user with the internal browser.
DrupalWebTestCase::drupalLogout protected function
DrupalWebTestCase::drupalPost protected function Execute a POST request on a Drupal page. It will be done as usual POST request with SimpleBrowser.
DrupalWebTestCase::drupalPostAJAX protected function Execute an Ajax submission.
DrupalWebTestCase::drupalSetContent protected function Sets the raw HTML content. This can be useful when a page has been fetched outside of the internal browser and assertions need to be made on the returned page.
DrupalWebTestCase::drupalSetSettings protected function Sets the value of the Drupal.settings JavaScript variable for the currently loaded page.
DrupalWebTestCase::getAbsoluteUrl protected function Takes a path and returns an absolute path.
DrupalWebTestCase::getAllOptions protected function Get all option elements, including nested options, in a select.
DrupalWebTestCase::getSelectedItem protected function Get the selected value from a select field.
DrupalWebTestCase::getSetupCacheKey protected function Returns the cache key used for the setup caching.
DrupalWebTestCase::getUrl protected function Get the current URL from the cURL handler.
DrupalWebTestCase::handleForm protected function Handle form input related to drupalPost(). Ensure that the specified fields exist and attempt to create POST data in the correct manner for the particular field type.
DrupalWebTestCase::loadSetupCache protected function Copies the cached tables and files for a cached installation setup.
DrupalWebTestCase::parse protected function Parse content returned from curlExec using DOM and SimpleXML.
DrupalWebTestCase::preloadRegistry protected function Preload the registry from the testing site.
DrupalWebTestCase::prepareDatabasePrefix protected function Generates a database prefix for running tests.
DrupalWebTestCase::prepareEnvironment protected function Prepares the current environment for running the test.
DrupalWebTestCase::recursiveDirectoryCopy protected function Recursively copy one directory to another.
DrupalWebTestCase::refreshVariables protected function Refresh the in-memory set of variables. Useful after a page request is made that changes a variable in a different thread. 1
DrupalWebTestCase::resetAll protected function Reset all data structures after having enabled new modules.
DrupalWebTestCase::storeSetupCache protected function Store the installation setup to a cache.
DrupalWebTestCase::tearDown protected function Delete created files and temporary files directory, delete the tables created by setUp(), and reset the database prefix. 6
DrupalWebTestCase::verboseEmail protected function Outputs to verbose the most recent $count emails sent.
DrupalWebTestCase::xpath protected function Perform an xpath search on the contents of the internal browser. The search is relative to the root element (HTML tag normally) of the page.
DrupalWebTestCase::__construct function Constructor for DrupalWebTestCase. Overrides DrupalTestCase::__construct 1
OAuth2ServerTestCase::$client_key protected property The client key of the test client.
OAuth2ServerTestCase::$client_secret protected property The client secret of the test client.
OAuth2ServerTestCase::$private_key protected property The private key used for all tests with encryption.
OAuth2ServerTestCase::$profile protected property The profile to install as a basis for testing. Overrides DrupalWebTestCase::$profile
OAuth2ServerTestCase::$public_key protected property The public key X.509 certificate used for all tests with encryption.
OAuth2ServerTestCase::assertIdToken protected function Assert that the given id_token response has the expected values.
OAuth2ServerTestCase::assertTokenResponse protected function Assert that the given token response has the expected values.
OAuth2ServerTestCase::authorizationCodeRequest protected function Performs an authorization request and returns it.
OAuth2ServerTestCase::getInfo public static function
OAuth2ServerTestCase::httpRequest protected function Performs a drupal_http_request() with additional parameters.
OAuth2ServerTestCase::passwordGrantRequest protected function Performs a password grant request and returns it.
OAuth2ServerTestCase::setUp public function Sets up a Drupal site for running functional and integration tests. Overrides DrupalWebTestCase::setUp
OAuth2ServerTestCase::testAuthorization public function Tests the authorization part of the flow.
OAuth2ServerTestCase::testAuthorizationCodeGrantType public function Tests the "Authorization code" grant type.
OAuth2ServerTestCase::testBlockedUserTokenFails public function Test that access is denied when using a token for a blocked user.
OAuth2ServerTestCase::testClientCredentialsGrantType public function Tests the "Client credentials" grant type.
OAuth2ServerTestCase::testCryptoTokens public function Tests crypto tokens.
OAuth2ServerTestCase::testImplicitFlow function Tests the implicit flow.
OAuth2ServerTestCase::testJwtBearerGrantType public function Tests the "JWT bearer" grant type.
OAuth2ServerTestCase::testOpenIdConnectAuthorizationCodeFlow function Tests the OpenID Connect authorization code flow.
OAuth2ServerTestCase::testOpenIdConnectImplicitFlow function Tests the OpenID Connect implicit flow.
OAuth2ServerTestCase::testOpenIdConnectNonDefaultSub public function Tests that the OpenID Connect 'sub' property affects user info 'sub' claim.
OAuth2ServerTestCase::testOpenIdConnectNonDefaultSubInIdToken public function Tests that the OpenID Connect 'sub' property affects ID token 'sub' claim.
OAuth2ServerTestCase::testPasswordGrantType public function Tests the "User credentials" grant type.
OAuth2ServerTestCase::testRefreshTokenGrantType public function Tests the "Refresh token" grant type.
OAuth2ServerTestCase::testResourceRequests public function Tests resource requests.
OAuth2ServerTestCase::testRevoke public function Tests revoking an access token.
OAuth2ServerTestCase::testScopes public function Tests scopes.