You are here

Home » API reference » OAuth2 Server 7 » oauth2_server.test » OAuth2ServerAdminTestCase

public function OAuth2ServerAdminTestCase::testEditingClientSecret in OAuth2 Server 7

File

tests/oauth2_server.test, line 1100
OAuth2 tests.

Class

OAuth2ServerAdminTestCase
Test administration forms.

Code

public function testEditingClientSecret() {
  $account = $this
    ->drupalCreateUser(array(
    'administer oauth2 server',
  ));
  $this
    ->drupalLogin($account);
  $server_name = strtolower($this
    ->randomName());

  // Create a server in the UI.
  $this
    ->drupalPost('admin/structure/oauth2-servers/add', array(
    'label' => $this
      ->randomString(),
    'name' => $server_name,
  ), t('Save server'));

  // Create a client of the server in the UI, with a random secret.
  $client_key = strtolower($this
    ->randomName());
  $secret = $this
    ->randomString(32);
  $this
    ->drupalPost('admin/structure/oauth2-servers/manage/' . $server_name . '/clients/add', array(
    'label' => $this
      ->randomString(),
    'client_key' => $client_key,
    'redirect_uri' => 'http://localhost',
    'require_client_secret' => TRUE,
    'client_secret' => $secret,
  ), t('Save client'));

  // Test that the raw secret does not match the saved (hashed) one.
  $client = oauth2_server_client_load($client_key);
  $this
    ->assertNotEqual($secret, $client->client_secret, 'Raw secret does not match hashed secret.');

  // Test that the secret can be matched.
  $this
    ->assertTrue(oauth2_server_check_client_secret($client->client_secret, $secret), 'Hashes match for known secret and stored secret.');

  // Edit the client, and do not set a new secret. It should stay the same.
  $old_hashed_secret = $client->client_secret;
  $this
    ->updateClient($client, array(
    'label' => $this
      ->randomString(),
  ));
  $client_controller = entity_get_controller('oauth2_server_client');
  $client_controller
    ->resetCache();
  $client = oauth2_server_client_load($client_key);
  $this
    ->assertEqual($old_hashed_secret, $client->client_secret, 'Secret is not changed accidentally when editing the client.');

  // Edit the client, and set an empty secret.
  $this
    ->updateClient($client, array(
    'require_client_secret' => FALSE,
  ));
  $client_controller
    ->resetCache();
  $client = oauth2_server_client_load($client_key);
  $this
    ->assertTrue($client->client_secret === '', 'Secret is set to empty if it is not required.');

  // Edit the client, and set a new, non-empty secret.
  $new_secret = $this
    ->randomString(32);
  $this
    ->updateClient($client, array(
    'require_client_secret' => TRUE,
    'client_secret' => $new_secret,
  ));
  $client_controller
    ->resetCache();
  $client = oauth2_server_client_load($client_key);
  $this
    ->assertTrue(oauth2_server_check_client_secret($client->client_secret, $new_secret), 'Hashes match for new secret and stored secret.');
}