You are here

public function OAuth2ServerTestCase::testBlockedUserTokenFails in OAuth2 Server 7

Test that access is denied when using a token for a blocked user.

File

tests/oauth2_server.test, line 697
OAuth2 tests.

Class

OAuth2ServerTestCase
Test basic API.

Code

public function testBlockedUserTokenFails() {

  // Get a normal access token for a normal user.
  $result = $this
    ->passwordGrantRequest('admin');
  $response = json_decode($result->data);
  $access_token = $response->access_token;

  // Check resource access while the user is active.
  $resource_url = url('oauth2_test/resource/admin', array(
    'absolute' => TRUE,
  ));
  $options = array(
    'headers' => array(
      'Authorization' => 'Bearer ' . $access_token,
    ),
  );
  $result = $this
    ->httpRequest($resource_url, $options);
  $this
    ->assertEqual($result->code, 200, 'An active user is correctly authenticated.');

  // Block the user.
  user_save($this->loggedInUser, array(
    'status' => 0,
  ));

  // Check resource access while the user is blocked.
  $resource_url = url('oauth2_test/resource/admin', array(
    'absolute' => TRUE,
  ));
  $options = array(
    'headers' => array(
      'Authorization' => 'Bearer ' . $access_token,
    ),
  );
  $result = $this
    ->httpRequest($resource_url, $options);
  $this
    ->assertEqual($result->code, 403, 'A blocked user is denied access with 403 Forbidden.');
}