public function OAuth2ServerAdminTest::testEditingClientSecret in OAuth2 Server 8

Same name and namespace in other branches

1. 2.0.x tests/src/Functional/OAuth2ServerAdminTest.php \Drupal\Tests\oauth2_server\Functional\OAuth2ServerAdminTest::testEditingClientSecret()

Test editing client secret.

File

tests/src/Functional/OAuth2ServerAdminTest.php, line 29

Class

OAuth2ServerAdminTest

The OAuth2 Server admin test case.

Namespace

Drupal\Tests\oauth2_server\Functional

Code

public function testEditingClientSecret() {

  /** @var \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager */
  $entity_type_manager = $this->container
    ->get('entity_type.manager');

  /** @var \Drupal\Core\Password\PasswordInterface $password_hasher */
  $password_hasher = $this->container
    ->get('password');
  $account = $this
    ->drupalCreateUser([
    'administer oauth2 server',
  ]);
  $this
    ->drupalLogin($account);
  $server_id = strtolower($this
    ->randomMachineName());

  // Create a server in the UI.
  $this
    ->drupalPostForm(new Url('entity.oauth2_server.add_form'), [
    'name' => $this
      ->randomString(),
    'server_id' => $server_id,
  ], t('Save server'));

  // Create a client of the server in the UI, with a random secret.
  $client_id = strtolower($this
    ->randomMachineName());
  $secret = $this
    ->randomString(32);
  $this
    ->drupalPostForm(new Url('entity.oauth2_server.clients.add_form', [
    'oauth2_server' => $server_id,
  ]), [
    'name' => $this
      ->randomString(),
    'client_id' => $client_id,
    'redirect_uri' => 'http://localhost',
    'require_client_secret' => TRUE,
    'client_secret' => $secret,
  ], t('Save client'));

  // Test that the raw secret does not match the saved (hashed) one.

  /** @var \Drupal\oauth2_server\ClientInterface $client */
  $client = $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->load($client_id);
  $this
    ->assertNotEqual($secret, $client->client_secret, 'Raw secret does not match hashed secret.');

  // Test that the secret can be matched.
  $this
    ->assertTrue($password_hasher
    ->check($secret, $client->client_secret), 'Hashes match for known secret and stored secret.');

  // Edit the client, and do not set a new secret. It should stay the same.
  $old_hashed_secret = $client->client_secret;
  $this
    ->updateClient($client, [
    'name' => $this
      ->randomString(),
  ]);
  $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->resetCache();
  $client = $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->load($client_id);
  $this
    ->assertEqual($old_hashed_secret, $client->client_secret, 'Secret is not changed accidentally when editing the client.');

  // Edit the client, and set an empty secret.
  $this
    ->updateClient($client, [
    'require_client_secret' => FALSE,
  ]);
  $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->resetCache();
  $client = $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->load($client_id);
  $this
    ->assertTrue($client->client_secret === '', 'Secret is set to empty if it is not required.');

  // Edit the client, and set a new, non-empty secret.
  $new_secret = $this
    ->randomString(32);
  $this
    ->updateClient($client, [
    'require_client_secret' => TRUE,
    'client_secret' => $new_secret,
  ]);
  $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->resetCache();
  $client = $entity_type_manager
    ->getStorage('oauth2_server_client')
    ->load($client_id);
  $this
    ->assertTrue($password_hasher
    ->check($new_secret, $client->client_secret), 'Hashes match for new secret and stored secret.');
}