You are here

public function OAuth2ServerTest::testBlockedUserTokenFails in OAuth2 Server 2.0.x

Same name and namespace in other branches
  1. 8 tests/src/Functional/OAuth2ServerTest.php \Drupal\Tests\oauth2_server\Functional\OAuth2ServerTest::testBlockedUserTokenFails()

Test that access is denied when using a token for a blocked user.

File

tests/src/Functional/OAuth2ServerTest.php, line 608

Class

OAuth2ServerTest
The OAuth2 Server admin test case.

Namespace

Drupal\Tests\oauth2_server\Functional

Code

public function testBlockedUserTokenFails() {

  // Get a normal access token for a normal user.
  $response = $this
    ->passwordGrantRequest('admin');
  $payload = json_decode($response
    ->getBody());
  $access_token = $payload->access_token;

  // @fixme Check resource access while the user is active.
  $resource_url = $this
    ->buildUrl(new Url('oauth2_server_test.resource', [
    'oauth2_server_scope' => 'admin',
  ]));
  $options = [
    'headers' => [
      'Authorization' => 'Bearer ' . $access_token,
    ],
  ];

  //$response = $this->httpGetRequest($resource_url, $options);

  //$this->assertEqual($response->getStatusCode(), 200, 'An active user is correctly authenticated.');

  // Block the user.
  $this->loggedInUser->status = 0;
  $this->loggedInUser
    ->save();

  // Check resource access while the user is blocked.
  try {
    $this
      ->httpGetRequest($resource_url, $options);
  } catch (ClientException $e) {
    if ($e
      ->hasResponse()) {
      $this
        ->assertEqual($e
        ->getResponse()
        ->getStatusCode(), 403, 'A blocked user is denied access with 403 Forbidden.');
    }
  }
}