You are here

public function OAuth2ServerTest::testResourceRequests in OAuth2 Server 8

Same name and namespace in other branches
  1. 2.0.x tests/src/Functional/OAuth2ServerTest.php \Drupal\Tests\oauth2_server\Functional\OAuth2ServerTest::testResourceRequests()

Tests resource requests.

File

tests/src/Functional/OAuth2ServerTest.php, line 556

Class

OAuth2ServerTest
The OAuth2 Server admin test case.

Namespace

Drupal\Tests\oauth2_server\Functional

Code

public function testResourceRequests() {
  $response = $this
    ->passwordGrantRequest('admin');
  $payload = json_decode($response
    ->getBody());
  $access_token = $payload->access_token;

  // Check resource access with no access token.
  $resource_url = $this
    ->buildUrl(new Url('oauth2_server_test.resource', [
    'oauth2_server_scope' => 'admin',
  ]));
  try {
    $this
      ->httpGetRequest($resource_url);
  } catch (ClientException $e) {
    if ($e
      ->hasResponse()) {
      $this
        ->assertEqual($e
        ->getResponse()
        ->getStatusCode(), 401, 'Missing access token correctly detected.');
    }
  }

  // Check resource access with an insufficient scope.
  $query = [
    'access_token' => $access_token,
  ];
  $resource_url = $this
    ->buildUrl(new Url('oauth2_server_test.resource', [
    'oauth2_server_scope' => 'forbidden',
  ], [
    'query' => $query,
  ]));
  try {
    $this
      ->httpGetRequest($resource_url);
  } catch (ClientException $e) {
    if ($e
      ->hasResponse()) {
      $this
        ->assertEqual($e
        ->getResponse()
        ->getStatusCode(), 403, 'Insufficient scope correctly detected.');
    }
  }

  // @fixme Check resource access with the access token in the url.

  //$query = [

  //  'access_token' => $access_token,

  //];

  //$resource_url = $this->buildUrl(new Url('oauth2_server_test.resource', ['oauth2_server_scope' => 'admin'], ['query' => $query]));

  //$response = $this->httpGetRequest($resource_url);

  //$this->assertEqual($response->getStatusCode(), 200, 'Access token in the URL correctly detected.');

  // @fixme Check resource access with the access token in the header.

  //$resource_url = $this->buildUrl(new Url('oauth2_server_test.resource', ['oauth2_server_scope' => 'admin']));

  //$options = [

  //  'headers' => [
  //    'Authorization' =>  'Bearer ' . $access_token,
  //  ],

  //];

  //$response = $this->httpGetRequest($resource_url, $options);

  //$this->assertEqual($response->getStatusCode(), 200, 'Access token in the header correctly detected.');
}