RestfulTokenAuthenticationTestCase.test in RESTful 7
Same filename and directory in other branches
Contains RestfulTokenAuthenticationTestCase.
File
modules/restful_token_auth/tests/RestfulTokenAuthenticationTestCase.testView source
<?php
/**
* @file
* Contains RestfulTokenAuthenticationTestCase.
*/
class RestfulTokenAuthenticationTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Token Authentication',
'description' => 'Test the request authentication with a token.',
'group' => 'RESTful',
);
}
function setUp() {
parent::setUp('restful_example', 'restful_token_auth', 'entityreference');
$this->user = $this
->drupalCreateUser();
}
/**
* Testing the user's access token will be invalidate one the user is blocked.
*/
function testTokenInvalidating() {
$this
->drupalLogin($this->user);
$handler = restful_get_restful_handler('access_token');
// Generating token.
$handler
->get();
// Blocking the user.
user_save($this->user, array(
'status' => FALSE,
));
// Verify the token removed.
$query = new EntityFieldQuery();
$result = $query
->entityCondition('entity_type', 'restful_token_auth')
->propertyCondition('uid', $this->user->uid)
->execute();
$this
->assertTrue(empty($result), 'The access tokens invalidated when blocking the user.');
}
/**
* Test authenticating a user.
*/
function testAuthentication() {
// Create user.
$this->user = $this
->drupalCreateUser();
$this
->drupalLogin($this->user);
// Create "Article" node.
$title1 = $this
->randomName();
$settings = array(
'type' => 'article',
'title' => $title1,
'uid' => $this->user->uid,
);
$node1 = $this
->drupalCreateNode($settings);
$id = $node1->nid;
// Get a token for the user, using the handler.
$handler = restful_get_restful_handler('access_token');
$result = $handler
->get();
$access_token = $result['access_token'];
$refresh_token = $result['refresh_token'];
$this
->assertNotNull($access_token);
$this
->assertNotNull($refresh_token);
// Assert the token did not change.
$result = $handler
->get();
$this
->assertEqual($access_token, $result['access_token'], 'Access token did not change.');
// Get a "protected" resource without the access token.
$handler = restful_get_restful_handler('articles', 1, 3);
try {
$handler
->get($id);
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with invalid access token.
try {
$handler
->get($id, array(
'access_token' => 'invalid',
));
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with refresh token as access token.
try {
$handler
->get($id, array(
'access_token' => $refresh_token,
));
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with refresh token.
try {
$handler
->get($id, array(
'refresh_token' => $refresh_token,
));
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with the access token.
$response = $handler
->get($id, array(
'access_token' => $access_token,
));
$result = $response[0];
$this
->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid access token.');
// Get a "protected" resource with the dashed access token .
$response = $handler
->get($id, array(
'access-token' => $access_token,
));
$result = $response[0];
$this
->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid (dashed) access token.');
// Set the expiration token to the past.
$query = new \EntityFieldQuery();
$result = $query
->entityCondition('entity_type', 'restful_token_auth')
->entityCondition('bundle', 'access_token')
->propertyCondition('token', $access_token)
->execute();
if (empty($result['restful_token_auth'])) {
$this
->fail('No token was found.');
}
// Load the token.
$access_id = key($result['restful_token_auth']);
$token = entity_load_single('restful_token_auth', $access_id);
$token->expire = REQUEST_TIME - 60 * 24;
$token
->save();
// Clear the restful handler, to make sure the user set by RESTful is
// cleared.
drupal_static_reset('restful_get_restful_handler');
// Make a GET request to trigger a deletion of the token.
$handler = restful_get_restful_handler('articles', 1, 3);
try {
$handler
->get($id, array(
'access_token' => $access_token,
));
$this
->fail('"Unauthorized" exception not thrown for expired token.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown for expired token.');
}
// Make sure the token was deleted.
$query = new \EntityFieldQuery();
$count = $query
->entityCondition('entity_type', 'restful_token_auth')
->entityCondition('bundle', 'access_token')
->propertyCondition('token', $access_token)
->count()
->execute();
$this
->assertFalse($count, 'The token was deleted.');
// Test the refresh capabilities.
$handler = restful_get_restful_handler('refresh_token');
$result = $handler
->get($refresh_token);
$this
->assertNotNull($result['access_token'], 'A new access token granted for a valid refresh token.');
$this
->assertNotNull($result['refresh_token'], 'A new refresh token granted for a valid refresh token.');
$this
->assertNotEqual($refresh_token, $result['refresh_token']);
// Test invalid refresh token.
try {
$handler
->get('invalid');
$this
->fail('"Bad Request" exception not thrown.');
} catch (\RestfulBadRequestException $e) {
$this
->pass('"Bad Request" exception was thrown.');
}
}
}Classes
Name |
Description |
|---|---|
| RestfulTokenAuthenticationTestCase | @file Contains RestfulTokenAuthenticationTestCase. |