function RestfulTokenAuthenticationTestCase::testAuthentication in RESTful 7
Same name and namespace in other branches
- 7.2 modules/restful_token_auth/tests/RestfulTokenAuthenticationTestCase.test \RestfulTokenAuthenticationTestCase::testAuthentication()
Test authenticating a user.
File
- modules/
restful_token_auth/ tests/ RestfulTokenAuthenticationTestCase.test, line 50 - Contains RestfulTokenAuthenticationTestCase.
Class
- RestfulTokenAuthenticationTestCase
- @file Contains RestfulTokenAuthenticationTestCase.
Code
function testAuthentication() {
// Create user.
$this->user = $this
->drupalCreateUser();
$this
->drupalLogin($this->user);
// Create "Article" node.
$title1 = $this
->randomName();
$settings = array(
'type' => 'article',
'title' => $title1,
'uid' => $this->user->uid,
);
$node1 = $this
->drupalCreateNode($settings);
$id = $node1->nid;
// Get a token for the user, using the handler.
$handler = restful_get_restful_handler('access_token');
$result = $handler
->get();
$access_token = $result['access_token'];
$refresh_token = $result['refresh_token'];
$this
->assertNotNull($access_token);
$this
->assertNotNull($refresh_token);
// Assert the token did not change.
$result = $handler
->get();
$this
->assertEqual($access_token, $result['access_token'], 'Access token did not change.');
// Get a "protected" resource without the access token.
$handler = restful_get_restful_handler('articles', 1, 3);
try {
$handler
->get($id);
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with invalid access token.
try {
$handler
->get($id, array(
'access_token' => 'invalid',
));
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with refresh token as access token.
try {
$handler
->get($id, array(
'access_token' => $refresh_token,
));
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with refresh token.
try {
$handler
->get($id, array(
'refresh_token' => $refresh_token,
));
$this
->fail('"Unauthorized" exception not thrown.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown.');
}
// Get a "protected" resource with the access token.
$response = $handler
->get($id, array(
'access_token' => $access_token,
));
$result = $response[0];
$this
->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid access token.');
// Get a "protected" resource with the dashed access token .
$response = $handler
->get($id, array(
'access-token' => $access_token,
));
$result = $response[0];
$this
->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid (dashed) access token.');
// Set the expiration token to the past.
$query = new \EntityFieldQuery();
$result = $query
->entityCondition('entity_type', 'restful_token_auth')
->entityCondition('bundle', 'access_token')
->propertyCondition('token', $access_token)
->execute();
if (empty($result['restful_token_auth'])) {
$this
->fail('No token was found.');
}
// Load the token.
$access_id = key($result['restful_token_auth']);
$token = entity_load_single('restful_token_auth', $access_id);
$token->expire = REQUEST_TIME - 60 * 24;
$token
->save();
// Clear the restful handler, to make sure the user set by RESTful is
// cleared.
drupal_static_reset('restful_get_restful_handler');
// Make a GET request to trigger a deletion of the token.
$handler = restful_get_restful_handler('articles', 1, 3);
try {
$handler
->get($id, array(
'access_token' => $access_token,
));
$this
->fail('"Unauthorized" exception not thrown for expired token.');
} catch (\RestfulUnauthorizedException $e) {
$this
->pass('"Unauthorized" exception was thrown for expired token.');
}
// Make sure the token was deleted.
$query = new \EntityFieldQuery();
$count = $query
->entityCondition('entity_type', 'restful_token_auth')
->entityCondition('bundle', 'access_token')
->propertyCondition('token', $access_token)
->count()
->execute();
$this
->assertFalse($count, 'The token was deleted.');
// Test the refresh capabilities.
$handler = restful_get_restful_handler('refresh_token');
$result = $handler
->get($refresh_token);
$this
->assertNotNull($result['access_token'], 'A new access token granted for a valid refresh token.');
$this
->assertNotNull($result['refresh_token'], 'A new refresh token granted for a valid refresh token.');
$this
->assertNotEqual($refresh_token, $result['refresh_token']);
// Test invalid refresh token.
try {
$handler
->get('invalid');
$this
->fail('"Bad Request" exception not thrown.');
} catch (\RestfulBadRequestException $e) {
$this
->pass('"Bad Request" exception was thrown.');
}
}