You are here

Home » API reference » RESTful 7 » RestfulTokenAuthenticationTestCase.test » RestfulTokenAuthenticationTestCase

function RestfulTokenAuthenticationTestCase::testAuthentication in RESTful 7

Same name and namespace in other branches
  1. 7.2 modules/restful_token_auth/tests/RestfulTokenAuthenticationTestCase.test \RestfulTokenAuthenticationTestCase::testAuthentication()

Test authenticating a user.

File

modules/restful_token_auth/tests/RestfulTokenAuthenticationTestCase.test, line 50
Contains RestfulTokenAuthenticationTestCase.

Class

RestfulTokenAuthenticationTestCase
@file Contains RestfulTokenAuthenticationTestCase.

Code

function testAuthentication() {

  // Create user.
  $this->user = $this
    ->drupalCreateUser();
  $this
    ->drupalLogin($this->user);

  // Create "Article" node.
  $title1 = $this
    ->randomName();
  $settings = array(
    'type' => 'article',
    'title' => $title1,
    'uid' => $this->user->uid,
  );
  $node1 = $this
    ->drupalCreateNode($settings);
  $id = $node1->nid;

  // Get a token for the user, using the handler.
  $handler = restful_get_restful_handler('access_token');
  $result = $handler
    ->get();
  $access_token = $result['access_token'];
  $refresh_token = $result['refresh_token'];
  $this
    ->assertNotNull($access_token);
  $this
    ->assertNotNull($refresh_token);

  // Assert the token did not change.
  $result = $handler
    ->get();
  $this
    ->assertEqual($access_token, $result['access_token'], 'Access token did not change.');

  // Get a "protected" resource without the access token.
  $handler = restful_get_restful_handler('articles', 1, 3);
  try {
    $handler
      ->get($id);
    $this
      ->fail('"Unauthorized" exception not thrown.');
  } catch (\RestfulUnauthorizedException $e) {
    $this
      ->pass('"Unauthorized" exception was thrown.');
  }

  // Get a "protected" resource with invalid access token.
  try {
    $handler
      ->get($id, array(
      'access_token' => 'invalid',
    ));
    $this
      ->fail('"Unauthorized" exception not thrown.');
  } catch (\RestfulUnauthorizedException $e) {
    $this
      ->pass('"Unauthorized" exception was thrown.');
  }

  // Get a "protected" resource with refresh token as access token.
  try {
    $handler
      ->get($id, array(
      'access_token' => $refresh_token,
    ));
    $this
      ->fail('"Unauthorized" exception not thrown.');
  } catch (\RestfulUnauthorizedException $e) {
    $this
      ->pass('"Unauthorized" exception was thrown.');
  }

  // Get a "protected" resource with refresh token.
  try {
    $handler
      ->get($id, array(
      'refresh_token' => $refresh_token,
    ));
    $this
      ->fail('"Unauthorized" exception not thrown.');
  } catch (\RestfulUnauthorizedException $e) {
    $this
      ->pass('"Unauthorized" exception was thrown.');
  }

  // Get a "protected" resource with the access token.
  $response = $handler
    ->get($id, array(
    'access_token' => $access_token,
  ));
  $result = $response[0];
  $this
    ->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid access token.');

  // Get a "protected" resource with the dashed access token .
  $response = $handler
    ->get($id, array(
    'access-token' => $access_token,
  ));
  $result = $response[0];
  $this
    ->assertEqual($result['label'], $title1, 'Article resource can be accessed with valid (dashed) access token.');

  // Set the expiration token to the past.
  $query = new \EntityFieldQuery();
  $result = $query
    ->entityCondition('entity_type', 'restful_token_auth')
    ->entityCondition('bundle', 'access_token')
    ->propertyCondition('token', $access_token)
    ->execute();
  if (empty($result['restful_token_auth'])) {
    $this
      ->fail('No token was found.');
  }

  // Load the token.
  $access_id = key($result['restful_token_auth']);
  $token = entity_load_single('restful_token_auth', $access_id);
  $token->expire = REQUEST_TIME - 60 * 24;
  $token
    ->save();

  // Clear the restful handler, to make sure the user set by RESTful is
  // cleared.
  drupal_static_reset('restful_get_restful_handler');

  // Make a GET request to trigger a deletion of the token.
  $handler = restful_get_restful_handler('articles', 1, 3);
  try {
    $handler
      ->get($id, array(
      'access_token' => $access_token,
    ));
    $this
      ->fail('"Unauthorized" exception not thrown for expired token.');
  } catch (\RestfulUnauthorizedException $e) {
    $this
      ->pass('"Unauthorized" exception was thrown for expired token.');
  }

  // Make sure the token was deleted.
  $query = new \EntityFieldQuery();
  $count = $query
    ->entityCondition('entity_type', 'restful_token_auth')
    ->entityCondition('bundle', 'access_token')
    ->propertyCondition('token', $access_token)
    ->count()
    ->execute();
  $this
    ->assertFalse($count, 'The token was deleted.');

  // Test the refresh capabilities.
  $handler = restful_get_restful_handler('refresh_token');
  $result = $handler
    ->get($refresh_token);
  $this
    ->assertNotNull($result['access_token'], 'A new access token granted for a valid refresh token.');
  $this
    ->assertNotNull($result['refresh_token'], 'A new refresh token granted for a valid refresh token.');
  $this
    ->assertNotEqual($refresh_token, $result['refresh_token']);

  // Test invalid refresh token.
  try {
    $handler
      ->get('invalid');
    $this
      ->fail('"Bad Request" exception not thrown.');
  } catch (\RestfulBadRequestException $e) {
    $this
      ->pass('"Bad Request" exception was thrown.');
  }
}