public function RolesNegotiationFunctionalTest::testRequestWithRoleRemovedFromUser in Simple OAuth (OAuth2) & OpenID Connect 8.3
Same name and namespace in other branches
- 8.2 simple_oauth_extras/tests/src/Functional/RolesNegotiationFunctionalTest.php \Drupal\Tests\simple_oauth_extras\Functional\RolesNegotiationFunctionalTest::testRequestWithRoleRemovedFromUser()
Test access to own published node with missing role on User entity.
File
- simple_oauth_extras/
tests/ src/ Functional/ RolesNegotiationFunctionalTest.php, line 116
Class
- RolesNegotiationFunctionalTest
- @group simple_oauth_extras
Namespace
Drupal\Tests\simple_oauth_extras\FunctionalCode
public function testRequestWithRoleRemovedFromUser() {
$access_token = $this
->getAccessToken([
'foo',
'bar',
]);
// Get detailed information about the authenticated user.
$response = $this
->get($this->tokenTestUrl, [
'query' => [
'_format' => 'json',
],
'headers' => [
'Authorization' => 'Bearer ' . $access_token,
],
]);
$parsed_response = Json::decode((string) $response
->getBody());
$this
->assertEquals($this->user
->id(), $parsed_response['id']);
$this
->assertEquals([
'foo',
'bar',
'authenticated',
'oof',
], $parsed_response['roles']);
$this
->assertTrue($parsed_response['permissions']['view own simple_oauth entities']['access']);
$this
->assertTrue($parsed_response['permissions']['administer simple_oauth entities']['access']);
$this->user
->removeRole('bar');
$this->user
->save();
// We have edited the user, but there was a non-expired existing token for
// that user. Even though the TokenUser has the roles assigned, the
// underlying user doesn't, so access should not be granted.
$response = $this
->get($this->tokenTestUrl, [
'query' => [
'_format' => 'json',
],
'headers' => [
'Authorization' => 'Bearer ' . $access_token,
],
]);
$parsed_response = Json::decode((string) $response
->getBody());
// The token was successfully removed. The negotiated user is the anonymous
// user.
$this
->assertEquals(0, $parsed_response['id']);
$this
->assertEquals([
'anonymous',
], $parsed_response['roles']);
$this
->assertFalse($parsed_response['permissions']['view own simple_oauth entities']['access']);
$this
->assertFalse($parsed_response['permissions']['administer simple_oauth entities']['access']);
// Request the access token again. This time the user doesn't have the role
// requested at the time of generating the token.
$access_token = $this
->getAccessToken([
'foo',
'bar',
]);
$response = $this
->get($this->tokenTestUrl, [
'query' => [
'_format' => 'json',
],
'headers' => [
'Authorization' => 'Bearer ' . $access_token,
],
]);
$parsed_response = Json::decode((string) $response
->getBody());
// The negotiated user is the expected user.
$this
->assertEquals($this->user
->id(), $parsed_response['id']);
$this
->assertEquals([
'foo',
'authenticated',
'oof',
], $parsed_response['roles']);
$this
->assertTrue($parsed_response['permissions']['view own simple_oauth entities']['access']);
$this
->assertFalse($parsed_response['permissions']['administer simple_oauth entities']['access']);
}