You are here

public function PasswordFunctionalTest::testPasswordGrant in Simple OAuth (OAuth2) & OpenID Connect 8.4

Same name and namespace in other branches
  1. 8.2 tests/src/Functional/PasswordFunctionalTest.php \Drupal\Tests\simple_oauth\Functional\PasswordFunctionalTest::testPasswordGrant()
  2. 8.3 tests/src/Functional/PasswordFunctionalTest.php \Drupal\Tests\simple_oauth\Functional\PasswordFunctionalTest::testPasswordGrant()
  3. 5.x tests/src/Functional/PasswordFunctionalTest.php \Drupal\Tests\simple_oauth\Functional\PasswordFunctionalTest::testPasswordGrant()

Test the valid Password grant.

File

tests/src/Functional/PasswordFunctionalTest.php, line 20

Class

PasswordFunctionalTest
@group simple_oauth

Namespace

Drupal\Tests\simple_oauth\Functional

Code

public function testPasswordGrant() {

  // 1. Test the valid request.
  $valid_payload = [
    'grant_type' => 'password',
    'client_id' => $this->client
      ->uuid(),
    'client_secret' => $this->clientSecret,
    'username' => $this->user
      ->getAccountName(),
    'password' => $this->user->pass_raw,
    'scope' => $this->scope,
  ];
  $response = $this
    ->post($this->url, $valid_payload);
  $this
    ->assertValidTokenResponse($response, TRUE);

  // Repeat the request but pass an obtained access token as a header in
  // order to check the authentication in parallel, which will precede
  // the creation of a new token.
  $parsed = Json::decode((string) $response
    ->getBody());
  $response = $this
    ->post($this->url, $valid_payload, [
    'headers' => [
      'Authorization' => 'Bearer ' . $parsed['access_token'],
    ],
  ]);
  $this
    ->assertValidTokenResponse($response, TRUE);

  // 2. Test the valid request without scopes.
  $payload_no_scope = $valid_payload;
  unset($payload_no_scope['scope']);
  $response = $this
    ->post($this->url, $payload_no_scope);
  $this
    ->assertValidTokenResponse($response, TRUE);

  // 3. Test valid request using HTTP Basic Auth.
  $payload_no_client = $valid_payload;
  unset($payload_no_client['client_id']);
  unset($payload_no_client['client_secret']);
  $response = $this
    ->post($this->url, $payload_no_scope, [
    'auth' => [
      $this->client
        ->uuid(),
      $this->clientSecret,
    ],
  ]);
  $this
    ->assertValidTokenResponse($response, TRUE);
}