|
|
|
|
@ -151,6 +151,33 @@ class OauthApiControllerTest extends TestCase { |
|
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public function testGetTokenWithCodeForActiveToken() { |
|
|
|
|
// if a token has already delivered oauth tokens, |
|
|
|
|
// it should not be possible to get a new oauth token from a valid authorization code |
|
|
|
|
$tokenCreatedAt = 100; |
|
|
|
|
|
|
|
|
|
$expected = new JSONResponse([ |
|
|
|
|
'error' => 'invalid_request', |
|
|
|
|
], Http::STATUS_BAD_REQUEST); |
|
|
|
|
$expected->throttle(['invalid_request' => 'authorization_code_received_for_active_token']); |
|
|
|
|
|
|
|
|
|
$accessToken = new AccessToken(); |
|
|
|
|
$accessToken->setClientId(42); |
|
|
|
|
$accessToken->setCreatedAt($tokenCreatedAt); |
|
|
|
|
$accessToken->setTokenCount(1); |
|
|
|
|
|
|
|
|
|
$this->accessTokenMapper->method('getByCode') |
|
|
|
|
->with('validcode') |
|
|
|
|
->willReturn($accessToken); |
|
|
|
|
|
|
|
|
|
$tsNow = $tokenCreatedAt + 1; |
|
|
|
|
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow); |
|
|
|
|
$this->timeFactory->method('now') |
|
|
|
|
->willReturn($dateNow); |
|
|
|
|
|
|
|
|
|
$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public function testGetTokenClientDoesNotExist() { |
|
|
|
|
// In this test, the token's authorization code is valid and has not expired |
|
|
|
|
// and we check what happens when the associated Oauth client does not exist |
|
|
|
|
|
Julien Veyssier
2 years ago