protected function tearDown()
{
parent::tearDown();
$this->_oAuthClients = [];
if (isset(self::$_consumer)) {
self::$_consumer->delete();
self::$_token->delete();
}
}
/**
* @magentoDataFixture Magento/User/_files/user_with_role.php
*/
public function testCreateAdminAccessToken()
{
$adminUserNameFromFixture = 'adminUser';
$accessToken = $this->tokenService->createAdminAccessToken($adminUserNameFromFixture, \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD);
$adminUserId = $this->userModel->loadByUsername($adminUserNameFromFixture)->getId();
/** @var $token TokenModel */
$token = $this->tokenModel->loadByAdminId($adminUserId)->getToken();
$this->assertEquals($accessToken, $token);
}
/**
* @magentoDataFixture Magento/Customer/_files/customer.php
*/
public function testCreateCustomerAccessToken()
{
$customerUserName = '******';
$password = '******';
$accessToken = $this->tokenService->createCustomerAccessToken($customerUserName, $password);
$customerData = $this->customerAccountService->authenticate($customerUserName, $password);
/** @var $token TokenModel */
$token = $this->tokenModel->loadByCustomerId($customerData->getId())->getToken();
$this->assertEquals($accessToken, $token);
}
/**
* @expectedException \Magento\Framework\Exception\LocalizedException
* @expectedExceptionMessage The tokens could not be revoked.
*/
public function testRevokeCustomerAccessTokenCannotRevoked()
{
$exception = new \Exception();
$customerId = 1;
$this->_tokenModelCollectionMock->expects($this->once())->method('addFilterByCustomerId')->with($customerId)->will($this->returnValue($this->_tokenModelCollectionMock));
$this->_tokenModelCollectionMock->expects($this->once())->method('getSize')->will($this->returnValue(1));
$this->_tokenModelCollectionMock->expects($this->once())->method('getIterator')->will($this->returnValue(new \ArrayIterator([$this->_tokenMock])));
$this->_tokenMock->expects($this->never())->method('save');
$this->_tokenMock->expects($this->once())->method('setRevoked')->will($this->throwException($exception));
$this->_tokenService->revokeCustomerAccessToken($customerId);
}
/**
* @magentoApiDataFixture Magento/User/_files/user_with_role.php
*/
public function testCreateAdminAccessToken()
{
$adminUserNameFromFixture = 'adminUser';
$serviceInfo = ['rest' => ['resourcePath' => self::RESOURCE_PATH_ADMIN_TOKEN, 'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST]];
$requestData = ['username' => $adminUserNameFromFixture, 'password' => \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD];
$accessToken = $this->_webApiCall($serviceInfo, $requestData);
$adminUserId = $this->userModel->loadByUsername($adminUserNameFromFixture)->getId();
/** @var $token TokenModel */
$token = $this->tokenModel->loadByAdminId($adminUserId)->getToken();
$this->assertEquals($accessToken, $token);
}
/**
* @magentoApiDataFixture Magento/Customer/_files/customer.php
*/
public function testCreateCustomerAccessToken()
{
$customerUserName = '******';
$password = '******';
$serviceInfo = ['rest' => ['resourcePath' => self::RESOURCE_PATH_CUSTOMER_TOKEN, 'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST]];
$requestData = ['username' => $customerUserName, 'password' => $password];
$accessToken = $this->_webApiCall($serviceInfo, $requestData);
$customerData = $this->customerAccountManagement->authenticate($customerUserName, $password);
/** @var $token TokenModel */
$token = $this->tokenModel->loadByCustomerId($customerData->getId())->getToken();
$this->assertEquals($accessToken, $token);
}
public function testGetAccessSuccess()
{
$this->_consumerMock->expects($this->any())->method('load')->with(self::VALUE_CONSUMER_ID)->will($this->returnValue($this->_consumerMock));
$this->_tokenMock->expects($this->once())->method('getType')->will($this->returnValue(Token::TYPE_ACCESS));
$this->_tokenProviderMock->expects($this->any())->method('getIntegrationTokenByConsumerId')->will($this->returnValue($this->_tokenMock));
$this->assertEquals($this->_service->getAccessToken(self::VALUE_CONSUMER_ID), $this->_tokenMock);
}
/**
* Make sure provided token is valid and belongs to the specified user.
*
* @param string $username
* @param string $accessToken
*/
private function assertToken($username, $accessToken)
{
$adminUserId = $this->userModel->loadByUsername($username)->getId();
/** @var $token TokenModel */
$token = $this->tokenModel->loadByAdminId($adminUserId)->getToken();
$this->assertEquals($accessToken, $token);
}
public function testValidate()
{
$token = 'token';
$secret = 'secret';
$verifier = 'verifier';
$this->tokenModel->setCallbackUrl('notCallbackEstablished');
$this->validatorMock->expects($this->once())->method('isValid')->willReturn(true);
$this->keyLengthFactoryMock->expects($this->once())->method('create')->willReturn(
$this->validatorKeyLengthMock
);
$this->tokenModel->setSecret($secret);
$this->tokenModel->setToken($token);
$this->tokenModel->setData('verifier', $verifier);
$this->validatorKeyLengthMock->expects($this->exactly(3))->method('isValid')->willReturnMap(
[
[$secret, true],
[$token, true],
[$verifier, true],
]
);
$this->assertTrue($this->tokenModel->validate());
}
public function testPostToConsumer()
{
$consumerId = 1;
$key = $this->_generateRandomString(\Magento\Framework\Oauth\Helper\Oauth::LENGTH_CONSUMER_KEY);
$secret = $this->_generateRandomString(\Magento\Framework\Oauth\Helper\Oauth::LENGTH_CONSUMER_SECRET);
$oauthVerifier = $this->_generateRandomString(\Magento\Framework\Oauth\Helper\Oauth::LENGTH_TOKEN_VERIFIER);
$consumerData = ['entity_id' => $consumerId, 'key' => $key, 'secret' => $secret];
$this->_consumerMock->expects($this->once())->method('load')->with($this->equalTo($consumerId))->will($this->returnSelf());
$this->_consumerMock->expects($this->once())->method('getId')->will($this->returnValue($consumerId));
$this->_consumerMock->expects($this->once())->method('getData')->will($this->returnValue($consumerData));
$this->_httpClientMock->expects($this->once())->method('setUri')->with('http://www.magento.com')->will($this->returnSelf());
$this->_httpClientMock->expects($this->once())->method('setParameterPost')->will($this->returnSelf());
$this->_tokenMock->expects($this->once())->method('createVerifierToken')->with($consumerId)->will($this->returnSelf());
$this->_tokenMock->expects($this->any())->method('getVerifier')->will($this->returnValue($oauthVerifier));
$this->_dataHelper->expects($this->once())->method('getConsumerPostMaxRedirects')->will($this->returnValue(5));
$this->_dataHelper->expects($this->once())->method('getConsumerPostTimeout')->will($this->returnValue(120));
$verifier = $this->_oauthService->postToConsumer($consumerId, 'http://www.magento.com');
$this->assertEquals($oauthVerifier, $verifier, 'Checking Oauth Verifier');
}
/**
* Clean up old authorized tokens for specified consumer-user pairs
*
* @param \Magento\Integration\Model\Oauth\Token $exceptToken Token just created to exclude from delete
* @throws \Magento\Framework\Model\Exception
* @return int The number of affected rows
*/
public function cleanOldAuthorizedTokensExcept(\Magento\Integration\Model\Oauth\Token $exceptToken)
{
if (!$exceptToken->getId() || !$exceptToken->getAuthorized()) {
throw new \Magento\Framework\Model\Exception('Invalid token to except');
}
$adapter = $this->_getWriteAdapter();
$where = $adapter->quoteInto('authorized = 1 AND consumer_id = ?', $exceptToken->getConsumerId(), \Zend_Db::INT_TYPE);
$where .= $adapter->quoteInto(' AND entity_id <> ?', $exceptToken->getId(), \Zend_Db::INT_TYPE);
if ($exceptToken->getCustomerId()) {
$where .= $adapter->quoteInto(' AND customer_id = ?', $exceptToken->getCustomerId(), \Zend_Db::INT_TYPE);
} elseif ($exceptToken->getAdminId()) {
$where .= $adapter->quoteInto(' AND admin_id = ?', $exceptToken->getAdminId(), \Zend_Db::INT_TYPE);
} else {
throw new \Magento\Framework\Model\Exception('Invalid token to except');
}
return $adapter->delete($this->getMainTable(), $where);
}
protected function _setupToken($doesExist = true, $type = \Magento\Integration\Model\Oauth\Token::TYPE_VERIFIER, $consumerId = self::CONSUMER_ID, $verifier = null, $isRevoked = false)
{
$this->_tokenMock->expects($this->any())->method('getId')->will($this->returnValue($doesExist ? self::CONSUMER_ID : null));
$verifier = $verifier ?: $this->_oauthVerifier;
$this->_tokenMock->expects($this->any())->method('load')->will($this->returnSelf());
$this->_tokenMock->expects($this->any())->method('getType')->will($this->returnValue($type));
$this->_tokenMock->expects($this->any())->method('createRequestToken')->will($this->returnSelf());
$this->_tokenMock->expects($this->any())->method('getToken')->will($this->returnValue($this->_oauthToken));
$this->_tokenMock->expects($this->any())->method('getSecret')->will($this->returnValue($this->_oauthSecret));
$this->_tokenMock->expects($this->any())->method('getConsumerId')->will($this->returnValue($consumerId));
$this->_tokenMock->expects($this->any())->method('getVerifier')->will($this->returnValue($verifier));
$this->_tokenMock->expects($this->any())->method('convertToAccess')->will($this->returnSelf());
$this->_tokenMock->expects($this->any())->method('getRevoked')->will($this->returnValue($isRevoked));
}
/**
* @expectedException \Magento\Framework\Oauth\Exception
* @expectedExceptionMessage Access token has been revoked
*/
public function testValidateAccessTokenRevoked()
{
$accessTokenString = '12345678901234567890123456789012';
$tokenId = 1;
$consumerId = 1;
$this->accessTokenMock->expects($this->once())->method('load')->with($accessTokenString, 'token')->willReturnSelf();
$this->tokenFactoryMock->expects($this->once())->method('create')->willReturn($this->accessTokenMock);
$this->accessTokenMock->expects($this->any())->method('getId')->willReturn($tokenId);
$this->accessTokenMock->expects($this->any())->method('getConsumerId')->willReturn($consumerId);
$this->consumerFactoryMock->expects($this->any())->method('create')->willReturn($this->consumerMock);
$this->consumerMock->expects($this->any())->method('load')->willReturnSelf();
$this->consumerMock->expects($this->any())->method('getId')->willReturn($consumerId);
$this->accessTokenMock->expects($this->once())->method('getType')->willReturn(Token::TYPE_ACCESS);
$this->accessTokenMock->expects($this->once())->method('getRevoked')->willReturn(1);
$this->tokenProvider->validateAccessToken($accessTokenString);
}
/**
* Check if token belongs to the same consumer.
*
* @param Token $token
* @param \Magento\Framework\Oauth\ConsumerInterface $consumer
* @return bool
*/
protected function _isTokenAssociatedToConsumer($token, $consumer)
{
return $token->getConsumerId() == $consumer->getId();
}
/**
* @param Token $token
* @return void
*/
protected function setUserDataViaToken(Token $token)
{
$this->userType = $token->getUserType();
switch ($this->userType) {
case UserContextInterface::USER_TYPE_INTEGRATION:
$this->userId = $this->integrationService->findByConsumerId($token->getConsumerId())->getId();
$this->userType = UserContextInterface::USER_TYPE_INTEGRATION;
break;
case UserContextInterface::USER_TYPE_ADMIN:
$this->userId = $token->getAdminId();
$this->userType = UserContextInterface::USER_TYPE_ADMIN;
break;
case UserContextInterface::USER_TYPE_CUSTOMER:
$this->userId = $token->getCustomerId();
$this->userType = UserContextInterface::USER_TYPE_CUSTOMER;
break;
default:
/* this is an unknown user type so reset the cached user type */
$this->userType = null;
}
}
