minor #73 Add authorization tests (X-Coder264)

chalasr · chalasr · commit 429864aef9ef · 2021-12-16T13:23:23.000+01:00
This PR was merged into the 0.1-dev branch. Discussion ---------- Add authorization tests This PR adds a regression test which was previously missing (it checks that the bundle integrates properly with Symfony authorization). This test is failing on Symfony 5.4 without the changes that were made in #72 so it's needed to prove that the bundle works as intended after that change was made. Commits ------- fdff4d3 Add authorization test
diff --git a/tests/Acceptance/SecurityLayerTest.php b/tests/Acceptance/SecurityLayerTest.php
@@ -95,6 +95,40 @@ public function testAuthenticatedUserRolesRequest(): void
         $this->assertSame('These are the roles I have currently assigned: ROLE_OAUTH2_FANCY, ROLE_USER', $response->getContent());
     }
 
+    public function testSuccessfulAuthorizationForAuthenticatedUserRequest(): void
+    {
+        $accessToken = $this->client
+            ->getContainer()
+            ->get(AccessTokenManagerInterface::class)
+            ->find(FixtureFactory::FIXTURE_ACCESS_TOKEN_USER_BOUND_WITH_SCOPES);
+
+        $this->client->request('GET', '/security-test-authorization', [], [], [
+            'HTTP_AUTHORIZATION' => sprintf('Bearer %s', TestHelper::generateJwtToken($accessToken)),
+        ]);
+
+        $response = $this->client->getResponse();
+
+        $this->assertSame(200, $response->getStatusCode());
+        $this->assertSame('access granted', $response->getContent());
+    }
+
+    public function testUnsuccessfulAuthorizationForAuthenticatedUserRequest(): void
+    {
+        $accessToken = $this->client
+            ->getContainer()
+            ->get(AccessTokenManagerInterface::class)
+            ->find(FixtureFactory::FIXTURE_ACCESS_TOKEN_USER_BOUND);
+
+        $this->client->request('GET', '/security-test-authorization', [], [], [
+            'HTTP_AUTHORIZATION' => sprintf('Bearer %s', TestHelper::generateJwtToken($accessToken)),
+        ]);
+
+        $response = $this->client->getResponse();
+
+        $this->assertSame(403, $response->getStatusCode());
+        $this->assertNotSame('access granted', $response->getContent());
+    }
+
     public function testExpiredRequest(): void
     {
         $accessToken = $this->client
diff --git a/tests/Fixtures/SecurityTestController.php b/tests/Fixtures/SecurityTestController.php
@@ -48,4 +48,11 @@ public function rolesAction(): Response
             )
         );
     }
+
+    public function authorizationAction(): Response
+    {
+        $this->denyAccessUnlessGranted('ROLE_OAUTH2_FANCY');
+
+        return new Response('access granted');
+    }
 }
diff --git a/tests/Fixtures/routes.php b/tests/Fixtures/routes.php
@@ -23,5 +23,8 @@
         ->defaults([
             'oauth2_scopes' => ['fancy'],
         ])
+
+        ->add('security_test_authorization', '/security-test-authorization')
+        ->controller([SecurityTestController::class, 'authorizationAction'])
     ;
 };

Original file line number	Diff line number	Diff line change
`@@ -48,4 +48,11 @@ public function rolesAction(): Response`
`48`	`48`	`)`
`49`	`49`	`);`
`50`	`50`	`}`
	`51`	`+`
	`52`	`+ public function authorizationAction(): Response`
	`53`	`+ {`
	`54`	`+ $this->denyAccessUnlessGranted('ROLE_OAUTH2_FANCY');`
	`55`	`+`
	`56`	`+ return new Response('access granted');`
	`57`	`+ }`
`51`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,5 +23,8 @@`
`23`	`23`	`->defaults([`
`24`	`24`	`'oauth2_scopes' => ['fancy'],`
`25`	`25`	`])`
	`26`	`+`
	`27`	`+ ->add('security_test_authorization', '/security-test-authorization')`
	`28`	`+ ->controller([SecurityTestController::class, 'authorizationAction'])`
`26`	`29`	`;`
`27`	`30`	`};`