t/db_dependent/api/v1/oauth.t

   1 #!/usr/bin/env perl
   2
   3 # This file is part of Koha.
   4 #
   5 # Koha is free software; you can redistribute it and/or modify it under the
   6 # terms of the GNU General Public License as published by the Free Software
   7 # Foundation; either version 3 of the License, or (at your option) any later
   8 # version.
   9 #
  10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
  11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  12 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License along
  15 # with Koha; if not, write to the Free Software Foundation, Inc.,
  16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17
  18 use Modern::Perl;
  19
  20 use Test::More tests => 1;
  21 use Test::Mojo;
  22
  23 use Koha::Database;
  24 use Koha::Patrons;
  25
  26 use t::lib::Mocks;
  27 use t::lib::TestBuilder;
  28
  29 my $t = Test::Mojo->new('Koha::REST::V1');
  30 my $schema  = Koha::Database->new->schema;
  31 my $builder = t::lib::TestBuilder->new();
  32
  33 subtest '/oauth/token tests' => sub {
  34     plan tests => 19;
  35
  36     $schema->storage->txn_begin;
  37
  38     my $borrower = $builder->build({
  39         source => 'Borrower',
  40         value  => {
  41             surname => 'Test OAuth',
  42             flags => 0,
  43         },
  44     });
  45     my $patron = Koha::Patrons->find($borrower->{borrowernumber});
  46
  47     # Missing parameter grant_type
  48     $t->post_ok('/api/v1/oauth/token')
  49         ->status_is(400);
  50
  51     # Wrong grant type
  52     $t->post_ok('/api/v1/oauth/token', form => { grant_type => 'password' })
  53         ->status_is(400)
  54         ->json_is({error => 'Unimplemented grant type'});
  55
  56     # No client_id/client_secret
  57     $t->post_ok('/api/v1/oauth/token', form => { grant_type => 'client_credentials' })
  58         ->status_is(403)
  59         ->json_is({error => 'unauthorized_client'});
  60
  61     my ($client_id, $client_secret) = ('client1', 'secr3t');
  62     t::lib::Mocks::mock_config('api_client', {
  63         'client_id' => $client_id,
  64         'client_secret' => $client_secret,
  65         patron_id => $patron->borrowernumber,
  66     });
  67
  68     my $formData = {
  69         grant_type => 'client_credentials',
  70         client_id => $client_id,
  71         client_secret => $client_secret,
  72     };
  73     $t->post_ok('/api/v1/oauth/token', form => $formData)
  74         ->status_is(200)
  75         ->json_is('/expires_in' => 3600)
  76         ->json_is('/token_type' => 'Bearer')
  77         ->json_has('/access_token');
  78
  79     my $access_token = $t->tx->res->json->{access_token};
  80
  81     # Without access token, it returns 401
  82     $t->get_ok('/api/v1/patrons')->status_is(401);
  83
  84     # With access token, but without permissions, it returns 403
  85     my $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
  86     $tx->req->headers->authorization("Bearer $access_token");
  87     $t->request_ok($tx)->status_is(403);
  88
  89     # With access token and permissions, it returns 200
  90     $patron->flags(2**4)->store;
  91     $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
  92     $tx->req->headers->authorization("Bearer $access_token");
  93     $t->request_ok($tx)->status_is(200);
  94
  95     $schema->storage->txn_rollback;
  96 };