3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test
::More tests
=> 1;
27 use t
::lib
::TestBuilder
;
29 my $t = Test
::Mojo
->new('Koha::REST::V1');
30 my $schema = Koha
::Database
->new->schema;
31 my $builder = t
::lib
::TestBuilder
->new();
33 subtest
'/oauth/token tests' => sub {
36 $schema->storage->txn_begin;
38 my $borrower = $builder->build({
41 surname
=> 'Test OAuth',
45 my $patron = Koha
::Patrons
->find($borrower->{borrowernumber
});
47 # Missing parameter grant_type
48 $t->post_ok('/api/v1/oauth/token')
52 $t->post_ok('/api/v1/oauth/token', form
=> { grant_type
=> 'password' })
54 ->json_is({error
=> 'Unimplemented grant type'});
56 # No client_id/client_secret
57 $t->post_ok('/api/v1/oauth/token', form
=> { grant_type
=> 'client_credentials' })
59 ->json_is({error
=> 'unauthorized_client'});
61 my ($client_id, $client_secret) = ('client1', 'secr3t');
62 t
::lib
::Mocks
::mock_config
('api_client', {
63 'client_id' => $client_id,
64 'client_secret' => $client_secret,
65 patron_id
=> $patron->borrowernumber,
69 grant_type
=> 'client_credentials',
70 client_id
=> $client_id,
71 client_secret
=> $client_secret,
73 $t->post_ok('/api/v1/oauth/token', form
=> $formData)
75 ->json_is('/expires_in' => 3600)
76 ->json_is('/token_type' => 'Bearer')
77 ->json_has('/access_token');
79 my $access_token = $t->tx->res->json->{access_token
};
81 # Without access token, it returns 401
82 $t->get_ok('/api/v1/patrons')->status_is(401);
84 # With access token, but without permissions, it returns 403
85 my $tx = $t->ua->build_tx(GET
=> '/api/v1/patrons');
86 $tx->req->headers->authorization("Bearer $access_token");
87 $t->request_ok($tx)->status_is(403);
89 # With access token and permissions, it returns 200
90 $patron->flags(2**4)->store;
91 $tx = $t->ua->build_tx(GET
=> '/api/v1/patrons');
92 $tx->req->headers->authorization("Bearer $access_token");
93 $t->request_ok($tx)->status_is(200);
95 $schema->storage->txn_rollback;