search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'install_35_STABLE' of https://git.in.moodle.com/amosbot/moodle-install...
[moodle.git] / lib / tests / oauth2_test.php
blob0f19b6fc0d658715e661abf6250879a6722c0648
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * Tests for oauth2 apis (\core\oauth2\*).
19 *
20 * @package core
21 * @copyright 2017 Damyon Wiese
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
23 */
24
25 defined('MOODLE_INTERNAL') || die();
26
27 /**
28 * Tests for oauth2 apis (\core\oauth2\*).
29 *
30 * @package core
31 * @copyright 2017 Damyon Wiese
32 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
33 */
34 class core_oauth2_testcase extends advanced_testcase {
35
36 /**
37 * Tests the crud operations on oauth2 issuers.
38 */
39 public function test_create_and_delete_standard_issuers() {
40 $this->resetAfterTest();
41 $this->setAdminUser();
42 \core\oauth2\api::create_standard_issuer('google');
43 \core\oauth2\api::create_standard_issuer('facebook');
44 \core\oauth2\api::create_standard_issuer('microsoft');
45
46 $issuers = \core\oauth2\api::get_all_issuers();
47
48 $this->assertEquals($issuers[0]->get('name'), 'Google');
49 $this->assertEquals($issuers[1]->get('name'), 'Facebook');
50 $this->assertEquals($issuers[2]->get('name'), 'Microsoft');
51
52 \core\oauth2\api::move_down_issuer($issuers[0]->get('id'));
53
54 $issuers = \core\oauth2\api::get_all_issuers();
55
56 $this->assertEquals($issuers[0]->get('name'), 'Facebook');
57 $this->assertEquals($issuers[1]->get('name'), 'Google');
58 $this->assertEquals($issuers[2]->get('name'), 'Microsoft');
59
60 \core\oauth2\api::delete_issuer($issuers[1]->get('id'));
61
62 $issuers = \core\oauth2\api::get_all_issuers();
63
64 $this->assertEquals($issuers[0]->get('name'), 'Facebook');
65 $this->assertEquals($issuers[1]->get('name'), 'Microsoft');
66 }
67
68 /**
69 * Tests we can list and delete each of the persistents related to an issuer.
70 */
71 public function test_getters() {
72 $this->resetAfterTest();
73 $this->setAdminUser();
74 $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
75
76 $same = \core\oauth2\api::get_issuer($issuer->get('id'));
77
78 foreach ($same->properties_definition() as $name => $def) {
79 $this->assertTrue($issuer->get($name) == $same->get($name));
80 }
81
82 $endpoints = \core\oauth2\api::get_endpoints($issuer);
83 $same = \core\oauth2\api::get_endpoint($endpoints[0]->get('id'));
84 $this->assertEquals($endpoints[0]->get('id'), $same->get('id'));
85 $this->assertEquals($endpoints[0]->get('name'), $same->get('name'));
86
87 $todelete = $endpoints[0];
88 \core\oauth2\api::delete_endpoint($todelete->get('id'));
89 $endpoints = \core\oauth2\api::get_endpoints($issuer);
90 $this->assertNotEquals($endpoints[0]->get('id'), $todelete->get('id'));
91
92 $userfields = \core\oauth2\api::get_user_field_mappings($issuer);
93 $same = \core\oauth2\api::get_user_field_mapping($userfields[0]->get('id'));
94 $this->assertEquals($userfields[0]->get('id'), $same->get('id'));
95
96 $todelete = $userfields[0];
97 \core\oauth2\api::delete_user_field_mapping($todelete->get('id'));
98 $userfields = \core\oauth2\api::get_user_field_mappings($issuer);
99 $this->assertNotEquals($userfields[0]->get('id'), $todelete->get('id'));
100 }
101
102 /**
103 * Tests we can get a logged in oauth client for a system account.
104 */
105 public function test_get_system_oauth_client() {
106 $this->resetAfterTest();
107 $this->setAdminUser();
108
109 $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
110
111 $requiredscopes = \core\oauth2\api::get_system_scopes_for_issuer($issuer);
112 // Fake a system account.
113 $data = (object) [
114 'issuerid' => $issuer->get('id'),
115 'refreshtoken' => 'abc',
116 'grantedscopes' => $requiredscopes,
117 'email' => 'sys@example.com',
118 'username' => 'sys'
119 ];
120 $sys = new \core\oauth2\system_account(0, $data);
121 $sys->create();
122
123 // Fake a response with an access token.
124 $response = json_encode(
125 (object) [
126 'access_token' => 'fdas...',
127 'token_type' => 'Bearer',
128 'expires_in' => '3600',
129 'id_token' => 'llfsd..',
130 ]
131 );
132 curl::mock_response($response);
133 $client = \core\oauth2\api::get_system_oauth_client($issuer);
134 $this->assertTrue($client->is_logged_in());
135 }
136
137 /**
138 * Tests we can enable and disable an issuer.
139 */
140 public function test_enable_disable_issuer() {
141 $this->resetAfterTest();
142 $this->setAdminUser();
143
144 $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
145
146 $issuerid = $issuer->get('id');
147
148 \core\oauth2\api::enable_issuer($issuerid);
149 $check = \core\oauth2\api::get_issuer($issuer->get('id'));
150 $this->assertTrue((boolean)$check->get('enabled'));
151
152 \core\oauth2\api::enable_issuer($issuerid);
153 $check = \core\oauth2\api::get_issuer($issuer->get('id'));
154 $this->assertTrue((boolean)$check->get('enabled'));
155
156 \core\oauth2\api::disable_issuer($issuerid);
157 $check = \core\oauth2\api::get_issuer($issuer->get('id'));
158 $this->assertFalse((boolean)$check->get('enabled'));
159
160 \core\oauth2\api::enable_issuer($issuerid);
161 $check = \core\oauth2\api::get_issuer($issuer->get('id'));
162 $this->assertTrue((boolean)$check->get('enabled'));
163 }
164
165 /**
166 * Test the alloweddomains for an issuer.
167 */
168 public function test_issuer_alloweddomains() {
169 $this->resetAfterTest();
170 $this->setAdminUser();
171
172 $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
173
174 $issuer->set('alloweddomains', '');
175
176 // Anything is allowed when domain is empty.
177 $this->assertTrue($issuer->is_valid_login_domain(''));
178 $this->assertTrue($issuer->is_valid_login_domain('a@b'));
179 $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
180
181 $issuer->set('alloweddomains', 'example.com');
182
183 // One domain - must match exactly - no substrings etc.
184 $this->assertFalse($issuer->is_valid_login_domain(''));
185 $this->assertFalse($issuer->is_valid_login_domain('a@b'));
186 $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
187 $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
188
189 $issuer->set('alloweddomains', 'example.com,example.net');
190 // Multiple domains - must match any exactly - no substrings etc.
191 $this->assertFalse($issuer->is_valid_login_domain(''));
192 $this->assertFalse($issuer->is_valid_login_domain('a@b'));
193 $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
194 $this->assertFalse($issuer->is_valid_login_domain('invalid@email@example.net'));
195 $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.net'));
196 $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
197
198 $issuer->set('alloweddomains', '*.example.com');
199 // Wildcard.
200 $this->assertFalse($issuer->is_valid_login_domain(''));
201 $this->assertFalse($issuer->is_valid_login_domain('a@b'));
202 $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
203 $this->assertFalse($issuer->is_valid_login_domain('longer.example@example.com'));
204 $this->assertTrue($issuer->is_valid_login_domain('longer.example@sub.example.com'));
205 }
206
207 }
Read-only mirror of the Moodle CVS