lib/tests/oauth2_test.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Tests for oauth2 apis (\core\oauth2\*).
  19  *
  20  * @package    core
  21  * @copyright  2017 Damyon Wiese
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
  23  */
  24
  25 defined('MOODLE_INTERNAL') || die();
  26
  27 /**
  28  * Tests for oauth2 apis (\core\oauth2\*).
  29  *
  30  * @package    core
  31  * @copyright  2017 Damyon Wiese
  32  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
  33  */
  34 class core_oauth2_testcase extends advanced_testcase {
  35
  36     /**
  37      * Tests the crud operations on oauth2 issuers.
  38      */
  39     public function test_create_and_delete_standard_issuers() {
  40         $this->resetAfterTest();
  41         $this->setAdminUser();
  42         \core\oauth2\api::create_standard_issuer('google');
  43         \core\oauth2\api::create_standard_issuer('facebook');
  44         \core\oauth2\api::create_standard_issuer('microsoft');
  45         \core\oauth2\api::create_standard_issuer('nextcloud', 'https://dummy.local/nextcloud/');
  46
  47         $this->expectException(\moodle_exception::class);
  48         \core\oauth2\api::create_standard_issuer('nextcloud');
  49
  50         $issuers = \core\oauth2\api::get_all_issuers();
  51
  52         $this->assertEquals($issuers[0]->get('name'), 'Google');
  53         $this->assertEquals($issuers[1]->get('name'), 'Facebook');
  54         $this->assertEquals($issuers[2]->get('name'), 'Microsoft');
  55         $this->assertEquals($issuers[3]->get('name'), 'Nextcloud');
  56
  57         \core\oauth2\api::move_down_issuer($issuers[0]->get('id'));
  58
  59         $issuers = \core\oauth2\api::get_all_issuers();
  60
  61         $this->assertEquals($issuers[0]->get('name'), 'Facebook');
  62         $this->assertEquals($issuers[1]->get('name'), 'Google');
  63         $this->assertEquals($issuers[2]->get('name'), 'Microsoft');
  64         $this->assertEquals($issuers[3]->get('name'), 'Nextcloud');
  65
  66         \core\oauth2\api::delete_issuer($issuers[1]->get('id'));
  67
  68         $issuers = \core\oauth2\api::get_all_issuers();
  69
  70         $this->assertEquals($issuers[0]->get('name'), 'Facebook');
  71         $this->assertEquals($issuers[1]->get('name'), 'Microsoft');
  72         $this->assertEquals($issuers[2]->get('name'), 'Nextcloud');
  73     }
  74
  75     /**
  76      * Tests we can list and delete each of the persistents related to an issuer.
  77      */
  78     public function test_getters() {
  79         $this->resetAfterTest();
  80         $this->setAdminUser();
  81         $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
  82
  83         $same = \core\oauth2\api::get_issuer($issuer->get('id'));
  84
  85         foreach ($same->properties_definition() as $name => $def) {
  86             $this->assertTrue($issuer->get($name) == $same->get($name));
  87         }
  88
  89         $endpoints = \core\oauth2\api::get_endpoints($issuer);
  90         $same = \core\oauth2\api::get_endpoint($endpoints[0]->get('id'));
  91         $this->assertEquals($endpoints[0]->get('id'), $same->get('id'));
  92         $this->assertEquals($endpoints[0]->get('name'), $same->get('name'));
  93
  94         $todelete = $endpoints[0];
  95         \core\oauth2\api::delete_endpoint($todelete->get('id'));
  96         $endpoints = \core\oauth2\api::get_endpoints($issuer);
  97         $this->assertNotEquals($endpoints[0]->get('id'), $todelete->get('id'));
  98
  99         $userfields = \core\oauth2\api::get_user_field_mappings($issuer);
 100         $same = \core\oauth2\api::get_user_field_mapping($userfields[0]->get('id'));
 101         $this->assertEquals($userfields[0]->get('id'), $same->get('id'));
 102
 103         $todelete = $userfields[0];
 104         \core\oauth2\api::delete_user_field_mapping($todelete->get('id'));
 105         $userfields = \core\oauth2\api::get_user_field_mappings($issuer);
 106         $this->assertNotEquals($userfields[0]->get('id'), $todelete->get('id'));
 107     }
 108
 109     /**
 110      * Tests we can get a logged in oauth client for a system account.
 111      */
 112     public function test_get_system_oauth_client() {
 113         $this->resetAfterTest();
 114         $this->setAdminUser();
 115
 116         $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
 117
 118         $requiredscopes = \core\oauth2\api::get_system_scopes_for_issuer($issuer);
 119         // Fake a system account.
 120         $data = (object) [
 121             'issuerid' => $issuer->get('id'),
 122             'refreshtoken' => 'abc',
 123             'grantedscopes' => $requiredscopes,
 124             'email' => 'sys@example.com',
 125             'username' => 'sys'
 126         ];
 127         $sys = new \core\oauth2\system_account(0, $data);
 128         $sys->create();
 129
 130         // Fake a response with an access token.
 131         $response = json_encode(
 132             (object) [
 133                 'access_token' => 'fdas...',
 134                 'token_type' => 'Bearer',
 135                 'expires_in' => '3600',
 136                 'id_token' => 'llfsd..',
 137             ]
 138         );
 139         curl::mock_response($response);
 140         $client = \core\oauth2\api::get_system_oauth_client($issuer);
 141         $this->assertTrue($client->is_logged_in());
 142     }
 143
 144     /**
 145      * Tests we can enable and disable an issuer.
 146      */
 147     public function test_enable_disable_issuer() {
 148         $this->resetAfterTest();
 149         $this->setAdminUser();
 150
 151         $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
 152
 153         $issuerid = $issuer->get('id');
 154
 155         \core\oauth2\api::enable_issuer($issuerid);
 156         $check = \core\oauth2\api::get_issuer($issuer->get('id'));
 157         $this->assertTrue((boolean)$check->get('enabled'));
 158
 159         \core\oauth2\api::enable_issuer($issuerid);
 160         $check = \core\oauth2\api::get_issuer($issuer->get('id'));
 161         $this->assertTrue((boolean)$check->get('enabled'));
 162
 163         \core\oauth2\api::disable_issuer($issuerid);
 164         $check = \core\oauth2\api::get_issuer($issuer->get('id'));
 165         $this->assertFalse((boolean)$check->get('enabled'));
 166
 167         \core\oauth2\api::enable_issuer($issuerid);
 168         $check = \core\oauth2\api::get_issuer($issuer->get('id'));
 169         $this->assertTrue((boolean)$check->get('enabled'));
 170     }
 171
 172     /**
 173      * Test the alloweddomains for an issuer.
 174      */
 175     public function test_issuer_alloweddomains() {
 176         $this->resetAfterTest();
 177         $this->setAdminUser();
 178
 179         $issuer = \core\oauth2\api::create_standard_issuer('microsoft');
 180
 181         $issuer->set('alloweddomains', '');
 182
 183         // Anything is allowed when domain is empty.
 184         $this->assertTrue($issuer->is_valid_login_domain(''));
 185         $this->assertTrue($issuer->is_valid_login_domain('a@b'));
 186         $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
 187
 188         $issuer->set('alloweddomains', 'example.com');
 189
 190         // One domain - must match exactly - no substrings etc.
 191         $this->assertFalse($issuer->is_valid_login_domain(''));
 192         $this->assertFalse($issuer->is_valid_login_domain('a@b'));
 193         $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
 194         $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
 195
 196         $issuer->set('alloweddomains', 'example.com,example.net');
 197         // Multiple domains - must match any exactly - no substrings etc.
 198         $this->assertFalse($issuer->is_valid_login_domain(''));
 199         $this->assertFalse($issuer->is_valid_login_domain('a@b'));
 200         $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
 201         $this->assertFalse($issuer->is_valid_login_domain('invalid@email@example.net'));
 202         $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.net'));
 203         $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
 204
 205         $issuer->set('alloweddomains', '*.example.com');
 206         // Wildcard.
 207         $this->assertFalse($issuer->is_valid_login_domain(''));
 208         $this->assertFalse($issuer->is_valid_login_domain('a@b'));
 209         $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
 210         $this->assertFalse($issuer->is_valid_login_domain('longer.example@example.com'));
 211         $this->assertTrue($issuer->is_valid_login_domain('longer.example@sub.example.com'));
 212     }
 213
 214 }