Skip to content

Commit

Permalink
fix(refresh token): indent with spaces
Browse files Browse the repository at this point in the history
  • Loading branch information
@marchrius
marchrius committed Oct 2, 2024
1 parent f4ae050 commit 169f867
Show file tree
Hide file tree
Showing 3 changed files with 742 additions and 742 deletions.
386 changes: 193 additions & 193 deletions tests/src/AccessTokenTest.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?php declare( strict_types=1 );
<?php declare(strict_types=1);

namespace UsefulTeam\Tests\JwtAuth;

Expand All @@ -8,197 +8,197 @@

final class AccessTokenTest extends TestCase {

use RestTestTrait;

/**
* @throws GuzzleException
*/
public function testToken(): string {
$response = $this->client->post( '/wp-json/jwt-auth/v1/token', [
'form_params' => [
'username' => $this->username,
'password' => $this->password,
],
] );
$body = json_decode( $response->getBody()->getContents(), true );
$this->assertEquals( 'jwt_auth_valid_credential', $body['code'] );
$this->assertEquals( 200, $response->getStatusCode() );
$this->assertEquals( true, $body['success'] );

$this->assertArrayHasKey( 'data', $body );
$this->assertArrayHasKey( 'token', $body['data'] );
$this->token = $body['data']['token'];
$this->assertNotEmpty( $this->token );

if ( $this->flow === 'cookie' ) {
$cookie = $this->cookies->getCookieByName( 'refresh_token' );
$this->refreshToken = $cookie->getValue();
} else {
$this->assertArrayHasKey( 'refresh_token', $body['data'] );
$this->refreshToken = $body['data']['refresh_token'];
}

$this->assertNotEmpty( $this->refreshToken );
$this->assertNotEquals( $this->token, $this->refreshToken );

return $this->token;
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenWithEditedTokenType( string $token ): void {
$this->assertNotEmpty( $token );

$payload = json_decode( base64_decode( explode( '.', $token )[1] ), false );
$payload->typ = 'refresh';
$malicious_token = implode( '.', [
explode( '.', $token )[0],
base64_encode( json_encode( $payload ) ),
explode( '.', $token )[2],
] );

$request_options = array();

if ( $this->flow === 'cookie' ) {
$cookies = [
'refresh_token' => $malicious_token,
];
$domain = $this->getDomain();
$cookies = CookieJar::fromArray( $cookies, $domain );
$request_options['cookies'] = $cookies;
} else if ($this->flow === 'body') {
$request_options[\GuzzleHttp\RequestOptions::JSON] = [
'refresh_token' => $token,
];
} else {
$request_options['form_params'] = [
'refresh_token' => $token,
];
}

$response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options );
$body = json_decode( $response->getBody()->getContents(), true );
$this->assertIsArray( $body );
$this->assertArrayHasKey( 'data', $body );
$this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] );
$this->assertEquals( 401, $response->getStatusCode() );
$this->assertEquals( false, $body['success'] );
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenValidate( string $token ): void {
$this->assertNotEmpty( $token );

$response = $this->client->post( '/wp-json/jwt-auth/v1/token/validate', [
'headers' => [
'Authorization' => "Bearer $token",
],
] );
$body = json_decode( $response->getBody()->getContents(), true );
$this->assertEquals( 'jwt_auth_valid_token', $body['code'] );
$this->assertEquals( 200, $response->getStatusCode() );
$this->assertEquals( true, $body['success'] );
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenValidateWithInvalidToken( string $token ): void {
$this->assertNotEmpty( $token );

$response = $this->client->post( '/wp-json/jwt-auth/v1/token/validate', [
'headers' => [
'Authorization' => "Bearer {$token}123",
],
] );
$body = json_decode( $response->getBody()->getContents(), true );
$this->assertEquals( 'jwt_auth_invalid_token', $body['code'] );
$this->assertEquals( 401, $response->getStatusCode() );
$this->assertEquals( false, $body['success'] );
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenRefreshWithInvalidToken( string $token ): void {
$this->assertNotEmpty( $token );

$response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', [
'headers' => [
'Authorization' => "Bearer {$token}",
],
] );
$body = json_decode( $response->getBody()->getContents(), true );
if ( $this->flow === 'cookie' ) {
$this->assertEquals( 'jwt_auth_no_auth_cookie', $body['code'] );
} else {
$this->assertEquals( 'jwt_auth_no_refresh_token', $body['code'] );
}
$this->assertEquals( 401, $response->getStatusCode() );
$this->assertEquals( false, $body['success'] );

$request_options = array();

if ( $this->flow === 'cookie' ) {
$cookies = [
'refresh_token' => $token,
];
$domain = $this->getDomain();
$cookies = CookieJar::fromArray( $cookies, $domain );
$request_options['cookies'] = $cookies;
} else if ($this->flow === 'body') {
$request_options[\GuzzleHttp\RequestOptions::JSON] = [
'refresh_token' => $token,
];
} else {
$request_options['form_params'] = [
'refresh_token' => $token,
];
}
$response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options );
$body = json_decode( $response->getBody()->getContents(), true );
$this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] );
$this->assertEquals( 401, $response->getStatusCode() );
$this->assertEquals( false, $body['success'] );
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenWithInvalidRefreshToken( string $token ): void {
$this->assertNotEmpty( $token );

$request_options = array();

if ( $this->flow === 'cookie' ) {
$cookies = [
'refresh_token' => $token,
];
$domain = $this->getDomain();
$cookies = CookieJar::fromArray( $cookies, $domain );
$request_options['cookies'] = $cookies;
} else if ($this->flow === 'body') {
$request_options[\GuzzleHttp\RequestOptions::JSON] = [
'refresh_token' => $token,
];
} else {
$request_options['form_params'] = [
'refresh_token' => $token,
];
}
$response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options );
$body = json_decode( $response->getBody()->getContents(), true );
$this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] );
$this->assertEquals( 401, $response->getStatusCode() );
$this->assertEquals( false, $body['success'] );
}
use RestTestTrait;

/**
* @throws GuzzleException
*/
public function testToken(): string {
$response = $this->client->post('/wp-json/jwt-auth/v1/token', [
'form_params' => [
'username' => $this->username,
'password' => $this->password,
],
]);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertEquals('jwt_auth_valid_credential', $body['code']);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals(true, $body['success']);

$this->assertArrayHasKey('data', $body);
$this->assertArrayHasKey('token', $body['data']);
$this->token = $body['data']['token'];
$this->assertNotEmpty( $this->token );

if ($this->flow === 'cookie') {
$cookie = $this->cookies->getCookieByName('refresh_token');
$this->refreshToken = $cookie->getValue();
} else {
$this->assertArrayHasKey('refresh_token', $body['data']);
$this->refreshToken = $body['data']['refresh_token'];
}

$this->assertNotEmpty($this->refreshToken);
$this->assertNotEquals($this->token, $this->refreshToken);

return $this->token;
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenWithEditedTokenType(string $token): void {
$this->assertNotEmpty($token);

$payload = json_decode(base64_decode(explode('.', $token)[1]), false);
$payload->typ = 'refresh';
$malicious_token = implode('.', [
explode('.', $token )[0],
base64_encode(json_encode($payload)),
explode('.', $token )[2],
]);

$request_options = array();

if ($this->flow === 'cookie') {
$cookies = [
'refresh_token' => $malicious_token,
];
$domain = $this->getDomain();
$cookies = CookieJar::fromArray($cookies, $domain);
$request_options['cookies'] = $cookies;
} else if ($this->flow === 'body') {
$request_options[\GuzzleHttp\RequestOptions::JSON] = [
'refresh_token' => $token,
];
} else {
$request_options['form_params'] = [
'refresh_token' => $token,
];
}

$response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertIsArray($body);
$this->assertArrayHasKey('data', $body);
$this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']);
$this->assertEquals(401, $response->getStatusCode());
$this->assertEquals(false, $body['success']);
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenValidate(string $token): void {
$this->assertNotEmpty($token);

$response = $this->client->post('/wp-json/jwt-auth/v1/token/validate', [
'headers' => [
'Authorization' => "Bearer $token",
],
]);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertEquals('jwt_auth_valid_token', $body['code']);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals(true, $body['success']);
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenValidateWithInvalidToken(string $token): void {
$this->assertNotEmpty($token);

$response = $this->client->post('/wp-json/jwt-auth/v1/token/validate', [
'headers' => [
'Authorization' => "Bearer {$token}123",
],
]);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertEquals('jwt_auth_invalid_token', $body['code']);
$this->assertEquals(401, $response->getStatusCode());
$this->assertEquals(false, $body['success']);
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenRefreshWithInvalidToken(string $token): void {
$this->assertNotEmpty($token);

$response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', [
'headers' => [
'Authorization' => "Bearer {$token}",
],
]);
$body = json_decode($response->getBody()->getContents(), true);
if ($this->flow === 'cookie') {
$this->assertEquals('jwt_auth_no_auth_cookie', $body['code']);
} else {
$this->assertEquals('jwt_auth_no_refresh_token', $body['code']);
}
$this->assertEquals(401, $response->getStatusCode());
$this->assertEquals(false, $body['success']);

$request_options = array();

if ($this->flow === 'cookie') {
$cookies = [
'refresh_token' => $token,
];
$domain = $this->getDomain();
$cookies = CookieJar::fromArray($cookies, $domain);
$request_options['cookies'] = $cookies;
} else if ($this->flow === 'body') {
$request_options[\GuzzleHttp\RequestOptions::JSON] = [
'refresh_token' => $token,
];
} else {
$request_options['form_params'] = [
'refresh_token' => $token,
];
}
$response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']);
$this->assertEquals(401, $response->getStatusCode());
$this->assertEquals(false, $body['success']);
}

/**
* @depends testToken
* @throws GuzzleException
*/
public function testTokenWithInvalidRefreshToken(string $token): void {
$this->assertNotEmpty($token);

$request_options = array();

if ($this->flow === 'cookie') {
$cookies = [
'refresh_token' => $token,
];
$domain = $this->getDomain();
$cookies = CookieJar::fromArray( $cookies, $domain );
$request_options['cookies'] = $cookies;
} else if ($this->flow === 'body') {
$request_options[\GuzzleHttp\RequestOptions::JSON] = [
'refresh_token' => $token,
];
} else {
$request_options['form_params'] = [
'refresh_token' => $token,
];
}
$response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']);
$this->assertEquals(401, $response->getStatusCode());
$this->assertEquals(false, $body['success']);
}

}
Loading

0 comments on commit 169f867

Please sign in to comment.