From 169f86773d97a83bc5aa6cc203ff6a85ca02babe Mon Sep 17 00:00:00 2001 From: Matteo Gaggiano Date: Wed, 2 Oct 2024 16:48:20 +0200 Subject: [PATCH] fix(refresh token): indent with spaces --- tests/src/AccessTokenTest.php | 386 ++++++------ tests/src/RefreshTokenTest.php | 1076 ++++++++++++++++---------------- tests/src/RestTestTrait.php | 22 +- 3 files changed, 742 insertions(+), 742 deletions(-) diff --git a/tests/src/AccessTokenTest.php b/tests/src/AccessTokenTest.php index a762b92..0973a23 100644 --- a/tests/src/AccessTokenTest.php +++ b/tests/src/AccessTokenTest.php @@ -1,4 +1,4 @@ -client->post( '/wp-json/jwt-auth/v1/token', [ - 'form_params' => [ - 'username' => $this->username, - 'password' => $this->password, - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_credential', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'token', $body['data'] ); - $this->token = $body['data']['token']; - $this->assertNotEmpty( $this->token ); - - if ( $this->flow === 'cookie' ) { - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $this->refreshToken = $cookie->getValue(); - } else { - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $this->refreshToken = $body['data']['refresh_token']; - } - - $this->assertNotEmpty( $this->refreshToken ); - $this->assertNotEquals( $this->token, $this->refreshToken ); - - return $this->token; - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenWithEditedTokenType( string $token ): void { - $this->assertNotEmpty( $token ); - - $payload = json_decode( base64_decode( explode( '.', $token )[1] ), false ); - $payload->typ = 'refresh'; - $malicious_token = implode( '.', [ - explode( '.', $token )[0], - base64_encode( json_encode( $payload ) ), - explode( '.', $token )[2], - ] ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - $cookies = [ - 'refresh_token' => $malicious_token, - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - $request_options['cookies'] = $cookies; - } else if ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $token, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $token, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertIsArray( $body ); - $this->assertArrayHasKey( 'data', $body ); - $this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenValidate( string $token ): void { - $this->assertNotEmpty( $token ); - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/validate', [ - 'headers' => [ - 'Authorization' => "Bearer $token", - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_token', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenValidateWithInvalidToken( string $token ): void { - $this->assertNotEmpty( $token ); - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/validate', [ - 'headers' => [ - 'Authorization' => "Bearer {$token}123", - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_invalid_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenRefreshWithInvalidToken( string $token ): void { - $this->assertNotEmpty( $token ); - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', [ - 'headers' => [ - 'Authorization' => "Bearer {$token}", - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - if ( $this->flow === 'cookie' ) { - $this->assertEquals( 'jwt_auth_no_auth_cookie', $body['code'] ); - } else { - $this->assertEquals( 'jwt_auth_no_refresh_token', $body['code'] ); - } - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - $cookies = [ - 'refresh_token' => $token, - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - $request_options['cookies'] = $cookies; - } else if ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $token, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $token, - ]; - } - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenWithInvalidRefreshToken( string $token ): void { - $this->assertNotEmpty( $token ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - $cookies = [ - 'refresh_token' => $token, - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - $request_options['cookies'] = $cookies; - } else if ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $token, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $token, - ]; - } - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } + use RestTestTrait; + + /** + * @throws GuzzleException + */ + public function testToken(): string { + $response = $this->client->post('/wp-json/jwt-auth/v1/token', [ + 'form_params' => [ + 'username' => $this->username, + 'password' => $this->password, + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_credential', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('token', $body['data']); + $this->token = $body['data']['token']; + $this->assertNotEmpty( $this->token ); + + if ($this->flow === 'cookie') { + $cookie = $this->cookies->getCookieByName('refresh_token'); + $this->refreshToken = $cookie->getValue(); + } else { + $this->assertArrayHasKey('refresh_token', $body['data']); + $this->refreshToken = $body['data']['refresh_token']; + } + + $this->assertNotEmpty($this->refreshToken); + $this->assertNotEquals($this->token, $this->refreshToken); + + return $this->token; + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenWithEditedTokenType(string $token): void { + $this->assertNotEmpty($token); + + $payload = json_decode(base64_decode(explode('.', $token)[1]), false); + $payload->typ = 'refresh'; + $malicious_token = implode('.', [ + explode('.', $token )[0], + base64_encode(json_encode($payload)), + explode('.', $token )[2], + ]); + + $request_options = array(); + + if ($this->flow === 'cookie') { + $cookies = [ + 'refresh_token' => $malicious_token, + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray($cookies, $domain); + $request_options['cookies'] = $cookies; + } else if ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $token, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $token, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertIsArray($body); + $this->assertArrayHasKey('data', $body); + $this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenValidate(string $token): void { + $this->assertNotEmpty($token); + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/validate', [ + 'headers' => [ + 'Authorization' => "Bearer $token", + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_token', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenValidateWithInvalidToken(string $token): void { + $this->assertNotEmpty($token); + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/validate', [ + 'headers' => [ + 'Authorization' => "Bearer {$token}123", + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_invalid_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenRefreshWithInvalidToken(string $token): void { + $this->assertNotEmpty($token); + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', [ + 'headers' => [ + 'Authorization' => "Bearer {$token}", + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + if ($this->flow === 'cookie') { + $this->assertEquals('jwt_auth_no_auth_cookie', $body['code']); + } else { + $this->assertEquals('jwt_auth_no_refresh_token', $body['code']); + } + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + + $request_options = array(); + + if ($this->flow === 'cookie') { + $cookies = [ + 'refresh_token' => $token, + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray($cookies, $domain); + $request_options['cookies'] = $cookies; + } else if ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $token, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $token, + ]; + } + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenWithInvalidRefreshToken(string $token): void { + $this->assertNotEmpty($token); + + $request_options = array(); + + if ($this->flow === 'cookie') { + $cookies = [ + 'refresh_token' => $token, + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray( $cookies, $domain ); + $request_options['cookies'] = $cookies; + } else if ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $token, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $token, + ]; + } + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } } diff --git a/tests/src/RefreshTokenTest.php b/tests/src/RefreshTokenTest.php index a91807e..cd3bcf2 100644 --- a/tests/src/RefreshTokenTest.php +++ b/tests/src/RefreshTokenTest.php @@ -11,543 +11,543 @@ */ final class RefreshTokenTest extends TestCase { - use RestTestTrait; - - /** - * @throws GuzzleException - */ - public function testToken(): string { - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', [ - 'form_params' => [ - 'username' => $this->username, - 'password' => $this->password, - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_credential', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'token', $body['data'] ); - $this->token = $body['data']['token']; - $this->assertNotEmpty( $this->token ); - - if ( $this->flow === 'cookie' ) { - // Discard the refresh_token cookie we set above to only retain the - // refresh_token cookie from the response. - $this->cookies->clearSessionCookies(); - - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $this->refreshToken = $cookie->getValue(); - } else { - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $this->refreshToken = $body['data']['refresh_token']; - } - - $this->assertNotEmpty( $this->refreshToken ); - $this->assertNotEquals( $this->token, $this->refreshToken ); - - return $this->refreshToken; - } - - /** - * @depends testToken - */ - public function testTokenWithEditedTokenType( string $refreshToken ): void { - $this->assertNotEmpty( $refreshToken ); - - $this->assertCount( 3, explode( '.', $refreshToken ) ); - - $payload = json_decode( base64_decode( explode( '.', $refreshToken )[1] ), false ); - $payload->typ = 'access'; - $malicious_refreshToken = implode( '.', [ - explode( '.', $refreshToken )[0], - base64_encode( json_encode( $payload ) ), - explode( '.', $refreshToken )[2], - ] ); - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/validate', [ - 'headers' => [ - 'Authorization' => "Bearer {$malicious_refreshToken}", - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertIsArray( $body ); - $this->assertArrayHasKey( 'data', $body ); - $this->assertEquals( 'jwt_auth_invalid_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @depends testToken - */ - public function testTokenValidateWithRefreshToken( string $refreshToken ): void { - $this->assertNotEmpty( $refreshToken ); - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/validate', [ - 'headers' => [ - 'Authorization' => "Bearer {$refreshToken}", - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertIsArray( $body ); - $this->assertArrayHasKey( 'data', $body ); - $this->assertEquals( 'jwt_auth_invalid_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenWithRefreshToken( string $refreshToken ): void { - $this->assertNotEmpty( $refreshToken ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - $cookies = [ - 'refresh_token' => $refreshToken, - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - - $request_options['cookies'] = $cookies; - - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_credential', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'token', $body['data'] ); - $this->token = $body['data']['token']; - $this->assertNotEmpty( $this->token ); - $this->assertNotEquals( $this->token, $refreshToken ); - - if ( $this->flow === 'cookie' ) { - // Discard the refresh_token cookie we set above to only retain the - // refresh_token cookie from the response. - $this->cookies->clearSessionCookies(); - - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $this->refreshToken = $cookie->getValue(); - } else { - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $this->refreshToken = $body['data']['refresh_token']; - } - - $this->assertNotEmpty( $this->refreshToken ); - $this->assertNotEquals( $this->token, $this->refreshToken ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenWithInvalidRefreshToken( string $refreshToken ): void { - $this->assertNotEmpty( $refreshToken ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - - $cookies = [ - 'refresh_token' => $refreshToken . '123', - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - - $request_options['cookies'] = $cookies; - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken . '123', - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken . '123', - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_invalid_refresh_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenRefresh( string $refreshToken ): string { - $this->assertNotEmpty( $refreshToken ); - - // Wait 1 seconds as the token creation is based on timestamp in seconds. - sleep( 1 ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - $cookies = [ - 'refresh_token' => $refreshToken, - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - - $request_options['cookies'] = $cookies; - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_token', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - - if ( $this->flow === 'cookie' ) { - $this->assertArrayNotHasKey( 'data', $body ); - - // Discard the refresh_token cookie we set above to only retain the - // refresh_token cookie from the response. - $cookies->clearSessionCookies(); - - $cookie = $cookies->getCookieByName( 'refresh_token' ); - $this->refreshToken = $cookie->getValue(); - } else { - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $this->refreshToken = $body['data']['refresh_token']; - } - - $this->assertNotEmpty( $this->refreshToken ); - $this->assertNotEquals( $this->refreshToken, $refreshToken ); - - return $this->refreshToken; - } - - /** - * @throws GuzzleException - */ - public function testTokenWithRotatedRefreshToken(): void { - // Not using @depends, because refresh token rotation relies on particular - // order. - $refreshToken1 = $this->testToken(); - $this->assertNotEmpty( $refreshToken1 ); - - // Wait 1 seconds as the token creation is based on timestamp in seconds. - sleep( 1 ); - - $request_options = array(); - - if ( $this->flow === 'cookie' ) { - $domain = $this->getDomain(); - - // Fetch a new refresh token. - $this->cookies->clear(); - $this->setCookie( 'refresh_token', $refreshToken1, $domain ); - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken1, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken1, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_token', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - - if ( $this->flow === 'cookie' ) { - $this->assertArrayNotHasKey( 'data', $body ); - - // Discard the refresh_token cookie we set above to only retain the - // refresh_token cookie from the response. - $this->cookies->clearSessionCookies(); - - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $refreshToken2 = $cookie->getValue(); - - } else { - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $refreshToken2 = $body['data']['refresh_token']; - } - $this->assertNotEmpty( $refreshToken2 ); - - // Confirm the refresh token was rotated. - $this->assertNotEquals( $refreshToken2, $refreshToken1 ); - - if ( $this->flow === 'cookie' ) { - $domain = $this->getDomain(); - - // Confirm the rotated refresh token is valid. - $this->cookies->clear(); - $this->setCookie( 'refresh_token', $refreshToken2, $domain ); - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken2, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken2, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_credential', $body['code'] ); - $this->assertEquals( 200, $response->getStatusCode() ); - $this->assertEquals( true, $body['success'] ); - - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'token', $body['data'] ); - $this->token = $body['data']['token']; - $this->assertNotEmpty( $this->token ); - $this->assertNotEquals( $this->token, $refreshToken2 ); - - if ( $this->flow === 'cookie' ) { - $domain = $this->getDomain(); - - // Discard the refresh_token cookie we set above to only retain the - // refresh_token cookie from the response. - $this->cookies->clearSessionCookies(); - - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $this->assertEmpty( $cookie ); - - // Confirm the previous refresh token is no longer valid. - $this->cookies->clear(); - $this->setCookie( 'refresh_token', $refreshToken1, $domain ); - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken1, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken1, - ]; - } - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_obsolete_refresh_token', $body['code'], $body['message'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } - - /** - * @throws GuzzleException - */ - public function testTokenRefreshRotationByDevice() { - $domain = $this->getDomain(); - - $devices = [ - 1 => [ - 'device' => 'device1', - ], - 2 => [ - 'device' => 'device2', - ], - ]; - - $this->cookies->clear(); - - // Authenticate with each device. - for ( $i = 1; $i <= count( $devices ); $i ++ ) { - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', [ - 'form_params' => [ - 'username' => $this->username, - 'password' => $this->password, - 'device' => $devices[ $i ]['device'], - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_credential', $body['code'] ); - - if ( $this->flow === 'cookie' ) { - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $devices[ $i ]['refresh_token'] = $cookie->getValue(); - } else { - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $devices[ $i ]['refresh_token'] = $body['data']['refresh_token']; - } - $this->assertNotEmpty( $devices[ $i ]['refresh_token'] ); - - if ( isset( $devices[ $i - 1 ]['refresh_token'] ) ) { - $this->assertNotEquals( $devices[ $i - 1 ]['refresh_token'], $devices[ $i ]['refresh_token'] ); - } - - $this->cookies->clear(); - } - - // Wait 1 seconds as the token creation is based on timestamp in seconds. - sleep( 1 ); - - // Refresh token with each device. - for ( $i = 1; $i <= count( $devices ); $i ++ ) { - $initial_refresh_token = $devices[ $i ]['refresh_token']; - - $request_options = array(); - if ( $this->flow === 'cookie' ) { - $request_options['form_params'] = [ - 'device' => $devices[ $i ]['device'], - ]; - $this->setCookie( 'refresh_token', $initial_refresh_token, $domain ); - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $initial_refresh_token, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $initial_refresh_token, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_token', $body['code'] ); - - if ( $this->flow === 'cookie' ) { - // Discard the refresh_token cookie we set above to only retain the - // refresh_token cookie from the response. - $this->cookies->clearSessionCookies(); - $cookie = $this->cookies->getCookieByName( 'refresh_token' ); - $devices[ $i ]['refresh_token'] = $cookie->getValue(); - } else { - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - $devices[ $i ]['refresh_token'] = $body['data']['refresh_token']; - } - $this->assertNotEmpty( $devices[ $i ]['refresh_token'] ); - - $this->assertNotEquals( $initial_refresh_token, $devices[ $i ]['refresh_token'] ); - if ( isset( $devices[ $i - 1 ]['refresh_token'] ) ) { - $this->assertNotEquals( $devices[ $i - 1 ]['refresh_token'], $devices[ $i ]['refresh_token'] ); - } - - $this->cookies->clear(); - } - - // Confirm each device can use its refresh token to authenticate. - for ( $i = 1; $i <= count( $devices ); $i ++ ) { - - $request_options = array(); - if ( $this->flow === 'cookie' ) { - $this->setCookie( 'refresh_token', $devices[ $i ]['refresh_token'], $domain ); - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $devices[ $i ]['refresh_token'], - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $devices[ $i ]['refresh_token'], - ]; - } - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_valid_credential', $body['code'] ); - $this->assertArrayHasKey( 'data', $body ); - $this->assertArrayHasKey( 'token', $body['data'] ); - - if ( $this->flow === 'cookie' ) { - $this->cookies->clear(); - } else { - $this->assertArrayHasKey( 'refresh_token', $body['data'] ); - } - } - - $request_options = array(); - // Confirm the previous refresh token is no longer valid. - if ( $this->flow === 'cookie' ) { - $this->setCookie( 'refresh_token', $initial_refresh_token, $domain ); - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $initial_refresh_token, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $initial_refresh_token, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token', $request_options ); - $this->assertEquals( 401, $response->getStatusCode() ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_obsolete_refresh_token', $body['code'] ); - } - - /** - * @depends testToken - * @throws GuzzleException - */ - public function testTokenRefreshWithInvalidRefreshToken( string $refreshToken ): void { - $this->assertNotEmpty( $refreshToken ); - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', [ - 'headers' => [ - 'Authorization' => "Bearer {$refreshToken}", - ], - ] ); - $body = json_decode( $response->getBody()->getContents(), true ); - - if ( $this->flow === 'cookie' ) { - $this->assertEquals( 'jwt_auth_no_auth_cookie', $body['code'] ); - } else { - $this->assertEquals( 'jwt_auth_no_refresh_token', $body['code'] ); - } - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - - $request_options = array(); - if ( $this->flow === 'cookie' ) { - $cookies = [ - 'refresh_token' => $refreshToken, - ]; - $domain = $this->getDomain(); - $cookies = CookieJar::fromArray( $cookies, $domain ); - $request_options['cookies'] = $cookies; - } elseif ($this->flow === 'body') { - $request_options[\GuzzleHttp\RequestOptions::JSON] = [ - 'refresh_token' => $refreshToken, - ]; - } else { - $request_options['form_params'] = [ - 'refresh_token' => $refreshToken, - ]; - } - - $response = $this->client->post( '/wp-json/jwt-auth/v1/token/refresh', $request_options ); - $body = json_decode( $response->getBody()->getContents(), true ); - $this->assertEquals( 'jwt_auth_obsolete_refresh_token', $body['code'] ); - $this->assertEquals( 401, $response->getStatusCode() ); - $this->assertEquals( false, $body['success'] ); - } + use RestTestTrait; + + /** + * @throws GuzzleException + */ + public function testToken(): string { + $response = $this->client->post('/wp-json/jwt-auth/v1/token', [ + 'form_params' => [ + 'username' => $this->username, + 'password' => $this->password, + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_credential', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('token', $body['data']); + $this->token = $body['data']['token']; + $this->assertNotEmpty($this->token); + + if ($this->flow === 'cookie') { + // Discard the refresh_token cookie we set above to only retain the + // refresh_token cookie from the response. + $this->cookies->clearSessionCookies(); + + $cookie = $this->cookies->getCookieByName('refresh_token'); + $this->refreshToken = $cookie->getValue(); + } else { + $this->assertArrayHasKey('refresh_token', $body['data']); + $this->refreshToken = $body['data']['refresh_token']; + } + + $this->assertNotEmpty($this->refreshToken); + $this->assertNotEquals($this->token, $this->refreshToken); + + return $this->refreshToken; + } + + /** + * @depends testToken + */ + public function testTokenWithEditedTokenType(string $refreshToken): void { + $this->assertNotEmpty($refreshToken); + + $this->assertCount(3, explode('.', $refreshToken)); + + $payload = json_decode(base64_decode(explode('.', $refreshToken)[1]), false); + $payload->typ = 'access'; + $malicious_refreshToken = implode('.', [ + explode('.', $refreshToken)[0], + base64_encode(json_encode($payload)), + explode('.', $refreshToken)[2], + ]); + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/validate', [ + 'headers' => [ + 'Authorization' => "Bearer {$malicious_refreshToken}", + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertIsArray($body); + $this->assertArrayHasKey('data', $body); + $this->assertEquals('jwt_auth_invalid_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @depends testToken + */ + public function testTokenValidateWithRefreshToken(string $refreshToken): void { + $this->assertNotEmpty($refreshToken); + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/validate', [ + 'headers' => [ + 'Authorization' => "Bearer {$refreshToken}", + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertIsArray($body); + $this->assertArrayHasKey('data', $body); + $this->assertEquals('jwt_auth_invalid_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenWithRefreshToken(string $refreshToken): void { + $this->assertNotEmpty($refreshToken); + + $request_options = array(); + + if ($this->flow === 'cookie') { + $cookies = [ + 'refresh_token' => $refreshToken, + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray($cookies, $domain); + + $request_options['cookies'] = $cookies; + + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_credential', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('token', $body['data']); + $this->token = $body['data']['token']; + $this->assertNotEmpty($this->token); + $this->assertNotEquals($this->token, $refreshToken); + + if ($this->flow === 'cookie') { + // Discard the refresh_token cookie we set above to only retain the + // refresh_token cookie from the response. + $this->cookies->clearSessionCookies(); + + $cookie = $this->cookies->getCookieByName('refresh_token'); + $this->refreshToken = $cookie->getValue(); + } else { + $this->assertArrayHasKey('refresh_token', $body['data']); + $this->refreshToken = $body['data']['refresh_token']; + } + + $this->assertNotEmpty($this->refreshToken); + $this->assertNotEquals($this->token, $this->refreshToken); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenWithInvalidRefreshToken(string $refreshToken): void { + $this->assertNotEmpty($refreshToken); + + $request_options = array(); + + if ($this->flow === 'cookie') { + + $cookies = [ + 'refresh_token' => $refreshToken . '123', + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray($cookies, $domain); + + $request_options['cookies'] = $cookies; + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken . '123', + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken . '123', + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_invalid_refresh_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenRefresh(string $refreshToken): string { + $this->assertNotEmpty($refreshToken); + + // Wait 1 seconds as the token creation is based on timestamp in seconds. + sleep(1); + + $request_options = array(); + + if ($this->flow === 'cookie') { + $cookies = [ + 'refresh_token' => $refreshToken, + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray($cookies, $domain); + + $request_options['cookies'] = $cookies; + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_token', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + + if ($this->flow === 'cookie') { + $this->assertArrayNotHasKey('data', $body); + + // Discard the refresh_token cookie we set above to only retain the + // refresh_token cookie from the response. + $cookies->clearSessionCookies(); + + $cookie = $cookies->getCookieByName('refresh_token'); + $this->refreshToken = $cookie->getValue(); + } else { + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('refresh_token', $body['data']); + $this->refreshToken = $body['data']['refresh_token']; + } + + $this->assertNotEmpty($this->refreshToken); + $this->assertNotEquals($this->refreshToken, $refreshToken); + + return $this->refreshToken; + } + + /** + * @throws GuzzleException + */ + public function testTokenWithRotatedRefreshToken(): void { + // Not using @depends, because refresh token rotation relies on particular + // order. + $refreshToken1 = $this->testToken(); + $this->assertNotEmpty($refreshToken1); + + // Wait 1 seconds as the token creation is based on timestamp in seconds. + sleep(1); + + $request_options = array(); + + if ($this->flow === 'cookie') { + $domain = $this->getDomain(); + + // Fetch a new refresh token. + $this->cookies->clear(); + $this->setCookie('refresh_token', $refreshToken1, $domain); + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken1, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken1, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_token', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + + if ($this->flow === 'cookie') { + $this->assertArrayNotHasKey('data', $body); + + // Discard the refresh_token cookie we set above to only retain the + // refresh_token cookie from the response. + $this->cookies->clearSessionCookies(); + + $cookie = $this->cookies->getCookieByName('refresh_token'); + $refreshToken2 = $cookie->getValue(); + + } else { + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('refresh_token', $body['data']); + $refreshToken2 = $body['data']['refresh_token']; + } + $this->assertNotEmpty($refreshToken2); + + // Confirm the refresh token was rotated. + $this->assertNotEquals($refreshToken2, $refreshToken1); + + if ($this->flow === 'cookie') { + $domain = $this->getDomain(); + + // Confirm the rotated refresh token is valid. + $this->cookies->clear(); + $this->setCookie('refresh_token', $refreshToken2, $domain); + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken2, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken2, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_credential', $body['code']); + $this->assertEquals(200, $response->getStatusCode()); + $this->assertEquals(true, $body['success']); + + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('token', $body['data']); + $this->token = $body['data']['token']; + $this->assertNotEmpty($this->token); + $this->assertNotEquals($this->token, $refreshToken2); + + if ($this->flow === 'cookie') { + $domain = $this->getDomain(); + + // Discard the refresh_token cookie we set above to only retain the + // refresh_token cookie from the response. + $this->cookies->clearSessionCookies(); + + $cookie = $this->cookies->getCookieByName('refresh_token'); + $this->assertEmpty($cookie); + + // Confirm the previous refresh token is no longer valid. + $this->cookies->clear(); + $this->setCookie('refresh_token', $refreshToken1, $domain); + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken1, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken1, + ]; + } + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_obsolete_refresh_token', $body['code'], $body['message']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } + + /** + * @throws GuzzleException + */ + public function testTokenRefreshRotationByDevice() { + $domain = $this->getDomain(); + + $devices = [ + 1 => [ + 'device' => 'device1', + ], + 2 => [ + 'device' => 'device2', + ], + ]; + + $this->cookies->clear(); + + // Authenticate with each device. + for ($i = 1; $i <= count($devices); $i++) { + $response = $this->client->post('/wp-json/jwt-auth/v1/token', [ + 'form_params' => [ + 'username' => $this->username, + 'password' => $this->password, + 'device' => $devices[$i]['device'], + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_credential', $body['code']); + + if ($this->flow === 'cookie') { + $cookie = $this->cookies->getCookieByName('refresh_token'); + $devices[$i]['refresh_token'] = $cookie->getValue(); + } else { + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('refresh_token', $body['data']); + $devices[$i]['refresh_token'] = $body['data']['refresh_token']; + } + $this->assertNotEmpty($devices[$i]['refresh_token']); + + if (isset($devices[$i - 1]['refresh_token'])) { + $this->assertNotEquals($devices[$i - 1]['refresh_token'], $devices[$i]['refresh_token']); + } + + $this->cookies->clear(); + } + + // Wait 1 seconds as the token creation is based on timestamp in seconds. + sleep(1); + + // Refresh token with each device. + for ($i = 1; $i <= count($devices); $i++) { + $initial_refresh_token = $devices[$i]['refresh_token']; + + $request_options = array(); + if ($this->flow === 'cookie') { + $request_options['form_params'] = [ + 'device' => $devices[$i]['device'], + ]; + $this->setCookie('refresh_token', $initial_refresh_token, $domain); + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $initial_refresh_token, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $initial_refresh_token, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_token', $body['code']); + + if ($this->flow === 'cookie') { + // Discard the refresh_token cookie we set above to only retain the + // refresh_token cookie from the response. + $this->cookies->clearSessionCookies(); + $cookie = $this->cookies->getCookieByName('refresh_token'); + $devices[$i]['refresh_token'] = $cookie->getValue(); + } else { + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('refresh_token', $body['data']); + $devices[$i]['refresh_token'] = $body['data']['refresh_token']; + } + $this->assertNotEmpty($devices[$i]['refresh_token']); + + $this->assertNotEquals($initial_refresh_token, $devices[$i]['refresh_token']); + if (isset($devices[$i - 1]['refresh_token'])) { + $this->assertNotEquals($devices[$i - 1]['refresh_token'], $devices[$i]['refresh_token']); + } + + $this->cookies->clear(); + } + + // Confirm each device can use its refresh token to authenticate. + for ($i = 1; $i <= count($devices); $i++) { + + $request_options = array(); + if ($this->flow === 'cookie') { + $this->setCookie('refresh_token', $devices[$i]['refresh_token'], $domain); + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $devices[$i]['refresh_token'], + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $devices[$i]['refresh_token'], + ]; + } + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_valid_credential', $body['code']); + $this->assertArrayHasKey('data', $body); + $this->assertArrayHasKey('token', $body['data']); + + if ($this->flow === 'cookie') { + $this->cookies->clear(); + } else { + $this->assertArrayHasKey('refresh_token', $body['data']); + } + } + + $request_options = array(); + // Confirm the previous refresh token is no longer valid. + if ($this->flow === 'cookie') { + $this->setCookie('refresh_token', $initial_refresh_token, $domain); + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $initial_refresh_token, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $initial_refresh_token, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token', $request_options); + $this->assertEquals(401, $response->getStatusCode()); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_obsolete_refresh_token', $body['code']); + } + + /** + * @depends testToken + * @throws GuzzleException + */ + public function testTokenRefreshWithInvalidRefreshToken(string $refreshToken): void { + $this->assertNotEmpty($refreshToken); + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', [ + 'headers' => [ + 'Authorization' => "Bearer {$refreshToken}", + ], + ]); + $body = json_decode($response->getBody()->getContents(), true); + + if ($this->flow === 'cookie') { + $this->assertEquals('jwt_auth_no_auth_cookie', $body['code']); + } else { + $this->assertEquals('jwt_auth_no_refresh_token', $body['code']); + } + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + + $request_options = array(); + if ($this->flow === 'cookie') { + $cookies = [ + 'refresh_token' => $refreshToken, + ]; + $domain = $this->getDomain(); + $cookies = CookieJar::fromArray($cookies, $domain); + $request_options['cookies'] = $cookies; + } elseif ($this->flow === 'body') { + $request_options[\GuzzleHttp\RequestOptions::JSON] = [ + 'refresh_token' => $refreshToken, + ]; + } else { + $request_options['form_params'] = [ + 'refresh_token' => $refreshToken, + ]; + } + + $response = $this->client->post('/wp-json/jwt-auth/v1/token/refresh', $request_options); + $body = json_decode($response->getBody()->getContents(), true); + $this->assertEquals('jwt_auth_obsolete_refresh_token', $body['code']); + $this->assertEquals(401, $response->getStatusCode()); + $this->assertEquals(false, $body['success']); + } } diff --git a/tests/src/RestTestTrait.php b/tests/src/RestTestTrait.php index cddbd32..fdaa2f5 100644 --- a/tests/src/RestTestTrait.php +++ b/tests/src/RestTestTrait.php @@ -28,7 +28,7 @@ trait RestTestTrait { protected ?string $refreshToken; protected function setUp(): void { - $this->cookies = new CookieJar(); + $this->cookies = new CookieJar(); $this->httpClientConfig = [ 'base_uri' => $_ENV['URL'] ?? 'http://localhost', 'http_errors' => false, @@ -48,28 +48,28 @@ protected function setUp(): void { CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4, ], ]; - if ( in_array( '--debug', $_SERVER['argv'], true ) ) { + if (in_array('--debug', $_SERVER['argv'], true)) { $this->httpClientConfig['debug'] = true; } - $this->client = new Client( $this->httpClientConfig ); + $this->client = new Client($this->httpClientConfig); $this->username = $_ENV['USERNAME'] ?? null; $this->password = $_ENV['PASSWORD'] ?? null; - $this->flow = $_ENV['FLOW']; + $this->flow = $_ENV['FLOW']; } - protected function setCookie( $name, $value, $domain ): CookieJar { - $this->cookies->setCookie( new SetCookie( [ - 'Domain' => $domain, - 'Name' => $name, - 'Value' => $value, - 'Discard' => true, + protected function setCookie($name, $value, $domain): CookieJar { + $this->cookies->setCookie(new SetCookie( [ + 'Domain' => $domain, + 'Name' => $name, + 'Value' => $value, + 'Discard' => true, ] ) ); return $this->cookies; } protected function getDomain(): string { - return parse_url( $this->httpClientConfig['base_uri'], PHP_URL_HOST ); + return parse_url($this->httpClientConfig['base_uri'], PHP_URL_HOST); } }