From caa0b1765b8c249ff4a868980d90e3410b26b664 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 14 Jun 2017 17:30:12 +0200 Subject: [PATCH] Add client_credentials oAuth2 auth method Signed-off-by: Thomas Citharel --- .../Controller/DeveloperController.php | 2 +- .../Controller/DeveloperControllerTest.php | 27 ++++++++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/Wallabag/ApiBundle/Controller/DeveloperController.php b/src/Wallabag/ApiBundle/Controller/DeveloperController.php index 9cb1b6264..9cb73f4cf 100644 --- a/src/Wallabag/ApiBundle/Controller/DeveloperController.php +++ b/src/Wallabag/ApiBundle/Controller/DeveloperController.php @@ -43,7 +43,7 @@ class DeveloperController extends Controller $clientForm->handleRequest($request); if ($clientForm->isSubmitted() && $clientForm->isValid()) { - $client->setAllowedGrantTypes(['token', 'authorization_code', 'password', 'refresh_token']); + $client->setAllowedGrantTypes(['client_credentials', 'token', 'authorization_code', 'password', 'refresh_token']); $em->persist($client); $em->flush(); diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php index d37cbbf9b..53aed12b6 100644 --- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php @@ -34,7 +34,7 @@ class DeveloperControllerTest extends WallabagCoreTestCase $this->assertContains('My app', $alert[0]); } - public function testCreateToken() + public function testCreateTokenFromPasswords() { $client = $this->getClient(); $apiClient = $this->createApiClientForUser('admin'); @@ -56,6 +56,26 @@ class DeveloperControllerTest extends WallabagCoreTestCase $this->assertArrayHasKey('refresh_token', $data); } + public function testCreateTokenFromClientCredentialsOnly() + { + $client = $this->getClient(); + $apiClient = $this->createApiClientForUser('admin', ['client_credentials']); + + $client->request('POST', '/oauth/v2/token', [ + 'grant_type' => 'client_credentials', + 'client_id' => $apiClient->getPublicId(), + 'client_secret' => $apiClient->getSecret(), + ]); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $data = json_decode($client->getResponse()->getContent(), true); + $this->assertArrayHasKey('access_token', $data); + $this->assertArrayHasKey('expires_in', $data); + $this->assertArrayHasKey('token_type', $data); + // Client Credentials created-clients have no refresh tokens + } + public function testListingClient() { $this->logInAs('admin'); @@ -114,9 +134,10 @@ class DeveloperControllerTest extends WallabagCoreTestCase /** * @param string $username * + * @param array $grantTypes * @return Client */ - private function createApiClientForUser($username) + private function createApiClientForUser($username, $grantTypes = ['password']) { $client = $this->getClient(); $em = $client->getContainer()->get('doctrine.orm.entity_manager'); @@ -124,7 +145,7 @@ class DeveloperControllerTest extends WallabagCoreTestCase $user = $userManager->findUserBy(array('username' => $username)); $apiClient = new Client($user); $apiClient->setName('My app'); - $apiClient->setAllowedGrantTypes(['password']); + $apiClient->setAllowedGrantTypes($grantTypes); $em->persist($apiClient); $em->flush();