keii.dev
1<?php
2
3// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
4// See the LICENCE file in the repository root for full licence text.
5
6namespace Tests;
7
8use App\Models\OAuth\Client;
9use App\Models\User;
10
11class OAuthAuthCodeRequestTest extends TestCase
12{
13 protected $client;
14
15 /**
16 * @dataProvider botClientDataProvider
17 */
18 public function testBotClient($scope, $success)
19 {
20 $params = [
21 'client_id' => $this->client->getKey(),
22 'redirect_uri' => $this->client->redirect,
23 'response_type' => 'code',
24 'scope' => $scope,
25 ];
26
27 $request = $this->get(route('oauth.authorizations.authorize', $params));
28
29 if ($success) {
30 $request->assertStatus(200);
31 } else {
32 $request->assertViewIs('layout.error')->assertStatus(400);
33 }
34 }
35
36 public function testNonBotClientCannotRequestChatWriteScope()
37 {
38 $client = Client::factory()->create();
39
40 $params = [
41 'client_id' => $client->getKey(),
42 'redirect_uri' => $client->redirect,
43 'response_type' => 'code',
44 'scope' => 'chat.write',
45 ];
46
47 $this->get(route('oauth.authorizations.authorize', $params))
48 ->assertViewIs('layout.error')
49 ->assertStatus(400);
50 }
51
52 public static function botClientDataProvider()
53 {
54 return [
55 'cannot request delegation with auth_code' => ['delegate', false],
56 'can request chat.write scope' => ['chat.write', true],
57 ];
58 }
59
60 protected function setUp(): void
61 {
62 parent::setUp();
63
64 // otherwise exceptions won't render the actual view.
65 config_set('app.debug', false);
66
67 $this->client = Client::factory()->create([
68 'user_id' => User::factory()->withGroup('bot'),
69 ]);
70
71 $user = User::factory()->create();
72 $this->actAsUser($user, true);
73 }
74}