tests/OAuthClientCredentialsRequestTest.php at master · keii.dev/osu-web

keii.dev / osu-web
the browser-facing portion of osu!
osu-web / tests / OAuthClientCredentialsRequestTest.php
at master 2.4 kB view raw
 1<?php
 2
 3// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
 4// See the LICENCE file in the repository root for full licence text.
 5
 6namespace Tests;
 7
 8use App\Models\OAuth\Client;
 9use App\Models\User;
10
11class OAuthClientCredentialsRequestTest extends TestCase
12{
13    /**
14     * @dataProvider botRequestingScopeDataProvider
15     */
16    public function testBotRequestingScope($scope, $status)
17    {
18        $client = Client::factory()->create([
19            'user_id' => User::factory()->withGroup('bot'),
20        ]);
21
22        $params = [
23            'client_id' => $client->getKey(),
24            'client_secret' => $client->secret,
25            'grant_type' => 'client_credentials',
26            'scope' => $scope,
27        ];
28
29        $this->post(route('oauth.passport.token'), $params)
30            ->assertStatus($status);
31    }
32
33    /**
34     * @dataProvider nonBotRequestingScopeDataProvider
35     */
36    public function testNonBotRequestingScope($scope, $status)
37    {
38        $client = Client::factory()->create();
39
40        $params = [
41            'client_id' => $client->getKey(),
42            'client_secret' => $client->secret,
43            'grant_type' => 'client_credentials',
44            'scope' => $scope,
45        ];
46
47        $this->post(route('oauth.passport.token'), $params)
48            ->assertStatus($status);
49    }
50
51    public static function botRequestingScopeDataProvider()
52    {
53        return [
54            '* cannot be requested' => ['*', 400],
55            'cannot request empty scope' => ['', 400],
56            'delegate scope allows chat.write' => ['chat.write delegate ', 200],
57            'chat.write cannot be requested by itself' => ['chat.write', 400],
58            'mixing scope delegation is not allowed' => ['chat.write delegate forum.write', 400],
59            'public scope is allowed' => ['public', 200],
60        ];
61    }
62
63    public static function nonBotRequestingScopeDataProvider()
64    {
65        return [
66            '* cannot be requested' => ['*', 400],
67            'cannot request empty scope' => ['', 400],
68            'cannot request delegation' => ['chat.write delegate ', 400],
69            'public scope is allowed' => ['public', 200],
70        ];
71    }
72
73    protected function setUp(): void
74    {
75        parent::setUp();
76
77        // otherwise exceptions won't render the actual view.
78        config_set('app.debug', false);
79    }
80}