3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test::More tests => 1;
27 use t::lib::TestBuilder;
29 my $t = Test::Mojo->new('Koha::REST::V1');
30 my $schema = Koha::Database->new->schema;
31 my $builder = t::lib::TestBuilder->new();
33 subtest '/oauth/token tests' => sub {
36 $schema->storage->txn_begin;
38 my $patron = $builder->build_object({
39 class => 'Koha::Patrons',
41 flags => 0 # no permissions
45 # Missing parameter grant_type
46 $t->post_ok('/api/v1/oauth/token')
50 $t->post_ok('/api/v1/oauth/token', form => { grant_type => 'password' })
52 ->json_is({error => 'Unimplemented grant type'});
54 t::lib::Mocks::mock_preference('RESTOAuth2ClientCredentials', 1);
56 # No client_id/client_secret
57 $t->post_ok('/api/v1/oauth/token', form => { grant_type => 'client_credentials' })
59 ->json_is({error => 'unauthorized_client'});
61 my $api_key = Koha::ApiKey->new({ patron_id => $patron->id, description => 'blah' })->store;
64 grant_type => 'client_credentials',
65 client_id => $api_key->client_id,
66 client_secret => $api_key->secret
68 $t->post_ok('/api/v1/oauth/token', form => $formData)
70 ->json_is('/expires_in' => 3600)
71 ->json_is('/token_type' => 'Bearer')
72 ->json_has('/access_token');
74 my $access_token = $t->tx->res->json->{access_token};
76 # Without access token, it returns 401
77 $t->get_ok('/api/v1/patrons')->status_is(401);
79 # With access token, but without permissions, it returns 403
80 my $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
81 $tx->req->headers->authorization("Bearer $access_token");
82 $t->request_ok($tx)->status_is(403);
84 # With access token and permissions, it returns 200
85 $patron->flags(2**4)->store;
86 $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
87 $tx->req->headers->authorization("Bearer $access_token");
88 $t->request_ok($tx)->status_is(200);
91 my $token = Koha::OAuthAccessTokens->find($access_token);
92 $token->expires( time - 1 )->store;
93 $tx = $t->ua->build_tx( GET => '/api/v1/patrons' );
94 $tx->req->headers->authorization("Bearer $access_token");
99 $api_key->active(0)->store;
100 $t->post_ok('/api/v1/oauth/token', form => $formData)
102 ->json_is({ error => 'unauthorized_client' });
104 # disable client credentials grant
105 t::lib::Mocks::mock_preference('RESTOAuth2ClientCredentials', 0);
108 $api_key->active(1)->store;
110 $t->post_ok('/api/v1/oauth/token', form => $formData )
112 ->json_is({ error => 'Unimplemented grant type' });
114 $schema->storage->txn_rollback;