Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
  • Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Tests for oauth2 apis (\core\oauth2\*).
 *
 * @package    core
 * @copyright  2017 Damyon Wiese
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
 */

defined('MOODLE_INTERNAL') || die();

/**
 * Tests for oauth2 apis (\core\oauth2\*).
 *
 * @package    core
 * @copyright  2017 Damyon Wiese
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
< * @covers \core\oauth2\api
> * @coversDefaultClass \core\oauth2\api
*/ class core_oauth2_testcase extends advanced_testcase { /** * Tests the crud operations on oauth2 issuers. */ public function test_create_and_delete_standard_issuers() { $this->resetAfterTest(); $this->setAdminUser(); \core\oauth2\api::create_standard_issuer('google'); \core\oauth2\api::create_standard_issuer('facebook'); \core\oauth2\api::create_standard_issuer('microsoft'); \core\oauth2\api::create_standard_issuer('nextcloud', 'https://dummy.local/nextcloud/'); $issuers = \core\oauth2\api::get_all_issuers(); $this->assertEquals($issuers[0]->get('name'), 'Google'); $this->assertEquals($issuers[1]->get('name'), 'Facebook'); $this->assertEquals($issuers[2]->get('name'), 'Microsoft'); $this->assertEquals($issuers[3]->get('name'), 'Nextcloud'); \core\oauth2\api::move_down_issuer($issuers[0]->get('id')); $issuers = \core\oauth2\api::get_all_issuers(); $this->assertEquals($issuers[0]->get('name'), 'Facebook'); $this->assertEquals($issuers[1]->get('name'), 'Google'); $this->assertEquals($issuers[2]->get('name'), 'Microsoft'); $this->assertEquals($issuers[3]->get('name'), 'Nextcloud'); \core\oauth2\api::delete_issuer($issuers[1]->get('id')); $issuers = \core\oauth2\api::get_all_issuers(); $this->assertEquals($issuers[0]->get('name'), 'Facebook'); $this->assertEquals($issuers[1]->get('name'), 'Microsoft'); $this->assertEquals($issuers[2]->get('name'), 'Nextcloud'); } /** * Tests the crud operations on oauth2 issuers. */ public function test_create_nextcloud_without_url() { $this->resetAfterTest(); $this->setAdminUser(); $this->expectException(\moodle_exception::class); \core\oauth2\api::create_standard_issuer('nextcloud'); } /** * Tests we can list and delete each of the persistents related to an issuer. */ public function test_getters() { $this->resetAfterTest(); $this->setAdminUser(); $issuer = \core\oauth2\api::create_standard_issuer('microsoft'); $same = \core\oauth2\api::get_issuer($issuer->get('id')); foreach ($same->properties_definition() as $name => $def) { $this->assertTrue($issuer->get($name) == $same->get($name)); } $endpoints = \core\oauth2\api::get_endpoints($issuer); $same = \core\oauth2\api::get_endpoint($endpoints[0]->get('id')); $this->assertEquals($endpoints[0]->get('id'), $same->get('id')); $this->assertEquals($endpoints[0]->get('name'), $same->get('name')); $todelete = $endpoints[0]; \core\oauth2\api::delete_endpoint($todelete->get('id')); $endpoints = \core\oauth2\api::get_endpoints($issuer); $this->assertNotEquals($endpoints[0]->get('id'), $todelete->get('id')); $userfields = \core\oauth2\api::get_user_field_mappings($issuer); $same = \core\oauth2\api::get_user_field_mapping($userfields[0]->get('id')); $this->assertEquals($userfields[0]->get('id'), $same->get('id')); $todelete = $userfields[0]; \core\oauth2\api::delete_user_field_mapping($todelete->get('id')); $userfields = \core\oauth2\api::get_user_field_mappings($issuer); $this->assertNotEquals($userfields[0]->get('id'), $todelete->get('id')); } /** * Data provider for \core_oauth2_testcase::test_get_system_oauth_client(). * * @return array */ public function system_oauth_client_provider() { return [ [ (object) [ 'access_token' => 'fdas...', 'token_type' => 'Bearer', 'expires_in' => '3600', 'id_token' => 'llfsd..', ], HOURSECS - 10 ], [ (object) [ 'access_token' => 'fdas...', 'token_type' => 'Bearer', 'id_token' => 'llfsd..', ], WEEKSECS ], ]; } /** * Tests we can get a logged in oauth client for a system account. * * @dataProvider system_oauth_client_provider * @param stdClass $responsedata The response data to be mocked. * @param int $expiresin The expected expiration time. */ public function test_get_system_oauth_client($responsedata, $expiresin) { $this->resetAfterTest(); $this->setAdminUser(); $issuer = \core\oauth2\api::create_standard_issuer('microsoft'); $requiredscopes = \core\oauth2\api::get_system_scopes_for_issuer($issuer); // Fake a system account. $data = (object) [ 'issuerid' => $issuer->get('id'), 'refreshtoken' => 'abc', 'grantedscopes' => $requiredscopes, 'email' => 'sys@example.com', 'username' => 'sys' ]; $sys = new \core\oauth2\system_account(0, $data); $sys->create(); // Fake a response with an access token. $response = json_encode($responsedata); curl::mock_response($response); $client = \core\oauth2\api::get_system_oauth_client($issuer); $this->assertTrue($client->is_logged_in()); // Check token expiry. $accesstoken = \core\oauth2\access_token::get_record(['issuerid' => $issuer->get('id')]); // Get the difference between the actual and expected expiry times. // They might differ by a couple of seconds depending on the timing when the token gets actually processed. $expiresdifference = time() + $expiresin - $accesstoken->get('expires'); // Assert that the actual token expiration is more or less the same as the expected. $this->assertGreaterThanOrEqual(0, $expiresdifference); $this->assertLessThanOrEqual(3, $expiresdifference); } /** * Tests we can enable and disable an issuer. */ public function test_enable_disable_issuer() { $this->resetAfterTest(); $this->setAdminUser(); $issuer = \core\oauth2\api::create_standard_issuer('microsoft'); $issuerid = $issuer->get('id'); \core\oauth2\api::enable_issuer($issuerid); $check = \core\oauth2\api::get_issuer($issuer->get('id')); $this->assertTrue((boolean)$check->get('enabled')); \core\oauth2\api::enable_issuer($issuerid); $check = \core\oauth2\api::get_issuer($issuer->get('id')); $this->assertTrue((boolean)$check->get('enabled')); \core\oauth2\api::disable_issuer($issuerid); $check = \core\oauth2\api::get_issuer($issuer->get('id')); $this->assertFalse((boolean)$check->get('enabled')); \core\oauth2\api::enable_issuer($issuerid); $check = \core\oauth2\api::get_issuer($issuer->get('id')); $this->assertTrue((boolean)$check->get('enabled')); } /** * Test the alloweddomains for an issuer. */ public function test_issuer_alloweddomains() { $this->resetAfterTest(); $this->setAdminUser(); $issuer = \core\oauth2\api::create_standard_issuer('microsoft'); $issuer->set('alloweddomains', ''); // Anything is allowed when domain is empty. $this->assertTrue($issuer->is_valid_login_domain('')); $this->assertTrue($issuer->is_valid_login_domain('a@b')); $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com')); $issuer->set('alloweddomains', 'example.com'); // One domain - must match exactly - no substrings etc. $this->assertFalse($issuer->is_valid_login_domain('')); $this->assertFalse($issuer->is_valid_login_domain('a@b')); $this->assertFalse($issuer->is_valid_login_domain('longer.example@example')); $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com')); $issuer->set('alloweddomains', 'example.com,example.net'); // Multiple domains - must match any exactly - no substrings etc. $this->assertFalse($issuer->is_valid_login_domain('')); $this->assertFalse($issuer->is_valid_login_domain('a@b')); $this->assertFalse($issuer->is_valid_login_domain('longer.example@example')); $this->assertFalse($issuer->is_valid_login_domain('invalid@email@example.net')); $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.net')); $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com')); $issuer->set('alloweddomains', '*.example.com'); // Wildcard. $this->assertFalse($issuer->is_valid_login_domain('')); $this->assertFalse($issuer->is_valid_login_domain('a@b')); $this->assertFalse($issuer->is_valid_login_domain('longer.example@example')); $this->assertFalse($issuer->is_valid_login_domain('longer.example@example.com')); $this->assertTrue($issuer->is_valid_login_domain('longer.example@sub.example.com')); } }