Skip to content

Commit 54c74da

Browse files
cconard96cconard96
committed
start authcode oauth e2e test
1 parent 9bd5168 commit 54c74da

File tree

2 files changed

+133
-0
lines changed

2 files changed

+133
-0
lines changed

tests/cypress/e2e/oauth_authcode.cy.js

+117
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
/**
2+
* ---------------------------------------------------------------------
3+
*
4+
* GLPI - Gestionnaire Libre de Parc Informatique
5+
*
6+
* http://glpi-project.org
7+
*
8+
* @copyright 2015-2025 Teclib' and contributors.
9+
* @licence https://www.gnu.org/licenses/gpl-3.0.html
10+
*
11+
* ---------------------------------------------------------------------
12+
*
13+
* LICENSE
14+
*
15+
* This file is part of GLPI.
16+
*
17+
* This program is free software: you can redistribute it and/or modify
18+
* it under the terms of the GNU General Public License as published by
19+
* the Free Software Foundation, either version 3 of the License, or
20+
* (at your option) any later version.
21+
*
22+
* This program is distributed in the hope that it will be useful,
23+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
24+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25+
* GNU General Public License for more details.
26+
*
27+
* You should have received a copy of the GNU General Public License
28+
* along with this program. If not, see <https://www.gnu.org/licenses/>.
29+
*
30+
* ---------------------------------------------------------------------
31+
*/
32+
33+
describe('OAuth - Authorization Code Grant', () => {
34+
const oauthclient_id = '9246d35072ff62193330003a8106d947fafe5ac036d11a51ebc7ca11b9bc135e';
35+
const oauthclient_secret = 'd2c4f3b8a0e1f7b5c6a9d1e4f3b8a0e1f7b5c6a9d1e4f3b8a0e1f7b5c6a9d1';
36+
37+
function doAuthCodeGrant(expect_already_logged_in = false, remember_me = false) {
38+
function doGLPILogin(redirect_url, username_field, password_field, csrf_token) {
39+
// cy.findByRole('textbox', {'name': "Login"}).type('e2e_tests');
40+
// cy.findByLabelText("Password").type('glpi');
41+
// if (remember_me) {
42+
// cy.findByRole('checkbox', {name: "Remember me"}).check();
43+
// } else {
44+
// cy.findByRole('checkbox', {name: "Remember me"}).uncheck();
45+
// }
46+
// cy.getDropdownByLabelText("Login source").selectDropdownValue('GLPI internal database');
47+
// cy.findByRole('button', {name: "Sign in"}).click();
48+
49+
// Do login as request instead of visit
50+
const body = {
51+
[username_field]: 'e2e_tests',
52+
[password_field]: 'glpi',
53+
auth: 0,
54+
_glpi_csrf_token: csrf_token,
55+
redirect: redirect_url,
56+
noAUTO: 0
57+
};
58+
if (remember_me) {
59+
body.login_remember = 1;
60+
}
61+
cy.request({
62+
method: 'POST',
63+
url: '/front/login.php',
64+
form: true,
65+
body: body,
66+
}).then((response) => {
67+
expect(response.status).to.eq(200);
68+
});
69+
}
70+
71+
function doAuthorization() {
72+
73+
}
74+
75+
cy.request({
76+
method: 'GET',
77+
url: '/api.php/Authorize',
78+
qs: {
79+
response_type: 'code',
80+
client_id: oauthclient_id,
81+
scope: 'api user',
82+
redirect_uri: '/api.php/oauth2/redirection',
83+
//state: 'test_state'
84+
},
85+
}).then((response) => {
86+
expect(response.status).to.eq(200);
87+
expect(response.allRequestResponses).to.have.length(2);
88+
89+
expect(response.allRequestResponses[1]['Request URL']).to.contain(
90+
encodeURIComponent(`/api.php/v2/authorize?scope=api+user&client_id=${oauthclient_id}&response_type=code&redirect_uri=${encodeURIComponent('/api.php/oauth2/redirection')}`)
91+
);
92+
93+
if (!expect_already_logged_in) {
94+
// Should be on a GLPI login page
95+
const parsed_html = Cypress.$(`<div>${response.body}</div>`);
96+
expect(parsed_html.find('title').text()).to.eq('Authentication - GLPI');
97+
const redirect_url = parsed_html.find('input[name="redirect"]').val();
98+
const username_field = parsed_html.find('#login_name').attr('name');
99+
const password_field = parsed_html.find('#login_password').attr('name');
100+
const csrf_token = parsed_html.find('input[name="_glpi_csrf_token"]').val();
101+
doGLPILogin(redirect_url, username_field, password_field, csrf_token);
102+
}
103+
doAuthorization();
104+
});
105+
}
106+
107+
it('Should authorize without cookie - no remember me', () => {
108+
doAuthCodeGrant();
109+
});
110+
// it('Should authorize without cookie - remember me', () => {
111+
// doAuthCodeGrant(false, true);
112+
// });
113+
// it('Should authorize with cookie', () => {
114+
// cy.login();
115+
// doAuthCodeGrant(true);
116+
// });
117+
});

tests/src/autoload/functions.php

+16
Original file line numberDiff line numberDiff line change
@@ -669,6 +669,14 @@ function loadDataset()
669669
'is_active' => 1,
670670
'is_confidential' => 1,
671671
'name' => 'Test OAuth Client',
672+
],
673+
[
674+
'redirect_uri' => ["/api.php/oauth2/redirection"],
675+
'grants' => ['authorization_code'],
676+
'scopes' => ['api', 'user'],
677+
'is_active' => 1,
678+
'is_confidential' => 1,
679+
'name' => 'Test E2E OAuth Client',
672680
]
673681
],
674682
'CartridgeItem' => [
@@ -756,6 +764,14 @@ function loadDataset()
756764
}
757765
Search::$search = [];
758766
Config::setConfigurationValues('phpunit', ['dataset' => $data['_version']]);
767+
768+
// Set well known OAuth client ID and secret to be used in E2E tests where we cannot find the secret
769+
$e2e_oauth = getItemByTypeName('OAuthClient', 'Test E2E OAuth Client');
770+
$e2e_oauth->update([
771+
'id' => $e2e_oauth->getID(),
772+
'identifier' => '9246d35072ff62193330003a8106d947fafe5ac036d11a51ebc7ca11b9bc135e',
773+
'secret' => 'd2c4f3b8a0e1f7b5c6a9d1e4f3b8a0e1f7b5c6a9d1e4f3b8a0e1f7b5c6a9d1'
774+
]);
759775
}
760776
$DB->commit();
761777

0 commit comments

Comments
 (0)