Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] 'actingAsClient' method for tests #1083

Merged
merged 2 commits into from
Sep 13, 2019
Merged

[7.x] 'actingAsClient' method for tests #1083

merged 2 commits into from
Sep 13, 2019

Conversation

gdebrauwer
Copy link
Contributor

@gdebrauwer gdebrauwer commented Sep 12, 2019
edited
Loading

Laravel Passport already provides an actingAs method that mocks the user authentication. This pull request adds the method actingAsClient to mock the client authentication (optionally using certain scopes).

Passport::actingAsClient($client);
Passport::actingAsClient($client, ['check-status', 'place-orders']);

Why ?

If you currently want to test an API route that uses client authentication, you have to make an actual request to the /oauth/token route to get a client access token. Then you have to add that token to the Authorization header of the next request that tests the API route.

Fixes issues #514 and #680.

How?

This method was already proposed in an older pull request (#847), but that implementation mocked the middleware.

My implementation mocks the ResourceServer class. This class is used by both the CheckClientCredentials and CheckClientCredentialsForAnyScope middleware classes.
The ResourceServer class parses the request Authorization header and sets certain attributes on the request. (in the BearerTokenValidator)

return $request
    ->withAttribute('oauth_access_token_id', $token->getClaim('jti'))
    ->withAttribute('oauth_client_id', $token->getClaim('aud'))
    ->withAttribute('oauth_user_id', $token->getClaim('sub'))
    ->withAttribute('oauth_scopes', $token->getClaim('scopes'));

Those attributes are later used in the middleware classes to validate the scopes.
By just mocking the ResourceServer class, we don't need to mock the entire middleware classes or the scopes logic.

If the pull request is approved, I will make a pull request to update the documentation

@driesvints driesvints changed the title [7.0] 'actingAsClient' method for tests [7.x] 'actingAsClient' method for tests Sep 12, 2019
@taylorotwell taylorotwell merged commit d47175a into laravel:7.0 Sep 13, 2019
@gdebrauwer gdebrauwer mentioned this pull request Sep 13, 2019
Merged
@derekrprice
Copy link

derekrprice commented Jan 31, 2020
edited
Loading

@gdebrauwer, my Controller attempts to access and parse $request->bearerToken() and isn't getting back a valid JWT, even when I use actingAsClient(). Am I still missing something or is there a better way to retrieve the client ID in the controller?

        $bearerToken = $request->bearerToken();
        $tokenId = (new \Lcobucci\JWT\Parser())->parse($bearerToken)->getHeader('jti');
        $client = \Laravel\Passport\Token::find($tokenId)->client->only(['id', 'name', 'created_at', 'updated_at']);

Thanks!

@sven-plastiq
Copy link

Having the same issue @derekrprice - did you find a solution?

@derekrprice
Copy link

@sven-plastiq, I ended up overriding the CheckClientCredentials Middleware instead, as suggested on this SO answer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gdebrauwer @derekrprice @sven-plastiq @taylorotwell