Skip to content

[51659] Texas Bank - Unable to delete and edit an existing auth client #8868

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
marcoAntonioNina wants to merge 1 commit into
base: develop
Choose a base branch
from
+60 −14
Open

[51659] Texas Bank - Unable to delete and edit an existing auth client #8868

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions ProcessMaker/Http/Controllers/Auth/ClientController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Log;
use Laravel\Passport\ClientRepository;
use ProcessMaker\Events\AuthClientCreated;
use ProcessMaker\Events\AuthClientDeleted;
Expand All @@ -27,7 +28,7 @@ public function index(Request $request)

public function show(Request $request, $clientId)
{
$client = $this->clients->findForUser($clientId, $request->user());
$client = $this->findActiveClient($request, $clientId);

if (!$client) {
return new Response('', 404);
Expand Down Expand Up @@ -72,7 +73,7 @@ public function store(Request $request)

public function update(Request $request, $clientId)
{
$client = $this->clients->findForUser($clientId, $request->user());
$client = $this->findActiveClient($request, $clientId);

if (!$client) {
return new Response('', 404);
Expand Down Expand Up @@ -101,7 +102,7 @@ public function update(Request $request, $clientId)

public function destroy(Request $request, $clientId)
{
$client = $this->clients->findForUser($clientId, $request->user());
$client = $this->findActiveClient($request, $clientId);

if (!$client) {
return new Response('', 404);
Expand All @@ -114,6 +115,22 @@ public function destroy(Request $request, $clientId)
return new Response('', 204);
}

private function findActiveClient(Request $request, $clientId)
{
$client = $this->clients->findActive($clientId);

if (!$client) {
Log::warning('OAuth client lookup failed.', [
'client_id' => $clientId,
'user_id' => $request->user()?->getAuthIdentifier(),
'route' => $request->route()?->getName(),
'method' => $request->method(),
]);
}

return $client;
}

private function validate($request)
{
$rules = [
Expand Down
51 changes: 40 additions & 11 deletions tests/Feature/Api/OAuthTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,31 @@ class OAuthTest extends TestCase
{
use RequestHelper;

private const OAUTH_CLIENTS_URL = '/oauth/clients';
private const OAUTH_CLIENT_URL = '/oauth/clients/';

public $json = null;

public function withUserSetup()
{
$response = $this->actingAs($this->user)
->json('POST', '/oauth/clients', []);
->json('POST', self::OAUTH_CLIENTS_URL, []);

$this->assertEquals('The Name field is required.', $response->json()['errors']['name'][0]);
$this->assertEquals('The Types field is required.', $response->json()['errors']['types'][0]);

$response = $this->actingAs($this->user)
->json('POST', '/oauth/clients', ['name' => 'foo', 'types' => []]);
->json('POST', self::OAUTH_CLIENTS_URL, ['name' => 'foo', 'types' => []]);

$this->assertEquals('The Auth-Client must have at least 1 item chosen.', $response->json()['errors']['types'][0]);

$response = $this->actingAs($this->user)
->json('POST', '/oauth/clients', ['name' => 'foo', 'types' => ['authorization_code_grant']]);
->json('POST', self::OAUTH_CLIENTS_URL, ['name' => 'foo', 'types' => ['authorization_code_grant']]);

$this->assertEquals('The Redirect field is required.', $response->json()['errors']['redirect'][0]);

$response = $this->actingAs($this->user)
->json('POST', '/oauth/clients', ['name' => 'test', 'redirect' => 'http://test.com', 'types' => ['authorization_code_grant']]);
->json('POST', self::OAUTH_CLIENTS_URL, ['name' => 'test', 'redirect' => 'http://test.com', 'types' => ['authorization_code_grant']]);

$response->assertStatus(201);
$this->json = $response->json();
Expand All @@ -45,7 +48,7 @@ public function withUserSetup()
public function testCreateAndList()
{
$response = $this->actingAs($this->user)
->json('GET', '/oauth/clients');
->json('GET', self::OAUTH_CLIENTS_URL);

$response->assertStatus(200);
$json = $response->json()['data'];
Expand All @@ -66,7 +69,7 @@ public function testEdit()
$response = $this->actingAs($this->user)
->json(
'PUT',
'/oauth/clients/' . $this->json['id'],
self::OAUTH_CLIENT_URL . $this->json['id'],
[
'name' => 'test123',
'redirect' => 'http://test.com/foo',
Expand All @@ -76,7 +79,7 @@ public function testEdit()
$response->assertStatus(200);

$response = $this->actingAs($this->user)
->json('GET', '/oauth/clients');
->json('GET', self::OAUTH_CLIENTS_URL);

$json = $response->json()['data'];
$this->assertEquals($this->json['id'], $json[0]['id']);
Expand All @@ -95,30 +98,56 @@ public function testEdit()
public function testDelete()
{
$this->actingAs($this->user)
->json('POST', '/oauth/clients', [
->json('POST', self::OAUTH_CLIENTS_URL, [
'name' => 'other',
'redirect' => 'http://other.net',
'types' => ['authorization_code_grant'],
]);

$response = $this->actingAs($this->user)
->json('GET', '/oauth/clients');
->json('GET', self::OAUTH_CLIENTS_URL);

$this->assertCount(2, $response->json()['data']);

$response = $this->actingAs($this->user)
->json(
'DELETE',
'/oauth/clients/' . $this->json['id']
self::OAUTH_CLIENT_URL . $this->json['id']
);
$response->assertStatus(Response::HTTP_NO_CONTENT);

$response = $this->actingAs($this->user)
->json('GET', '/oauth/clients');
->json('GET', self::OAUTH_CLIENTS_URL);

$json = $response->json()['data'];
$this->assertCount(1, $json);
$this->assertEquals('other', $json[0]['name']);
$this->assertEquals('http://other.net', $json[0]['redirect']);
}

public function testEditAndDeleteGlobalClient()
{
$response = $this->actingAs($this->user)
->json('POST', self::OAUTH_CLIENTS_URL, [
'name' => 'global password client',
'types' => ['password_client'],
]);

$response->assertStatus(Response::HTTP_CREATED);
$clientId = $response->json('id');

$response = $this->actingAs($this->user)
->json('PUT', self::OAUTH_CLIENT_URL . $clientId, [
'name' => 'updated global password client',
'types' => ['password_client'],
]);

$response->assertStatus(Response::HTTP_OK);
$this->assertEquals('updated global password client', $response->json('name'));

$response = $this->actingAs($this->user)
->json('DELETE', self::OAUTH_CLIENT_URL . $clientId);

$response->assertStatus(Response::HTTP_NO_CONTENT);
}
}
Loading