Merge pull request #340 from City-of-Helsinki/dev

Dev to main
City-of-Helsinki · Sep 17, 2024 · 4729845 · 4729845
2 parents c63304c + 9872e78
commit 4729845
Show file tree

Hide file tree

Showing 4 changed files with 116 additions and 12 deletions.
diff --git a/composer.json b/composer.json
@@ -150,8 +150,11 @@
             "drupal/publication_date": {
                 "[#UHF-7721] Fixed node preview when publication date is not set. (https://drupal.org/i/3074373)": "https://www.drupal.org/files/issues/2022-12-20/publication_date_is_required_for_completing_the_form-3074373-11.patch"
             },
+            "drupal/subrequests": {
+                "Get same results on different request": "https://www.drupal.org/files/issues/2024-08-06/subrequests-3049395-change-request-type.patch"
+            },
             "drupal/decoupled_router": {
-                "Fixing redirect multilanguage 404 (https://drupal.org/i/3111456)": "https://www.drupal.org/files/issues/2022-12-01/decouple_router-3111456-resolve-language-issue-58--get-translation.patch"
+                "Fixing redirect multilanguage 404 (https://drupal.org/i/3111456)": "https://www.drupal.org/files/issues/2024-08-05/decouple_router-3111456-resolve-language-issue-63--get-translation-re-rolled-and-good-redirect.patch"
             },
             "drupal/redirect": {
                 "Validation issue on adding url redirect (https://drupal.org/i/3057250)": "https://www.drupal.org/files/issues/2024-08-11/redirect--2024-08-11--3057250-79.patch",

diff --git a/composer.lock b/composer.lock
diff --git a/public/modules/custom/infofinland_common/src/Controller/OAuth2TokenController.php b/public/modules/custom/infofinland_common/src/Controller/OAuth2TokenController.php
@@ -19,6 +19,7 @@ public function token(ServerRequestInterface $request) {
       $body = $request->getParsedBody();
 
       if (isset($body['client_id'])) {
+        /** @var \Drupal\consumers\Entity\ConsumerInterface[] $defaultClients */
         $defaultClients = $this
           ->entityTypeManager()
           ->getStorage('consumer')
@@ -31,7 +32,7 @@ public function token(ServerRequestInterface $request) {
 
           // Override request body.
           $request = $request->withParsedBody(array_merge($body, [
-            'client_id' => $defaultClient->uuid(),
+            'client_id' => $defaultClient->getClientId(),
           ]));
         }
       }

diff --git a/public/modules/custom/infofinland_common/tests/src/Kernel/OAuth2TokenControllerTest.php b/public/modules/custom/infofinland_common/tests/src/Kernel/OAuth2TokenControllerTest.php
@@ -0,0 +1,99 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\infofinland_common\Kernel;
+
+use Drupal\consumers\Entity\Consumer;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\Url;
+use Drupal\KernelTests\KernelTestBase;
+use Drupal\Tests\helfi_api_base\Traits\ApiTestTrait;
+use Drupal\Tests\user\Traits\UserCreationTrait;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * Tests OAuth2TokenController.
+ *
+ * @group helfi_annif
+ */
+class OAuth2TokenControllerTest extends KernelTestBase {
+
+  use ApiTestTrait;
+  use UserCreationTrait;
+
+  /**
+   * {@inheritdoc}
+   */
+  protected static $modules = [
+    'user',
+    'file',
+    'serialization',
+    'consumers',
+    'image',
+    'simple_oauth',
+    'infofinland_common',
+  ];
+
+  /**
+   * {@inheritDoc}
+   */
+  public function setUp(): void {
+    parent::setUp();
+
+    $this->installEntitySchema('user');
+    $this->installEntitySchema('consumer');
+    $this->installEntitySchema('oauth2_token');
+
+    $user = $this->createUser();
+    $this->createRole([], AccountInterface::AUTHENTICATED_ROLE);
+
+    $config = $this->config('simple_oauth.settings');
+    $config->set('public_key', '../conf/local-keys/public.key');
+    $config->set('private_key', '../conf/local-keys/private.key');
+    $config->save();
+
+    $consumer = Consumer::create([
+      'label' => 'Test Consumer',
+      'client_id' => 'test_client_id',
+      'user_id' => $user->id(),
+      'is_default' => TRUE,
+    ]);
+    $consumer->setOwner($user);
+    $consumer->save();
+  }
+
+  /**
+   * Tests OAuth2 token.
+   */
+  public function testOAuth2Token(): void {
+    // league/oauth2-server wants 600 file permissions for key.
+    chmod('../conf/local-keys/private.key', 0600);
+
+    putenv('APP_ENV=local');
+
+    $uri = Url::fromRoute('oauth2_token.token')->toString();
+    $document = NULL;
+    $parameters = [
+      'client_id' => 'non-existent',
+      'client_secret' => '123',
+      'grant_type' => 'client_credentials',
+    ];
+
+    // OAuth token endpoint works with ANY credentials if APP_ENV=local.
+    $request = Request::create($uri, Request::METHOD_POST, $parameters, [], [], [], $document);
+    $response = $this->processRequest($request);
+
+    $this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
+
+    putenv('APP_ENV=not-local');
+
+    // OAuth token endpoint works with ANY credentials if APP_ENV=local.
+    $request = Request::create($uri, Request::METHOD_POST, $parameters, [], [], [], $document);
+    $response = $this->processRequest($request);
+
+    $this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+  }
+
+}