MQE-2601: Create automated test for: "Verify that admin token and customer token life time can be configured from admin"

Author: ysapiga

TwoFactorAuth/Test/Api/GoogleAuthenticateTest.php

@@ -7,14 +7,22 @@
 
 namespace Magento\TwoFactorAuth\Test\Api;
 
+use Magento\Framework\HTTP\ClientInterface;
+use Magento\Framework\Serialize\SerializerInterface;
+use Magento\Framework\UrlInterface;
 use Magento\Framework\Webapi\Rest\Request;
+use Magento\Integration\Model\Oauth\TokenFactory;
+use Magento\Integration\Model\ResourceModel\Oauth\Token as TokenResource;
 use Magento\TestFramework\Helper\Bootstrap;
 use Magento\TestFramework\TestCase\WebapiAbstract;
 use Magento\TwoFactorAuth\Api\TfaInterface;
 use Magento\TwoFactorAuth\Model\Provider\Engine\Google;
 use Magento\User\Model\UserFactory;
 use OTPHP\TOTP;
 
+/**
+ * Class checks google authentication behaviour
+ */
 class GoogleAuthenticateTest extends WebapiAbstract
 {
     const SERVICE_VERSION = 'V1';
@@ -37,18 +45,53 @@ class GoogleAuthenticateTest extends WebapiAbstract
      */
     private $tfa;
 
+    /**
+     * @var ClientInterface
+     */
+    private $client;
+
+    /**
+     * @var UrlInterface
+     */
+    private $url;
+
+    /**
+     * @var SerializerInterface
+     */
+    private $json;
+
+    /**
+     * @var TokenResource
+     */
+    private $tokenResource;
+
+    /**
+     * @var TokenFactory
+     */
+    private $tokenFactory;
+
+    /**
+     * @inheritdoc
+     */
     protected function setUp(): void
     {
         $objectManager = Bootstrap::getObjectManager();
         $this->userFactory = $objectManager->get(UserFactory::class);
         $this->google = $objectManager->get(Google::class);
         $this->tfa = $objectManager->get(TfaInterface::class);
+        $this->client = $objectManager->get(ClientInterface::class);
+        $this->url = $objectManager->get(UrlInterface::class);
+        $this->json = $objectManager->get(SerializerInterface::class);
+        $this->tokenResource = $objectManager->get(TokenResource::class);
+        $this->tokenFactory = $objectManager->get(TokenFactory::class);
     }
 
     /**
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
+     *
+     * @return void
      */
-    public function testInvalidCredentials()
+    public function testInvalidCredentials(): void
     {
         $serviceInfo = $this->buildServiceInfo();
 
@@ -80,8 +123,10 @@ public function testInvalidCredentials()
     /**
      * @magentoConfigFixture twofactorauth/general/force_providers duo_security
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
+     *
+     * @return void
      */
-    public function testUnavailableProvider()
+    public function testUnavailableProvider(): void
     {
         $serviceInfo = $this->buildServiceInfo();
 
@@ -109,8 +154,10 @@ public function testUnavailableProvider()
     /**
      * @magentoConfigFixture twofactorauth/general/force_providers google
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
+     *
+     * @return void
      */
-    public function testInvalidToken()
+    public function testInvalidToken(): void
     {
         $userId = $this->getUserId();
         $serviceInfo = $this->buildServiceInfo();
@@ -141,8 +188,10 @@ public function testInvalidToken()
     /**
      * @magentoConfigFixture twofactorauth/general/force_providers google
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
+     *
+     * @return void
      */
-    public function testNotConfiguredProvider()
+    public function testNotConfiguredProvider(): void
     {
         $userId = $this->getUserId();
         $serviceInfo = $this->buildServiceInfo();
@@ -174,8 +223,10 @@ public function testNotConfiguredProvider()
      * @magentoConfigFixture twofactorauth/general/force_providers google
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
      * @magentoConfigFixture twofactorauth/google/otp_window 120
+     *
+     * @return void
      */
-    public function testValidToken()
+    public function testValidToken(): void
     {
         $userId = $this->getUserId();
         $otp = $this->getUserOtp();
@@ -195,6 +246,36 @@ public function testValidToken()
         self::assertMatchesRegularExpression('/^[a-z0-9]{32}$/', $response);
     }
 
+    /**
+     * @magentoConfigFixture default/oauth/access_token_lifetime/admin 1
+     * @magentoConfigFixture twofactorauth/general/force_providers google
+     *
+     * @magentoApiDataFixture Magento/Webapi/_files/webapi_user.php
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     *
+     * @return void
+     */
+    public function testAdminTokenLifetime(): void
+    {
+        $this->tfa->getProviderByCode(Google::CODE)->activate($this->getUserId('webapi_user'));
+        $otp = $this->getUserOtp('webapi_user');
+        $serviceInfo = $this->buildServiceInfo();
+        $requestData = [
+            'otp' => $otp,
+            'username' => 'webapi_user',
+            'password' => \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD,
+        ];
+        $accessToken = $this->_webApiCall($serviceInfo, $requestData);
+        $result = $this->doCustomerRequest($accessToken, 1);
+        $this->assertContains('customer@example.com', $this->json->unserialize($result));
+        $this->updateTokenCreatedTime($accessToken);
+        $result = $this->doCustomerRequest($accessToken, 1);
+        $this->assertContains(
+            'The consumer isn\'t authorized to access %resources.',
+            $this->json->unserialize($result)
+        );
+    }
+
     /**
      * @return array
      */
@@ -217,20 +298,61 @@ private function buildServiceInfo(): array
         ];
     }
 
-    private function getUserId(): int
+    /**
+     * Get user id
+     *
+     * @param string $userName
+     * @return int
+     */
+    private function getUserId($userName = 'customRoleUser'): int
     {
         $user = $this->userFactory->create();
-        $user->loadByUsername('customRoleUser');
+        $user->loadByUsername($userName);
 
         return (int)$user->getId();
     }
 
-    private function getUserOtp(): string
+    /**
+     * Get user otp
+     *
+     * @param string $userName
+     * @return string
+     */
+    private function getUserOtp($userName = 'customRoleUser'): string
     {
         $user = $this->userFactory->create();
-        $user->loadByUsername('customRoleUser');
+        $user->loadByUsername($userName);
         $totp = TOTP::create($this->google->getSecretCode($user));
 
         return $totp->now();
     }
+
+    /**
+     * Perform request to customers endpoint
+     *
+     * @param string $accessToken
+     * @return string
+     */
+    private function doCustomerRequest(string $accessToken, $customerId): string
+    {
+        $this->client->addHeader('Authorization', 'Bearer ' . $accessToken);
+        $this->client->get($this->url->getBaseUrl() . 'rest/V1/customers/' . $customerId);
+
+        return $this->client->getBody();
+    }
+
+    /**
+     * Update token created time
+     *
+     * @param string $accessToken
+     * @return void
+     */
+    private function updateTokenCreatedTime(string $accessToken): void
+    {
+        $token = $this->tokenFactory->create();
+        $token->loadByToken($accessToken);
+        $createdAt = (new \DateTime('-1 day'))->format('Y-m-d H:i:s');
+        $token->setCreatedAt($createdAt);
+        $this->tokenResource->save($token);
+    }
 }