fix(refresh_token): given refresh_token not provided, now throws pr…

…oper validation errors instead of 500
wangdeer · Apr 20, 2022 · 059ec24 · 059ec24
1 parent 361309a
commit 059ec24
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 25 deletions.
diff --git a/app/Containers/AppSection/Authentication/Actions/ApiRefreshProxyForWebClientAction.php b/app/Containers/AppSection/Authentication/Actions/ApiRefreshProxyForWebClientAction.php
@@ -4,7 +4,7 @@
 
 use Apiato\Core\Exceptions\IncorrectIdException;
 use App\Containers\AppSection\Authentication\Exceptions\LoginFailedException;
-use App\Containers\AppSection\Authentication\Exceptions\RefreshTokenMissedException;
+use App\Containers\AppSection\Authentication\Exceptions\RefreshTokenMissingException;
 use App\Containers\AppSection\Authentication\Tasks\CallOAuthServerTask;
 use App\Containers\AppSection\Authentication\Tasks\MakeRefreshCookieTask;
 use App\Containers\AppSection\Authentication\UI\API\Requests\RefreshProxyRequest;
@@ -17,7 +17,7 @@ class ApiRefreshProxyForWebClientAction extends Action
      * @param RefreshProxyRequest $request
      * @return array
      * @throws LoginFailedException
-     * @throws RefreshTokenMissedException
+     * @throws RefreshTokenMissingException
      * @throws IncorrectIdException
      */
     public function run(RefreshProxyRequest $request): array
@@ -26,16 +26,16 @@ public function run(RefreshProxyRequest $request): array
             'refresh_token',
         ]);
 
+        if (!array_key_exists('refresh_token', $sanitizedData) && is_null(Request::cookie('refreshToken'))) {
+            throw new RefreshTokenMissingException();
+        }
+
         $sanitizedData['refresh_token'] = $sanitizedData['refresh_token'] ?: Request::cookie('refreshToken');
         $sanitizedData['client_id'] = config('appSection-authentication.clients.web.id');
         $sanitizedData['client_secret'] = config('appSection-authentication.clients.web.secret');
         $sanitizedData['grant_type'] = 'refresh_token';
         $sanitizedData['scope'] = '';
 
-        if (!$sanitizedData['refresh_token']) {
-            throw new RefreshTokenMissedException();
-        }
-
         $responseContent = app(CallOAuthServerTask::class)->run($sanitizedData, $request->headers->get('accept-language'));
         $refreshCookie = app(MakeRefreshCookieTask::class)->run($responseContent['refresh_token']);
 

diff --git a/...xceptions/RefreshTokenMissedException.php → ...ceptions/RefreshTokenMissingException.php b/...xceptions/RefreshTokenMissedException.php → ...ceptions/RefreshTokenMissingException.php
@@ -5,7 +5,7 @@
 use App\Ship\Parents\Exceptions\Exception;
 use Symfony\Component\HttpFoundation\Response;
 
-class RefreshTokenMissedException extends Exception
+class RefreshTokenMissingException extends Exception
 {
     protected $code = Response::HTTP_BAD_REQUEST;
     protected $message = 'We could not find the Refresh Token. Maybe none is provided?';

diff --git a/...iners/AppSection/Authentication/UI/API/Controllers/RefreshProxyForWebClientController.php b/...iners/AppSection/Authentication/UI/API/Controllers/RefreshProxyForWebClientController.php
@@ -5,7 +5,7 @@
 use Apiato\Core\Exceptions\IncorrectIdException;
 use App\Containers\AppSection\Authentication\Actions\ApiRefreshProxyForWebClientAction;
 use App\Containers\AppSection\Authentication\Exceptions\LoginFailedException;
-use App\Containers\AppSection\Authentication\Exceptions\RefreshTokenMissedException;
+use App\Containers\AppSection\Authentication\Exceptions\RefreshTokenMissingException;
 use App\Containers\AppSection\Authentication\UI\API\Requests\RefreshProxyRequest;
 use App\Ship\Parents\Controllers\ApiController;
 use Illuminate\Http\JsonResponse;
@@ -23,7 +23,7 @@ class RefreshProxyForWebClientController extends ApiController
      * @param RefreshProxyRequest $request
      * @return JsonResponse
      * @throws LoginFailedException
-     * @throws RefreshTokenMissedException
+     * @throws RefreshTokenMissingException
      * @throws IncorrectIdException
      */
     public function refreshProxyForWebClient(RefreshProxyRequest $request): JsonResponse

diff --git a/app/Containers/AppSection/Authentication/UI/API/Requests/RefreshProxyRequest.php b/app/Containers/AppSection/Authentication/UI/API/Requests/RefreshProxyRequest.php
@@ -35,7 +35,7 @@ class RefreshProxyRequest extends Request
     public function rules(): array
     {
         return [
-
+            'refresh_token' => 'string',
         ];
     }
 

diff --git a/...ers/AppSection/Authentication/UI/API/Tests/Functional/ApiRefreshProxyForWebClientTest.php b/...ers/AppSection/Authentication/UI/API/Tests/Functional/ApiRefreshProxyForWebClientTest.php
@@ -2,8 +2,9 @@
 
 namespace App\Containers\AppSection\Authentication\UI\API\Tests\Functional;
 
-use App\Containers\AppSection\Authentication\Exceptions\RefreshTokenMissedException;
+use App\Containers\AppSection\Authentication\Exceptions\RefreshTokenMissingException;
 use App\Containers\AppSection\Authentication\UI\API\Tests\ApiTestCase;
+use Illuminate\Testing\Fluent\AssertableJson;
 
 /**
  * Class ApiRefreshProxyForWebClientTest
@@ -17,30 +18,37 @@ class ApiRefreshProxyForWebClientTest extends ApiTestCase
 
     private array $data;
 
-    protected function setUp(): void
+    public function testRequestingRefreshTokenWithoutPassingARefreshTokenShouldThrowAnException(): void
     {
-        parent::setUp();
+        $data = [];
 
-        $this->data = [
-            'email' => '[email protected]',
-            'password' => 'testing_pass',
-        ];
+        $response = $this->makeCall($data);
 
-        $this->getTestingUser($this->data);
-        $this->actingAs($this->testingUser, 'web');
+        $response->assertStatus(400);
+        $message = (new RefreshTokenMissingException())->getMessage();
+        $response->assertJson(
+            fn (AssertableJson $json) => $json->has('message')
+                ->where('message', $message)
+                ->etc()
+        );
     }
 
-    public function testRequestingRefreshTokenWithoutPassingARefreshTokenShouldThrowAnException(): void
+    public function testGivenRefreshTokenPassedAsParameter_ItShouldBeString(): void
     {
         $data = [
-            'refresh_token' => null,
+            'refresh_token' => '', // empty equals `not string`
         ];
 
         $response = $this->makeCall($data);
 
-        $response->assertStatus(400);
-        $message = (new RefreshTokenMissedException())->getMessage();
-        $this->assertResponseContainKeyValue(['message' => $message]);
+        $response->assertStatus(422);
+        $response->assertJson(
+            fn (AssertableJson $json) => $json->hasAll(['message', 'errors' => 1])
+                ->has(
+                    'errors',
+                    fn (AssertableJson $json) => $json->where('refresh_token.0', 'The refresh token must be a string.')
+                )
+        );
     }
 
     public function testOnSuccessfulRefreshTokenRequestEnsureValuesAreSetProperly(): void
@@ -57,6 +65,22 @@ public function testOnSuccessfulRefreshTokenRequestEnsureValuesAreSetProperly():
         $this->assertResponseContainKeyValue([
             'token_type' => 'Bearer',
         ]);
-        $this->assertResponseContainKeys(['expires_in', 'access_token']);
+        $response->assertJson(
+            fn (AssertableJson $json) => $json->hasAll(['expires_in', 'access_token'])
+                ->etc()
+        );
+    }
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->data = [
+            'email' => '[email protected]',
+            'password' => 'testing_pass',
+        ];
+
+        $this->getTestingUser($this->data);
+        $this->actingAs($this->testingUser, 'web');
     }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -35,7 +35,7 @@ class RefreshProxyRequest extends Request @@
         public function rules(): array
         {
             return [
+                'refresh_token' => 'string',
             ];
         }
@@ Expand Down @@