stable

Clone or download

Read-only

Access tokens associated to an app in a not active project cannot be used

Test scenario: 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_d>&scope=demo&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. Use this access token to query the demo resource 6. Suspend the project 7. Try to use the access token again, it does not work This is part of story #14542: have OAuth2 flow Change-Id: I02941061d7bbc8c108e703569b4ce559e3596973

Modified Files

Name
M plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenDAO.php +3 −1 Go to diff View file
A plugins/oauth2_server/tests/integration/AccessToken/OAuth2AccessTokenDAOTest.php +146 −0 Go to diff View file