]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | ||
3 | namespace Shaarli\Api; | |
4 | ||
5 | use Slim\Container; | |
6 | use Slim\Http\Environment; | |
7 | use Slim\Http\Request; | |
8 | use Slim\Http\Response; | |
9 | ||
10 | /** | |
11 | * Class ApiMiddlewareTest | |
12 | * | |
13 | * Test the REST API Slim Middleware. | |
14 | * | |
15 | * Note that we can't test a valid use case here, because the middleware | |
16 | * needs to call a valid controller/action during its execution. | |
17 | * | |
18 | * @package Api | |
19 | */ | |
20 | class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase | |
21 | { | |
22 | /** | |
23 | * @var string datastore to test write operations | |
24 | */ | |
25 | protected static $testDatastore = 'sandbox/datastore.php'; | |
26 | ||
27 | /** | |
28 | * @var \ConfigManager instance | |
29 | */ | |
30 | protected $conf; | |
31 | ||
32 | /** | |
33 | * @var \ReferenceLinkDB instance. | |
34 | */ | |
35 | protected $refDB = null; | |
36 | ||
37 | /** | |
38 | * @var Container instance. | |
39 | */ | |
40 | protected $container; | |
41 | ||
42 | /** | |
43 | * Before every test, instantiate a new Api with its config, plugins and links. | |
44 | */ | |
45 | public function setUp() | |
46 | { | |
47 | $this->conf = new \ConfigManager('tests/utils/config/configJson.json.php'); | |
48 | $this->conf->set('api.secret', 'NapoleonWasALizard'); | |
49 | ||
50 | $this->refDB = new \ReferenceLinkDB(); | |
51 | $this->refDB->write(self::$testDatastore); | |
52 | ||
53 | $this->container = new Container(); | |
54 | $this->container['conf'] = $this->conf; | |
55 | } | |
56 | ||
57 | /** | |
58 | * After every test, remove the test datastore. | |
59 | */ | |
60 | public function tearDown() | |
61 | { | |
62 | @unlink(self::$testDatastore); | |
63 | } | |
64 | ||
65 | /** | |
66 | * Invoke the middleware with the API disabled: | |
67 | * should return a 401 error Unauthorized. | |
68 | */ | |
69 | public function testInvokeMiddlewareApiDisabled() | |
70 | { | |
71 | $this->conf->set('api.enabled', false); | |
72 | $mw = new ApiMiddleware($this->container); | |
73 | $env = Environment::mock([ | |
74 | 'REQUEST_METHOD' => 'GET', | |
75 | 'REQUEST_URI' => '/echo', | |
76 | ]); | |
77 | $request = Request::createFromEnvironment($env); | |
78 | $response = new Response(); | |
79 | /** @var Response $response */ | |
80 | $response = $mw($request, $response, null); | |
81 | ||
82 | $this->assertEquals(401, $response->getStatusCode()); | |
83 | $body = json_decode((string) $response->getBody()); | |
84 | $this->assertEquals('Not authorized', $body); | |
85 | } | |
86 | ||
87 | /** | |
88 | * Invoke the middleware with the API disabled in debug mode: | |
89 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | |
90 | */ | |
91 | public function testInvokeMiddlewareApiDisabledDebug() | |
92 | { | |
93 | $this->conf->set('api.enabled', false); | |
94 | $this->conf->set('dev.debug', true); | |
95 | $mw = new ApiMiddleware($this->container); | |
96 | $env = Environment::mock([ | |
97 | 'REQUEST_METHOD' => 'GET', | |
98 | 'REQUEST_URI' => '/echo', | |
99 | ]); | |
100 | $request = Request::createFromEnvironment($env); | |
101 | $response = new Response(); | |
102 | /** @var Response $response */ | |
103 | $response = $mw($request, $response, null); | |
104 | ||
105 | $this->assertEquals(401, $response->getStatusCode()); | |
106 | $body = json_decode((string) $response->getBody()); | |
107 | $this->assertEquals('Not authorized: API is disabled', $body->message); | |
108 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | |
109 | } | |
110 | ||
111 | /** | |
112 | * Invoke the middleware without a token (debug): | |
113 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | |
114 | */ | |
115 | public function testInvokeMiddlewareNoTokenProvidedDebug() | |
116 | { | |
117 | $this->conf->set('dev.debug', true); | |
118 | $mw = new ApiMiddleware($this->container); | |
119 | $env = Environment::mock([ | |
120 | 'REQUEST_METHOD' => 'GET', | |
121 | 'REQUEST_URI' => '/echo', | |
122 | ]); | |
123 | $request = Request::createFromEnvironment($env); | |
124 | $response = new Response(); | |
125 | /** @var Response $response */ | |
126 | $response = $mw($request, $response, null); | |
127 | ||
128 | $this->assertEquals(401, $response->getStatusCode()); | |
129 | $body = json_decode((string) $response->getBody()); | |
130 | $this->assertEquals('Not authorized: JWT token not provided', $body->message); | |
131 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | |
132 | } | |
133 | ||
134 | /** | |
135 | * Invoke the middleware without a secret set in settings (debug): | |
136 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | |
137 | */ | |
138 | public function testInvokeMiddlewareNoSecretSetDebug() | |
139 | { | |
140 | $this->conf->set('dev.debug', true); | |
141 | $this->conf->set('api.secret', ''); | |
142 | $mw = new ApiMiddleware($this->container); | |
143 | $env = Environment::mock([ | |
144 | 'REQUEST_METHOD' => 'GET', | |
145 | 'REQUEST_URI' => '/echo', | |
146 | 'HTTP_JWT'=> 'jwt', | |
147 | ]); | |
148 | $request = Request::createFromEnvironment($env); | |
149 | $response = new Response(); | |
150 | /** @var Response $response */ | |
151 | $response = $mw($request, $response, null); | |
152 | ||
153 | $this->assertEquals(401, $response->getStatusCode()); | |
154 | $body = json_decode((string) $response->getBody()); | |
155 | $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); | |
156 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | |
157 | } | |
158 | ||
159 | /** | |
160 | * Invoke the middleware without an invalid JWT token (debug): | |
161 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | |
162 | * | |
163 | * Note: specific JWT errors tests are handled in ApiUtilsTest. | |
164 | */ | |
165 | public function testInvokeMiddlewareInvalidJwtDebug() | |
166 | { | |
167 | $this->conf->set('dev.debug', true); | |
168 | $mw = new ApiMiddleware($this->container); | |
169 | $env = Environment::mock([ | |
170 | 'REQUEST_METHOD' => 'GET', | |
171 | 'REQUEST_URI' => '/echo', | |
172 | 'HTTP_JWT'=> 'bad jwt', | |
173 | ]); | |
174 | $request = Request::createFromEnvironment($env); | |
175 | $response = new Response(); | |
176 | /** @var Response $response */ | |
177 | $response = $mw($request, $response, null); | |
178 | ||
179 | $this->assertEquals(401, $response->getStatusCode()); | |
180 | $body = json_decode((string) $response->getBody()); | |
181 | $this->assertEquals('Not authorized: Malformed JWT token', $body->message); | |
182 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | |
183 | } | |
184 | } |