4 use Shaarli\Config\ConfigManager
;
7 use Slim\Http\Environment
;
9 use Slim\Http\Response
;
12 * Class ApiMiddlewareTest
14 * Test the REST API Slim Middleware.
16 * Note that we can't test a valid use case here, because the middleware
17 * needs to call a valid controller/action during its execution.
21 class ApiMiddlewareTest
extends \PHPUnit\Framework\TestCase
24 * @var string datastore to test write operations
26 protected static $testDatastore = 'sandbox/datastore.php';
29 * @var \ConfigManager instance
34 * @var \ReferenceLinkDB instance.
36 protected $refDB = null;
39 * @var Container instance.
44 * Before every test, instantiate a new Api with its config, plugins and bookmarks.
46 public function setUp()
48 $this->conf
= new ConfigManager('tests/utils/config/configJson');
49 $this->conf
->set('api.secret', 'NapoleonWasALizard');
51 $this->refDB
= new \
ReferenceLinkDB();
52 $this->refDB
->write(self
::$testDatastore);
54 $history = new History('sandbox/history.php');
56 $this->container
= new Container();
57 $this->container
['conf'] = $this->conf
;
58 $this->container
['history'] = $history;
62 * After every test, remove the test datastore.
64 public function tearDown()
66 @unlink(self
::$testDatastore);
70 * Invoke the middleware with the API disabled:
71 * should return a 401 error Unauthorized.
73 public function testInvokeMiddlewareApiDisabled()
75 $this->conf
->set('api.enabled', false);
76 $mw = new ApiMiddleware($this->container
);
77 $env = Environment
::mock([
78 'REQUEST_METHOD' => 'GET',
79 'REQUEST_URI' => '/echo',
81 $request = Request
::createFromEnvironment($env);
82 $response = new Response();
83 /** @var Response $response */
84 $response = $mw($request, $response, null);
86 $this->assertEquals(401, $response->getStatusCode());
87 $body = json_decode((string) $response->getBody());
88 $this->assertEquals('Not authorized', $body);
92 * Invoke the middleware with the API disabled in debug mode:
93 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
95 public function testInvokeMiddlewareApiDisabledDebug()
97 $this->conf
->set('api.enabled', false);
98 $this->conf
->set('dev.debug', true);
99 $mw = new ApiMiddleware($this->container
);
100 $env = Environment
::mock([
101 'REQUEST_METHOD' => 'GET',
102 'REQUEST_URI' => '/echo',
104 $request = Request
::createFromEnvironment($env);
105 $response = new Response();
106 /** @var Response $response */
107 $response = $mw($request, $response, null);
109 $this->assertEquals(401, $response->getStatusCode());
110 $body = json_decode((string) $response->getBody());
111 $this->assertEquals('Not authorized: API is disabled', $body->message
);
112 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
116 * Invoke the middleware without a token (debug):
117 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
119 public function testInvokeMiddlewareNoTokenProvidedDebug()
121 $this->conf
->set('dev.debug', true);
122 $mw = new ApiMiddleware($this->container
);
123 $env = Environment
::mock([
124 'REQUEST_METHOD' => 'GET',
125 'REQUEST_URI' => '/echo',
127 $request = Request
::createFromEnvironment($env);
128 $response = new Response();
129 /** @var Response $response */
130 $response = $mw($request, $response, null);
132 $this->assertEquals(401, $response->getStatusCode());
133 $body = json_decode((string) $response->getBody());
134 $this->assertEquals('Not authorized: JWT token not provided', $body->message
);
135 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
139 * Invoke the middleware without a secret set in settings (debug):
140 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
142 public function testInvokeMiddlewareNoSecretSetDebug()
144 $this->conf
->set('dev.debug', true);
145 $this->conf
->set('api.secret', '');
146 $mw = new ApiMiddleware($this->container
);
147 $env = Environment
::mock([
148 'REQUEST_METHOD' => 'GET',
149 'REQUEST_URI' => '/echo',
150 'HTTP_AUTHORIZATION'=> 'Bearer jwt',
152 $request = Request
::createFromEnvironment($env);
153 $response = new Response();
154 /** @var Response $response */
155 $response = $mw($request, $response, null);
157 $this->assertEquals(401, $response->getStatusCode());
158 $body = json_decode((string) $response->getBody());
159 $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message
);
160 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
164 * Invoke the middleware with an invalid JWT token header
166 public function testInvalidJwtAuthHeaderDebug()
168 $this->conf
->set('dev.debug', true);
169 $mw = new ApiMiddleware($this->container
);
170 $env = Environment
::mock([
171 'REQUEST_METHOD' => 'GET',
172 'REQUEST_URI' => '/echo',
173 'HTTP_AUTHORIZATION'=> 'PolarBearer jwt',
175 $request = Request
::createFromEnvironment($env);
176 $response = new Response();
177 /** @var Response $response */
178 $response = $mw($request, $response, null);
180 $this->assertEquals(401, $response->getStatusCode());
181 $body = json_decode((string) $response->getBody());
182 $this->assertEquals('Not authorized: Invalid JWT header', $body->message
);
183 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
187 * Invoke the middleware with an invalid JWT token (debug):
188 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
190 * Note: specific JWT errors tests are handled in ApiUtilsTest.
192 public function testInvokeMiddlewareInvalidJwtDebug()
194 $this->conf
->set('dev.debug', true);
195 $mw = new ApiMiddleware($this->container
);
196 $env = Environment
::mock([
197 'REQUEST_METHOD' => 'GET',
198 'REQUEST_URI' => '/echo',
199 'HTTP_AUTHORIZATION'=> 'Bearer jwt',
201 $request = Request
::createFromEnvironment($env);
202 $response = new Response();
203 /** @var Response $response */
204 $response = $mw($request, $response, null);
206 $this->assertEquals(401, $response->getStatusCode());
207 $body = json_decode((string) $response->getBody());
208 $this->assertEquals('Not authorized: Malformed JWT token', $body->message
);
209 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);