4 use Shaarli\Config\ConfigManager
;
6 use Slim\Http\Environment
;
8 use Slim\Http\Response
;
11 * Class ApiMiddlewareTest
13 * Test the REST API Slim Middleware.
15 * Note that we can't test a valid use case here, because the middleware
16 * needs to call a valid controller/action during its execution.
20 class ApiMiddlewareTest
extends \PHPUnit\Framework\TestCase
23 * @var string datastore to test write operations
25 protected static $testDatastore = 'sandbox/datastore.php';
28 * @var \ConfigManager instance
33 * @var \ReferenceLinkDB instance.
35 protected $refDB = null;
38 * @var Container instance.
43 * Before every test, instantiate a new Api with its config, plugins and links.
45 public function setUp()
47 $this->conf
= new ConfigManager('tests/utils/config/configJson.json.php');
48 $this->conf
->set('api.secret', 'NapoleonWasALizard');
50 $this->refDB
= new \
ReferenceLinkDB();
51 $this->refDB
->write(self
::$testDatastore);
53 $this->container
= new Container();
54 $this->container
['conf'] = $this->conf
;
58 * After every test, remove the test datastore.
60 public function tearDown()
62 @unlink(self
::$testDatastore);
66 * Invoke the middleware with the API disabled:
67 * should return a 401 error Unauthorized.
69 public function testInvokeMiddlewareApiDisabled()
71 $this->conf
->set('api.enabled', false);
72 $mw = new ApiMiddleware($this->container
);
73 $env = Environment
::mock([
74 'REQUEST_METHOD' => 'GET',
75 'REQUEST_URI' => '/echo',
77 $request = Request
::createFromEnvironment($env);
78 $response = new Response();
79 /** @var Response $response */
80 $response = $mw($request, $response, null);
82 $this->assertEquals(401, $response->getStatusCode());
83 $body = json_decode((string) $response->getBody());
84 $this->assertEquals('Not authorized', $body);
88 * Invoke the middleware with the API disabled in debug mode:
89 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
91 public function testInvokeMiddlewareApiDisabledDebug()
93 $this->conf
->set('api.enabled', false);
94 $this->conf
->set('dev.debug', true);
95 $mw = new ApiMiddleware($this->container
);
96 $env = Environment
::mock([
97 'REQUEST_METHOD' => 'GET',
98 'REQUEST_URI' => '/echo',
100 $request = Request
::createFromEnvironment($env);
101 $response = new Response();
102 /** @var Response $response */
103 $response = $mw($request, $response, null);
105 $this->assertEquals(401, $response->getStatusCode());
106 $body = json_decode((string) $response->getBody());
107 $this->assertEquals('Not authorized: API is disabled', $body->message
);
108 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
112 * Invoke the middleware without a token (debug):
113 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
115 public function testInvokeMiddlewareNoTokenProvidedDebug()
117 $this->conf
->set('dev.debug', true);
118 $mw = new ApiMiddleware($this->container
);
119 $env = Environment
::mock([
120 'REQUEST_METHOD' => 'GET',
121 'REQUEST_URI' => '/echo',
123 $request = Request
::createFromEnvironment($env);
124 $response = new Response();
125 /** @var Response $response */
126 $response = $mw($request, $response, null);
128 $this->assertEquals(401, $response->getStatusCode());
129 $body = json_decode((string) $response->getBody());
130 $this->assertEquals('Not authorized: JWT token not provided', $body->message
);
131 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
135 * Invoke the middleware without a secret set in settings (debug):
136 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
138 public function testInvokeMiddlewareNoSecretSetDebug()
140 $this->conf
->set('dev.debug', true);
141 $this->conf
->set('api.secret', '');
142 $mw = new ApiMiddleware($this->container
);
143 $env = Environment
::mock([
144 'REQUEST_METHOD' => 'GET',
145 'REQUEST_URI' => '/echo',
146 'HTTP_AUTHORIZATION'=> 'Bearer jwt',
148 $request = Request
::createFromEnvironment($env);
149 $response = new Response();
150 /** @var Response $response */
151 $response = $mw($request, $response, null);
153 $this->assertEquals(401, $response->getStatusCode());
154 $body = json_decode((string) $response->getBody());
155 $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message
);
156 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
160 * Invoke the middleware with an invalid JWT token header
162 public function testInvalidJwtAuthHeaderDebug()
164 $this->conf
->set('dev.debug', true);
165 $mw = new ApiMiddleware($this->container
);
166 $env = Environment
::mock([
167 'REQUEST_METHOD' => 'GET',
168 'REQUEST_URI' => '/echo',
169 'HTTP_AUTHORIZATION'=> 'PolarBearer jwt',
171 $request = Request
::createFromEnvironment($env);
172 $response = new Response();
173 /** @var Response $response */
174 $response = $mw($request, $response, null);
176 $this->assertEquals(401, $response->getStatusCode());
177 $body = json_decode((string) $response->getBody());
178 $this->assertEquals('Not authorized: Invalid JWT header', $body->message
);
179 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);
183 * Invoke the middleware with an invalid JWT token (debug):
184 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
186 * Note: specific JWT errors tests are handled in ApiUtilsTest.
188 public function testInvokeMiddlewareInvalidJwtDebug()
190 $this->conf
->set('dev.debug', true);
191 $mw = new ApiMiddleware($this->container
);
192 $env = Environment
::mock([
193 'REQUEST_METHOD' => 'GET',
194 'REQUEST_URI' => '/echo',
195 'HTTP_AUTHORIZATION'=> 'Bearer jwt',
197 $request = Request
::createFromEnvironment($env);
198 $response = new Response();
199 /** @var Response $response */
200 $response = $mw($request, $response, null);
202 $this->assertEquals(401, $response->getStatusCode());
203 $body = json_decode((string) $response->getBody());
204 $this->assertEquals('Not authorized: Malformed JWT token', $body->message
);
205 $this->assertContains('ApiAuthorizationException', $body->stacktrace
);