X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=tests%2Fapi%2FApiMiddlewareTest.php;h=2afac28bd121d1886211b0c1944afa0afec3d2cf;hb=bcba6bd353161fab456b423e93571ab027d5423c;hp=23a56b1cee4e78e90aec15941fb4b3927242b32e;hpb=236239be752a7bb24547237b5751ac4fcbc0e549;p=github%2Fshaarli%2FShaarli.git diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php index 23a56b1c..2afac28b 100644 --- a/tests/api/ApiMiddlewareTest.php +++ b/tests/api/ApiMiddlewareTest.php @@ -2,7 +2,8 @@ namespace Shaarli\Api; use Shaarli\Config\ConfigManager; - +use Shaarli\History; +use Shaarli\Plugin\PluginManager; use Slim\Container; use Slim\Http\Environment; use Slim\Http\Request; @@ -18,7 +19,7 @@ use Slim\Http\Response; * * @package Api */ -class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase +class ApiMiddlewareTest extends \Shaarli\TestCase { /** * @var string datastore to test write operations @@ -26,7 +27,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase protected static $testDatastore = 'sandbox/datastore.php'; /** - * @var \ConfigManager instance + * @var ConfigManager instance */ protected $conf; @@ -41,28 +42,79 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase protected $container; /** - * Before every test, instantiate a new Api with its config, plugins and links. + * Before every test, instantiate a new Api with its config, plugins and bookmarks. */ - public function setUp() + protected function setUp(): void { - $this->conf = new ConfigManager('tests/utils/config/configJson.json.php'); + $this->conf = new ConfigManager('tests/utils/config/configJson'); $this->conf->set('api.secret', 'NapoleonWasALizard'); $this->refDB = new \ReferenceLinkDB(); $this->refDB->write(self::$testDatastore); + $history = new History('sandbox/history.php'); + $this->container = new Container(); $this->container['conf'] = $this->conf; + $this->container['history'] = $history; + $this->container['pluginManager'] = new PluginManager($this->conf); } /** * After every test, remove the test datastore. */ - public function tearDown() + protected function tearDown(): void { @unlink(self::$testDatastore); } + /** + * Invoke the middleware with a valid token + */ + public function testInvokeMiddlewareWithValidToken(): void + { + $next = function (Request $request, Response $response): Response { + return $response; + }; + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'), + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, $next); + + $this->assertEquals(200, $response->getStatusCode()); + } + + /** + * Invoke the middleware with a valid token + * Using specific Apache CGI redirected authorization. + */ + public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void + { + $next = function (Request $request, Response $response): Response { + return $response; + }; + + $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'); + $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token; + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, $next); + + $this->assertEquals(200, $response->getStatusCode()); + } + /** * Invoke the middleware with the API disabled: * should return a 401 error Unauthorized. @@ -106,7 +158,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: API is disabled', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** @@ -129,7 +181,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: JWT token not provided', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** @@ -154,7 +206,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** @@ -177,7 +229,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: Invalid JWT header', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** @@ -203,6 +255,6 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: Malformed JWT token', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } }