X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=tests%2Fapi%2FApiMiddlewareTest.php;h=86700840b35dfc03ef75e052e0365b4e8ee89e29;hb=8f423eb11c6642d96b5144f56e4698652591ad6b;hp=4d4dd9b979c8180b3ffd05c816ba4e6c1600287e;hpb=80677a23e2e10d78bc527e9754286787b453ce61;p=github%2Fshaarli%2FShaarli.git diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php index 4d4dd9b9..86700840 100644 --- a/tests/api/ApiMiddlewareTest.php +++ b/tests/api/ApiMiddlewareTest.php @@ -1,7 +1,8 @@ conf = new \ConfigManager('tests/utils/config/configJson.json.php'); + $this->conf = new ConfigManager('tests/utils/config/configJson'); $this->conf->set('api.secret', 'NapoleonWasALizard'); $this->refDB = new \ReferenceLinkDB(); $this->refDB->write(self::$testDatastore); + $history = new History('sandbox/history.php'); + $this->container = new Container(); $this->container['conf'] = $this->conf; + $this->container['history'] = $history; } /** * After every test, remove the test datastore. */ - public function tearDown() + protected function tearDown(): void { @unlink(self::$testDatastore); } + /** + * Invoke the middleware with a valid token + */ + public function testInvokeMiddlewareWithValidToken(): void + { + $next = function (Request $request, Response $response): Response { + return $response; + }; + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'), + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, $next); + + $this->assertEquals(200, $response->getStatusCode()); + } + + /** + * Invoke the middleware with a valid token + * Using specific Apache CGI redirected authorization. + */ + public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void + { + $next = function (Request $request, Response $response): Response { + return $response; + }; + + $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'); + $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token; + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, $next); + + $this->assertEquals(200, $response->getStatusCode()); + } + /** * Invoke the middleware with the API disabled: * should return a 401 error Unauthorized. @@ -105,7 +156,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: API is disabled', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** @@ -128,7 +179,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: JWT token not provided', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** @@ -143,7 +194,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $env = Environment::mock([ 'REQUEST_METHOD' => 'GET', 'REQUEST_URI' => '/echo', - 'HTTP_JWT'=> 'jwt', + 'HTTP_AUTHORIZATION'=> 'Bearer jwt', ]); $request = Request::createFromEnvironment($env); $response = new Response(); @@ -153,11 +204,34 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); + } + + /** + * Invoke the middleware with an invalid JWT token header + */ + public function testInvalidJwtAuthHeaderDebug() + { + $this->conf->set('dev.debug', true); + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + 'HTTP_AUTHORIZATION'=> 'PolarBearer jwt', + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, null); + + $this->assertEquals(401, $response->getStatusCode()); + $body = json_decode((string) $response->getBody()); + $this->assertEquals('Not authorized: Invalid JWT header', $body->message); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } /** - * Invoke the middleware without an invalid JWT token (debug): + * Invoke the middleware with an invalid JWT token (debug): * should return a 401 error Unauthorized - with a specific message and a stacktrace. * * Note: specific JWT errors tests are handled in ApiUtilsTest. @@ -169,7 +243,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $env = Environment::mock([ 'REQUEST_METHOD' => 'GET', 'REQUEST_URI' => '/echo', - 'HTTP_JWT'=> 'bad jwt', + 'HTTP_AUTHORIZATION'=> 'Bearer jwt', ]); $request = Request::createFromEnvironment($env); $response = new Response(); @@ -179,6 +253,6 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase $this->assertEquals(401, $response->getStatusCode()); $body = json_decode((string) $response->getBody()); $this->assertEquals('Not authorized: Malformed JWT token', $body->message); - $this->assertContains('ApiAuthorizationException', $body->stacktrace); + $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); } }