From 255b2264a119f4b8cc9fe211c7740906701e15b4 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 30 Sep 2020 15:57:57 +0200 Subject: [PATCH] Revert unrelated changes and add unit tests --- application/api/ApiMiddleware.php | 24 +++++++++++----- tests/api/ApiMiddlewareTest.php | 47 +++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 7 deletions(-) diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 7f1e7fca..f5b53b01 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -3,6 +3,7 @@ namespace Shaarli\Api; use Shaarli\Api\Exceptions\ApiAuthorizationException; use Shaarli\Api\Exceptions\ApiException; +use Shaarli\Bookmark\BookmarkFileService; use Shaarli\Config\ConfigManager; use Slim\Container; use Slim\Http\Request; @@ -70,7 +71,14 @@ class ApiMiddleware $response = $e->getApiResponse(); } - return $response; + return $response + ->withHeader('Access-Control-Allow-Origin', '*') + ->withHeader( + 'Access-Control-Allow-Headers', + 'X-Requested-With, Content-Type, Accept, Origin, Authorization' + ) + ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') + ; } /** @@ -99,7 +107,9 @@ class ApiMiddleware */ protected function checkToken($request) { - if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { + if (!$request->hasHeader('Authorization') + && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION']) + ) { throw new ApiAuthorizationException('JWT token not provided'); } @@ -121,7 +131,7 @@ class ApiMiddleware } /** - * Instantiate a new LinkDB including private links, + * Instantiate a new LinkDB including private bookmarks, * and load in the Slim container. * * FIXME! LinkDB could use a refactoring to avoid this trick. @@ -130,10 +140,10 @@ class ApiMiddleware */ protected function setLinkDb($conf) { - $linkDb = new \Shaarli\Bookmark\LinkDB( - $conf->get('resource.datastore'), - true, - $conf->get('privacy.hide_public_links') + $linkDb = new BookmarkFileService( + $conf, + $this->container->get('history'), + true ); $this->container['db'] = $linkDb; } diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php index b157e4a7..32031750 100644 --- a/tests/api/ApiMiddlewareTest.php +++ b/tests/api/ApiMiddlewareTest.php @@ -66,6 +66,53 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase @unlink(self::$testDatastore); } + /** + * Invoke the middleware with a valid token + */ + public function testInvokeMiddlewareWithValidToken(): void + { + $next = function (Request $request, Response $response): Response { + return $response; + }; + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'), + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, $next); + + $this->assertEquals(200, $response->getStatusCode()); + } + + /** + * Invoke the middleware with a valid token + * Using specific Apache CGI redirected authorization. + */ + public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void + { + $next = function (Request $request, Response $response): Response { + return $response; + }; + + $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'); + $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token; + $mw = new ApiMiddleware($this->container); + $env = Environment::mock([ + 'REQUEST_METHOD' => 'GET', + 'REQUEST_URI' => '/echo', + ]); + $request = Request::createFromEnvironment($env); + $response = new Response(); + /** @var Response $response */ + $response = $mw($request, $response, $next); + + $this->assertEquals(200, $response->getStatusCode()); + } + /** * Invoke the middleware with the API disabled: * should return a 401 error Unauthorized. -- 2.41.0