aboutsummaryrefslogblamecommitdiffhomepage
path: root/tests/api/ApiUtilsTest.php
blob: 7a143859529b30b9de9fe35b183925b6c58bd82d (plain) (tree)
1
2
3
4
5
6
7
8
9
10



                      
                              
                           
 


                     
                                            



                                            
                                                   












                                                                       
                                      


                          
                                       

                               
                                                                                                   













                                                                             


                                                                                                     








                                                           
                                                                                                     



                                                          


                                                   


                                                                                         





                                                       


                                                        


                                                                                         





                                                               


                                                              


                                                                                         





                                                               


                                                               


                                                                                         





                                                                        


                                                               


                                                                                         





                                                                          


                                                          


                                                                                         





                                                                                                     


                                                                


                                                                                         




                                                                                    


                                                       


                                                                                         





                                                                                     


                                                        


                                                                                         





                                                                                  


                                                          


                                                                                         





                                                                                     


                                                            


                                                                                         





                                                                                                         


                                                           


                                                                                         


                                                                                                        






                                                             
                 









                                                                                   

                                    












                                                                          
                                                                                   







                                                                            
                 








                                                                                   

                                    












                                                     
                                                                                   
     






                                                                             
                 








                                  

                               
 
                 









                                                                     

                               

                                                   







                                                                                                







                                                                             
                 








                                                        

                               
 
                              

                                                   







                                                             
     
 
<?php

namespace Shaarli\Api;

use Shaarli\Bookmark\Bookmark;
use Shaarli\Http\Base64Url;

/**
 * Class ApiUtilsTest
 */
class ApiUtilsTest extends \Shaarli\TestCase
{
    /**
     * Force the timezone for ISO datetimes.
     */
    public static function setUpBeforeClass(): void
    {
        date_default_timezone_set('UTC');
    }

    /**
     * Generate a valid JWT token.
     *
     * @param string $secret API secret used to generate the signature.
     *
     * @return string Generated token.
     */
    public static function generateValidJwtToken($secret)
    {
        $header = Base64Url::encode('{
            "typ": "JWT",
            "alg": "HS512"
        }');
        $payload = Base64Url::encode('{
            "iat": '. time() .'
        }');
        $signature = Base64Url::encode(hash_hmac('sha512', $header .'.'. $payload, $secret, true));
        return $header .'.'. $payload .'.'. $signature;
    }

    /**
     * Generate a JWT token from given header and payload.
     *
     * @param string $header  Header in JSON format.
     * @param string $payload Payload in JSON format.
     * @param string $secret  API secret used to hash the signature.
     *
     * @return string JWT token.
     */
    public static function generateCustomJwtToken($header, $payload, $secret)
    {
        $header = Base64Url::encode($header);
        $payload = Base64Url::encode($payload);
        $signature = Base64Url::encode(hash_hmac('sha512', $header . '.' . $payload, $secret, true));
        return $header . '.' . $payload . '.' . $signature;
    }

    /**
     * Test validateJwtToken() with a valid JWT token.
     */
    public function testValidateJwtTokenValid()
    {
        $secret = 'WarIsPeace';
        $this->assertTrue(ApiUtils::validateJwtToken(self::generateValidJwtToken($secret), $secret));
    }

    /**
     * Test validateJwtToken() with a malformed JWT token.
     */
    public function testValidateJwtTokenMalformed()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Malformed JWT token');

        $token = 'ABC.DEF';
        ApiUtils::validateJwtToken($token, 'foo');
    }

    /**
     * Test validateJwtToken() with an empty JWT token.
     */
    public function testValidateJwtTokenMalformedEmpty()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Malformed JWT token');

        $token = false;
        ApiUtils::validateJwtToken($token, 'foo');
    }

    /**
     * Test validateJwtToken() with a JWT token without header.
     */
    public function testValidateJwtTokenMalformedEmptyHeader()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Malformed JWT token');

        $token = '.payload.signature';
        ApiUtils::validateJwtToken($token, 'foo');
    }

    /**
     * Test validateJwtToken() with a JWT token without payload
     */
    public function testValidateJwtTokenMalformedEmptyPayload()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Malformed JWT token');

        $token = 'header..signature';
        ApiUtils::validateJwtToken($token, 'foo');
    }

    /**
     * Test validateJwtToken() with a JWT token with an empty signature.
     */
    public function testValidateJwtTokenInvalidSignatureEmpty()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT signature');

        $token = 'header.payload.';
        ApiUtils::validateJwtToken($token, 'foo');
    }

    /**
     * Test validateJwtToken() with a JWT token with an invalid signature.
     */
    public function testValidateJwtTokenInvalidSignature()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT signature');

        $token = 'header.payload.nope';
        ApiUtils::validateJwtToken($token, 'foo');
    }

    /**
     * Test validateJwtToken() with a JWT token with a signature generated with the wrong API secret.
     */
    public function testValidateJwtTokenInvalidSignatureSecret()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT signature');

        ApiUtils::validateJwtToken(self::generateValidJwtToken('foo'), 'bar');
    }

    /**
     * Test validateJwtToken() with a JWT token with a an invalid header (not JSON).
     */
    public function testValidateJwtTokenInvalidHeader()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT header');

        $token = $this->generateCustomJwtToken('notJSON', '{"JSON":1}', 'secret');
        ApiUtils::validateJwtToken($token, 'secret');
    }

    /**
     * Test validateJwtToken() with a JWT token with a an invalid payload (not JSON).
     */
    public function testValidateJwtTokenInvalidPayload()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT payload');

        $token = $this->generateCustomJwtToken('{"JSON":1}', 'notJSON', 'secret');
        ApiUtils::validateJwtToken($token, 'secret');
    }

    /**
     * Test validateJwtToken() with a JWT token without issued time.
     */
    public function testValidateJwtTokenInvalidTimeEmpty()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT issued time');

        $token = $this->generateCustomJwtToken('{"JSON":1}', '{"JSON":1}', 'secret');
        ApiUtils::validateJwtToken($token, 'secret');
    }

    /**
     * Test validateJwtToken() with an expired JWT token.
     */
    public function testValidateJwtTokenInvalidTimeExpired()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT issued time');

        $token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() - 600) . '}', 'secret');
        ApiUtils::validateJwtToken($token, 'secret');
    }

    /**
     * Test validateJwtToken() with a JWT token issued in the future.
     */
    public function testValidateJwtTokenInvalidTimeFuture()
    {
        $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
        $this->expectExceptionMessage('Invalid JWT issued time');

        $token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() + 60) . '}', 'secret');
        ApiUtils::validateJwtToken($token, 'secret');
    }

    /**
     * Test formatLink() with a link using all useful fields.
     */
    public function testFormatLinkComplete()
    {
        $indexUrl = 'https://domain.tld/sub/';
        $data = [
            'id' => 12,
            'url' => 'http://lol.lol',
            'shorturl' => 'abc',
            'title' => 'Important Title',
            'description' => 'It is very lol<tag>' . PHP_EOL . 'new line',
            'tags' => 'blip   .blop ',
            'private' => '1',
            'created' => \DateTime::createFromFormat('Ymd_His', '20170107_160102'),
            'updated' => \DateTime::createFromFormat('Ymd_His', '20170107_160612'),
        ];
        $bookmark = new Bookmark();
        $bookmark->fromArray($data);

        $expected = [
            'id' => 12,
            'url' => 'http://lol.lol',
            'shorturl' => 'abc',
            'title' => 'Important Title',
            'description' => 'It is very lol<tag>' . PHP_EOL . 'new line',
            'tags' => ['blip', '.blop'],
            'private' => true,
            'created' => '2017-01-07T16:01:02+00:00',
            'updated' => '2017-01-07T16:06:12+00:00',
        ];

        $this->assertEquals($expected, ApiUtils::formatLink($bookmark, $indexUrl));
    }

    /**
     * Test formatLink() with only minimal fields filled, and internal link.
     */
    public function testFormatLinkMinimalNote()
    {
        $indexUrl = 'https://domain.tld/sub/';
        $data = [
            'id' => 12,
            'url' => '?abc',
            'shorturl' => 'abc',
            'title' => 'Note',
            'description' => '',
            'tags' => '',
            'private' => '',
            'created' => \DateTime::createFromFormat('Ymd_His', '20170107_160102'),
        ];
        $bookmark = new Bookmark();
        $bookmark->fromArray($data);

        $expected = [
            'id' => 12,
            'url' => 'https://domain.tld/sub/?abc',
            'shorturl' => 'abc',
            'title' => 'Note',
            'description' => '',
            'tags' => [],
            'private' => false,
            'created' => '2017-01-07T16:01:02+00:00',
            'updated' => '',
        ];

        $this->assertEquals($expected, ApiUtils::formatLink($bookmark, $indexUrl));
    }

    /**
     * Test updateLink with valid data, and also unnecessary fields.
     */
    public function testUpdateLink()
    {
        $created = \DateTime::createFromFormat('Ymd_His', '20170107_160102');
        $data = [
            'id' => 12,
            'url' => '?abc',
            'shorturl' => 'abc',
            'title' => 'Note',
            'description' => '',
            'tags' => '',
            'private' => '',
            'created' => $created,
        ];
        $old = new Bookmark();
        $old->fromArray($data);

        $data = [
            'id' => 13,
            'shorturl' => 'nope',
            'url' => 'http://somewhere.else',
            'title' => 'Le Cid',
            'description' => 'Percé jusques au fond du cœur [...]',
            'tags' => 'corneille rodrigue',
            'private' => true,
            'created' => 'creation',
            'updated' => 'updation',
        ];
        $new = new Bookmark();
        $new->fromArray($data);

        $result = ApiUtils::updateLink($old, $new);
        $this->assertEquals(12, $result->getId());
        $this->assertEquals('http://somewhere.else', $result->getUrl());
        $this->assertEquals('abc', $result->getShortUrl());
        $this->assertEquals('Le Cid', $result->getTitle());
        $this->assertEquals('Percé jusques au fond du cœur [...]', $result->getDescription());
        $this->assertEquals('corneille rodrigue', $result->getTagsString());
        $this->assertEquals(true, $result->isPrivate());
        $this->assertEquals($created, $result->getCreated());
    }

    /**
     * Test updateLink with minimal data.
     */
    public function testUpdateLinkMinimal()
    {
        $created = \DateTime::createFromFormat('Ymd_His', '20170107_160102');
        $data = [
            'id' => 12,
            'url' => '?abc',
            'shorturl' => 'abc',
            'title' => 'Note',
            'description' => 'Interesting description!',
            'tags' => 'doggo',
            'private' => true,
            'created' => $created,
        ];
        $old = new Bookmark();
        $old->fromArray($data);

        $new = new Bookmark();

        $result = ApiUtils::updateLink($old, $new);
        $this->assertEquals(12, $result->getId());
        $this->assertEquals('', $result->getUrl());
        $this->assertEquals('abc', $result->getShortUrl());
        $this->assertEquals('', $result->getTitle());
        $this->assertEquals('', $result->getDescription());
        $this->assertEquals('', $result->getTagsString());
        $this->assertEquals(false, $result->isPrivate());
        $this->assertEquals($created, $result->getCreated());
    }
}