aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2020-09-30 15:57:57 +0200
committerArthurHoaro <arthur@hoa.ro>2020-09-30 15:57:57 +0200
commit255b2264a119f4b8cc9fe211c7740906701e15b4 (patch)
tree46e013dca2067ab234646b0333611a0b0c8292ce
parent25cb75552baaad62b093b0b38156fcb15dca7826 (diff)
downloadShaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.tar.gz
Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.tar.zst
Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.zip
Revert unrelated changes and add unit tests
-rw-r--r--application/api/ApiMiddleware.php24
-rw-r--r--tests/api/ApiMiddlewareTest.php47
2 files changed, 64 insertions, 7 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 7f1e7fca..f5b53b01 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -3,6 +3,7 @@ namespace Shaarli\Api;
3 3
4use Shaarli\Api\Exceptions\ApiAuthorizationException; 4use Shaarli\Api\Exceptions\ApiAuthorizationException;
5use Shaarli\Api\Exceptions\ApiException; 5use Shaarli\Api\Exceptions\ApiException;
6use Shaarli\Bookmark\BookmarkFileService;
6use Shaarli\Config\ConfigManager; 7use Shaarli\Config\ConfigManager;
7use Slim\Container; 8use Slim\Container;
8use Slim\Http\Request; 9use Slim\Http\Request;
@@ -70,7 +71,14 @@ class ApiMiddleware
70 $response = $e->getApiResponse(); 71 $response = $e->getApiResponse();
71 } 72 }
72 73
73 return $response; 74 return $response
75 ->withHeader('Access-Control-Allow-Origin', '*')
76 ->withHeader(
77 'Access-Control-Allow-Headers',
78 'X-Requested-With, Content-Type, Accept, Origin, Authorization'
79 )
80 ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
81 ;
74 } 82 }
75 83
76 /** 84 /**
@@ -99,7 +107,9 @@ class ApiMiddleware
99 */ 107 */
100 protected function checkToken($request) 108 protected function checkToken($request)
101 { 109 {
102 if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { 110 if (!$request->hasHeader('Authorization')
111 && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
112 ) {
103 throw new ApiAuthorizationException('JWT token not provided'); 113 throw new ApiAuthorizationException('JWT token not provided');
104 } 114 }
105 115
@@ -121,7 +131,7 @@ class ApiMiddleware
121 } 131 }
122 132
123 /** 133 /**
124 * Instantiate a new LinkDB including private links, 134 * Instantiate a new LinkDB including private bookmarks,
125 * and load in the Slim container. 135 * and load in the Slim container.
126 * 136 *
127 * FIXME! LinkDB could use a refactoring to avoid this trick. 137 * FIXME! LinkDB could use a refactoring to avoid this trick.
@@ -130,10 +140,10 @@ class ApiMiddleware
130 */ 140 */
131 protected function setLinkDb($conf) 141 protected function setLinkDb($conf)
132 { 142 {
133 $linkDb = new \Shaarli\Bookmark\LinkDB( 143 $linkDb = new BookmarkFileService(
134 $conf->get('resource.datastore'), 144 $conf,
135 true, 145 $this->container->get('history'),
136 $conf->get('privacy.hide_public_links') 146 true
137 ); 147 );
138 $this->container['db'] = $linkDb; 148 $this->container['db'] = $linkDb;
139 } 149 }
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php
index b157e4a7..32031750 100644
--- a/tests/api/ApiMiddlewareTest.php
+++ b/tests/api/ApiMiddlewareTest.php
@@ -67,6 +67,53 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
67 } 67 }
68 68
69 /** 69 /**
70 * Invoke the middleware with a valid token
71 */
72 public function testInvokeMiddlewareWithValidToken(): void
73 {
74 $next = function (Request $request, Response $response): Response {
75 return $response;
76 };
77 $mw = new ApiMiddleware($this->container);
78 $env = Environment::mock([
79 'REQUEST_METHOD' => 'GET',
80 'REQUEST_URI' => '/echo',
81 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
82 ]);
83 $request = Request::createFromEnvironment($env);
84 $response = new Response();
85 /** @var Response $response */
86 $response = $mw($request, $response, $next);
87
88 $this->assertEquals(200, $response->getStatusCode());
89 }
90
91 /**
92 * Invoke the middleware with a valid token
93 * Using specific Apache CGI redirected authorization.
94 */
95 public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
96 {
97 $next = function (Request $request, Response $response): Response {
98 return $response;
99 };
100
101 $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
102 $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
103 $mw = new ApiMiddleware($this->container);
104 $env = Environment::mock([
105 'REQUEST_METHOD' => 'GET',
106 'REQUEST_URI' => '/echo',
107 ]);
108 $request = Request::createFromEnvironment($env);
109 $response = new Response();
110 /** @var Response $response */
111 $response = $mw($request, $response, $next);
112
113 $this->assertEquals(200, $response->getStatusCode());
114 }
115
116 /**
70 * Invoke the middleware with the API disabled: 117 * Invoke the middleware with the API disabled:
71 * should return a 401 error Unauthorized. 118 * should return a 401 error Unauthorized.
72 */ 119 */