Revert unrelated changes and add unit tests

author: ArthurHoaro <arthur@hoa.ro> 2020-09-30 15:57:57 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-09-30 15:57:57 +0200
commit: 255b2264a119f4b8cc9fe211c7740906701e15b4 (patch)
tree: 46e013dca2067ab234646b0333611a0b0c8292ce
parent: 25cb75552baaad62b093b0b38156fcb15dca7826 (diff)
download: Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.tar.gz
Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.tar.zst
Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.zip
2 files changed, 64 insertions, 7 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 7f1e7fca..f5b53b01 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -3,6 +3,7 @@ namespace Shaarli\Api;
 use Shaarli\Api\Exceptions\ApiAuthorizationException;
 use Shaarli\Api\Exceptions\ApiException;
+use Shaarli\Bookmark\BookmarkFileService;
 use Shaarli\Config\ConfigManager;
 use Slim\Container;
 use Slim\Http\Request;
@@ -70,7 +71,14 @@ class ApiMiddleware
            $response = $e->getApiResponse();
        }
-        return $response;
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader(
+                'Access-Control-Allow-Headers',
+                'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+            )
+            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+        ;
    }
    /**
@@ -99,7 +107,9 @@ class ApiMiddleware
     */
    protected function checkToken($request)
    {
-        if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
+        if (!$request->hasHeader('Authorization')
+            && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
+        ) {
            throw new ApiAuthorizationException('JWT token not provided');
        }
@@ -121,7 +131,7 @@ class ApiMiddleware
    }
    /**
-     * Instantiate a new LinkDB including private links,
+     * Instantiate a new LinkDB including private bookmarks,
     * and load in the Slim container.
     *
     * FIXME! LinkDB could use a refactoring to avoid this trick.
@@ -130,10 +140,10 @@ class ApiMiddleware
     */
    protected function setLinkDb($conf)
    {
-        $linkDb = new \Shaarli\Bookmark\LinkDB(
+        $linkDb = new BookmarkFileService(
-            $conf->get('resource.datastore'),
+            $conf,
-            true,
+            $this->container->get('history'),
-            $conf->get('privacy.hide_public_links')
+            true
        );
        $this->container['db'] = $linkDb;
    }
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php
index b157e4a7..32031750 100644
--- a/tests/api/ApiMiddlewareTest.php
+++ b/tests/api/ApiMiddlewareTest.php
@@ -67,6 +67,53 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
    }
    /**
+     * Invoke the middleware with a valid token
+     */
+    public function testInvokeMiddlewareWithValidToken(): void
+    {
+        $next = function (Request $request, Response $response): Response {
+            return $response;
+        };
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+            'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, $next);
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+    /**
+     * Invoke the middleware with a valid token
+     * Using specific Apache CGI redirected authorization.
+     */
+    public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
+    {
+        $next = function (Request $request, Response $response): Response {
+            return $response;
+        };
+        $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
+        $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, $next);
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+    /**
     * Invoke the middleware with the API disabled:
     * should return a 401 error Unauthorized.
     */
author	ArthurHoaro <arthur@hoa.ro>	2020-09-30 15:57:57 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-09-30 15:57:57 +0200
commit	255b2264a119f4b8cc9fe211c7740906701e15b4 (patch)
tree	46e013dca2067ab234646b0333611a0b0c8292ce
parent	25cb75552baaad62b093b0b38156fcb15dca7826 (diff)
download	Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.tar.gz Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.tar.zst Shaarli-255b2264a119f4b8cc9fe211c7740906701e15b4.zip

diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 7f1e7fca..f5b53b01 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php
@@ -3,6 +3,7 @@ namespace Shaarli\Api;
3		3
4	use Shaarli\Api\Exceptions\ApiAuthorizationException;	4	use Shaarli\Api\Exceptions\ApiAuthorizationException;
5	use Shaarli\Api\Exceptions\ApiException;	5	use Shaarli\Api\Exceptions\ApiException;
		6	use Shaarli\Bookmark\BookmarkFileService;
6	use Shaarli\Config\ConfigManager;	7	use Shaarli\Config\ConfigManager;
7	use Slim\Container;	8	use Slim\Container;
8	use Slim\Http\Request;	9	use Slim\Http\Request;
@@ -70,7 +71,14 @@ class ApiMiddleware
70	$response = $e->getApiResponse();	71	$response = $e->getApiResponse();
71	}	72	}
72		73
73	return $response;	74	return $response
		75	->withHeader('Access-Control-Allow-Origin', '*')
		76	->withHeader(
		77	'Access-Control-Allow-Headers',
		78	'X-Requested-With, Content-Type, Accept, Origin, Authorization'
		79	)
		80	->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
		81	;
74	}	82	}
75		83
76	/**	84	/**
@@ -99,7 +107,9 @@ class ApiMiddleware
99	*/	107	*/
100	protected function checkToken($request)	108	protected function checkToken($request)
101	{	109	{
102	if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {	110	if (!$request->hasHeader('Authorization')
		111	&& !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
		112	) {
103	throw new ApiAuthorizationException('JWT token not provided');	113	throw new ApiAuthorizationException('JWT token not provided');
104	}	114	}
105		115
@@ -121,7 +131,7 @@ class ApiMiddleware
121	}	131	}
122		132
123	/**	133	/**
124	* Instantiate a new LinkDB including private links,	134	* Instantiate a new LinkDB including private bookmarks,
125	* and load in the Slim container.	135	* and load in the Slim container.
126	*	136	*
127	* FIXME! LinkDB could use a refactoring to avoid this trick.	137	* FIXME! LinkDB could use a refactoring to avoid this trick.
@@ -130,10 +140,10 @@ class ApiMiddleware
130	*/	140	*/
131	protected function setLinkDb($conf)	141	protected function setLinkDb($conf)
132	{	142	{
133	$linkDb = new \Shaarli\Bookmark\LinkDB(	143	$linkDb = new BookmarkFileService(
134	$conf->get('resource.datastore'),	144	$conf,
135	true,	145	$this->container->get('history'),
136	$conf->get('privacy.hide_public_links')	146	true
137	);	147	);
138	$this->container['db'] = $linkDb;	148	$this->container['db'] = $linkDb;
139	}	149	}


diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php index b157e4a7..32031750 100644 --- a/tests/api/ApiMiddlewareTest.php +++ b/tests/api/ApiMiddlewareTest.php
@@ -67,6 +67,53 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
67	}	67	}
68		68
69	/**	69	/**
		70	* Invoke the middleware with a valid token
		71	*/
		72	public function testInvokeMiddlewareWithValidToken(): void
		73	{
		74	$next = function (Request $request, Response $response): Response {
		75	return $response;
		76	};
		77	$mw = new ApiMiddleware($this->container);
		78	$env = Environment::mock([
		79	'REQUEST_METHOD' => 'GET',
		80	'REQUEST_URI' => '/echo',
		81	'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
		82	]);
		83	$request = Request::createFromEnvironment($env);
		84	$response = new Response();
		85	/** @var Response $response */
		86	$response = $mw($request, $response, $next);
		87
		88	$this->assertEquals(200, $response->getStatusCode());
		89	}
		90
		91	/**
		92	* Invoke the middleware with a valid token
		93	* Using specific Apache CGI redirected authorization.
		94	*/
		95	public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
		96	{
		97	$next = function (Request $request, Response $response): Response {
		98	return $response;
		99	};
		100
		101	$token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
		102	$this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
		103	$mw = new ApiMiddleware($this->container);
		104	$env = Environment::mock([
		105	'REQUEST_METHOD' => 'GET',
		106	'REQUEST_URI' => '/echo',
		107	]);
		108	$request = Request::createFromEnvironment($env);
		109	$response = new Response();
		110	/** @var Response $response */
		111	$response = $mw($request, $response, $next);
		112
		113	$this->assertEquals(200, $response->getStatusCode());
		114	}
		115
		116	/**
70	* Invoke the middleware with the API disabled:	117	* Invoke the middleware with the API disabled:
71	* should return a 401 error Unauthorized.	118	* should return a 401 error Unauthorized.
72	*/	119	*/