diff options
author | ArthurHoaro <arthur@hoa.ro> | 2016-12-15 10:13:00 +0100 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2016-12-15 10:36:00 +0100 |
commit | 18e6796726d73d7dc90ecdd16c181493941f5487 (patch) | |
tree | 17159284be5072b505eead31efdc064b6d5a35d0 /tests/api/ApiMiddlewareTest.php | |
parent | 423ab02846286f94276d21e38ca1e296646618bf (diff) | |
download | Shaarli-18e6796726d73d7dc90ecdd16c181493941f5487.tar.gz Shaarli-18e6796726d73d7dc90ecdd16c181493941f5487.tar.zst Shaarli-18e6796726d73d7dc90ecdd16c181493941f5487.zip |
REST API structure using Slim framework
* REST API routes are handle by Slim.
* Every API controller go through ApiMiddleware which handles security.
* First service implemented `/info`, for tests purpose.
Diffstat (limited to 'tests/api/ApiMiddlewareTest.php')
-rw-r--r-- | tests/api/ApiMiddlewareTest.php | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php new file mode 100644 index 00000000..4d4dd9b9 --- /dev/null +++ b/tests/api/ApiMiddlewareTest.php | |||
@@ -0,0 +1,184 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Shaarli\Api; | ||
4 | |||
5 | use Slim\Container; | ||
6 | use Slim\Http\Environment; | ||
7 | use Slim\Http\Request; | ||
8 | use Slim\Http\Response; | ||
9 | |||
10 | /** | ||
11 | * Class ApiMiddlewareTest | ||
12 | * | ||
13 | * Test the REST API Slim Middleware. | ||
14 | * | ||
15 | * Note that we can't test a valid use case here, because the middleware | ||
16 | * needs to call a valid controller/action during its execution. | ||
17 | * | ||
18 | * @package Api | ||
19 | */ | ||
20 | class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase | ||
21 | { | ||
22 | /** | ||
23 | * @var string datastore to test write operations | ||
24 | */ | ||
25 | protected static $testDatastore = 'sandbox/datastore.php'; | ||
26 | |||
27 | /** | ||
28 | * @var \ConfigManager instance | ||
29 | */ | ||
30 | protected $conf; | ||
31 | |||
32 | /** | ||
33 | * @var \ReferenceLinkDB instance. | ||
34 | */ | ||
35 | protected $refDB = null; | ||
36 | |||
37 | /** | ||
38 | * @var Container instance. | ||
39 | */ | ||
40 | protected $container; | ||
41 | |||
42 | /** | ||
43 | * Before every test, instantiate a new Api with its config, plugins and links. | ||
44 | */ | ||
45 | public function setUp() | ||
46 | { | ||
47 | $this->conf = new \ConfigManager('tests/utils/config/configJson.json.php'); | ||
48 | $this->conf->set('api.secret', 'NapoleonWasALizard'); | ||
49 | |||
50 | $this->refDB = new \ReferenceLinkDB(); | ||
51 | $this->refDB->write(self::$testDatastore); | ||
52 | |||
53 | $this->container = new Container(); | ||
54 | $this->container['conf'] = $this->conf; | ||
55 | } | ||
56 | |||
57 | /** | ||
58 | * After every test, remove the test datastore. | ||
59 | */ | ||
60 | public function tearDown() | ||
61 | { | ||
62 | @unlink(self::$testDatastore); | ||
63 | } | ||
64 | |||
65 | /** | ||
66 | * Invoke the middleware with the API disabled: | ||
67 | * should return a 401 error Unauthorized. | ||
68 | */ | ||
69 | public function testInvokeMiddlewareApiDisabled() | ||
70 | { | ||
71 | $this->conf->set('api.enabled', false); | ||
72 | $mw = new ApiMiddleware($this->container); | ||
73 | $env = Environment::mock([ | ||
74 | 'REQUEST_METHOD' => 'GET', | ||
75 | 'REQUEST_URI' => '/echo', | ||
76 | ]); | ||
77 | $request = Request::createFromEnvironment($env); | ||
78 | $response = new Response(); | ||
79 | /** @var Response $response */ | ||
80 | $response = $mw($request, $response, null); | ||
81 | |||
82 | $this->assertEquals(401, $response->getStatusCode()); | ||
83 | $body = json_decode((string) $response->getBody()); | ||
84 | $this->assertEquals('Not authorized', $body); | ||
85 | } | ||
86 | |||
87 | /** | ||
88 | * Invoke the middleware with the API disabled in debug mode: | ||
89 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | ||
90 | */ | ||
91 | public function testInvokeMiddlewareApiDisabledDebug() | ||
92 | { | ||
93 | $this->conf->set('api.enabled', false); | ||
94 | $this->conf->set('dev.debug', true); | ||
95 | $mw = new ApiMiddleware($this->container); | ||
96 | $env = Environment::mock([ | ||
97 | 'REQUEST_METHOD' => 'GET', | ||
98 | 'REQUEST_URI' => '/echo', | ||
99 | ]); | ||
100 | $request = Request::createFromEnvironment($env); | ||
101 | $response = new Response(); | ||
102 | /** @var Response $response */ | ||
103 | $response = $mw($request, $response, null); | ||
104 | |||
105 | $this->assertEquals(401, $response->getStatusCode()); | ||
106 | $body = json_decode((string) $response->getBody()); | ||
107 | $this->assertEquals('Not authorized: API is disabled', $body->message); | ||
108 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | ||
109 | } | ||
110 | |||
111 | /** | ||
112 | * Invoke the middleware without a token (debug): | ||
113 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | ||
114 | */ | ||
115 | public function testInvokeMiddlewareNoTokenProvidedDebug() | ||
116 | { | ||
117 | $this->conf->set('dev.debug', true); | ||
118 | $mw = new ApiMiddleware($this->container); | ||
119 | $env = Environment::mock([ | ||
120 | 'REQUEST_METHOD' => 'GET', | ||
121 | 'REQUEST_URI' => '/echo', | ||
122 | ]); | ||
123 | $request = Request::createFromEnvironment($env); | ||
124 | $response = new Response(); | ||
125 | /** @var Response $response */ | ||
126 | $response = $mw($request, $response, null); | ||
127 | |||
128 | $this->assertEquals(401, $response->getStatusCode()); | ||
129 | $body = json_decode((string) $response->getBody()); | ||
130 | $this->assertEquals('Not authorized: JWT token not provided', $body->message); | ||
131 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | ||
132 | } | ||
133 | |||
134 | /** | ||
135 | * Invoke the middleware without a secret set in settings (debug): | ||
136 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | ||
137 | */ | ||
138 | public function testInvokeMiddlewareNoSecretSetDebug() | ||
139 | { | ||
140 | $this->conf->set('dev.debug', true); | ||
141 | $this->conf->set('api.secret', ''); | ||
142 | $mw = new ApiMiddleware($this->container); | ||
143 | $env = Environment::mock([ | ||
144 | 'REQUEST_METHOD' => 'GET', | ||
145 | 'REQUEST_URI' => '/echo', | ||
146 | 'HTTP_JWT'=> 'jwt', | ||
147 | ]); | ||
148 | $request = Request::createFromEnvironment($env); | ||
149 | $response = new Response(); | ||
150 | /** @var Response $response */ | ||
151 | $response = $mw($request, $response, null); | ||
152 | |||
153 | $this->assertEquals(401, $response->getStatusCode()); | ||
154 | $body = json_decode((string) $response->getBody()); | ||
155 | $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); | ||
156 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | ||
157 | } | ||
158 | |||
159 | /** | ||
160 | * Invoke the middleware without an invalid JWT token (debug): | ||
161 | * should return a 401 error Unauthorized - with a specific message and a stacktrace. | ||
162 | * | ||
163 | * Note: specific JWT errors tests are handled in ApiUtilsTest. | ||
164 | */ | ||
165 | public function testInvokeMiddlewareInvalidJwtDebug() | ||
166 | { | ||
167 | $this->conf->set('dev.debug', true); | ||
168 | $mw = new ApiMiddleware($this->container); | ||
169 | $env = Environment::mock([ | ||
170 | 'REQUEST_METHOD' => 'GET', | ||
171 | 'REQUEST_URI' => '/echo', | ||
172 | 'HTTP_JWT'=> 'bad jwt', | ||
173 | ]); | ||
174 | $request = Request::createFromEnvironment($env); | ||
175 | $response = new Response(); | ||
176 | /** @var Response $response */ | ||
177 | $response = $mw($request, $response, null); | ||
178 | |||
179 | $this->assertEquals(401, $response->getStatusCode()); | ||
180 | $body = json_decode((string) $response->getBody()); | ||
181 | $this->assertEquals('Not authorized: Malformed JWT token', $body->message); | ||
182 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | ||
183 | } | ||
184 | } | ||