aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/api/ApiMiddlewareTest.php
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-12-15 10:13:00 +0100
committerArthurHoaro <arthur@hoa.ro>2016-12-15 10:36:00 +0100
commit18e6796726d73d7dc90ecdd16c181493941f5487 (patch)
tree17159284be5072b505eead31efdc064b6d5a35d0 /tests/api/ApiMiddlewareTest.php
parent423ab02846286f94276d21e38ca1e296646618bf (diff)
downloadShaarli-18e6796726d73d7dc90ecdd16c181493941f5487.tar.gz
Shaarli-18e6796726d73d7dc90ecdd16c181493941f5487.tar.zst
Shaarli-18e6796726d73d7dc90ecdd16c181493941f5487.zip
REST API structure using Slim framework
* REST API routes are handle by Slim. * Every API controller go through ApiMiddleware which handles security. * First service implemented `/info`, for tests purpose.
Diffstat (limited to 'tests/api/ApiMiddlewareTest.php')
-rw-r--r--tests/api/ApiMiddlewareTest.php184
1 files changed, 184 insertions, 0 deletions
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php
new file mode 100644
index 00000000..4d4dd9b9
--- /dev/null
+++ b/tests/api/ApiMiddlewareTest.php
@@ -0,0 +1,184 @@
1<?php
2
3namespace Shaarli\Api;
4
5use Slim\Container;
6use Slim\Http\Environment;
7use Slim\Http\Request;
8use Slim\Http\Response;
9
10/**
11 * Class ApiMiddlewareTest
12 *
13 * Test the REST API Slim Middleware.
14 *
15 * Note that we can't test a valid use case here, because the middleware
16 * needs to call a valid controller/action during its execution.
17 *
18 * @package Api
19 */
20class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase
21{
22 /**
23 * @var string datastore to test write operations
24 */
25 protected static $testDatastore = 'sandbox/datastore.php';
26
27 /**
28 * @var \ConfigManager instance
29 */
30 protected $conf;
31
32 /**
33 * @var \ReferenceLinkDB instance.
34 */
35 protected $refDB = null;
36
37 /**
38 * @var Container instance.
39 */
40 protected $container;
41
42 /**
43 * Before every test, instantiate a new Api with its config, plugins and links.
44 */
45 public function setUp()
46 {
47 $this->conf = new \ConfigManager('tests/utils/config/configJson.json.php');
48 $this->conf->set('api.secret', 'NapoleonWasALizard');
49
50 $this->refDB = new \ReferenceLinkDB();
51 $this->refDB->write(self::$testDatastore);
52
53 $this->container = new Container();
54 $this->container['conf'] = $this->conf;
55 }
56
57 /**
58 * After every test, remove the test datastore.
59 */
60 public function tearDown()
61 {
62 @unlink(self::$testDatastore);
63 }
64
65 /**
66 * Invoke the middleware with the API disabled:
67 * should return a 401 error Unauthorized.
68 */
69 public function testInvokeMiddlewareApiDisabled()
70 {
71 $this->conf->set('api.enabled', false);
72 $mw = new ApiMiddleware($this->container);
73 $env = Environment::mock([
74 'REQUEST_METHOD' => 'GET',
75 'REQUEST_URI' => '/echo',
76 ]);
77 $request = Request::createFromEnvironment($env);
78 $response = new Response();
79 /** @var Response $response */
80 $response = $mw($request, $response, null);
81
82 $this->assertEquals(401, $response->getStatusCode());
83 $body = json_decode((string) $response->getBody());
84 $this->assertEquals('Not authorized', $body);
85 }
86
87 /**
88 * Invoke the middleware with the API disabled in debug mode:
89 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
90 */
91 public function testInvokeMiddlewareApiDisabledDebug()
92 {
93 $this->conf->set('api.enabled', false);
94 $this->conf->set('dev.debug', true);
95 $mw = new ApiMiddleware($this->container);
96 $env = Environment::mock([
97 'REQUEST_METHOD' => 'GET',
98 'REQUEST_URI' => '/echo',
99 ]);
100 $request = Request::createFromEnvironment($env);
101 $response = new Response();
102 /** @var Response $response */
103 $response = $mw($request, $response, null);
104
105 $this->assertEquals(401, $response->getStatusCode());
106 $body = json_decode((string) $response->getBody());
107 $this->assertEquals('Not authorized: API is disabled', $body->message);
108 $this->assertContains('ApiAuthorizationException', $body->stacktrace);
109 }
110
111 /**
112 * Invoke the middleware without a token (debug):
113 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
114 */
115 public function testInvokeMiddlewareNoTokenProvidedDebug()
116 {
117 $this->conf->set('dev.debug', true);
118 $mw = new ApiMiddleware($this->container);
119 $env = Environment::mock([
120 'REQUEST_METHOD' => 'GET',
121 'REQUEST_URI' => '/echo',
122 ]);
123 $request = Request::createFromEnvironment($env);
124 $response = new Response();
125 /** @var Response $response */
126 $response = $mw($request, $response, null);
127
128 $this->assertEquals(401, $response->getStatusCode());
129 $body = json_decode((string) $response->getBody());
130 $this->assertEquals('Not authorized: JWT token not provided', $body->message);
131 $this->assertContains('ApiAuthorizationException', $body->stacktrace);
132 }
133
134 /**
135 * Invoke the middleware without a secret set in settings (debug):
136 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
137 */
138 public function testInvokeMiddlewareNoSecretSetDebug()
139 {
140 $this->conf->set('dev.debug', true);
141 $this->conf->set('api.secret', '');
142 $mw = new ApiMiddleware($this->container);
143 $env = Environment::mock([
144 'REQUEST_METHOD' => 'GET',
145 'REQUEST_URI' => '/echo',
146 'HTTP_JWT'=> 'jwt',
147 ]);
148 $request = Request::createFromEnvironment($env);
149 $response = new Response();
150 /** @var Response $response */
151 $response = $mw($request, $response, null);
152
153 $this->assertEquals(401, $response->getStatusCode());
154 $body = json_decode((string) $response->getBody());
155 $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message);
156 $this->assertContains('ApiAuthorizationException', $body->stacktrace);
157 }
158
159 /**
160 * Invoke the middleware without an invalid JWT token (debug):
161 * should return a 401 error Unauthorized - with a specific message and a stacktrace.
162 *
163 * Note: specific JWT errors tests are handled in ApiUtilsTest.
164 */
165 public function testInvokeMiddlewareInvalidJwtDebug()
166 {
167 $this->conf->set('dev.debug', true);
168 $mw = new ApiMiddleware($this->container);
169 $env = Environment::mock([
170 'REQUEST_METHOD' => 'GET',
171 'REQUEST_URI' => '/echo',
172 'HTTP_JWT'=> 'bad jwt',
173 ]);
174 $request = Request::createFromEnvironment($env);
175 $response = new Response();
176 /** @var Response $response */
177 $response = $mw($request, $response, null);
178
179 $this->assertEquals(401, $response->getStatusCode());
180 $body = json_decode((string) $response->getBody());
181 $this->assertEquals('Not authorized: Malformed JWT token', $body->message);
182 $this->assertContains('ApiAuthorizationException', $body->stacktrace);
183 }
184}