diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2020-10-13 12:05:08 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2020-10-13 12:05:08 +0200 |
| commit | b6f678a5a1d15acf284ebcec16c905e976671ce1 (patch) | |
| tree | 33c7da831482ed79c44896ef19c73c72ada84f2e /tests/api/ApiMiddlewareTest.php | |
| parent | b14687036b9b800681197f51fdc47e62f0c88e2e (diff) | |
| parent | 1c1520b6b98ab20201bfe15577782a52320339df (diff) | |
| download | Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.tar.gz Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.tar.zst Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.zip | |
Merge branch 'v0.12' into latest
Diffstat (limited to 'tests/api/ApiMiddlewareTest.php')
| -rw-r--r-- | tests/api/ApiMiddlewareTest.php | 73 |
1 files changed, 62 insertions, 11 deletions
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php index 0b9b03f2..86700840 100644 --- a/tests/api/ApiMiddlewareTest.php +++ b/tests/api/ApiMiddlewareTest.php | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | namespace Shaarli\Api; | 2 | namespace Shaarli\Api; |
| 3 | 3 | ||
| 4 | use Shaarli\Config\ConfigManager; | 4 | use Shaarli\Config\ConfigManager; |
| 5 | use Shaarli\History; | ||
| 5 | use Slim\Container; | 6 | use Slim\Container; |
| 6 | use Slim\Http\Environment; | 7 | use Slim\Http\Environment; |
| 7 | use Slim\Http\Request; | 8 | use Slim\Http\Request; |
| @@ -17,7 +18,7 @@ use Slim\Http\Response; | |||
| 17 | * | 18 | * |
| 18 | * @package Api | 19 | * @package Api |
| 19 | */ | 20 | */ |
| 20 | class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | 21 | class ApiMiddlewareTest extends \Shaarli\TestCase |
| 21 | { | 22 | { |
| 22 | /** | 23 | /** |
| 23 | * @var string datastore to test write operations | 24 | * @var string datastore to test write operations |
| @@ -25,7 +26,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 25 | protected static $testDatastore = 'sandbox/datastore.php'; | 26 | protected static $testDatastore = 'sandbox/datastore.php'; |
| 26 | 27 | ||
| 27 | /** | 28 | /** |
| 28 | * @var \ConfigManager instance | 29 | * @var ConfigManager instance |
| 29 | */ | 30 | */ |
| 30 | protected $conf; | 31 | protected $conf; |
| 31 | 32 | ||
| @@ -40,29 +41,79 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 40 | protected $container; | 41 | protected $container; |
| 41 | 42 | ||
| 42 | /** | 43 | /** |
| 43 | * Before every test, instantiate a new Api with its config, plugins and links. | 44 | * Before every test, instantiate a new Api with its config, plugins and bookmarks. |
| 44 | */ | 45 | */ |
| 45 | public function setUp() | 46 | protected function setUp(): void |
| 46 | { | 47 | { |
| 47 | $this->conf = new ConfigManager('tests/utils/config/configJson.json.php'); | 48 | $this->conf = new ConfigManager('tests/utils/config/configJson'); |
| 48 | $this->conf->set('api.secret', 'NapoleonWasALizard'); | 49 | $this->conf->set('api.secret', 'NapoleonWasALizard'); |
| 49 | 50 | ||
| 50 | $this->refDB = new \ReferenceLinkDB(); | 51 | $this->refDB = new \ReferenceLinkDB(); |
| 51 | $this->refDB->write(self::$testDatastore); | 52 | $this->refDB->write(self::$testDatastore); |
| 52 | 53 | ||
| 54 | $history = new History('sandbox/history.php'); | ||
| 55 | |||
| 53 | $this->container = new Container(); | 56 | $this->container = new Container(); |
| 54 | $this->container['conf'] = $this->conf; | 57 | $this->container['conf'] = $this->conf; |
| 58 | $this->container['history'] = $history; | ||
| 55 | } | 59 | } |
| 56 | 60 | ||
| 57 | /** | 61 | /** |
| 58 | * After every test, remove the test datastore. | 62 | * After every test, remove the test datastore. |
| 59 | */ | 63 | */ |
| 60 | public function tearDown() | 64 | protected function tearDown(): void |
| 61 | { | 65 | { |
| 62 | @unlink(self::$testDatastore); | 66 | @unlink(self::$testDatastore); |
| 63 | } | 67 | } |
| 64 | 68 | ||
| 65 | /** | 69 | /** |
| 70 | * Invoke the middleware with a valid token | ||
| 71 | */ | ||
| 72 | public function testInvokeMiddlewareWithValidToken(): void | ||
| 73 | { | ||
| 74 | $next = function (Request $request, Response $response): Response { | ||
| 75 | return $response; | ||
| 76 | }; | ||
| 77 | $mw = new ApiMiddleware($this->container); | ||
| 78 | $env = Environment::mock([ | ||
| 79 | 'REQUEST_METHOD' => 'GET', | ||
| 80 | 'REQUEST_URI' => '/echo', | ||
| 81 | 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'), | ||
| 82 | ]); | ||
| 83 | $request = Request::createFromEnvironment($env); | ||
| 84 | $response = new Response(); | ||
| 85 | /** @var Response $response */ | ||
| 86 | $response = $mw($request, $response, $next); | ||
| 87 | |||
| 88 | $this->assertEquals(200, $response->getStatusCode()); | ||
| 89 | } | ||
| 90 | |||
| 91 | /** | ||
| 92 | * Invoke the middleware with a valid token | ||
| 93 | * Using specific Apache CGI redirected authorization. | ||
| 94 | */ | ||
| 95 | public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void | ||
| 96 | { | ||
| 97 | $next = function (Request $request, Response $response): Response { | ||
| 98 | return $response; | ||
| 99 | }; | ||
| 100 | |||
| 101 | $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'); | ||
| 102 | $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token; | ||
| 103 | $mw = new ApiMiddleware($this->container); | ||
| 104 | $env = Environment::mock([ | ||
| 105 | 'REQUEST_METHOD' => 'GET', | ||
| 106 | 'REQUEST_URI' => '/echo', | ||
| 107 | ]); | ||
| 108 | $request = Request::createFromEnvironment($env); | ||
| 109 | $response = new Response(); | ||
| 110 | /** @var Response $response */ | ||
| 111 | $response = $mw($request, $response, $next); | ||
| 112 | |||
| 113 | $this->assertEquals(200, $response->getStatusCode()); | ||
| 114 | } | ||
| 115 | |||
| 116 | /** | ||
| 66 | * Invoke the middleware with the API disabled: | 117 | * Invoke the middleware with the API disabled: |
| 67 | * should return a 401 error Unauthorized. | 118 | * should return a 401 error Unauthorized. |
| 68 | */ | 119 | */ |
| @@ -105,7 +156,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 105 | $this->assertEquals(401, $response->getStatusCode()); | 156 | $this->assertEquals(401, $response->getStatusCode()); |
| 106 | $body = json_decode((string) $response->getBody()); | 157 | $body = json_decode((string) $response->getBody()); |
| 107 | $this->assertEquals('Not authorized: API is disabled', $body->message); | 158 | $this->assertEquals('Not authorized: API is disabled', $body->message); |
| 108 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 159 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 109 | } | 160 | } |
| 110 | 161 | ||
| 111 | /** | 162 | /** |
| @@ -128,7 +179,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 128 | $this->assertEquals(401, $response->getStatusCode()); | 179 | $this->assertEquals(401, $response->getStatusCode()); |
| 129 | $body = json_decode((string) $response->getBody()); | 180 | $body = json_decode((string) $response->getBody()); |
| 130 | $this->assertEquals('Not authorized: JWT token not provided', $body->message); | 181 | $this->assertEquals('Not authorized: JWT token not provided', $body->message); |
| 131 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 182 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 132 | } | 183 | } |
| 133 | 184 | ||
| 134 | /** | 185 | /** |
| @@ -153,7 +204,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 153 | $this->assertEquals(401, $response->getStatusCode()); | 204 | $this->assertEquals(401, $response->getStatusCode()); |
| 154 | $body = json_decode((string) $response->getBody()); | 205 | $body = json_decode((string) $response->getBody()); |
| 155 | $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); | 206 | $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); |
| 156 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 207 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 157 | } | 208 | } |
| 158 | 209 | ||
| 159 | /** | 210 | /** |
| @@ -176,7 +227,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 176 | $this->assertEquals(401, $response->getStatusCode()); | 227 | $this->assertEquals(401, $response->getStatusCode()); |
| 177 | $body = json_decode((string) $response->getBody()); | 228 | $body = json_decode((string) $response->getBody()); |
| 178 | $this->assertEquals('Not authorized: Invalid JWT header', $body->message); | 229 | $this->assertEquals('Not authorized: Invalid JWT header', $body->message); |
| 179 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 230 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 180 | } | 231 | } |
| 181 | 232 | ||
| 182 | /** | 233 | /** |
| @@ -202,6 +253,6 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 202 | $this->assertEquals(401, $response->getStatusCode()); | 253 | $this->assertEquals(401, $response->getStatusCode()); |
| 203 | $body = json_decode((string) $response->getBody()); | 254 | $body = json_decode((string) $response->getBody()); |
| 204 | $this->assertEquals('Not authorized: Malformed JWT token', $body->message); | 255 | $this->assertEquals('Not authorized: Malformed JWT token', $body->message); |
| 205 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 256 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 206 | } | 257 | } |
| 207 | } | 258 | } |