aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/api/ApiMiddlewareTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/api/ApiMiddlewareTest.php')
-rw-r--r--tests/api/ApiMiddlewareTest.php73
1 files changed, 62 insertions, 11 deletions
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php
index 0b9b03f2..86700840 100644
--- a/tests/api/ApiMiddlewareTest.php
+++ b/tests/api/ApiMiddlewareTest.php
@@ -2,6 +2,7 @@
2namespace Shaarli\Api; 2namespace Shaarli\Api;
3 3
4use Shaarli\Config\ConfigManager; 4use Shaarli\Config\ConfigManager;
5use Shaarli\History;
5use Slim\Container; 6use Slim\Container;
6use Slim\Http\Environment; 7use Slim\Http\Environment;
7use Slim\Http\Request; 8use Slim\Http\Request;
@@ -17,7 +18,7 @@ use Slim\Http\Response;
17 * 18 *
18 * @package Api 19 * @package Api
19 */ 20 */
20class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase 21class ApiMiddlewareTest extends \Shaarli\TestCase
21{ 22{
22 /** 23 /**
23 * @var string datastore to test write operations 24 * @var string datastore to test write operations
@@ -25,7 +26,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
25 protected static $testDatastore = 'sandbox/datastore.php'; 26 protected static $testDatastore = 'sandbox/datastore.php';
26 27
27 /** 28 /**
28 * @var \ConfigManager instance 29 * @var ConfigManager instance
29 */ 30 */
30 protected $conf; 31 protected $conf;
31 32
@@ -40,29 +41,79 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
40 protected $container; 41 protected $container;
41 42
42 /** 43 /**
43 * Before every test, instantiate a new Api with its config, plugins and links. 44 * Before every test, instantiate a new Api with its config, plugins and bookmarks.
44 */ 45 */
45 public function setUp() 46 protected function setUp(): void
46 { 47 {
47 $this->conf = new ConfigManager('tests/utils/config/configJson.json.php'); 48 $this->conf = new ConfigManager('tests/utils/config/configJson');
48 $this->conf->set('api.secret', 'NapoleonWasALizard'); 49 $this->conf->set('api.secret', 'NapoleonWasALizard');
49 50
50 $this->refDB = new \ReferenceLinkDB(); 51 $this->refDB = new \ReferenceLinkDB();
51 $this->refDB->write(self::$testDatastore); 52 $this->refDB->write(self::$testDatastore);
52 53
54 $history = new History('sandbox/history.php');
55
53 $this->container = new Container(); 56 $this->container = new Container();
54 $this->container['conf'] = $this->conf; 57 $this->container['conf'] = $this->conf;
58 $this->container['history'] = $history;
55 } 59 }
56 60
57 /** 61 /**
58 * After every test, remove the test datastore. 62 * After every test, remove the test datastore.
59 */ 63 */
60 public function tearDown() 64 protected function tearDown(): void
61 { 65 {
62 @unlink(self::$testDatastore); 66 @unlink(self::$testDatastore);
63 } 67 }
64 68
65 /** 69 /**
70 * Invoke the middleware with a valid token
71 */
72 public function testInvokeMiddlewareWithValidToken(): void
73 {
74 $next = function (Request $request, Response $response): Response {
75 return $response;
76 };
77 $mw = new ApiMiddleware($this->container);
78 $env = Environment::mock([
79 'REQUEST_METHOD' => 'GET',
80 'REQUEST_URI' => '/echo',
81 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
82 ]);
83 $request = Request::createFromEnvironment($env);
84 $response = new Response();
85 /** @var Response $response */
86 $response = $mw($request, $response, $next);
87
88 $this->assertEquals(200, $response->getStatusCode());
89 }
90
91 /**
92 * Invoke the middleware with a valid token
93 * Using specific Apache CGI redirected authorization.
94 */
95 public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
96 {
97 $next = function (Request $request, Response $response): Response {
98 return $response;
99 };
100
101 $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
102 $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
103 $mw = new ApiMiddleware($this->container);
104 $env = Environment::mock([
105 'REQUEST_METHOD' => 'GET',
106 'REQUEST_URI' => '/echo',
107 ]);
108 $request = Request::createFromEnvironment($env);
109 $response = new Response();
110 /** @var Response $response */
111 $response = $mw($request, $response, $next);
112
113 $this->assertEquals(200, $response->getStatusCode());
114 }
115
116 /**
66 * Invoke the middleware with the API disabled: 117 * Invoke the middleware with the API disabled:
67 * should return a 401 error Unauthorized. 118 * should return a 401 error Unauthorized.
68 */ 119 */
@@ -105,7 +156,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
105 $this->assertEquals(401, $response->getStatusCode()); 156 $this->assertEquals(401, $response->getStatusCode());
106 $body = json_decode((string) $response->getBody()); 157 $body = json_decode((string) $response->getBody());
107 $this->assertEquals('Not authorized: API is disabled', $body->message); 158 $this->assertEquals('Not authorized: API is disabled', $body->message);
108 $this->assertContains('ApiAuthorizationException', $body->stacktrace); 159 $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace);
109 } 160 }
110 161
111 /** 162 /**
@@ -128,7 +179,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
128 $this->assertEquals(401, $response->getStatusCode()); 179 $this->assertEquals(401, $response->getStatusCode());
129 $body = json_decode((string) $response->getBody()); 180 $body = json_decode((string) $response->getBody());
130 $this->assertEquals('Not authorized: JWT token not provided', $body->message); 181 $this->assertEquals('Not authorized: JWT token not provided', $body->message);
131 $this->assertContains('ApiAuthorizationException', $body->stacktrace); 182 $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace);
132 } 183 }
133 184
134 /** 185 /**
@@ -153,7 +204,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
153 $this->assertEquals(401, $response->getStatusCode()); 204 $this->assertEquals(401, $response->getStatusCode());
154 $body = json_decode((string) $response->getBody()); 205 $body = json_decode((string) $response->getBody());
155 $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); 206 $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message);
156 $this->assertContains('ApiAuthorizationException', $body->stacktrace); 207 $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace);
157 } 208 }
158 209
159 /** 210 /**
@@ -176,7 +227,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
176 $this->assertEquals(401, $response->getStatusCode()); 227 $this->assertEquals(401, $response->getStatusCode());
177 $body = json_decode((string) $response->getBody()); 228 $body = json_decode((string) $response->getBody());
178 $this->assertEquals('Not authorized: Invalid JWT header', $body->message); 229 $this->assertEquals('Not authorized: Invalid JWT header', $body->message);
179 $this->assertContains('ApiAuthorizationException', $body->stacktrace); 230 $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace);
180 } 231 }
181 232
182 /** 233 /**
@@ -202,6 +253,6 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
202 $this->assertEquals(401, $response->getStatusCode()); 253 $this->assertEquals(401, $response->getStatusCode());
203 $body = json_decode((string) $response->getBody()); 254 $body = json_decode((string) $response->getBody());
204 $this->assertEquals('Not authorized: Malformed JWT token', $body->message); 255 $this->assertEquals('Not authorized: Malformed JWT token', $body->message);
205 $this->assertContains('ApiAuthorizationException', $body->stacktrace); 256 $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace);
206 } 257 }
207} 258}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 22:56:09 +0000