1 files changed, 184 insertions, 0 deletions
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php
new file mode 100644
index 00000000..4d4dd9b9
--- /dev/null
+++ b/tests/api/ApiMiddlewareTest.php
@@ -0,0 +1,184 @@
+<?php
+namespace Shaarli\Api;
+use Slim\Container;
+use Slim\Http\Environment;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ApiMiddlewareTest
+ *
+ * Test the REST API Slim Middleware.
+ *
+ * Note that we can't test a valid use case here, because the middleware
+ * needs to call a valid controller/action during its execution.
+ *
+ * @package Api
+ */
+class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testDatastore = 'sandbox/datastore.php';
+    /**
+     * @var \ConfigManager instance
+     */
+    protected $conf;
+    /**
+     * @var \ReferenceLinkDB instance.
+     */
+    protected $refDB = null;
+    /**
+     * @var Container instance.
+     */
+    protected $container;
+    /**
+     * Before every test, instantiate a new Api with its config, plugins and links.
+     */
+    public function setUp()
+    {
+        $this->conf = new \ConfigManager('tests/utils/config/configJson.json.php');
+        $this->conf->set('api.secret', 'NapoleonWasALizard');
+        $this->refDB = new \ReferenceLinkDB();
+        $this->refDB->write(self::$testDatastore);
+        $this->container = new Container();
+        $this->container['conf'] = $this->conf;
+    }
+    /**
+     * After every test, remove the test datastore.
+     */
+    public function tearDown()
+    {
+        @unlink(self::$testDatastore);
+    }
+    /**
+     * Invoke the middleware with the API disabled:
+     * should return a 401 error Unauthorized.
+     */
+    public function testInvokeMiddlewareApiDisabled()
+    {
+        $this->conf->set('api.enabled', false);
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, null);
+        $this->assertEquals(401, $response->getStatusCode());
+        $body = json_decode((string) $response->getBody());
+        $this->assertEquals('Not authorized', $body);
+    }
+    /**
+     * Invoke the middleware with the API disabled in debug mode:
+     * should return a 401 error Unauthorized - with a specific message and a stacktrace.
+     */
+    public function testInvokeMiddlewareApiDisabledDebug()
+    {
+        $this->conf->set('api.enabled', false);
+        $this->conf->set('dev.debug', true);
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, null);
+        $this->assertEquals(401, $response->getStatusCode());
+        $body = json_decode((string) $response->getBody());
+        $this->assertEquals('Not authorized: API is disabled', $body->message);
+        $this->assertContains('ApiAuthorizationException', $body->stacktrace);
+    }
+    /**
+     * Invoke the middleware without a token (debug):
+     * should return a 401 error Unauthorized - with a specific message and a stacktrace.
+     */
+    public function testInvokeMiddlewareNoTokenProvidedDebug()
+    {
+        $this->conf->set('dev.debug', true);
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, null);
+        $this->assertEquals(401, $response->getStatusCode());
+        $body = json_decode((string) $response->getBody());
+        $this->assertEquals('Not authorized: JWT token not provided', $body->message);
+        $this->assertContains('ApiAuthorizationException', $body->stacktrace);
+    }
+    /**
+     * Invoke the middleware without a secret set in settings (debug):
+     * should return a 401 error Unauthorized - with a specific message and a stacktrace.
+     */
+    public function testInvokeMiddlewareNoSecretSetDebug()
+    {
+        $this->conf->set('dev.debug', true);
+        $this->conf->set('api.secret', '');
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+            'HTTP_JWT'=> 'jwt',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, null);
+        $this->assertEquals(401, $response->getStatusCode());
+        $body = json_decode((string) $response->getBody());
+        $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message);
+        $this->assertContains('ApiAuthorizationException', $body->stacktrace);
+    }
+    /**
+     * Invoke the middleware without an invalid JWT token (debug):
+     * should return a 401 error Unauthorized - with a specific message and a stacktrace.
+     *
+     * Note: specific JWT errors tests are handled in ApiUtilsTest.
+     */
+    public function testInvokeMiddlewareInvalidJwtDebug()
+    {
+        $this->conf->set('dev.debug', true);
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+            'HTTP_JWT'=> 'bad jwt',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, null);
+        $this->assertEquals(401, $response->getStatusCode());
+        $body = json_decode((string) $response->getBody());
+        $this->assertEquals('Not authorized: Malformed JWT token', $body->message);
+        $this->assertContains('ApiAuthorizationException', $body->stacktrace);
+    }
+}

diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php new file mode 100644 index 00000000..4d4dd9b9 --- /dev/null +++ b/tests/api/ApiMiddlewareTest.php
@@ -0,0 +1,184 @@
	1	<?php
	2
	3	namespace Shaarli\Api;
	4
	5	use Slim\Container;
	6	use Slim\Http\Environment;
	7	use Slim\Http\Request;
	8	use Slim\Http\Response;
	9
	10	/**
	11	* Class ApiMiddlewareTest
	12	*
	13	* Test the REST API Slim Middleware.
	14	*
	15	* Note that we can't test a valid use case here, because the middleware
	16	* needs to call a valid controller/action during its execution.
	17	*
	18	* @package Api
	19	*/
	20	class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase
	21	{
	22	/**
	23	* @var string datastore to test write operations
	24	*/
	25	protected static $testDatastore = 'sandbox/datastore.php';
	26
	27	/**
	28	* @var \ConfigManager instance
	29	*/
	30	protected $conf;
	31
	32	/**
	33	* @var \ReferenceLinkDB instance.
	34	*/
	35	protected $refDB = null;
	36
	37	/**
	38	* @var Container instance.
	39	*/
	40	protected $container;
	41
	42	/**
	43	* Before every test, instantiate a new Api with its config, plugins and links.
	44	*/
	45	public function setUp()
	46	{
	47	$this->conf = new \ConfigManager('tests/utils/config/configJson.json.php');
	48	$this->conf->set('api.secret', 'NapoleonWasALizard');
	49
	50	$this->refDB = new \ReferenceLinkDB();
	51	$this->refDB->write(self::$testDatastore);
	52
	53	$this->container = new Container();
	54	$this->container['conf'] = $this->conf;
	55	}
	56
	57	/**
	58	* After every test, remove the test datastore.
	59	*/
	60	public function tearDown()
	61	{
	62	@unlink(self::$testDatastore);
	63	}
	64
	65	/**
	66	* Invoke the middleware with the API disabled:
	67	* should return a 401 error Unauthorized.
	68	*/
	69	public function testInvokeMiddlewareApiDisabled()
	70	{
	71	$this->conf->set('api.enabled', false);
	72	$mw = new ApiMiddleware($this->container);
	73	$env = Environment::mock([
	74	'REQUEST_METHOD' => 'GET',
	75	'REQUEST_URI' => '/echo',
	76	]);
	77	$request = Request::createFromEnvironment($env);
	78	$response = new Response();
	79	/** @var Response $response */
	80	$response = $mw($request, $response, null);
	81
	82	$this->assertEquals(401, $response->getStatusCode());
	83	$body = json_decode((string) $response->getBody());
	84	$this->assertEquals('Not authorized', $body);
	85	}
	86
	87	/**
	88	* Invoke the middleware with the API disabled in debug mode:
	89	* should return a 401 error Unauthorized - with a specific message and a stacktrace.
	90	*/
	91	public function testInvokeMiddlewareApiDisabledDebug()
	92	{
	93	$this->conf->set('api.enabled', false);
	94	$this->conf->set('dev.debug', true);
	95	$mw = new ApiMiddleware($this->container);
	96	$env = Environment::mock([
	97	'REQUEST_METHOD' => 'GET',
	98	'REQUEST_URI' => '/echo',
	99	]);
	100	$request = Request::createFromEnvironment($env);
	101	$response = new Response();
	102	/** @var Response $response */
	103	$response = $mw($request, $response, null);
	104
	105	$this->assertEquals(401, $response->getStatusCode());
	106	$body = json_decode((string) $response->getBody());
	107	$this->assertEquals('Not authorized: API is disabled', $body->message);
	108	$this->assertContains('ApiAuthorizationException', $body->stacktrace);
	109	}
	110
	111	/**
	112	* Invoke the middleware without a token (debug):
	113	* should return a 401 error Unauthorized - with a specific message and a stacktrace.
	114	*/
	115	public function testInvokeMiddlewareNoTokenProvidedDebug()
	116	{
	117	$this->conf->set('dev.debug', true);
	118	$mw = new ApiMiddleware($this->container);
	119	$env = Environment::mock([
	120	'REQUEST_METHOD' => 'GET',
	121	'REQUEST_URI' => '/echo',
	122	]);
	123	$request = Request::createFromEnvironment($env);
	124	$response = new Response();
	125	/** @var Response $response */
	126	$response = $mw($request, $response, null);
	127
	128	$this->assertEquals(401, $response->getStatusCode());
	129	$body = json_decode((string) $response->getBody());
	130	$this->assertEquals('Not authorized: JWT token not provided', $body->message);
	131	$this->assertContains('ApiAuthorizationException', $body->stacktrace);
	132	}
	133
	134	/**
	135	* Invoke the middleware without a secret set in settings (debug):
	136	* should return a 401 error Unauthorized - with a specific message and a stacktrace.
	137	*/
	138	public function testInvokeMiddlewareNoSecretSetDebug()
	139	{
	140	$this->conf->set('dev.debug', true);
	141	$this->conf->set('api.secret', '');
	142	$mw = new ApiMiddleware($this->container);
	143	$env = Environment::mock([
	144	'REQUEST_METHOD' => 'GET',
	145	'REQUEST_URI' => '/echo',
	146	'HTTP_JWT'=> 'jwt',
	147	]);
	148	$request = Request::createFromEnvironment($env);
	149	$response = new Response();
	150	/** @var Response $response */
	151	$response = $mw($request, $response, null);
	152
	153	$this->assertEquals(401, $response->getStatusCode());
	154	$body = json_decode((string) $response->getBody());
	155	$this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message);
	156	$this->assertContains('ApiAuthorizationException', $body->stacktrace);
	157	}
	158
	159	/**
	160	* Invoke the middleware without an invalid JWT token (debug):
	161	* should return a 401 error Unauthorized - with a specific message and a stacktrace.
	162	*
	163	* Note: specific JWT errors tests are handled in ApiUtilsTest.
	164	*/
	165	public function testInvokeMiddlewareInvalidJwtDebug()
	166	{
	167	$this->conf->set('dev.debug', true);
	168	$mw = new ApiMiddleware($this->container);
	169	$env = Environment::mock([
	170	'REQUEST_METHOD' => 'GET',
	171	'REQUEST_URI' => '/echo',
	172	'HTTP_JWT'=> 'bad jwt',
	173	]);
	174	$request = Request::createFromEnvironment($env);
	175	$response = new Response();
	176	/** @var Response $response */
	177	$response = $mw($request, $response, null);
	178
	179	$this->assertEquals(401, $response->getStatusCode());
	180	$body = json_decode((string) $response->getBody());
	181	$this->assertEquals('Not authorized: Malformed JWT token', $body->message);
	182	$this->assertContains('ApiAuthorizationException', $body->stacktrace);
	183	}
	184	}