diff options
Diffstat (limited to 'tests/api/ApiMiddlewareTest.php')
| -rw-r--r-- | tests/api/ApiMiddlewareTest.php | 61 |
1 files changed, 54 insertions, 7 deletions
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php index b157e4a7..86700840 100644 --- a/tests/api/ApiMiddlewareTest.php +++ b/tests/api/ApiMiddlewareTest.php | |||
| @@ -18,7 +18,7 @@ use Slim\Http\Response; | |||
| 18 | * | 18 | * |
| 19 | * @package Api | 19 | * @package Api |
| 20 | */ | 20 | */ |
| 21 | class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | 21 | class ApiMiddlewareTest extends \Shaarli\TestCase |
| 22 | { | 22 | { |
| 23 | /** | 23 | /** |
| 24 | * @var string datastore to test write operations | 24 | * @var string datastore to test write operations |
| @@ -26,7 +26,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 26 | protected static $testDatastore = 'sandbox/datastore.php'; | 26 | protected static $testDatastore = 'sandbox/datastore.php'; |
| 27 | 27 | ||
| 28 | /** | 28 | /** |
| 29 | * @var \ConfigManager instance | 29 | * @var ConfigManager instance |
| 30 | */ | 30 | */ |
| 31 | protected $conf; | 31 | protected $conf; |
| 32 | 32 | ||
| @@ -67,6 +67,53 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 67 | } | 67 | } |
| 68 | 68 | ||
| 69 | /** | 69 | /** |
| 70 | * Invoke the middleware with a valid token | ||
| 71 | */ | ||
| 72 | public function testInvokeMiddlewareWithValidToken(): void | ||
| 73 | { | ||
| 74 | $next = function (Request $request, Response $response): Response { | ||
| 75 | return $response; | ||
| 76 | }; | ||
| 77 | $mw = new ApiMiddleware($this->container); | ||
| 78 | $env = Environment::mock([ | ||
| 79 | 'REQUEST_METHOD' => 'GET', | ||
| 80 | 'REQUEST_URI' => '/echo', | ||
| 81 | 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'), | ||
| 82 | ]); | ||
| 83 | $request = Request::createFromEnvironment($env); | ||
| 84 | $response = new Response(); | ||
| 85 | /** @var Response $response */ | ||
| 86 | $response = $mw($request, $response, $next); | ||
| 87 | |||
| 88 | $this->assertEquals(200, $response->getStatusCode()); | ||
| 89 | } | ||
| 90 | |||
| 91 | /** | ||
| 92 | * Invoke the middleware with a valid token | ||
| 93 | * Using specific Apache CGI redirected authorization. | ||
| 94 | */ | ||
| 95 | public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void | ||
| 96 | { | ||
| 97 | $next = function (Request $request, Response $response): Response { | ||
| 98 | return $response; | ||
| 99 | }; | ||
| 100 | |||
| 101 | $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'); | ||
| 102 | $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token; | ||
| 103 | $mw = new ApiMiddleware($this->container); | ||
| 104 | $env = Environment::mock([ | ||
| 105 | 'REQUEST_METHOD' => 'GET', | ||
| 106 | 'REQUEST_URI' => '/echo', | ||
| 107 | ]); | ||
| 108 | $request = Request::createFromEnvironment($env); | ||
| 109 | $response = new Response(); | ||
| 110 | /** @var Response $response */ | ||
| 111 | $response = $mw($request, $response, $next); | ||
| 112 | |||
| 113 | $this->assertEquals(200, $response->getStatusCode()); | ||
| 114 | } | ||
| 115 | |||
| 116 | /** | ||
| 70 | * Invoke the middleware with the API disabled: | 117 | * Invoke the middleware with the API disabled: |
| 71 | * should return a 401 error Unauthorized. | 118 | * should return a 401 error Unauthorized. |
| 72 | */ | 119 | */ |
| @@ -109,7 +156,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 109 | $this->assertEquals(401, $response->getStatusCode()); | 156 | $this->assertEquals(401, $response->getStatusCode()); |
| 110 | $body = json_decode((string) $response->getBody()); | 157 | $body = json_decode((string) $response->getBody()); |
| 111 | $this->assertEquals('Not authorized: API is disabled', $body->message); | 158 | $this->assertEquals('Not authorized: API is disabled', $body->message); |
| 112 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 159 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 113 | } | 160 | } |
| 114 | 161 | ||
| 115 | /** | 162 | /** |
| @@ -132,7 +179,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 132 | $this->assertEquals(401, $response->getStatusCode()); | 179 | $this->assertEquals(401, $response->getStatusCode()); |
| 133 | $body = json_decode((string) $response->getBody()); | 180 | $body = json_decode((string) $response->getBody()); |
| 134 | $this->assertEquals('Not authorized: JWT token not provided', $body->message); | 181 | $this->assertEquals('Not authorized: JWT token not provided', $body->message); |
| 135 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 182 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 136 | } | 183 | } |
| 137 | 184 | ||
| 138 | /** | 185 | /** |
| @@ -157,7 +204,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 157 | $this->assertEquals(401, $response->getStatusCode()); | 204 | $this->assertEquals(401, $response->getStatusCode()); |
| 158 | $body = json_decode((string) $response->getBody()); | 205 | $body = json_decode((string) $response->getBody()); |
| 159 | $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); | 206 | $this->assertEquals('Not authorized: Token secret must be set in Shaarli\'s administration', $body->message); |
| 160 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 207 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 161 | } | 208 | } |
| 162 | 209 | ||
| 163 | /** | 210 | /** |
| @@ -180,7 +227,7 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 180 | $this->assertEquals(401, $response->getStatusCode()); | 227 | $this->assertEquals(401, $response->getStatusCode()); |
| 181 | $body = json_decode((string) $response->getBody()); | 228 | $body = json_decode((string) $response->getBody()); |
| 182 | $this->assertEquals('Not authorized: Invalid JWT header', $body->message); | 229 | $this->assertEquals('Not authorized: Invalid JWT header', $body->message); |
| 183 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 230 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 184 | } | 231 | } |
| 185 | 232 | ||
| 186 | /** | 233 | /** |
| @@ -206,6 +253,6 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase | |||
| 206 | $this->assertEquals(401, $response->getStatusCode()); | 253 | $this->assertEquals(401, $response->getStatusCode()); |
| 207 | $body = json_decode((string) $response->getBody()); | 254 | $body = json_decode((string) $response->getBody()); |
| 208 | $this->assertEquals('Not authorized: Malformed JWT token', $body->message); | 255 | $this->assertEquals('Not authorized: Malformed JWT token', $body->message); |
| 209 | $this->assertContains('ApiAuthorizationException', $body->stacktrace); | 256 | $this->assertContainsPolyfill('ApiAuthorizationException', $body->stacktrace); |
| 210 | } | 257 | } |
| 211 | } | 258 | } |