diff options
Diffstat (limited to 'tests/api/ApiUtilsTest.php')
-rw-r--r-- | tests/api/ApiUtilsTest.php | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/tests/api/ApiUtilsTest.php b/tests/api/ApiUtilsTest.php index 7efec9bb..7a143859 100644 --- a/tests/api/ApiUtilsTest.php +++ b/tests/api/ApiUtilsTest.php | |||
@@ -8,12 +8,12 @@ use Shaarli\Http\Base64Url; | |||
8 | /** | 8 | /** |
9 | * Class ApiUtilsTest | 9 | * Class ApiUtilsTest |
10 | */ | 10 | */ |
11 | class ApiUtilsTest extends \PHPUnit\Framework\TestCase | 11 | class ApiUtilsTest extends \Shaarli\TestCase |
12 | { | 12 | { |
13 | /** | 13 | /** |
14 | * Force the timezone for ISO datetimes. | 14 | * Force the timezone for ISO datetimes. |
15 | */ | 15 | */ |
16 | public static function setUpBeforeClass() | 16 | public static function setUpBeforeClass(): void |
17 | { | 17 | { |
18 | date_default_timezone_set('UTC'); | 18 | date_default_timezone_set('UTC'); |
19 | } | 19 | } |
@@ -66,143 +66,143 @@ class ApiUtilsTest extends \PHPUnit\Framework\TestCase | |||
66 | 66 | ||
67 | /** | 67 | /** |
68 | * Test validateJwtToken() with a malformed JWT token. | 68 | * Test validateJwtToken() with a malformed JWT token. |
69 | * | ||
70 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
71 | * @expectedExceptionMessage Malformed JWT token | ||
72 | */ | 69 | */ |
73 | public function testValidateJwtTokenMalformed() | 70 | public function testValidateJwtTokenMalformed() |
74 | { | 71 | { |
72 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
73 | $this->expectExceptionMessage('Malformed JWT token'); | ||
74 | |||
75 | $token = 'ABC.DEF'; | 75 | $token = 'ABC.DEF'; |
76 | ApiUtils::validateJwtToken($token, 'foo'); | 76 | ApiUtils::validateJwtToken($token, 'foo'); |
77 | } | 77 | } |
78 | 78 | ||
79 | /** | 79 | /** |
80 | * Test validateJwtToken() with an empty JWT token. | 80 | * Test validateJwtToken() with an empty JWT token. |
81 | * | ||
82 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
83 | * @expectedExceptionMessage Malformed JWT token | ||
84 | */ | 81 | */ |
85 | public function testValidateJwtTokenMalformedEmpty() | 82 | public function testValidateJwtTokenMalformedEmpty() |
86 | { | 83 | { |
84 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
85 | $this->expectExceptionMessage('Malformed JWT token'); | ||
86 | |||
87 | $token = false; | 87 | $token = false; |
88 | ApiUtils::validateJwtToken($token, 'foo'); | 88 | ApiUtils::validateJwtToken($token, 'foo'); |
89 | } | 89 | } |
90 | 90 | ||
91 | /** | 91 | /** |
92 | * Test validateJwtToken() with a JWT token without header. | 92 | * Test validateJwtToken() with a JWT token without header. |
93 | * | ||
94 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
95 | * @expectedExceptionMessage Malformed JWT token | ||
96 | */ | 93 | */ |
97 | public function testValidateJwtTokenMalformedEmptyHeader() | 94 | public function testValidateJwtTokenMalformedEmptyHeader() |
98 | { | 95 | { |
96 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
97 | $this->expectExceptionMessage('Malformed JWT token'); | ||
98 | |||
99 | $token = '.payload.signature'; | 99 | $token = '.payload.signature'; |
100 | ApiUtils::validateJwtToken($token, 'foo'); | 100 | ApiUtils::validateJwtToken($token, 'foo'); |
101 | } | 101 | } |
102 | 102 | ||
103 | /** | 103 | /** |
104 | * Test validateJwtToken() with a JWT token without payload | 104 | * Test validateJwtToken() with a JWT token without payload |
105 | * | ||
106 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
107 | * @expectedExceptionMessage Malformed JWT token | ||
108 | */ | 105 | */ |
109 | public function testValidateJwtTokenMalformedEmptyPayload() | 106 | public function testValidateJwtTokenMalformedEmptyPayload() |
110 | { | 107 | { |
108 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
109 | $this->expectExceptionMessage('Malformed JWT token'); | ||
110 | |||
111 | $token = 'header..signature'; | 111 | $token = 'header..signature'; |
112 | ApiUtils::validateJwtToken($token, 'foo'); | 112 | ApiUtils::validateJwtToken($token, 'foo'); |
113 | } | 113 | } |
114 | 114 | ||
115 | /** | 115 | /** |
116 | * Test validateJwtToken() with a JWT token with an empty signature. | 116 | * Test validateJwtToken() with a JWT token with an empty signature. |
117 | * | ||
118 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
119 | * @expectedExceptionMessage Invalid JWT signature | ||
120 | */ | 117 | */ |
121 | public function testValidateJwtTokenInvalidSignatureEmpty() | 118 | public function testValidateJwtTokenInvalidSignatureEmpty() |
122 | { | 119 | { |
120 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
121 | $this->expectExceptionMessage('Invalid JWT signature'); | ||
122 | |||
123 | $token = 'header.payload.'; | 123 | $token = 'header.payload.'; |
124 | ApiUtils::validateJwtToken($token, 'foo'); | 124 | ApiUtils::validateJwtToken($token, 'foo'); |
125 | } | 125 | } |
126 | 126 | ||
127 | /** | 127 | /** |
128 | * Test validateJwtToken() with a JWT token with an invalid signature. | 128 | * Test validateJwtToken() with a JWT token with an invalid signature. |
129 | * | ||
130 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
131 | * @expectedExceptionMessage Invalid JWT signature | ||
132 | */ | 129 | */ |
133 | public function testValidateJwtTokenInvalidSignature() | 130 | public function testValidateJwtTokenInvalidSignature() |
134 | { | 131 | { |
132 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
133 | $this->expectExceptionMessage('Invalid JWT signature'); | ||
134 | |||
135 | $token = 'header.payload.nope'; | 135 | $token = 'header.payload.nope'; |
136 | ApiUtils::validateJwtToken($token, 'foo'); | 136 | ApiUtils::validateJwtToken($token, 'foo'); |
137 | } | 137 | } |
138 | 138 | ||
139 | /** | 139 | /** |
140 | * Test validateJwtToken() with a JWT token with a signature generated with the wrong API secret. | 140 | * Test validateJwtToken() with a JWT token with a signature generated with the wrong API secret. |
141 | * | ||
142 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
143 | * @expectedExceptionMessage Invalid JWT signature | ||
144 | */ | 141 | */ |
145 | public function testValidateJwtTokenInvalidSignatureSecret() | 142 | public function testValidateJwtTokenInvalidSignatureSecret() |
146 | { | 143 | { |
144 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
145 | $this->expectExceptionMessage('Invalid JWT signature'); | ||
146 | |||
147 | ApiUtils::validateJwtToken(self::generateValidJwtToken('foo'), 'bar'); | 147 | ApiUtils::validateJwtToken(self::generateValidJwtToken('foo'), 'bar'); |
148 | } | 148 | } |
149 | 149 | ||
150 | /** | 150 | /** |
151 | * Test validateJwtToken() with a JWT token with a an invalid header (not JSON). | 151 | * Test validateJwtToken() with a JWT token with a an invalid header (not JSON). |
152 | * | ||
153 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
154 | * @expectedExceptionMessage Invalid JWT header | ||
155 | */ | 152 | */ |
156 | public function testValidateJwtTokenInvalidHeader() | 153 | public function testValidateJwtTokenInvalidHeader() |
157 | { | 154 | { |
155 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
156 | $this->expectExceptionMessage('Invalid JWT header'); | ||
157 | |||
158 | $token = $this->generateCustomJwtToken('notJSON', '{"JSON":1}', 'secret'); | 158 | $token = $this->generateCustomJwtToken('notJSON', '{"JSON":1}', 'secret'); |
159 | ApiUtils::validateJwtToken($token, 'secret'); | 159 | ApiUtils::validateJwtToken($token, 'secret'); |
160 | } | 160 | } |
161 | 161 | ||
162 | /** | 162 | /** |
163 | * Test validateJwtToken() with a JWT token with a an invalid payload (not JSON). | 163 | * Test validateJwtToken() with a JWT token with a an invalid payload (not JSON). |
164 | * | ||
165 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
166 | * @expectedExceptionMessage Invalid JWT payload | ||
167 | */ | 164 | */ |
168 | public function testValidateJwtTokenInvalidPayload() | 165 | public function testValidateJwtTokenInvalidPayload() |
169 | { | 166 | { |
167 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
168 | $this->expectExceptionMessage('Invalid JWT payload'); | ||
169 | |||
170 | $token = $this->generateCustomJwtToken('{"JSON":1}', 'notJSON', 'secret'); | 170 | $token = $this->generateCustomJwtToken('{"JSON":1}', 'notJSON', 'secret'); |
171 | ApiUtils::validateJwtToken($token, 'secret'); | 171 | ApiUtils::validateJwtToken($token, 'secret'); |
172 | } | 172 | } |
173 | 173 | ||
174 | /** | 174 | /** |
175 | * Test validateJwtToken() with a JWT token without issued time. | 175 | * Test validateJwtToken() with a JWT token without issued time. |
176 | * | ||
177 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
178 | * @expectedExceptionMessage Invalid JWT issued time | ||
179 | */ | 176 | */ |
180 | public function testValidateJwtTokenInvalidTimeEmpty() | 177 | public function testValidateJwtTokenInvalidTimeEmpty() |
181 | { | 178 | { |
179 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
180 | $this->expectExceptionMessage('Invalid JWT issued time'); | ||
181 | |||
182 | $token = $this->generateCustomJwtToken('{"JSON":1}', '{"JSON":1}', 'secret'); | 182 | $token = $this->generateCustomJwtToken('{"JSON":1}', '{"JSON":1}', 'secret'); |
183 | ApiUtils::validateJwtToken($token, 'secret'); | 183 | ApiUtils::validateJwtToken($token, 'secret'); |
184 | } | 184 | } |
185 | 185 | ||
186 | /** | 186 | /** |
187 | * Test validateJwtToken() with an expired JWT token. | 187 | * Test validateJwtToken() with an expired JWT token. |
188 | * | ||
189 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
190 | * @expectedExceptionMessage Invalid JWT issued time | ||
191 | */ | 188 | */ |
192 | public function testValidateJwtTokenInvalidTimeExpired() | 189 | public function testValidateJwtTokenInvalidTimeExpired() |
193 | { | 190 | { |
191 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
192 | $this->expectExceptionMessage('Invalid JWT issued time'); | ||
193 | |||
194 | $token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() - 600) . '}', 'secret'); | 194 | $token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() - 600) . '}', 'secret'); |
195 | ApiUtils::validateJwtToken($token, 'secret'); | 195 | ApiUtils::validateJwtToken($token, 'secret'); |
196 | } | 196 | } |
197 | 197 | ||
198 | /** | 198 | /** |
199 | * Test validateJwtToken() with a JWT token issued in the future. | 199 | * Test validateJwtToken() with a JWT token issued in the future. |
200 | * | ||
201 | * @expectedException \Shaarli\Api\Exceptions\ApiAuthorizationException | ||
202 | * @expectedExceptionMessage Invalid JWT issued time | ||
203 | */ | 200 | */ |
204 | public function testValidateJwtTokenInvalidTimeFuture() | 201 | public function testValidateJwtTokenInvalidTimeFuture() |
205 | { | 202 | { |
203 | $this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class); | ||
204 | $this->expectExceptionMessage('Invalid JWT issued time'); | ||
205 | |||
206 | $token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() + 60) . '}', 'secret'); | 206 | $token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() + 60) . '}', 'secret'); |
207 | ApiUtils::validateJwtToken($token, 'secret'); | 207 | ApiUtils::validateJwtToken($token, 'secret'); |
208 | } | 208 | } |