2019-01-26 10:19:20 +01:00
|
|
|
<?php
|
2019-10-05 17:26:10 +02:00
|
|
|
|
2019-01-26 10:19:20 +01:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
namespace ShlinkioApiTest\Shlink\Rest\Middleware;
|
|
|
|
|
2023-02-09 20:42:18 +01:00
|
|
|
use PHPUnit\Framework\Attributes\DataProvider;
|
|
|
|
use PHPUnit\Framework\Attributes\Test;
|
2019-08-11 16:30:46 +02:00
|
|
|
use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;
|
2019-02-26 22:56:43 +01:00
|
|
|
|
2022-08-14 10:51:12 +02:00
|
|
|
use function sprintf;
|
|
|
|
|
2019-01-26 10:19:20 +01:00
|
|
|
class AuthenticationTest extends ApiTestCase
|
|
|
|
{
|
2023-02-09 20:42:18 +01:00
|
|
|
#[Test, DataProvider('provideApiVersions')]
|
2022-08-14 10:51:12 +02:00
|
|
|
public function authorizationErrorIsReturnedIfNoApiKeyIsSent(string $version, string $expectedType): void
|
2019-01-26 10:19:20 +01:00
|
|
|
{
|
2020-11-07 12:53:14 +01:00
|
|
|
$expectedDetail = 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided';
|
2019-11-27 20:48:35 +01:00
|
|
|
|
2022-08-14 10:51:12 +02:00
|
|
|
$resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version));
|
2019-11-27 20:48:35 +01:00
|
|
|
$payload = $this->getJsonResponsePayload($resp);
|
2019-01-26 10:19:20 +01:00
|
|
|
|
2020-10-04 00:35:14 +02:00
|
|
|
self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
|
|
|
|
self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
|
2022-08-14 10:51:12 +02:00
|
|
|
self::assertEquals($expectedType, $payload['type']);
|
2020-10-04 00:35:14 +02:00
|
|
|
self::assertEquals($expectedDetail, $payload['detail']);
|
|
|
|
self::assertEquals('Invalid authorization', $payload['title']);
|
2019-01-27 10:54:04 +01:00
|
|
|
}
|
|
|
|
|
2023-02-09 09:32:38 +01:00
|
|
|
public static function provideApiVersions(): iterable
|
2022-08-14 10:51:12 +02:00
|
|
|
{
|
|
|
|
yield 'version 1' => ['1', 'INVALID_AUTHORIZATION'];
|
|
|
|
yield 'version 2' => ['2', 'INVALID_AUTHORIZATION'];
|
|
|
|
yield 'version 3' => ['3', 'https://shlink.io/api/error/missing-authentication'];
|
|
|
|
}
|
|
|
|
|
2023-02-09 20:42:18 +01:00
|
|
|
#[Test, DataProvider('provideInvalidApiKeys')]
|
2022-08-14 10:51:12 +02:00
|
|
|
public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(
|
|
|
|
string $apiKey,
|
|
|
|
string $version,
|
|
|
|
string $expectedType,
|
|
|
|
): void {
|
2019-11-27 20:48:35 +01:00
|
|
|
$expectedDetail = 'Provided API key does not exist or is invalid.';
|
|
|
|
|
2022-08-14 10:51:12 +02:00
|
|
|
$resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version), [
|
2019-01-30 18:28:07 +01:00
|
|
|
'headers' => [
|
2020-11-07 12:53:14 +01:00
|
|
|
'X-Api-Key' => $apiKey,
|
2019-01-30 18:28:07 +01:00
|
|
|
],
|
|
|
|
]);
|
2019-11-27 20:48:35 +01:00
|
|
|
$payload = $this->getJsonResponsePayload($resp);
|
2019-01-27 10:54:04 +01:00
|
|
|
|
2020-10-04 00:35:14 +02:00
|
|
|
self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
|
|
|
|
self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
|
2022-08-14 10:51:12 +02:00
|
|
|
self::assertEquals($expectedType, $payload['type']);
|
2020-10-04 00:35:14 +02:00
|
|
|
self::assertEquals($expectedDetail, $payload['detail']);
|
|
|
|
self::assertEquals('Invalid API key', $payload['title']);
|
2019-01-26 10:19:20 +01:00
|
|
|
}
|
2019-01-27 12:14:18 +01:00
|
|
|
|
2023-02-09 09:32:38 +01:00
|
|
|
public static function provideInvalidApiKeys(): iterable
|
2019-01-27 12:14:18 +01:00
|
|
|
{
|
2022-08-14 10:51:12 +02:00
|
|
|
yield 'key which does not exist' => ['invalid', '2', 'INVALID_API_KEY'];
|
|
|
|
yield 'key which is expired' => ['expired_api_key', '2', 'INVALID_API_KEY'];
|
|
|
|
yield 'key which is disabled' => ['disabled_api_key', '2', 'INVALID_API_KEY'];
|
|
|
|
yield 'version 3' => ['disabled_api_key', '3', 'https://shlink.io/api/error/invalid-api-key'];
|
2019-01-27 12:14:18 +01:00
|
|
|
}
|
2019-01-26 10:19:20 +01:00
|
|
|
}
|