shlink/module/Rest/test-api/Middleware/AuthenticationTest.php

<?php

declare(strict_types=1);

namespace ShlinkioApiTest\Shlink\Rest\Middleware;

use Shlinkio\Shlink\Rest\Authentication\Plugin;
use Shlinkio\Shlink\Rest\Authentication\RequestToHttpAuthPlugin;
use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;

use function implode;
use function sprintf;

class AuthenticationTest extends ApiTestCase
{
    /** @test */
    public function authorizationErrorIsReturnedIfNoApiKeyIsSent(): void
    {
        $expectedDetail = sprintf(
            'Expected one of the following authentication headers, ["%s"], but none were provided',
            implode('", "', RequestToHttpAuthPlugin::SUPPORTED_AUTH_HEADERS)
        );

        $resp = $this->callApi(self::METHOD_GET, '/short-codes');
        $payload = $this->getJsonResponsePayload($resp);

        $this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
        $this->assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
        $this->assertEquals('INVALID_AUTHORIZATION', $payload['type']);
        $this->assertEquals('INVALID_AUTHORIZATION', $payload['error']); // Deprecated
        $this->assertEquals($expectedDetail, $payload['detail']);
        $this->assertEquals($expectedDetail, $payload['message']); // Deprecated
        $this->assertEquals('Invalid authorization', $payload['title']);
    }

    /**
     * @test
     * @dataProvider provideInvalidApiKeys
     */
    public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(string $apiKey): void
    {
        $expectedDetail = 'Provided API key does not exist or is invalid.';

        $resp = $this->callApi(self::METHOD_GET, '/short-codes', [
            'headers' => [
                Plugin\ApiKeyHeaderPlugin::HEADER_NAME => $apiKey,
            ],
        ]);
        $payload = $this->getJsonResponsePayload($resp);

        $this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
        $this->assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
        $this->assertEquals('INVALID_API_KEY', $payload['type']);
        $this->assertEquals('INVALID_API_KEY', $payload['error']); // Deprecated
        $this->assertEquals($expectedDetail, $payload['detail']);
        $this->assertEquals($expectedDetail, $payload['message']); // Deprecated
        $this->assertEquals('Invalid API key', $payload['title']);
    }

    public function provideInvalidApiKeys(): iterable
    {
        yield 'key which does not exist' => ['invalid'];
        yield 'key which is expired' => ['expired_api_key'];
        yield 'key which is disabled' => ['disabled_api_key'];
    }

    /**
     * @test
     * @dataProvider provideInvalidAuthorizations
     */
    public function authorizationErrorIsReturnedIfInvalidDataIsProvided(
        string $authValue,
        string $expectedDetail,
        string $expectedType,
        string $expectedTitle
    ): void {
        $resp = $this->callApi(self::METHOD_GET, '/short-codes', [
            'headers' => [
                Plugin\AuthorizationHeaderPlugin::HEADER_NAME => $authValue,
            ],
        ]);
        $payload = $this->getJsonResponsePayload($resp);

        $this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
        $this->assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
        $this->assertEquals($expectedType, $payload['type']);
        $this->assertEquals($expectedType, $payload['error']); // Deprecated
        $this->assertEquals($expectedDetail, $payload['detail']);
        $this->assertEquals($expectedDetail, $payload['message']); // Deprecated
        $this->assertEquals($expectedTitle, $payload['title']);
    }

    public function provideInvalidAuthorizations(): iterable
    {
        yield 'no type' => [
            'invalid',
            'You need to provide the Bearer type in the Authorization header.',
            'INVALID_AUTHORIZATION',
            'Invalid authorization',
        ];
        yield 'invalid type' => [
            'Basic invalid',
            'Provided authorization type Basic is not supported. Use Bearer instead.',
            'INVALID_AUTHORIZATION',
            'Invalid authorization',
        ];
        yield 'invalid JWT' => [
            'Bearer invalid',
            'Missing or invalid auth token provided. Perform a new authentication request and send provided '
            . 'token on every new request on the Authorization header',
            'INVALID_AUTH_TOKEN',
            'Invalid auth token',
        ];
    }
}
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`<?php`
Updated to coding styles v2 2019-10-05 18:26:10 +03:00
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`declare(strict_types=1);`

			`namespace ShlinkioApiTest\Shlink\Rest\Middleware;`

Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`use Shlinkio\Shlink\Rest\Authentication\Plugin;`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00			`use Shlinkio\Shlink\Rest\Authentication\RequestToHttpAuthPlugin;`
Created TestUtils module 2019-08-11 17:30:46 +03:00			`use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;`
Updated to shlinkio coding standard 1.1.0 2019-02-27 00:56:43 +03:00
Improved how API tests are executed 2019-01-27 12:54:04 +03:00			`use function implode;`
			`use function sprintf;`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00
			`class AuthenticationTest extends ApiTestCase`
			`{`
Reduced amount of dead lines in tests 2019-02-17 22:28:34 +03:00			`/** @test */`
			`public function authorizationErrorIsReturnedIfNoApiKeyIsSent(): void`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`{`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$expectedDetail = sprintf(`
Improved domain exception tests to cover more possible mutants 2019-12-01 12:14:29 +03:00			`'Expected one of the following authentication headers, ["%s"], but none were provided',`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`implode('", "', RequestToHttpAuthPlugin::SUPPORTED_AUTH_HEADERS)`
			`);`

Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`$resp = $this->callApi(self::METHOD_GET, '/short-codes');`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$payload = $this->getJsonResponsePayload($resp);`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00
Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`$this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$this->assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);`
			`$this->assertEquals('INVALID_AUTHORIZATION', $payload['type']);`
			`$this->assertEquals('INVALID_AUTHORIZATION', $payload['error']); // Deprecated`
			`$this->assertEquals($expectedDetail, $payload['detail']);`
			`$this->assertEquals($expectedDetail, $payload['message']); // Deprecated`
			`$this->assertEquals('Invalid authorization', $payload['title']);`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00			`}`

			`/**`
			`* @test`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00			`* @dataProvider provideInvalidApiKeys`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00			`*/`
Reduced amount of dead lines in tests 2019-02-17 22:28:34 +03:00			`public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(string $apiKey): void`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00			`{`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$expectedDetail = 'Provided API key does not exist or is invalid.';`

Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`$resp = $this->callApi(self::METHOD_GET, '/short-codes', [`
			`'headers' => [`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`Plugin\ApiKeyHeaderPlugin::HEADER_NAME => $apiKey,`
Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`],`
			`]);`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$payload = $this->getJsonResponsePayload($resp);`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00
Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`$this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$this->assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);`
			`$this->assertEquals('INVALID_API_KEY', $payload['type']);`
			`$this->assertEquals('INVALID_API_KEY', $payload['error']); // Deprecated`
			`$this->assertEquals($expectedDetail, $payload['detail']);`
			`$this->assertEquals($expectedDetail, $payload['message']); // Deprecated`
			`$this->assertEquals('Invalid API key', $payload['title']);`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`}`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00
Reduced amount of dead lines in tests 2019-02-17 22:28:34 +03:00			`public function provideInvalidApiKeys(): iterable`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00			`{`
Reduced amount of dead lines in tests 2019-02-17 22:28:34 +03:00			`yield 'key which does not exist' => ['invalid'];`
			`yield 'key which is expired' => ['expired_api_key'];`
			`yield 'key which is disabled' => ['disabled_api_key'];`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00			`}`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00
			`/**`
			`* @test`
			`* @dataProvider provideInvalidAuthorizations`
			`*/`
			`public function authorizationErrorIsReturnedIfInvalidDataIsProvided(`
			`string $authValue,`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`string $expectedDetail,`
			`string $expectedType,`
			`string $expectedTitle`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`): void {`
			`$resp = $this->callApi(self::METHOD_GET, '/short-codes', [`
			`'headers' => [`
			`Plugin\AuthorizationHeaderPlugin::HEADER_NAME => $authValue,`
			`],`
			`]);`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$payload = $this->getJsonResponsePayload($resp);`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00
			`$this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$this->assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);`
			`$this->assertEquals($expectedType, $payload['type']);`
			`$this->assertEquals($expectedType, $payload['error']); // Deprecated`
			`$this->assertEquals($expectedDetail, $payload['detail']);`
			`$this->assertEquals($expectedDetail, $payload['message']); // Deprecated`
			`$this->assertEquals($expectedTitle, $payload['title']);`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`}`

			`public function provideInvalidAuthorizations(): iterable`
			`{`
			`yield 'no type' => [`
			`'invalid',`
			`'You need to provide the Bearer type in the Authorization header.',`
			`'INVALID_AUTHORIZATION',`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`'Invalid authorization',`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`];`
			`yield 'invalid type' => [`
			`'Basic invalid',`
			`'Provided authorization type Basic is not supported. Use Bearer instead.',`
			`'INVALID_AUTHORIZATION',`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`'Invalid authorization',`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`];`
			`yield 'invalid JWT' => [`
			`'Bearer invalid',`
			`'Missing or invalid auth token provided. Perform a new authentication request and send provided '`
			`. 'token on every new request on the Authorization header',`
			`'INVALID_AUTH_TOKEN',`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`'Invalid auth token',`
Improved AuthenticationMiddleware API tests 2019-11-26 23:29:25 +03:00			`];`
			`}`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`}`