shlink/module/Rest/test-api/Middleware/AuthenticationTest.php

<?php

declare(strict_types=1);

namespace ShlinkioApiTest\Shlink\Rest\Middleware;

use PHPUnit\Framework\Attributes\DataProvider;
use PHPUnit\Framework\Attributes\Test;
use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;

use function sprintf;

class AuthenticationTest extends ApiTestCase
{
    #[Test, DataProvider('provideApiVersions')]
    public function authorizationErrorIsReturnedIfNoApiKeyIsSent(string $version, string $expectedType): void
    {
        $expectedDetail = 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided';

        $resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version));
        $payload = $this->getJsonResponsePayload($resp);

        self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
        self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
        self::assertEquals($expectedType, $payload['type']);
        self::assertEquals($expectedDetail, $payload['detail']);
        self::assertEquals('Invalid authorization', $payload['title']);
    }

    public static function provideApiVersions(): iterable
    {
        yield 'version 1' => ['1', 'https://shlink.io/api/error/missing-authentication'];
        yield 'version 2' => ['2', 'https://shlink.io/api/error/missing-authentication'];
        yield 'version 3' => ['3', 'https://shlink.io/api/error/missing-authentication'];
    }

    #[Test, DataProvider('provideInvalidApiKeys')]
    public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(
        string $apiKey,
        string $version,
        string $expectedType,
    ): void {
        $expectedDetail = 'Provided API key does not exist or is invalid.';

        $resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version), [
            'headers' => [
                'X-Api-Key' => $apiKey,
            ],
        ]);
        $payload = $this->getJsonResponsePayload($resp);

        self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
        self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
        self::assertEquals($expectedType, $payload['type']);
        self::assertEquals($expectedDetail, $payload['detail']);
        self::assertEquals('Invalid API key', $payload['title']);
    }

    public static function provideInvalidApiKeys(): iterable
    {
        yield 'key which does not exist' => ['invalid', '2', 'https://shlink.io/api/error/invalid-api-key'];
        yield 'key which is expired' => ['expired_api_key', '2', 'https://shlink.io/api/error/invalid-api-key'];
        yield 'key which is disabled' => ['disabled_api_key', '2', 'https://shlink.io/api/error/invalid-api-key'];
        yield 'version 3' => ['disabled_api_key', '3', 'https://shlink.io/api/error/invalid-api-key'];
    }
}
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`<?php`
Updated to coding styles v2 2019-10-05 18:26:10 +03:00
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`declare(strict_types=1);`

			`namespace ShlinkioApiTest\Shlink\Rest\Middleware;`

Migrate from PHPUnit annotations to native attributes 2023-02-09 22:42:18 +03:00			`use PHPUnit\Framework\Attributes\DataProvider;`
			`use PHPUnit\Framework\Attributes\Test;`
Created TestUtils module 2019-08-11 17:30:46 +03:00			`use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;`
Updated to shlinkio coding standard 1.1.0 2019-02-27 00:56:43 +03:00
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`use function sprintf;`

Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`class AuthenticationTest extends ApiTestCase`
			`{`
Migrate from PHPUnit annotations to native attributes 2023-02-09 22:42:18 +03:00			`#[Test, DataProvider('provideApiVersions')]`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`public function authorizationErrorIsReturnedIfNoApiKeyIsSent(string $version, string $expectedType): void`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`{`
Deleted everything related with authentication plugins, as shlink only supports API key auth since v2.0.0 2020-11-07 14:53:14 +03:00			`$expectedDetail = 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided';`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`$resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version));`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$payload = $this->getJsonResponsePayload($resp);`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00
Invoke PHPUnit's assertions statically 2020-10-04 01:35:14 +03:00			`self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());`
			`self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`self::assertEquals($expectedType, $payload['type']);`
Invoke PHPUnit's assertions statically 2020-10-04 01:35:14 +03:00			`self::assertEquals($expectedDetail, $payload['detail']);`
			`self::assertEquals('Invalid authorization', $payload['title']);`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00			`}`

Update to PHPUnit 10 2023-02-09 11:32:38 +03:00			`public static function provideApiVersions(): iterable`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`{`
Removed deprecated features 2024-02-12 22:29:40 +03:00			`yield 'version 1' => ['1', 'https://shlink.io/api/error/missing-authentication'];`
			`yield 'version 2' => ['2', 'https://shlink.io/api/error/missing-authentication'];`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`yield 'version 3' => ['3', 'https://shlink.io/api/error/missing-authentication'];`
			`}`

Migrate from PHPUnit annotations to native attributes 2023-02-09 22:42:18 +03:00			`#[Test, DataProvider('provideInvalidApiKeys')]`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(`
			`string $apiKey,`
			`string $version,`
			`string $expectedType,`
			`): void {`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$expectedDetail = 'Provided API key does not exist or is invalid.';`

Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`$resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version), [`
Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`'headers' => [`
Deleted everything related with authentication plugins, as shlink only supports API key auth since v2.0.0 2020-11-07 14:53:14 +03:00			`'X-Api-Key' => $apiKey,`
Improved API tests and added test for short URLs creation 2019-01-30 20:28:07 +03:00			`],`
			`]);`
Added more strict checks on API errors tests 2019-11-27 22:48:35 +03:00			`$payload = $this->getJsonResponsePayload($resp);`
Improved how API tests are executed 2019-01-27 12:54:04 +03:00
Invoke PHPUnit's assertions statically 2020-10-04 01:35:14 +03:00			`self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());`
			`self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`self::assertEquals($expectedType, $payload['type']);`
Invoke PHPUnit's assertions statically 2020-10-04 01:35:14 +03:00			`self::assertEquals($expectedDetail, $payload['detail']);`
			`self::assertEquals('Invalid API key', $payload['title']);`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`}`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00
Update to PHPUnit 10 2023-02-09 11:32:38 +03:00			`public static function provideInvalidApiKeys(): iterable`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00			`{`
Removed deprecated features 2024-02-12 22:29:40 +03:00			`yield 'key which does not exist' => ['invalid', '2', 'https://shlink.io/api/error/invalid-api-key'];`
			`yield 'key which is expired' => ['expired_api_key', '2', 'https://shlink.io/api/error/invalid-api-key'];`
			`yield 'key which is disabled' => ['disabled_api_key', '2', 'https://shlink.io/api/error/invalid-api-key'];`
Added remaining API tests covering error type convertions 2022-08-14 11:51:12 +03:00			`yield 'version 3' => ['disabled_api_key', '3', 'https://shlink.io/api/error/invalid-api-key'];`
Improved API tests by adding fixtures 2019-01-27 14:14:18 +03:00			`}`
Prepared configs for API tests 2019-01-26 12:19:20 +03:00			`}`