shlink/module/Rest/test/Middleware/CheckAuthenticationMiddlewareTest.php

182 lines
6.9 KiB
PHP
Raw Normal View History

<?php
2017-10-12 11:13:20 +03:00
declare(strict_types=1);
namespace ShlinkioTest\Shlink\Rest\Middleware;
2017-03-24 22:34:18 +03:00
use PHPUnit\Framework\TestCase;
use Prophecy\Prophecy\MethodProphecy;
use Prophecy\Prophecy\ObjectProphecy;
2018-03-26 20:02:41 +03:00
use Psr\Http\Server\RequestHandlerInterface;
2017-07-07 14:12:45 +03:00
use Shlinkio\Shlink\Rest\Action\AuthenticateAction;
use Shlinkio\Shlink\Rest\Authentication\JWTService;
use Shlinkio\Shlink\Rest\Middleware\CheckAuthenticationMiddleware;
use ShlinkioTest\Shlink\Common\Util\TestUtils;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequestFactory;
2017-03-24 23:38:43 +03:00
use Zend\Expressive\Router\Route;
use Zend\Expressive\Router\RouteResult;
use Zend\I18n\Translator\Translator;
use function Zend\Stratigility\middleware;
class CheckAuthenticationMiddlewareTest extends TestCase
{
/**
* @var CheckAuthenticationMiddleware
*/
protected $middleware;
/**
* @var ObjectProphecy
*/
protected $jwtService;
2018-03-21 13:13:03 +03:00
/**
* @var callable
*/
protected $dummyMiddleware;
public function setUp()
{
$this->jwtService = $this->prophesize(JWTService::class);
$this->middleware = new CheckAuthenticationMiddleware($this->jwtService->reveal(), Translator::factory([]));
$this->dummyMiddleware = middleware(function ($request, $handler) {
return new Response\EmptyResponse;
});
}
/**
* @test
*/
public function someWhiteListedSituationsFallbackToNextMiddleware()
{
$request = ServerRequestFactory::fromGlobals();
2018-03-26 20:02:41 +03:00
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
2018-03-26 20:02:41 +03:00
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRouteFailure(['GET'])
);
2018-03-26 20:02:41 +03:00
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
2018-03-26 20:02:41 +03:00
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route(
'foo',
$this->dummyMiddleware,
Route::HTTP_METHOD_ANY,
AuthenticateAction::class
))
);
2018-03-26 20:02:41 +03:00
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
2018-03-26 20:02:41 +03:00
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withMethod('OPTIONS');
2018-03-26 20:02:41 +03:00
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
2018-03-26 20:02:41 +03:00
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
}
/**
* @test
*/
public function noHeaderReturnsError()
{
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
);
2018-03-26 20:02:41 +03:00
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
}
/**
* @test
*/
public function provideAnAuthorizationWithoutTypeReturnsError()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(CheckAuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
2018-03-26 20:02:41 +03:00
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
$this->assertTrue(strpos($response->getBody()->getContents(), 'You need to provide the Bearer type') > 0);
}
/**
* @test
*/
public function provideAnAuthorizationWithWrongTypeReturnsError()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(CheckAuthenticationMiddleware::AUTHORIZATION_HEADER, 'Basic ' . $authToken);
2018-03-26 20:02:41 +03:00
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
$this->assertTrue(
strpos($response->getBody()->getContents(), 'Provided authorization type Basic is not supported') > 0
);
}
/**
* @test
*/
public function provideAnExpiredTokenReturnsError()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(CheckAuthenticationMiddleware::AUTHORIZATION_HEADER, 'Bearer ' . $authToken);
$this->jwtService->verify($authToken)->willReturn(false)->shouldBeCalledTimes(1);
2018-03-26 20:02:41 +03:00
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
}
/**
* @test
*/
public function provideCorrectTokenUpdatesExpirationAndFallsBackToNextMiddleware()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(CheckAuthenticationMiddleware::AUTHORIZATION_HEADER, 'bearer ' . $authToken);
$this->jwtService->verify($authToken)->willReturn(true)->shouldBeCalledTimes(1);
$this->jwtService->refresh($authToken)->willReturn($authToken)->shouldBeCalledTimes(1);
2018-03-26 20:02:41 +03:00
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
2018-03-26 20:02:41 +03:00
$process = $delegate->handle($request)->willReturn(new Response());
$resp = $this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$this->assertArrayHasKey(CheckAuthenticationMiddleware::AUTHORIZATION_HEADER, $resp->getHeaders());
}
}