requestToPlugin = $this->prophesize(RequestToHttpAuthPluginInterface::class); $this->middleware = new AuthenticationMiddleware($this->requestToPlugin->reveal(), [AuthenticateAction::class]); } /** * @test * @dataProvider provideWhitelistedRequests */ public function someWhiteListedSituationsFallbackToNextMiddleware(ServerRequestInterface $request): void { $handler = $this->prophesize(RequestHandlerInterface::class); $handle = $handler->handle($request)->willReturn(new Response()); $fromRequest = $this->requestToPlugin->fromRequest(Argument::any())->willReturn( $this->prophesize(AuthenticationPluginInterface::class)->reveal() ); $this->middleware->process($request, $handler->reveal()); $handle->shouldHaveBeenCalledOnce(); $fromRequest->shouldNotHaveBeenCalled(); } public function provideWhitelistedRequests(): iterable { $dummyMiddleware = $this->getDummyMiddleware(); yield 'with no route result' => [new ServerRequest()]; yield 'with failure route result' => [(new ServerRequest())->withAttribute( RouteResult::class, RouteResult::fromRouteFailure([RequestMethodInterface::METHOD_GET]) )]; yield 'with whitelisted route' => [(new ServerRequest())->withAttribute( RouteResult::class, RouteResult::fromRoute( new Route('foo', $dummyMiddleware, Route::HTTP_METHOD_ANY, AuthenticateAction::class) ) )]; yield 'with OPTIONS method' => [(new ServerRequest())->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $dummyMiddleware), []) )->withMethod(RequestMethodInterface::METHOD_OPTIONS)]; } /** * @test * @dataProvider provideExceptions */ public function errorIsReturnedWhenNoValidAuthIsProvided(Throwable $e): void { $request = (new ServerRequest())->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []) ); $fromRequest = $this->requestToPlugin->fromRequest(Argument::any())->willThrow($e); /** @var Response\JsonResponse $response */ $response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal()); $payload = $response->getPayload(); $this->assertEquals(RestUtils::INVALID_AUTHORIZATION_ERROR, $payload['error']); $this->assertEquals(sprintf( 'Expected one of the following authentication headers, but none were provided, ["%s"]', implode('", "', RequestToHttpAuthPlugin::SUPPORTED_AUTH_HEADERS) ), $payload['message']); $fromRequest->shouldHaveBeenCalledOnce(); } public function provideExceptions(): iterable { yield 'container exception' => [new class extends Exception implements ContainerExceptionInterface { }]; yield 'authentication exception' => [NoAuthenticationException::fromExpectedTypes([])]; } /** @test */ public function errorIsReturnedWhenVerificationFails(): void { $request = (new ServerRequest())->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []) ); $plugin = $this->prophesize(AuthenticationPluginInterface::class); $verify = $plugin->verify($request)->willThrow( VerifyAuthenticationException::withError('the_error', 'the_message') ); $fromRequest = $this->requestToPlugin->fromRequest(Argument::any())->willReturn($plugin->reveal()); /** @var Response\JsonResponse $response */ $response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal()); $payload = $response->getPayload(); $this->assertEquals('the_error', $payload['error']); $this->assertEquals('the_message', $payload['message']); $verify->shouldHaveBeenCalledOnce(); $fromRequest->shouldHaveBeenCalledOnce(); } /** @test */ public function updatedResponseIsReturnedWhenVerificationPasses(): void { $newResponse = new Response(); $request = (new ServerRequest())->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []) ); $plugin = $this->prophesize(AuthenticationPluginInterface::class); $verify = $plugin->verify($request)->will(function () { }); $update = $plugin->update($request, Argument::type(ResponseInterface::class))->willReturn($newResponse); $fromRequest = $this->requestToPlugin->fromRequest(Argument::any())->willReturn($plugin->reveal()); $handler = $this->prophesize(RequestHandlerInterface::class); $handle = $handler->handle($request)->willReturn(new Response()); $response = $this->middleware->process($request, $handler->reveal()); $this->assertSame($response, $newResponse); $verify->shouldHaveBeenCalledOnce(); $update->shouldHaveBeenCalledOnce(); $handle->shouldHaveBeenCalledOnce(); $fromRequest->shouldHaveBeenCalledOnce(); } private function getDummyMiddleware(): MiddlewareInterface { return middleware(function () { return new Response\EmptyResponse(); }); } }