From 1ce95ef4d9324e8503fc7c55e48186a46ccbffa1 Mon Sep 17 00:00:00 2001 From: "J. King" Date: Sun, 24 Mar 2019 15:05:21 -0400 Subject: [PATCH] Add means of testing Fever authentication --- lib/REST/Fever/API.php | 8 ++++++++ tests/cases/REST/Fever/TestAPI.php | 21 +++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/lib/REST/Fever/API.php b/lib/REST/Fever/API.php index 1c0c669..b80fe8d 100644 --- a/lib/REST/Fever/API.php +++ b/lib/REST/Fever/API.php @@ -111,4 +111,12 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler { public static function userUnregister(string $user): bool { return (bool) Arsse::$db->tokenRevoke($user, "fever.login"); } + + public static function userAuthenticate(string $user, string $password): bool { + try { + return (bool) Arsse::$db->tokenLookup("fever.login", md5("$user:$password")); + } catch (ExceptionInput $e) { + return false; + } + } } diff --git a/tests/cases/REST/Fever/TestAPI.php b/tests/cases/REST/Fever/TestAPI.php index 08d2f89..b1c6901 100644 --- a/tests/cases/REST/Fever/TestAPI.php +++ b/tests/cases/REST/Fever/TestAPI.php @@ -80,7 +80,7 @@ class TestAPI extends \JKingWeb\Arsse\Test\AbstractTest { self::clearData(); } - /** @dataProvider provideAuthenticationRequests */ + /** @dataProvider provideTokenAuthenticationRequests */ public function testAuthenticateAUserToken(bool $httpRequired, bool $tokenEnforced, string $httpUser = null, array $dataPost, array $dataGet, ResponseInterface $exp) { self::setConf([ 'userHTTPAuthRequired' => $httpRequired, @@ -93,7 +93,7 @@ class TestAPI extends \JKingWeb\Arsse\Test\AbstractTest { $this->assertMessage($exp, $act); } - public function provideAuthenticationRequests() { + public function provideTokenAuthenticationRequests() { $success = new JsonResponse(['api_version' => API::LEVEL, 'auth' => 1]); $failure = new JsonResponse(['api_version' => API::LEVEL, 'auth' => 0]); $denied = new EmptyResponse(401); @@ -184,4 +184,21 @@ class TestAPI extends \JKingWeb\Arsse\Test\AbstractTest { $this->assertFalse(API::userUnregister("john.doe@example.com")); \Phake::verify(Arsse::$db)->tokenRevoke("john.doe@example.com", "fever.login"); } + + /** @dataProvider provideUserAuthenticationRequests */ + public function testAuthenticateAUserName(string $user, string $password, bool $exp) { + \Phake::when(Arsse::$db)->tokenLookup->thenThrow(new ExceptionInput("constraintViolation")); + \Phake::when(Arsse::$db)->tokenLookup("fever.login", md5("jane.doe@example.com:secret"))->thenReturn(['user' => "jane.doe@example.com"]); + \Phake::when(Arsse::$db)->tokenLookup("fever.login", md5("john.doe@example.com:superman"))->thenReturn(['user' => "john.doe@example.com"]); + $this->assertSame($exp, API::userAuthenticate($user, $password)); + } + + public function provideUserAuthenticationRequests() { + return [ + ["jane.doe@example.com", "secret", true], + ["jane.doe@example.com", "superman", false], + ["john.doe@example.com", "secret", false], + ["john.doe@example.com", "superman", true], + ]; + } }