@ -12,18 +12,19 @@ use JKingWeb\Arsse\Db\ExceptionInput;
use JKingWeb\Arsse\REST\Microsub\Auth;
use JKingWeb\Arsse\REST\Microsub\ExceptionAuth;
use Psr\Http\Message\ResponseInterface;
use Zend \Diactoros\Response\JsonResponse as Response;
use Zend \Diactoros\Response\EmptyResponse;
use Zend \Diactoros\Response\HtmlResponse;
use Laminas \Diactoros\Response\JsonResponse as Response;
use Laminas \Diactoros\Response\EmptyResponse;
use Laminas \Diactoros\Response\HtmlResponse;
/** @covers \JKingWeb\Arsse\REST\Microsub\Auth< extended > */
class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
public function setUp(): void {
self::clearData();
Arsse::$db = \Phake:: mock(Database::class);
$this->dbMock = $this-> mock(Database::class);
}
public function req(string $url, string $method = "GET", array $params = [], array $headers = [], array $data = [], string $type = "application/x-www-form-urlencoded", string $body = null, string $user = null): ResponseInterface {
Arsse::$db = $this->dbMock->get();
$type = (strtoupper($method) === "GET") ? "" : $type;
$req = $this->serverRequest($method, $url, "/u/", $headers, [], $body ?? $data, $type, $params, $user);
return (new \JKingWeb\Arsse\REST\Microsub\Auth)->dispatch($req);
@ -96,18 +97,18 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
/** @dataProvider provideLoginData */
public function testLogInAUser(array $params, string $authenticatedUser = null, ResponseInterface $exp) {
\Phake::when(Arsse::$db)->tokenCreate->thenReturn ("authCode");
$this->dbMock->tokenCreate->returns ("authCode");
$act = $this->req("http://example.com/u/?f=auth", "GET", $params, [], [], "", null, $authenticatedUser);
$this->assertMessage($exp, $act);
if ($act->getStatusCode() == 302 & & !preg_match("/\berror=\w/", $act->getHeaderLine("Location") ?? "")) {
\Phake::verify(Arsse::$db)->tokenCreate ($authenticatedUser, "microsub.auth", null, $this->isInstanceOf(\DateTimeInterface::class), json_encode([
$this->dbMock->tokenCreate->calledWith ($authenticatedUser, "microsub.auth", null, $this->isInstanceOf(\DateTimeInterface::class), json_encode([
'me' => $params['me'],
'client_id' => $params['client_id'],
'redirect_uri' => $params['redirect_uri'],
'response_type' => strlen($params['response_type'] ?? "") ? $params['response_type'] : "id",
], \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE));
} else {
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenCreate ;
$this->dbMock->tokenCreate->never()->called() ;
}
}
@ -134,13 +135,17 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
/** @dataProvider provideAuthData */
public function testVerifyAnAuthenticationCode(array $params, string $user, $data, ResponseInterface $exp) {
if ($data instanceof \Exception) {
\Phake::when(Arsse::$db)->tokenLookup("microsub.auth", $params['code'] ?? "")->thenThrow ($data);
$this->dbMock->tokenLookup->throws ($data);
} else {
\Phake::when(Arsse::$db)->tokenLookup("microsub.auth", $params['code'] ?? "")->thenReturn (['user' => $user, 'data' => $data]);
$this->dbMock->tokenLookup->returns (['user' => $user, 'data' => $data]);
}
$act = $this->req("http://example.com/u/?f=auth", "POST", [], [], $params);
$this->assertMessage($exp, $act);
\Phake::verify(Arsse::$db, \Phake::times($act->getStatusCode() == 200 ? 1 : 0))->tokenRevoke($user, "microsub.auth", $params['code'] ?? "");
if ($act->getStatusCode() == 200) {
$this->dbMock->tokenRevoke->calledWith($user, "microsub.auth", $params['code'] ?? "");
} else {
$this->dbMock->tokenRevoke->never()->called();
}
}
public function provideAuthData() {
@ -166,20 +171,20 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
/** @dataProvider provideTokenRequests */
public function testIssueAnAccessToken(array $params, string $user, $data, ResponseInterface $exp) {
if ($data instanceof \Exception) {
\Phake::when(Arsse::$db)->tokenLookup("microsub.auth", $params['code'] ?? "")->thenThrow ($data);
$this->dbMock->tokenLookup->throws ($data);
} else {
\Phake::when(Arsse::$db)->tokenLookup("microsub.auth", $params['code'] ?? "")->thenReturn (['user' => $user, 'data' => $data]);
$this->dbMock->tokenLookup->returns (['user' => $user, 'data' => $data]);
}
\Phake::when(Arsse::$db)->tokenCreate->thenReturn ("TOKEN");
$this->dbMock->tokenCreate->returns ("TOKEN");
$act = $this->req("http://example.com/u/?f=token", "POST", [], [], $params);
$this->assertMessage($exp, $act);
if ($act->getStatusCode() == 200) {
$input = '{"me":"'.($params['me'] ?? "").'","client_id":"'.($params['client_id'] ?? "").'"}';
\Phake::verify(Arsse::$db, \Phake::times(1))->tokenCreate ($user, "microsub.access", null, null, $input);
\Phake::verify(Arsse::$db, \Phake::times(1))->tokenRevoke ($user, "microsub.auth", $params['code'] ?? "");
$this->dbMock->tokenCreate->calledWith ($user, "microsub.access", null, null, $input);
$this->dbMock->tokenRevoke->calledWith ($user, "microsub.auth", $params['code'] ?? "");
} else {
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenCreate ;
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenRevoke ;
$this->dbMock->tokenCreate->never()->called() ;
$this->dbMock->tokenRevoke->never()->called() ;
}
}
@ -215,10 +220,11 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
/** @dataProvider provideBearers */
public function testLogInABearer(string $authorization, array $scopes, string $token, string $user, $data, $exp) {
if ($data instanceof \Exception) {
\Phake::when(Arsse::$db)->tokenLookup("microsub.access", $this->anything())->thenThrow ($data);
$this->dbMock->tokenLookup->throws ($data);
} else {
\Phake::when(Arsse::$db)->tokenLookup("microsub.access", $this->anything())->thenReturn (['user' => $user, 'data' => $data]);
$this->dbMock->tokenLookup->returns (['user' => $user, 'data' => $data]);
}
Arsse::$db = $this->dbMock->get();
if ($exp instanceof \Exception) {
$this->assertException($exp);
}
@ -227,9 +233,9 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
$this->assertSame($exp, $act);
} finally {
if (strlen($token)) {
\Phake::verify(Arsse::$db)->tokenLookup ("microsub.access", $token);
$this->dbMock->tokenLookup->calledWith ("microsub.access", $token);
} else {
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenLookup ;
$this->dbMock->tokenLookup->never()->called() ;
}
}
}
@ -252,24 +258,24 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
/** @dataProvider provideRevocations */
public function testRevokeAToken(array $params, $user, ResponseInterface $exp) {
\Phake::when(Arsse::$db)->tokenRevoke->thenReturn (true);
$this->dbMock->tokenRevoke->returns (true);
if ($user instanceof \Exception) {
\Phake::when(Arsse::$db)->tokenLookup->thenThrow ($user);
$this->dbMock->tokenLookup->throws ($user);
} else {
\Phake::when(Arsse::$db)->tokenLookup->thenReturn (['user' => $user]);
$this->dbMock->tokenLookup->returns (['user' => $user]);
}
$this->assertMessage($exp, $this->req("http://example.com/u/?f=token", "POST", [], [], array_merge(['action' => "revoke"], $params)));
$doLookup = strlen($params['token'] ?? "") > 0;
$doRevoke = ($doLookup & & !$user instanceof \Exception);
if ($doLookup) {
\Phake::verify(Arsse::$db)->tokenLookup ("microsub.access", $params['token'] ?? "");
$this->dbMock->tokenLookup->calledWith ("microsub.access", $params['token'] ?? "");
} else {
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenLookup ;
$this->dbMock->tokenLookup->never()->called() ;
}
if ($doRevoke) {
\Phake::verify(Arsse::$db)->tokenRevoke ($user, "microsub.access", $params['token'] ?? "");
$this->dbMock->tokenRevoke->calledWith ($user, "microsub.access", $params['token'] ?? "");
} else {
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenRevoke ;
$this->dbMock->tokenRevoke->never()->called() ;
}
}
@ -285,12 +291,12 @@ class TestAuth extends \JKingWeb\Arsse\Test\AbstractTest {
/** @dataProvider provideTokenVerifications */
public function testVerifyAToken(array $authorization, $output, ResponseInterface $exp) {
if ($output instanceof \Exception) {
\Phake::when(Arsse::$db)->tokenLookup->thenThrow ($output);
$this->dbMock->tokenLookup->throws ($output);
} else {
\Phake::when(Arsse::$db)->tokenLookup->thenReturn (['user' => "someone", 'data' => $output]);
$this->dbMock->tokenLookup->returns (['user' => "someone", 'data' => $output]);
}
$this->assertMessage($exp, $this->req("http://example.com/u/?f=token", "GET", [], $authorization ? ['Authorization' => $authorization] : []));
\Phake::verify(Arsse::$db, \Phake::times(0))->tokenRevoke ;
$this->dbMock->tokenRevoke->never()->called() ;
}
public function provideTokenVerifications() {