*/ class TestAPI extends \JKingWeb\Arsse\Test\AbstractTest { protected function v($value) { return $value; } protected function req($dataGet, $dataPost, string $method = "POST", string $type = null, string $url = "", string $user = null): ResponseInterface { $url = "/fever/".$url; $server = [ 'REQUEST_METHOD' => $method, 'REQUEST_URI' => $url, 'HTTP_CONTENT_TYPE' => $type ?? "application/x-www-form-urlencoded", ]; $req = new ServerRequest($server, [], $url, $method, "php://memory"); if (is_array($dataGet)) { $req = $req->withRequestTarget($url)->withQueryParams($dataGet); } else { $req = $req->withRequestTarget($url."?".http_build_query((string) $dataGet, "", "&", \PHP_QUERY_RFC3986)); } if (is_array($dataPost)) { $req = $req->withParsedBody($dataPost); } else { $body = $req->getBody(); $body->write($dataPost); $req = $req->withBody($body); } if (isset($user)) { if (strlen($user)) { $req = $req->withAttribute("authenticated", true)->withAttribute("authenticatedUser", $user); } else { $req = $req->withAttribute("authenticationFailed", true); } } return $this->h->dispatch($req); } public function setUp() { self::clearData(); self::setConf(); // create a mock user manager Arsse::$user = \Phake::mock(User::class); \Phake::when(Arsse::$user)->auth->thenReturn(true); Arsse::$user->id = "john.doe@example.com"; // create a mock database interface Arsse::$db = \Phake::mock(Database::class); \Phake::when(Arsse::$db)->begin->thenReturn(\Phake::mock(Transaction::class)); \Phake::when(Arsse::$db)->tokenLookup->thenReturn(['user' => "john.doe@example.com"]); // instantiate the handler $this->h = new API(); } public function tearDown() { self::clearData(); } /** @dataProvider provideTokenAuthenticationRequests */ public function testAuthenticateAUserToken(bool $httpRequired, bool $tokenEnforced, string $httpUser = null, array $dataPost, array $dataGet, ResponseInterface $exp) { self::setConf([ 'userHTTPAuthRequired' => $httpRequired, 'userSessionEnforced' => $tokenEnforced, ], true); Arsse::$user->id = null; \Phake::when(Arsse::$db)->tokenLookup->thenThrow(new ExceptionInput("subjectMissing")); \Phake::when(Arsse::$db)->tokenLookup("fever.login", "validtoken")->thenReturn(['user' => "jane.doe@example.com"]); // use a partial mock to test only the authentication process $this->h = \Phake::partialMock(API::class); \Phake::when($this->h)->processRequest->thenReturnCallback(function($out, $G, $P) { return $out; }); $act = $this->req($dataGet, $dataPost, "POST", null, "", $httpUser); $this->assertMessage($exp, $act); } public function provideTokenAuthenticationRequests() { $success = new JsonResponse(['api_version' => API::LEVEL, 'auth' => 1]); $failure = new JsonResponse(['api_version' => API::LEVEL, 'auth' => 0]); $denied = new EmptyResponse(401); return [ [false, true, null, [], ['api' => null], $failure], [false, false, null, [], ['api' => null], $failure], [true, true, null, [], ['api' => null], $denied], [true, false, null, [], ['api' => null], $denied], [false, true, "", [], ['api' => null], $denied], [false, false, "", [], ['api' => null], $denied], [true, true, "", [], ['api' => null], $denied], [true, false, "", [], ['api' => null], $denied], [false, true, null, [], ['api' => null, 'api_key' => "validToken"], $failure], [false, false, null, [], ['api' => null, 'api_key' => "validToken"], $failure], [true, true, null, [], ['api' => null, 'api_key' => "validToken"], $denied], [true, false, null, [], ['api' => null, 'api_key' => "validToken"], $denied], [false, true, "", [], ['api' => null, 'api_key' => "validToken"], $denied], [false, false, "", [], ['api' => null, 'api_key' => "validToken"], $denied], [true, true, "", [], ['api' => null, 'api_key' => "validToken"], $denied], [true, false, "", [], ['api' => null, 'api_key' => "validToken"], $denied], [false, true, "validUser", [], ['api' => null, 'api_key' => "validToken"], $failure], [false, false, "validUser", [], ['api' => null, 'api_key' => "validToken"], $success], [true, true, "validUser", [], ['api' => null, 'api_key' => "validToken"], $failure], [true, false, "validUser", [], ['api' => null, 'api_key' => "validToken"], $success], [false, true, null, ['api_key' => "validToken"], ['api' => null], $success], [false, false, null, ['api_key' => "validToken"], ['api' => null], $success], [true, true, null, ['api_key' => "validToken"], ['api' => null], $denied], [true, false, null, ['api_key' => "validToken"], ['api' => null], $denied], [false, true, "", ['api_key' => "validToken"], ['api' => null], $denied], [false, false, "", ['api_key' => "validToken"], ['api' => null], $denied], [true, true, "", ['api_key' => "validToken"], ['api' => null], $denied], [true, false, "", ['api_key' => "validToken"], ['api' => null], $denied], [false, true, "validUser", ['api_key' => "validToken"], ['api' => null], $success], [false, false, "validUser", ['api_key' => "validToken"], ['api' => null], $success], [true, true, "validUser", ['api_key' => "validToken"], ['api' => null], $success], [true, false, "validUser", ['api_key' => "validToken"], ['api' => null], $success], [false, true, null, ['api_key' => "invalidToken"], ['api' => null], $failure], [false, false, null, ['api_key' => "invalidToken"], ['api' => null], $failure], [true, true, null, ['api_key' => "invalidToken"], ['api' => null], $denied], [true, false, null, ['api_key' => "invalidToken"], ['api' => null], $denied], [false, true, "", ['api_key' => "invalidToken"], ['api' => null], $denied], [false, false, "", ['api_key' => "invalidToken"], ['api' => null], $denied], [true, true, "", ['api_key' => "invalidToken"], ['api' => null], $denied], [true, false, "", ['api_key' => "invalidToken"], ['api' => null], $denied], [false, true, "validUser", ['api_key' => "invalidToken"], ['api' => null], $failure], [false, false, "validUser", ['api_key' => "invalidToken"], ['api' => null], $success], [true, true, "validUser", ['api_key' => "invalidToken"], ['api' => null], $failure], [true, false, "validUser", ['api_key' => "invalidToken"], ['api' => null], $success], ]; } }