1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-08 17:02:41 +00:00

Full set of authentication tests for Fever

This commit is contained in:
J. King 2019-03-19 23:37:08 -04:00
parent d59223bbcb
commit 1e2d595992
2 changed files with 50 additions and 3 deletions

View file

@ -49,10 +49,19 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
'api_version' => self::LEVEL, 'api_version' => self::LEVEL,
'auth' => 0, 'auth' => 0,
]; ];
if ($req->getAttribute("authenticated", false)) {
// if HTTP authentication was successfully used, set the expected user ID
Arsse::$user->id = $req->getAttribute("authenticatedUser");
$out['auth'] = 1;
} elseif (Arsse::$conf->userHTTPAuthRequired || Arsse::$conf->userPreAuth || $req->getAttribute("authenticationFailed", false)) {
// otherwise if HTTP authentication failed or is required, deny access at the HTTP level
return new EmptyResponse(401);
}
// check that the user specified credentials // check that the user specified credentials
if ($this->logIn(strtolower($inW['api_key'] ?? ""))) { if ($this->logIn(strtolower($inW['api_key'] ?? ""))) {
$out['auth'] = 1; $out['auth'] = 1;
} else { } else {
$out['auth'] = 0;
return $this->formatResponse($out, $xml); return $this->formatResponse($out, $xml);
} }
// handle each possible parameter // handle each possible parameter

View file

@ -80,21 +80,59 @@ class TestAPI extends \JKingWeb\Arsse\Test\AbstractTest {
} }
/** @dataProvider provideAuthenticationRequests */ /** @dataProvider provideAuthenticationRequests */
public function testAuthenticateAUser(bool $httpRequired, bool $tokenEnforced, string $httpUser = null, array $dataPost, array $dataGet, bool $success) { public function testAuthenticateAUser(bool $httpRequired, bool $tokenEnforced, string $httpUser = null, array $dataPost, array $dataGet, ResponseInterface $exp) {
self::setConf([ self::setConf([
'userHTTPAuthRequired' => $httpRequired, 'userHTTPAuthRequired' => $httpRequired,
'userSessionEnforced' => $tokenEnforced, 'userSessionEnforced' => $tokenEnforced,
], true); ], true);
Arsse::$user->id = null;
\Phake::when(Arsse::$db)->tokenLookup->thenThrow(new ExceptionInput("subjectMissing")); \Phake::when(Arsse::$db)->tokenLookup->thenThrow(new ExceptionInput("subjectMissing"));
\Phake::when(Arsse::$db)->tokenLookup("fever.login", "validtoken")->thenReturn(['user' => "jane.doe@example.com"]); \Phake::when(Arsse::$db)->tokenLookup("fever.login", "validtoken")->thenReturn(['user' => "jane.doe@example.com"]);
$exp = new JsonResponse($success ? ['api_version' => API::LEVEL, 'auth' => 1] : ['api_version' => API::LEVEL, 'auth' => 0]);
$act = $this->req($dataGet, $dataPost, "POST", null, "", $httpUser); $act = $this->req($dataGet, $dataPost, "POST", null, "", $httpUser);
$this->assertMessage($exp, $act); $this->assertMessage($exp, $act);
} }
public function provideAuthenticationRequests() { public function provideAuthenticationRequests() {
$success = new JsonResponse(['api_version' => API::LEVEL, 'auth' => 1]);
$failure = new JsonResponse(['api_version' => API::LEVEL, 'auth' => 0]);
$denied = new EmptyResponse(401);
return [ return [
[false, true, null, ['api_key' => "validToken"], ['api' => null], true], [false, true, null, [], ['api' => null], $failure],
[false, false, null, [], ['api' => null], $failure],
[true, true, null, [], ['api' => null], $denied],
[true, false, null, [], ['api' => null], $denied],
[false, true, "", [], ['api' => null], $denied],
[false, false, "", [], ['api' => null], $denied],
[true, true, "", [], ['api' => null], $denied],
[true, false, "", [], ['api' => null], $denied],
[false, true, null, [], ['api' => null, 'api_key' => "validToken"], $failure],
[false, false, null, [], ['api' => null, 'api_key' => "validToken"], $failure],
[true, true, null, [], ['api' => null, 'api_key' => "validToken"], $denied],
[true, false, null, [], ['api' => null, 'api_key' => "validToken"], $denied],
[false, true, null, ['api_key' => "validToken"], ['api' => null], $success],
[false, false, null, ['api_key' => "validToken"], ['api' => null], $success],
[true, true, null, ['api_key' => "validToken"], ['api' => null], $denied],
[true, false, null, ['api_key' => "validToken"], ['api' => null], $denied],
[false, true, "", ['api_key' => "validToken"], ['api' => null], $denied],
[false, false, "", ['api_key' => "validToken"], ['api' => null], $denied],
[true, true, "", ['api_key' => "validToken"], ['api' => null], $denied],
[true, false, "", ['api_key' => "validToken"], ['api' => null], $denied],
[false, true, "validUser", ['api_key' => "validToken"], ['api' => null], $success],
[false, false, "validUser", ['api_key' => "validToken"], ['api' => null], $success],
[true, true, "validUser", ['api_key' => "validToken"], ['api' => null], $success],
[true, false, "validUser", ['api_key' => "validToken"], ['api' => null], $success],
[false, true, null, ['api_key' => "invalidToken"], ['api' => null], $failure],
[false, false, null, ['api_key' => "invalidToken"], ['api' => null], $failure],
[true, true, null, ['api_key' => "invalidToken"], ['api' => null], $denied],
[true, false, null, ['api_key' => "invalidToken"], ['api' => null], $denied],
[false, true, "", ['api_key' => "invalidToken"], ['api' => null], $denied],
[false, false, "", ['api_key' => "invalidToken"], ['api' => null], $denied],
[true, true, "", ['api_key' => "invalidToken"], ['api' => null], $denied],
[true, false, "", ['api_key' => "invalidToken"], ['api' => null], $denied],
[false, true, "validUser", ['api_key' => "invalidToken"], ['api' => null], $failure],
[false, false, "validUser", ['api_key' => "invalidToken"], ['api' => null], $success],
[true, true, "validUser", ['api_key' => "invalidToken"], ['api' => null], $failure],
[true, false, "validUser", ['api_key' => "invalidToken"], ['api' => null], $success],
]; ];
} }
} }