mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 13:12:41 +00:00
First authentication test for Fever
This commit is contained in:
parent
b02c910b1e
commit
d59223bbcb
4 changed files with 121 additions and 4 deletions
|
@ -20,7 +20,7 @@ use JKingWeb\Arsse\REST\Exception404;
|
|||
use JKingWeb\Arsse\REST\Exception405;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Zend\Diactoros\Response\JsonResponse as Response;
|
||||
use Zend\Diactoros\Response\JsonResponse;
|
||||
use Zend\Diactoros\Response\EmptyResponse;
|
||||
|
||||
class API extends \JKingWeb\Arsse\REST\AbstractHandler {
|
||||
|
@ -31,7 +31,8 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
|
|||
|
||||
public function dispatch(ServerRequestInterface $req): ResponseInterface {
|
||||
$inR = $req->getQueryParams();
|
||||
if (!array_key_exists("api")) {
|
||||
$inW = $req->getParsedBody();
|
||||
if (!array_key_exists("api", $inR)) {
|
||||
// the original would have shown the Fever UI in the absence of the "api" parameter, but we'll return 404
|
||||
return new EmptyResponse(404);
|
||||
}
|
||||
|
@ -44,7 +45,6 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
|
|||
if (strlen($req->getHeaderLine("Content-Type")) && $req->getHeaderLine("Content-Type") !== "application/x-www-form-urlencoded") {
|
||||
return new EmptyResponse(415, ['Accept' => "application/x-www-form-urlencoded"]);
|
||||
}
|
||||
$inW = $req->getParsedBody();
|
||||
$out = [
|
||||
'api_version' => self::LEVEL,
|
||||
'auth' => 0,
|
||||
|
@ -80,7 +80,7 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
|
|||
}
|
||||
try {
|
||||
// verify the supplied hash is valid
|
||||
$s = Arsse::$db->TokenLookup($id, "fever.login");
|
||||
$s = Arsse::$db->TokenLookup("fever.login", $hash);
|
||||
} catch (\JKingWeb\Arsse\Db\ExceptionInput $e) {
|
||||
return false;
|
||||
}
|
||||
|
|
13
tests/cases/REST/Fever/PDO/TestAPI.php
Normal file
13
tests/cases/REST/Fever/PDO/TestAPI.php
Normal file
|
@ -0,0 +1,13 @@
|
|||
<?php
|
||||
/** @license MIT
|
||||
* Copyright 2017 J. King, Dustin Wilson et al.
|
||||
* See LICENSE and AUTHORS files for details */
|
||||
|
||||
declare(strict_types=1);
|
||||
namespace JKingWeb\Arsse\TestCase\REST\Fever\PDO;
|
||||
|
||||
/** @covers \JKingWeb\Arsse\REST\Fever\API<extended>
|
||||
* @group optional */
|
||||
class TestAPI extends \JKingWeb\Arsse\TestCase\REST\Fever\TestAPI {
|
||||
use \JKingWeb\Arsse\Test\PDOTest;
|
||||
}
|
100
tests/cases/REST/Fever/TestAPI.php
Normal file
100
tests/cases/REST/Fever/TestAPI.php
Normal file
|
@ -0,0 +1,100 @@
|
|||
<?php
|
||||
/** @license MIT
|
||||
* Copyright 2017 J. King, Dustin Wilson et al.
|
||||
* See LICENSE and AUTHORS files for details */
|
||||
|
||||
declare(strict_types=1);
|
||||
namespace JKingWeb\Arsse\TestCase\REST\Fever;
|
||||
|
||||
use JKingWeb\Arsse\Arsse;
|
||||
use JKingWeb\Arsse\Conf;
|
||||
use JKingWeb\Arsse\User;
|
||||
use JKingWeb\Arsse\Database;
|
||||
use JKingWeb\Arsse\Service;
|
||||
use JKingWeb\Arsse\REST\Request;
|
||||
use JKingWeb\Arsse\Test\Result;
|
||||
use JKingWeb\Arsse\Misc\Date;
|
||||
use JKingWeb\Arsse\Context\Context;
|
||||
use JKingWeb\Arsse\Db\ExceptionInput;
|
||||
use JKingWeb\Arsse\Db\Transaction;
|
||||
use JKingWeb\Arsse\REST\Fever\API;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
use Zend\Diactoros\Response\JsonResponse;
|
||||
use Zend\Diactoros\Response\EmptyResponse;
|
||||
use Phake;
|
||||
|
||||
/** @covers \JKingWeb\Arsse\REST\Fever\API<extended> */
|
||||
class TestAPI extends \JKingWeb\Arsse\Test\AbstractTest {
|
||||
|
||||
protected function v($value) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
protected function req($dataGet, $dataPost, string $method = "POST", string $type = null, string $url = "", string $user = null): ResponseInterface {
|
||||
$url = "/fever/".$url;
|
||||
$server = [
|
||||
'REQUEST_METHOD' => $method,
|
||||
'REQUEST_URI' => $url,
|
||||
'HTTP_CONTENT_TYPE' => $type ?? "application/x-www-form-urlencoded",
|
||||
];
|
||||
$req = new ServerRequest($server, [], $url, $method, "php://memory");
|
||||
if (is_array($dataGet)) {
|
||||
$req = $req->withRequestTarget($url)->withQueryParams($dataGet);
|
||||
} else {
|
||||
$req = $req->withRequestTarget($url."?".http_build_query((string) $dataGet, "", "&", \PHP_QUERY_RFC3986));
|
||||
}
|
||||
if (is_array($dataPost)) {
|
||||
$req = $req->withParsedBody($dataPost);
|
||||
} else {
|
||||
$body = $req->getBody();
|
||||
$body->write($strData);
|
||||
$req = $req->withBody($body);
|
||||
}
|
||||
if (isset($user)) {
|
||||
if (strlen($user)) {
|
||||
$req = $req->withAttribute("authenticated", true)->withAttribute("authenticatedUser", $user);
|
||||
} else {
|
||||
$req = $req->withAttribute("authenticationFailed", true);
|
||||
}
|
||||
}
|
||||
return $this->h->dispatch($req);
|
||||
}
|
||||
|
||||
public function setUp() {
|
||||
self::clearData();
|
||||
self::setConf();
|
||||
// create a mock user manager
|
||||
Arsse::$user = Phake::mock(User::class);
|
||||
Phake::when(Arsse::$user)->auth->thenReturn(true);
|
||||
Arsse::$user->id = "john.doe@example.com";
|
||||
// create a mock database interface
|
||||
Arsse::$db = Phake::mock(Database::class);
|
||||
Phake::when(Arsse::$db)->begin->thenReturn(Phake::mock(Transaction::class));
|
||||
// instantiate the handler
|
||||
$this->h = new API();
|
||||
}
|
||||
|
||||
public function tearDown() {
|
||||
self::clearData();
|
||||
}
|
||||
|
||||
/** @dataProvider provideAuthenticationRequests */
|
||||
public function testAuthenticateAUser(bool $httpRequired, bool $tokenEnforced, string $httpUser = null, array $dataPost, array $dataGet, bool $success) {
|
||||
self::setConf([
|
||||
'userHTTPAuthRequired' => $httpRequired,
|
||||
'userSessionEnforced' => $tokenEnforced,
|
||||
], true);
|
||||
\Phake::when(Arsse::$db)->tokenLookup->thenThrow(new ExceptionInput("subjectMissing"));
|
||||
\Phake::when(Arsse::$db)->tokenLookup("fever.login", "validtoken")->thenReturn(['user' => "jane.doe@example.com"]);
|
||||
$exp = new JsonResponse($success ? ['api_version' => API::LEVEL, 'auth' => 1] : ['api_version' => API::LEVEL, 'auth' => 0]);
|
||||
$act = $this->req($dataGet, $dataPost, "POST", null, "", $httpUser);
|
||||
$this->assertMessage($exp, $act);
|
||||
}
|
||||
|
||||
public function provideAuthenticationRequests() {
|
||||
return [
|
||||
[false, true, null, ['api_key' => "validToken"], ['api' => null], true],
|
||||
];
|
||||
}
|
||||
}
|
|
@ -104,6 +104,10 @@
|
|||
<file>cases/REST/TinyTinyRSS/TestIcon.php</file>
|
||||
<file>cases/REST/TinyTinyRSS/PDO/TestAPI.php</file>
|
||||
</testsuite>
|
||||
<testsuite name="Fever">
|
||||
<file>cases/REST/Fever/TestAPI.php</file>
|
||||
<file>cases/REST/Fever/PDO/TestAPI.php</file>
|
||||
</testsuite>
|
||||
<testsuite name="Admin tools">
|
||||
<file>cases/Service/TestService.php</file>
|
||||
<file>cases/CLI/TestCLI.php</file>
|
||||
|
|
Loading…
Reference in a new issue