From acdf7965ea9a9ca82392d2b167e5db1478f9b80b Mon Sep 17 00:00:00 2001 From: AVMG20 Date: Thu, 10 Jun 2021 19:17:03 +0200 Subject: [PATCH] API authorization and Testing WIP --- app/Http/Middleware/ApiAuthToken.php | 3 + database/factories/ApplicationApiFactory.php | 2 +- phpunit.xml | 3 + tests/Feature/TestApiAuthorization.php | 78 ++++++++++++++++++++ tests/Unit/testUserCommand.php | 2 - 5 files changed, 85 insertions(+), 3 deletions(-) create mode 100644 tests/Feature/TestApiAuthorization.php diff --git a/app/Http/Middleware/ApiAuthToken.php b/app/Http/Middleware/ApiAuthToken.php index 2e556538..8063e2ef 100644 --- a/app/Http/Middleware/ApiAuthToken.php +++ b/app/Http/Middleware/ApiAuthToken.php @@ -17,8 +17,11 @@ class ApiAuthToken */ public function handle(Request $request, Closure $next) { + if (empty($request->bearerToken())) return response()->json(['message' => 'Missing Authorization header'], 403); + $token = ApplicationApi::find($request->bearerToken()); if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401); + $token->updateLastUsed(); return $next($request); } diff --git a/database/factories/ApplicationApiFactory.php b/database/factories/ApplicationApiFactory.php index e53ba4e5..13c666db 100644 --- a/database/factories/ApplicationApiFactory.php +++ b/database/factories/ApplicationApiFactory.php @@ -22,7 +22,7 @@ class ApplicationApiFactory extends Factory public function definition() { return [ - // + 'memo' => $this->faker->word() ]; } } diff --git a/phpunit.xml b/phpunit.xml index 560bc50e..1581b598 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -8,6 +8,9 @@ tests/Unit + + tests/Feature + diff --git a/tests/Feature/TestApiAuthorization.php b/tests/Feature/TestApiAuthorization.php new file mode 100644 index 00000000..95feaecd --- /dev/null +++ b/tests/Feature/TestApiAuthorization.php @@ -0,0 +1,78 @@ +withHeaders([ + 'Accept' => 'application/json', + ])->{$method}($route); + + $response->assertStatus(403); + $response->assertJson(['message' => 'Missing Authorization header']); + } + + + /** + * A basic feature test example. + * @dataProvider ApiRoutesThatRequireAuthorization + * @return void + */ + public function test_api_route_with_auth_headers_but_invalid_token(string $method, string $route) + { + $response = $this->withHeaders([ + 'Accept' => 'application/json', + 'Authorization' => 'Bearer ' . Str::random(48) + ])->{$method}($route); + + $response->assertStatus(401); + $response->assertJson(['message' => 'Invalid Authorization token']); + } + + /** + * A basic feature test example. + * @dataProvider ApiRoutesThatRequireAuthorization + * @return void + */ + public function test_api_route_with_valid_auth_headers(string $method, string $route) + { + $applicationApi = ApplicationApi::factory()->create(); + + $response = $this->withHeaders([ + 'Accept' => 'application/json', + 'Authorization' => 'Bearer ' . $applicationApi->token + ])->{$method}($route); + + $response->assertStatus(200); + } + + public function ApiRoutesThatRequireAuthorization(): array + { + return [ + 'List Users' => [ + 'method' => 'get', + 'route' => '/api/users', + ], + 'List Servers' => [ + 'method' => 'get', + 'route' => '/api/servers', + ] + ]; + } +} diff --git a/tests/Unit/testUserCommand.php b/tests/Unit/testUserCommand.php index 7abe78d9..fa429e46 100644 --- a/tests/Unit/testUserCommand.php +++ b/tests/Unit/testUserCommand.php @@ -3,9 +3,7 @@ namespace Tests\Unit; use App\Classes\Pterodactyl; -use Illuminate\Foundation\Auth\User; use Illuminate\Foundation\Testing\DatabaseTransactions; -use Illuminate\Support\Facades\DB; use Tests\TestCase; class testUserCommand extends TestCase