beenull/ctrlpanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

API authorization and Testing WIP

Browse source
This commit is contained in:
AVMG20 2021-06-10 19:17:03 +02:00
parent 2773e4a26a
commit acdf7965ea
5 changed files with 85 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Middleware/ApiAuthToken.php
View file

@ -17,8 +17,11 @@ class ApiAuthToken
*/ */
public function handle(Request $request, Closure $next) public function handle(Request $request, Closure $next)
{ {
if (empty($request->bearerToken())) return response()->json(['message' => 'Missing Authorization header'], 403);
$token = ApplicationApi::find($request->bearerToken()); $token = ApplicationApi::find($request->bearerToken());
if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401); if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401);
$token->updateLastUsed(); $token->updateLastUsed();
return $next($request); return $next($request);
} }

2
database/factories/ApplicationApiFactory.php
View file

@ -22,7 +22,7 @@ class ApplicationApiFactory extends Factory
public function definition() public function definition()
{ {
return [ return [
// 'memo' => $this->faker->word()
]; ];
} }
} }

3
phpunit.xml
View file

@ -8,6 +8,9 @@
<testsuite name="Unit"> <testsuite name="Unit">
<directory suffix=".php">tests/Unit</directory> <directory suffix=".php">tests/Unit</directory>
</testsuite> </testsuite>
<testsuite name="Feature">
<directory suffix=".php">tests/Feature</directory>
</testsuite>
</testsuites> </testsuites>
<coverage processUncoveredFiles="true"> <coverage processUncoveredFiles="true">
<include> <include>

78
tests/Feature/TestApiAuthorization.php Normal file
View file

@ -0,0 +1,78 @@
<?php
namespace Tests\Feature;
use App\Models\ApplicationApi;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Illuminate\Support\Str;
use Tests\TestCase;
class TestApiAuthorization extends TestCase
{
use DatabaseTransactions;
/**
* A basic feature test example.
* @dataProvider ApiRoutesThatRequireAuthorization
* @return void
* @test
*/
public function test_api_route_without_auth_headers(string $method, string $route)
{
$response = $this->withHeaders([
'Accept' => 'application/json',
])->{$method}($route);
$response->assertStatus(403);
$response->assertJson(['message' => 'Missing Authorization header']);
}
/**
* A basic feature test example.
* @dataProvider ApiRoutesThatRequireAuthorization
* @return void
*/
public function test_api_route_with_auth_headers_but_invalid_token(string $method, string $route)
{
$response = $this->withHeaders([
'Accept' => 'application/json',
'Authorization' => 'Bearer ' . Str::random(48)
])->{$method}($route);
$response->assertStatus(401);
$response->assertJson(['message' => 'Invalid Authorization token']);
}
/**
* A basic feature test example.
* @dataProvider ApiRoutesThatRequireAuthorization
* @return void
*/
public function test_api_route_with_valid_auth_headers(string $method, string $route)
{
$applicationApi = ApplicationApi::factory()->create();
$response = $this->withHeaders([
'Accept' => 'application/json',
'Authorization' => 'Bearer ' . $applicationApi->token
])->{$method}($route);
$response->assertStatus(200);
}
public function ApiRoutesThatRequireAuthorization(): array
{
return [
'List Users' => [
'method' => 'get',
'route' => '/api/users',
],
'List Servers' => [
'method' => 'get',
'route' => '/api/servers',
]
];
}
}

2
tests/Unit/testUserCommand.php
View file

@ -3,9 +3,7 @@
namespace Tests\Unit; namespace Tests\Unit;
use App\Classes\Pterodactyl; use App\Classes\Pterodactyl;
use Illuminate\Foundation\Auth\User;
use Illuminate\Foundation\Testing\DatabaseTransactions; use Illuminate\Foundation\Testing\DatabaseTransactions;
use Illuminate\Support\Facades\DB;
use Tests\TestCase; use Tests\TestCase;
class testUserCommand extends TestCase class testUserCommand extends TestCase