API authorization and Testing WIP

This commit is contained in:
AVMG20 2021-06-10 19:17:03 +02:00
parent 2773e4a26a
commit acdf7965ea
5 changed files with 85 additions and 3 deletions

View file

@ -17,8 +17,11 @@ class ApiAuthToken
*/
public function handle(Request $request, Closure $next)
{
if (empty($request->bearerToken())) return response()->json(['message' => 'Missing Authorization header'], 403);
$token = ApplicationApi::find($request->bearerToken());
if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401);
$token->updateLastUsed();
return $next($request);
}

View file

@ -22,7 +22,7 @@ class ApplicationApiFactory extends Factory
public function definition()
{
return [
//
'memo' => $this->faker->word()
];
}
}

View file

@ -8,6 +8,9 @@
<testsuite name="Unit">
<directory suffix=".php">tests/Unit</directory>
</testsuite>
<testsuite name="Feature">
<directory suffix=".php">tests/Feature</directory>
</testsuite>
</testsuites>
<coverage processUncoveredFiles="true">
<include>

View file

@ -0,0 +1,78 @@
<?php
namespace Tests\Feature;
use App\Models\ApplicationApi;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Illuminate\Support\Str;
use Tests\TestCase;
class TestApiAuthorization extends TestCase
{
use DatabaseTransactions;
/**
* A basic feature test example.
* @dataProvider ApiRoutesThatRequireAuthorization
* @return void
* @test
*/
public function test_api_route_without_auth_headers(string $method, string $route)
{
$response = $this->withHeaders([
'Accept' => 'application/json',
])->{$method}($route);
$response->assertStatus(403);
$response->assertJson(['message' => 'Missing Authorization header']);
}
/**
* A basic feature test example.
* @dataProvider ApiRoutesThatRequireAuthorization
* @return void
*/
public function test_api_route_with_auth_headers_but_invalid_token(string $method, string $route)
{
$response = $this->withHeaders([
'Accept' => 'application/json',
'Authorization' => 'Bearer ' . Str::random(48)
])->{$method}($route);
$response->assertStatus(401);
$response->assertJson(['message' => 'Invalid Authorization token']);
}
/**
* A basic feature test example.
* @dataProvider ApiRoutesThatRequireAuthorization
* @return void
*/
public function test_api_route_with_valid_auth_headers(string $method, string $route)
{
$applicationApi = ApplicationApi::factory()->create();
$response = $this->withHeaders([
'Accept' => 'application/json',
'Authorization' => 'Bearer ' . $applicationApi->token
])->{$method}($route);
$response->assertStatus(200);
}
public function ApiRoutesThatRequireAuthorization(): array
{
return [
'List Users' => [
'method' => 'get',
'route' => '/api/users',
],
'List Servers' => [
'method' => 'get',
'route' => '/api/servers',
]
];
}
}

View file

@ -3,9 +3,7 @@
namespace Tests\Unit;
use App\Classes\Pterodactyl;
use Illuminate\Foundation\Auth\User;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Illuminate\Support\Facades\DB;
use Tests\TestCase;
class testUserCommand extends TestCase