API authorization and Testing WIP

2021-06-10 19:17:03 +02:00 · 2021-06-10 19:17:03 +02:00 · acdf7965ea
parent 2773e4a26a
commit acdf7965ea
5 changed files with 85 additions and 3 deletions
--- a/app/Http/Middleware/ApiAuthToken.php
+++ b/app/Http/Middleware/ApiAuthToken.php
@ -17,8 +17,11 @@ class ApiAuthToken
     */
    public function handle(Request $request, Closure $next)
    {
+        if (empty($request->bearerToken())) return response()->json(['message' => 'Missing Authorization header'], 403);
+
        $token = ApplicationApi::find($request->bearerToken());
        if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401);
+
        $token->updateLastUsed();
        return $next($request);
    }
--- a/database/factories/ApplicationApiFactory.php
+++ b/database/factories/ApplicationApiFactory.php
@ -22,7 +22,7 @@ class ApplicationApiFactory extends Factory
    public function definition()
    {
        return [
-            //
+            'memo' => $this->faker->word()
        ];
    }
 }
--- a/phpunit.xml
+++ b/phpunit.xml
@ -8,6 +8,9 @@
        <testsuite name="Unit">
            <directory suffix=".php">tests/Unit</directory>
        </testsuite>
+        <testsuite name="Feature">
+            <directory suffix=".php">tests/Feature</directory>
+        </testsuite>
    </testsuites>
    <coverage processUncoveredFiles="true">
        <include>
--- a/tests/Feature/TestApiAuthorization.php
+++ b/tests/Feature/TestApiAuthorization.php
@ -0,0 +1,78 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\ApplicationApi;
+
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+use Illuminate\Support\Str;
+use Tests\TestCase;
+
+class TestApiAuthorization extends TestCase
+{
+    use DatabaseTransactions;
+
+    /**
+     * A basic feature test example.
+     * @dataProvider ApiRoutesThatRequireAuthorization
+     * @return void
+     * @test
+     */
+    public function test_api_route_without_auth_headers(string $method, string $route)
+    {
+        $response = $this->withHeaders([
+            'Accept' => 'application/json',
+        ])->{$method}($route);
+
+        $response->assertStatus(403);
+        $response->assertJson(['message' => 'Missing Authorization header']);
+    }
+
+
+    /**
+     * A basic feature test example.
+     * @dataProvider ApiRoutesThatRequireAuthorization
+     * @return void
+     */
+    public function test_api_route_with_auth_headers_but_invalid_token(string $method, string $route)
+    {
+        $response = $this->withHeaders([
+            'Accept' => 'application/json',
+            'Authorization' => 'Bearer ' . Str::random(48)
+        ])->{$method}($route);
+
+        $response->assertStatus(401);
+        $response->assertJson(['message' => 'Invalid Authorization token']);
+    }
+
+    /**
+     * A basic feature test example.
+     * @dataProvider ApiRoutesThatRequireAuthorization
+     * @return void
+     */
+    public function test_api_route_with_valid_auth_headers(string $method, string $route)
+    {
+        $applicationApi = ApplicationApi::factory()->create();
+
+        $response = $this->withHeaders([
+            'Accept' => 'application/json',
+            'Authorization' => 'Bearer ' . $applicationApi->token
+        ])->{$method}($route);
+
+        $response->assertStatus(200);
+    }
+
+    public function ApiRoutesThatRequireAuthorization(): array
+    {
+        return [
+            'List Users' => [
+                'method' => 'get',
+                'route' => '/api/users',
+            ],
+            'List Servers' => [
+                'method' => 'get',
+                'route' => '/api/servers',
+            ]
+        ];
+    }
+}
--- a/tests/Unit/testUserCommand.php
+++ b/tests/Unit/testUserCommand.php
@ -3,9 +3,7 @@
 namespace Tests\Unit;

 use App\Classes\Pterodactyl;
-use Illuminate\Foundation\Auth\User;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
-use Illuminate\Support\Facades\DB;
 use Tests\TestCase;

 class testUserCommand extends TestCase