shlink/module/Rest/test-api/Middleware/AuthenticationTest.php

71 lines
2.6 KiB
PHP
Raw Normal View History

2019-01-26 03:19:20 -06:00
<?php
2019-10-05 10:26:10 -05:00
2019-01-26 03:19:20 -06:00
declare(strict_types=1);
namespace ShlinkioApiTest\Shlink\Rest\Middleware;
2019-08-11 09:30:46 -05:00
use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;
use function sprintf;
2019-01-26 03:19:20 -06:00
class AuthenticationTest extends ApiTestCase
{
/**
* @test
* @dataProvider provideApiVersions
*/
public function authorizationErrorIsReturnedIfNoApiKeyIsSent(string $version, string $expectedType): void
2019-01-26 03:19:20 -06:00
{
$expectedDetail = 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided';
$resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version));
$payload = $this->getJsonResponsePayload($resp);
2019-01-26 03:19:20 -06:00
2020-10-03 17:35:14 -05:00
self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
self::assertEquals($expectedType, $payload['type']);
2020-10-03 17:35:14 -05:00
self::assertEquals($expectedDetail, $payload['detail']);
self::assertEquals('Invalid authorization', $payload['title']);
2019-01-27 03:54:04 -06:00
}
public function provideApiVersions(): iterable
{
yield 'version 1' => ['1', 'INVALID_AUTHORIZATION'];
yield 'version 2' => ['2', 'INVALID_AUTHORIZATION'];
yield 'version 3' => ['3', 'https://shlink.io/api/error/missing-authentication'];
}
2019-01-27 03:54:04 -06:00
/**
* @test
2019-01-27 05:14:18 -06:00
* @dataProvider provideInvalidApiKeys
2019-01-27 03:54:04 -06:00
*/
public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(
string $apiKey,
string $version,
string $expectedType,
): void {
$expectedDetail = 'Provided API key does not exist or is invalid.';
$resp = $this->callApi(self::METHOD_GET, sprintf('/rest/v%s/short-urls', $version), [
'headers' => [
'X-Api-Key' => $apiKey,
],
]);
$payload = $this->getJsonResponsePayload($resp);
2019-01-27 03:54:04 -06:00
2020-10-03 17:35:14 -05:00
self::assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
self::assertEquals(self::STATUS_UNAUTHORIZED, $payload['status']);
self::assertEquals($expectedType, $payload['type']);
2020-10-03 17:35:14 -05:00
self::assertEquals($expectedDetail, $payload['detail']);
self::assertEquals('Invalid API key', $payload['title']);
2019-01-26 03:19:20 -06:00
}
2019-01-27 05:14:18 -06:00
2019-02-17 13:28:34 -06:00
public function provideInvalidApiKeys(): iterable
2019-01-27 05:14:18 -06:00
{
yield 'key which does not exist' => ['invalid', '2', 'INVALID_API_KEY'];
yield 'key which is expired' => ['expired_api_key', '2', 'INVALID_API_KEY'];
yield 'key which is disabled' => ['disabled_api_key', '2', 'INVALID_API_KEY'];
yield 'version 3' => ['disabled_api_key', '3', 'https://shlink.io/api/error/invalid-api-key'];
2019-01-27 05:14:18 -06:00
}
2019-01-26 03:19:20 -06:00
}