pluginManager = $this->prophesize(AuthenticationPluginManagerInterface::class); $this->middleware = new AuthenticationMiddleware($this->pluginManager->reveal(), Translator::factory([]), [ AuthenticateAction::class, ]); } /** * @test * @dataProvider provideWhitelistedRequests */ public function someWhiteListedSituationsFallbackToNextMiddleware(ServerRequestInterface $request) { $handler = $this->prophesize(RequestHandlerInterface::class); $handle = $handler->handle($request)->willReturn(new Response()); $fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn( $this->prophesize(AuthenticationPluginInterface::class)->reveal() ); $this->middleware->process($request, $handler->reveal()); $handle->shouldHaveBeenCalledTimes(1); $fromRequest->shouldNotHaveBeenCalled(); } public function provideWhitelistedRequests(): array { $dummyMiddleware = $this->getDummyMiddleware(); return [ 'with no route result' => [ServerRequestFactory::fromGlobals()], 'with failure route result' => [ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRouteFailure([RequestMethodInterface::METHOD_GET]) )], 'with whitelisted route' => [ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRoute( new Route('foo', $dummyMiddleware, Route::HTTP_METHOD_ANY, AuthenticateAction::class) ) )], 'with OPTIONS method' => [ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $dummyMiddleware), []) )->withMethod(RequestMethodInterface::METHOD_OPTIONS)], ]; } /** * @test * @dataProvider provideExceptions */ public function errorIsReturnedWhenNoValidAuthIsProvided($e) { $authToken = 'ABC-abc'; $request = ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []) )->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken); $fromRequest = $this->pluginManager->fromRequest(Argument::any())->willThrow($e); /** @var Response\JsonResponse $response */ $response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal()); $payload = $response->getPayload(); $this->assertEquals(RestUtils::INVALID_AUTHORIZATION_ERROR, $payload['error']); $this->assertEquals(sprintf( 'Expected one of the following authentication headers, but none were provided, ["%s"]', implode('", "', AuthenticationPluginManager::SUPPORTED_AUTH_HEADERS) ), $payload['message']); $fromRequest->shouldHaveBeenCalledTimes(1); } public function provideExceptions(): array { return [ [new class extends Exception implements ContainerExceptionInterface { }], [NoAuthenticationException::fromExpectedTypes([])], ]; } /** * @test */ public function errorIsReturnedWhenVerificationFails() { $authToken = 'ABC-abc'; $request = ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []) )->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken); $plugin = $this->prophesize(AuthenticationPluginInterface::class); $verify = $plugin->verify($request)->willThrow( VerifyAuthenticationException::withError('the_error', 'the_message') ); $fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn($plugin->reveal()); /** @var Response\JsonResponse $response */ $response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal()); $payload = $response->getPayload(); $this->assertEquals('the_error', $payload['error']); $this->assertEquals('the_message', $payload['message']); $verify->shouldHaveBeenCalledTimes(1); $fromRequest->shouldHaveBeenCalledTimes(1); } /** * @test */ public function updatedResponseIsReturnedWhenVerificationPasses() { $authToken = 'ABC-abc'; $newResponse = new Response(); $request = ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []) )->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken); $plugin = $this->prophesize(AuthenticationPluginInterface::class); $verify = $plugin->verify($request)->will(function () { }); $update = $plugin->update($request, Argument::type(ResponseInterface::class))->willReturn($newResponse); $fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn($plugin->reveal()); $handler = $this->prophesize(RequestHandlerInterface::class); $handle = $handler->handle($request)->willReturn(new Response()); $response = $this->middleware->process($request, $handler->reveal()); $this->assertSame($response, $newResponse); $verify->shouldHaveBeenCalledTimes(1); $update->shouldHaveBeenCalledTimes(1); $handle->shouldHaveBeenCalledTimes(1); $fromRequest->shouldHaveBeenCalledTimes(1); } private function getDummyMiddleware(): MiddlewareInterface { return middleware(function () { return new Response\EmptyResponse(); }); } }