shlink/module/Rest/test-api/Middleware/AuthenticationTest.php
2019-02-17 20:28:34 +01:00

57 lines
2.0 KiB
PHP

<?php
declare(strict_types=1);
namespace ShlinkioApiTest\Shlink\Rest\Middleware;
use Shlinkio\Shlink\Rest\Authentication\Plugin\ApiKeyHeaderPlugin;
use Shlinkio\Shlink\Rest\Authentication\RequestToHttpAuthPlugin;
use Shlinkio\Shlink\Rest\Util\RestUtils;
use ShlinkioTest\Shlink\Common\ApiTest\ApiTestCase;
use function implode;
use function sprintf;
class AuthenticationTest extends ApiTestCase
{
/** @test */
public function authorizationErrorIsReturnedIfNoApiKeyIsSent(): void
{
$resp = $this->callApi(self::METHOD_GET, '/short-codes');
['error' => $error, 'message' => $message] = $this->getJsonResponsePayload($resp);
$this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
$this->assertEquals(RestUtils::INVALID_AUTHORIZATION_ERROR, $error);
$this->assertEquals(
sprintf(
'Expected one of the following authentication headers, but none were provided, ["%s"]',
implode('", "', RequestToHttpAuthPlugin::SUPPORTED_AUTH_HEADERS)
),
$message
);
}
/**
* @test
* @dataProvider provideInvalidApiKeys
*/
public function apiKeyErrorIsReturnedWhenProvidedApiKeyIsInvalid(string $apiKey): void
{
$resp = $this->callApi(self::METHOD_GET, '/short-codes', [
'headers' => [
ApiKeyHeaderPlugin::HEADER_NAME => $apiKey,
],
]);
['error' => $error, 'message' => $message] = $this->getJsonResponsePayload($resp);
$this->assertEquals(self::STATUS_UNAUTHORIZED, $resp->getStatusCode());
$this->assertEquals(RestUtils::INVALID_API_KEY_ERROR, $error);
$this->assertEquals('Provided API key does not exist or is invalid.', $message);
}
public function provideInvalidApiKeys(): iterable
{
yield 'key which does not exist' => ['invalid'];
yield 'key which is expired' => ['expired_api_key'];
yield 'key which is disabled' => ['disabled_api_key'];
}
}