2016-12-15 10:13:00 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Shaarli\Api;
|
|
|
|
|
2020-01-17 21:34:12 +01:00
|
|
|
use Shaarli\Bookmark\Bookmark;
|
2018-12-03 00:16:10 +01:00
|
|
|
use Shaarli\Http\Base64Url;
|
2017-01-04 11:41:05 +01:00
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
/**
|
|
|
|
* Class ApiUtilsTest
|
|
|
|
*/
|
2020-09-29 14:41:40 +02:00
|
|
|
class ApiUtilsTest extends \Shaarli\TestCase
|
2016-12-15 10:13:00 +01:00
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Force the timezone for ISO datetimes.
|
|
|
|
*/
|
2020-09-26 15:08:39 +02:00
|
|
|
public static function setUpBeforeClass(): void
|
2016-12-15 10:13:00 +01:00
|
|
|
{
|
|
|
|
date_default_timezone_set('UTC');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generate a valid JWT token.
|
|
|
|
*
|
|
|
|
* @param string $secret API secret used to generate the signature.
|
|
|
|
*
|
|
|
|
* @return string Generated token.
|
|
|
|
*/
|
|
|
|
public static function generateValidJwtToken($secret)
|
|
|
|
{
|
2017-01-04 11:41:05 +01:00
|
|
|
$header = Base64Url::encode('{
|
2016-12-15 10:13:00 +01:00
|
|
|
"typ": "JWT",
|
|
|
|
"alg": "HS512"
|
|
|
|
}');
|
2017-01-04 11:41:05 +01:00
|
|
|
$payload = Base64Url::encode('{
|
2021-04-05 09:39:34 +02:00
|
|
|
"iat": ' . time() . '
|
2016-12-15 10:13:00 +01:00
|
|
|
}');
|
2021-04-05 09:39:34 +02:00
|
|
|
$signature = Base64Url::encode(hash_hmac('sha512', $header . '.' . $payload, $secret, true));
|
|
|
|
return $header . '.' . $payload . '.' . $signature;
|
2016-12-15 10:13:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generate a JWT token from given header and payload.
|
|
|
|
*
|
|
|
|
* @param string $header Header in JSON format.
|
|
|
|
* @param string $payload Payload in JSON format.
|
|
|
|
* @param string $secret API secret used to hash the signature.
|
|
|
|
*
|
|
|
|
* @return string JWT token.
|
|
|
|
*/
|
|
|
|
public static function generateCustomJwtToken($header, $payload, $secret)
|
|
|
|
{
|
2017-01-04 11:41:05 +01:00
|
|
|
$header = Base64Url::encode($header);
|
|
|
|
$payload = Base64Url::encode($payload);
|
|
|
|
$signature = Base64Url::encode(hash_hmac('sha512', $header . '.' . $payload, $secret, true));
|
2016-12-15 10:13:00 +01:00
|
|
|
return $header . '.' . $payload . '.' . $signature;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a valid JWT token.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenValid()
|
|
|
|
{
|
|
|
|
$secret = 'WarIsPeace';
|
2019-08-10 12:31:32 +02:00
|
|
|
$this->assertTrue(ApiUtils::validateJwtToken(self::generateValidJwtToken($secret), $secret));
|
2016-12-15 10:13:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a malformed JWT token.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenMalformed()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Malformed JWT token');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = 'ABC.DEF';
|
|
|
|
ApiUtils::validateJwtToken($token, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with an empty JWT token.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenMalformedEmpty()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Malformed JWT token');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = false;
|
|
|
|
ApiUtils::validateJwtToken($token, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token without header.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenMalformedEmptyHeader()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Malformed JWT token');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = '.payload.signature';
|
|
|
|
ApiUtils::validateJwtToken($token, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token without payload
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenMalformedEmptyPayload()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Malformed JWT token');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = 'header..signature';
|
|
|
|
ApiUtils::validateJwtToken($token, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token with an empty signature.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidSignatureEmpty()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT signature');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = 'header.payload.';
|
|
|
|
ApiUtils::validateJwtToken($token, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token with an invalid signature.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidSignature()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT signature');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = 'header.payload.nope';
|
|
|
|
ApiUtils::validateJwtToken($token, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token with a signature generated with the wrong API secret.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidSignatureSecret()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT signature');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
ApiUtils::validateJwtToken(self::generateValidJwtToken('foo'), 'bar');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token with a an invalid header (not JSON).
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidHeader()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT header');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = $this->generateCustomJwtToken('notJSON', '{"JSON":1}', 'secret');
|
|
|
|
ApiUtils::validateJwtToken($token, 'secret');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token with a an invalid payload (not JSON).
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidPayload()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT payload');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = $this->generateCustomJwtToken('{"JSON":1}', 'notJSON', 'secret');
|
|
|
|
ApiUtils::validateJwtToken($token, 'secret');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token without issued time.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidTimeEmpty()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT issued time');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = $this->generateCustomJwtToken('{"JSON":1}', '{"JSON":1}', 'secret');
|
|
|
|
ApiUtils::validateJwtToken($token, 'secret');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with an expired JWT token.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidTimeExpired()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT issued time');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() - 600) . '}', 'secret');
|
|
|
|
ApiUtils::validateJwtToken($token, 'secret');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test validateJwtToken() with a JWT token issued in the future.
|
|
|
|
*/
|
|
|
|
public function testValidateJwtTokenInvalidTimeFuture()
|
|
|
|
{
|
2020-09-27 14:07:08 +02:00
|
|
|
$this->expectException(\Shaarli\Api\Exceptions\ApiAuthorizationException::class);
|
|
|
|
$this->expectExceptionMessage('Invalid JWT issued time');
|
|
|
|
|
2016-12-15 10:13:00 +01:00
|
|
|
$token = $this->generateCustomJwtToken('{"JSON":1}', '{"iat":' . (time() + 60) . '}', 'secret');
|
|
|
|
ApiUtils::validateJwtToken($token, 'secret');
|
|
|
|
}
|
2016-12-22 14:36:45 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Test formatLink() with a link using all useful fields.
|
|
|
|
*/
|
|
|
|
public function testFormatLinkComplete()
|
|
|
|
{
|
|
|
|
$indexUrl = 'https://domain.tld/sub/';
|
2020-01-17 21:34:12 +01:00
|
|
|
$data = [
|
2016-12-22 14:36:45 +01:00
|
|
|
'id' => 12,
|
|
|
|
'url' => 'http://lol.lol',
|
|
|
|
'shorturl' => 'abc',
|
|
|
|
'title' => 'Important Title',
|
|
|
|
'description' => 'It is very lol<tag>' . PHP_EOL . 'new line',
|
|
|
|
'tags' => 'blip .blop ',
|
|
|
|
'private' => '1',
|
|
|
|
'created' => \DateTime::createFromFormat('Ymd_His', '20170107_160102'),
|
|
|
|
'updated' => \DateTime::createFromFormat('Ymd_His', '20170107_160612'),
|
|
|
|
];
|
2020-01-17 21:34:12 +01:00
|
|
|
$bookmark = new Bookmark();
|
|
|
|
$bookmark->fromArray($data);
|
2016-12-22 14:36:45 +01:00
|
|
|
|
|
|
|
$expected = [
|
|
|
|
'id' => 12,
|
|
|
|
'url' => 'http://lol.lol',
|
|
|
|
'shorturl' => 'abc',
|
|
|
|
'title' => 'Important Title',
|
|
|
|
'description' => 'It is very lol<tag>' . PHP_EOL . 'new line',
|
|
|
|
'tags' => ['blip', '.blop'],
|
|
|
|
'private' => true,
|
|
|
|
'created' => '2017-01-07T16:01:02+00:00',
|
|
|
|
'updated' => '2017-01-07T16:06:12+00:00',
|
|
|
|
];
|
|
|
|
|
2020-01-17 21:34:12 +01:00
|
|
|
$this->assertEquals($expected, ApiUtils::formatLink($bookmark, $indexUrl));
|
2016-12-22 14:36:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test formatLink() with only minimal fields filled, and internal link.
|
|
|
|
*/
|
|
|
|
public function testFormatLinkMinimalNote()
|
|
|
|
{
|
|
|
|
$indexUrl = 'https://domain.tld/sub/';
|
2020-01-17 21:34:12 +01:00
|
|
|
$data = [
|
2016-12-22 14:36:45 +01:00
|
|
|
'id' => 12,
|
|
|
|
'url' => '?abc',
|
|
|
|
'shorturl' => 'abc',
|
|
|
|
'title' => 'Note',
|
|
|
|
'description' => '',
|
|
|
|
'tags' => '',
|
|
|
|
'private' => '',
|
|
|
|
'created' => \DateTime::createFromFormat('Ymd_His', '20170107_160102'),
|
|
|
|
];
|
2020-01-17 21:34:12 +01:00
|
|
|
$bookmark = new Bookmark();
|
|
|
|
$bookmark->fromArray($data);
|
2016-12-22 14:36:45 +01:00
|
|
|
|
|
|
|
$expected = [
|
|
|
|
'id' => 12,
|
|
|
|
'url' => 'https://domain.tld/sub/?abc',
|
|
|
|
'shorturl' => 'abc',
|
|
|
|
'title' => 'Note',
|
|
|
|
'description' => '',
|
|
|
|
'tags' => [],
|
|
|
|
'private' => false,
|
|
|
|
'created' => '2017-01-07T16:01:02+00:00',
|
|
|
|
'updated' => '',
|
|
|
|
];
|
|
|
|
|
2020-01-17 21:34:12 +01:00
|
|
|
$this->assertEquals($expected, ApiUtils::formatLink($bookmark, $indexUrl));
|
2016-12-22 14:36:45 +01:00
|
|
|
}
|
2017-04-01 11:11:25 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Test updateLink with valid data, and also unnecessary fields.
|
|
|
|
*/
|
|
|
|
public function testUpdateLink()
|
|
|
|
{
|
|
|
|
$created = \DateTime::createFromFormat('Ymd_His', '20170107_160102');
|
2020-01-17 21:34:12 +01:00
|
|
|
$data = [
|
2017-04-01 11:11:25 +02:00
|
|
|
'id' => 12,
|
|
|
|
'url' => '?abc',
|
|
|
|
'shorturl' => 'abc',
|
|
|
|
'title' => 'Note',
|
|
|
|
'description' => '',
|
|
|
|
'tags' => '',
|
|
|
|
'private' => '',
|
|
|
|
'created' => $created,
|
|
|
|
];
|
2020-01-17 21:34:12 +01:00
|
|
|
$old = new Bookmark();
|
|
|
|
$old->fromArray($data);
|
2017-04-01 11:11:25 +02:00
|
|
|
|
2020-01-17 21:34:12 +01:00
|
|
|
$data = [
|
2017-04-01 11:11:25 +02:00
|
|
|
'id' => 13,
|
|
|
|
'shorturl' => 'nope',
|
|
|
|
'url' => 'http://somewhere.else',
|
|
|
|
'title' => 'Le Cid',
|
|
|
|
'description' => 'Percé jusques au fond du cœur [...]',
|
|
|
|
'tags' => 'corneille rodrigue',
|
|
|
|
'private' => true,
|
|
|
|
'created' => 'creation',
|
|
|
|
'updated' => 'updation',
|
|
|
|
];
|
2020-01-17 21:34:12 +01:00
|
|
|
$new = new Bookmark();
|
|
|
|
$new->fromArray($data);
|
2017-04-01 11:11:25 +02:00
|
|
|
|
|
|
|
$result = ApiUtils::updateLink($old, $new);
|
2020-01-17 21:34:12 +01:00
|
|
|
$this->assertEquals(12, $result->getId());
|
|
|
|
$this->assertEquals('http://somewhere.else', $result->getUrl());
|
|
|
|
$this->assertEquals('abc', $result->getShortUrl());
|
|
|
|
$this->assertEquals('Le Cid', $result->getTitle());
|
|
|
|
$this->assertEquals('Percé jusques au fond du cœur [...]', $result->getDescription());
|
|
|
|
$this->assertEquals('corneille rodrigue', $result->getTagsString());
|
|
|
|
$this->assertEquals(true, $result->isPrivate());
|
|
|
|
$this->assertEquals($created, $result->getCreated());
|
2017-04-01 11:11:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test updateLink with minimal data.
|
|
|
|
*/
|
|
|
|
public function testUpdateLinkMinimal()
|
|
|
|
{
|
|
|
|
$created = \DateTime::createFromFormat('Ymd_His', '20170107_160102');
|
2020-01-17 21:34:12 +01:00
|
|
|
$data = [
|
2017-04-01 11:11:25 +02:00
|
|
|
'id' => 12,
|
|
|
|
'url' => '?abc',
|
|
|
|
'shorturl' => 'abc',
|
|
|
|
'title' => 'Note',
|
|
|
|
'description' => 'Interesting description!',
|
|
|
|
'tags' => 'doggo',
|
|
|
|
'private' => true,
|
|
|
|
'created' => $created,
|
|
|
|
];
|
2020-01-17 21:34:12 +01:00
|
|
|
$old = new Bookmark();
|
|
|
|
$old->fromArray($data);
|
2017-04-01 11:11:25 +02:00
|
|
|
|
2020-01-17 21:34:12 +01:00
|
|
|
$new = new Bookmark();
|
2017-04-01 11:11:25 +02:00
|
|
|
|
|
|
|
$result = ApiUtils::updateLink($old, $new);
|
2020-01-17 21:34:12 +01:00
|
|
|
$this->assertEquals(12, $result->getId());
|
|
|
|
$this->assertEquals('', $result->getUrl());
|
|
|
|
$this->assertEquals('abc', $result->getShortUrl());
|
|
|
|
$this->assertEquals('', $result->getTitle());
|
|
|
|
$this->assertEquals('', $result->getDescription());
|
|
|
|
$this->assertEquals('', $result->getTagsString());
|
|
|
|
$this->assertEquals(false, $result->isPrivate());
|
|
|
|
$this->assertEquals($created, $result->getCreated());
|
2017-04-01 11:11:25 +02:00
|
|
|
}
|
2016-12-15 10:13:00 +01:00
|
|
|
}
|