Revert unrelated changes and add unit tests
This commit is contained in:
ArthurHoaro
parent
25cb75552b
commit
255b2264a1
2 changed files with 64 additions and 7 deletions
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
use Shaarli\Api\Exceptions\ApiAuthorizationException;
|
use Shaarli\Api\Exceptions\ApiAuthorizationException;
|
||||||
use Shaarli\Api\Exceptions\ApiException;
|
use Shaarli\Api\Exceptions\ApiException;
|
||||||
|
use Shaarli\Bookmark\BookmarkFileService;
|
||||||
use Shaarli\Config\ConfigManager;
|
use Shaarli\Config\ConfigManager;
|
||||||
use Slim\Container;
|
use Slim\Container;
|
||||||
use Slim\Http\Request;
|
use Slim\Http\Request;
|
||||||
|
|
@ -70,7 +71,14 @@ public function __invoke($request, $response, $next)
|
||||||
$response = $e->getApiResponse();
|
$response = $e->getApiResponse();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $response;
|
return $response
|
||||||
|
->withHeader('Access-Control-Allow-Origin', '*')
|
||||||
|
->withHeader(
|
||||||
|
'Access-Control-Allow-Headers',
|
||||||
|
'X-Requested-With, Content-Type, Accept, Origin, Authorization'
|
||||||
|
)
|
||||||
|
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
|
||||||
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -99,7 +107,9 @@ protected function checkRequest($request)
|
||||||
*/
|
*/
|
||||||
protected function checkToken($request)
|
protected function checkToken($request)
|
||||||
{
|
{
|
||||||
if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
|
if (!$request->hasHeader('Authorization')
|
||||||
|
&& !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
|
||||||
|
) {
|
||||||
throw new ApiAuthorizationException('JWT token not provided');
|
throw new ApiAuthorizationException('JWT token not provided');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -121,7 +131,7 @@ protected function checkToken($request)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Instantiate a new LinkDB including private links,
|
* Instantiate a new LinkDB including private bookmarks,
|
||||||
* and load in the Slim container.
|
* and load in the Slim container.
|
||||||
*
|
*
|
||||||
* FIXME! LinkDB could use a refactoring to avoid this trick.
|
* FIXME! LinkDB could use a refactoring to avoid this trick.
|
||||||
|
|
@ -130,10 +140,10 @@ protected function checkToken($request)
|
||||||
*/
|
*/
|
||||||
protected function setLinkDb($conf)
|
protected function setLinkDb($conf)
|
||||||
{
|
{
|
||||||
$linkDb = new \Shaarli\Bookmark\LinkDB(
|
$linkDb = new BookmarkFileService(
|
||||||
$conf->get('resource.datastore'),
|
$conf,
|
||||||
true,
|
$this->container->get('history'),
|
||||||
$conf->get('privacy.hide_public_links')
|
true
|
||||||
);
|
);
|
||||||
$this->container['db'] = $linkDb;
|
$this->container['db'] = $linkDb;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -66,6 +66,53 @@ protected function tearDown(): void
|
||||||
@unlink(self::$testDatastore);
|
@unlink(self::$testDatastore);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Invoke the middleware with a valid token
|
||||||
|
*/
|
||||||
|
public function testInvokeMiddlewareWithValidToken(): void
|
||||||
|
{
|
||||||
|
$next = function (Request $request, Response $response): Response {
|
||||||
|
return $response;
|
||||||
|
};
|
||||||
|
$mw = new ApiMiddleware($this->container);
|
||||||
|
$env = Environment::mock([
|
||||||
|
'REQUEST_METHOD' => 'GET',
|
||||||
|
'REQUEST_URI' => '/echo',
|
||||||
|
'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
|
||||||
|
]);
|
||||||
|
$request = Request::createFromEnvironment($env);
|
||||||
|
$response = new Response();
|
||||||
|
/** @var Response $response */
|
||||||
|
$response = $mw($request, $response, $next);
|
||||||
|
|
||||||
|
$this->assertEquals(200, $response->getStatusCode());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Invoke the middleware with a valid token
|
||||||
|
* Using specific Apache CGI redirected authorization.
|
||||||
|
*/
|
||||||
|
public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
|
||||||
|
{
|
||||||
|
$next = function (Request $request, Response $response): Response {
|
||||||
|
return $response;
|
||||||
|
};
|
||||||
|
|
||||||
|
$token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
|
||||||
|
$this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
|
||||||
|
$mw = new ApiMiddleware($this->container);
|
||||||
|
$env = Environment::mock([
|
||||||
|
'REQUEST_METHOD' => 'GET',
|
||||||
|
'REQUEST_URI' => '/echo',
|
||||||
|
]);
|
||||||
|
$request = Request::createFromEnvironment($env);
|
||||||
|
$response = new Response();
|
||||||
|
/** @var Response $response */
|
||||||
|
$response = $mw($request, $response, $next);
|
||||||
|
|
||||||
|
$this->assertEquals(200, $response->getStatusCode());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Invoke the middleware with the API disabled:
|
* Invoke the middleware with the API disabled:
|
||||||
* should return a 401 error Unauthorized.
|
* should return a 401 error Unauthorized.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue