Revert unrelated changes and add unit tests

This commit is contained in:
ArthurHoaro 2020-09-30 15:57:57 +02:00
parent 25cb75552b
commit 255b2264a1
2 changed files with 64 additions and 7 deletions

View file

@ -3,6 +3,7 @@
use Shaarli\Api\Exceptions\ApiAuthorizationException; use Shaarli\Api\Exceptions\ApiAuthorizationException;
use Shaarli\Api\Exceptions\ApiException; use Shaarli\Api\Exceptions\ApiException;
use Shaarli\Bookmark\BookmarkFileService;
use Shaarli\Config\ConfigManager; use Shaarli\Config\ConfigManager;
use Slim\Container; use Slim\Container;
use Slim\Http\Request; use Slim\Http\Request;
@ -70,7 +71,14 @@ public function __invoke($request, $response, $next)
$response = $e->getApiResponse(); $response = $e->getApiResponse();
} }
return $response; return $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader(
'Access-Control-Allow-Headers',
'X-Requested-With, Content-Type, Accept, Origin, Authorization'
)
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
;
} }
/** /**
@ -99,7 +107,9 @@ protected function checkRequest($request)
*/ */
protected function checkToken($request) protected function checkToken($request)
{ {
if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { if (!$request->hasHeader('Authorization')
&& !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
) {
throw new ApiAuthorizationException('JWT token not provided'); throw new ApiAuthorizationException('JWT token not provided');
} }
@ -121,7 +131,7 @@ protected function checkToken($request)
} }
/** /**
* Instantiate a new LinkDB including private links, * Instantiate a new LinkDB including private bookmarks,
* and load in the Slim container. * and load in the Slim container.
* *
* FIXME! LinkDB could use a refactoring to avoid this trick. * FIXME! LinkDB could use a refactoring to avoid this trick.
@ -130,10 +140,10 @@ protected function checkToken($request)
*/ */
protected function setLinkDb($conf) protected function setLinkDb($conf)
{ {
$linkDb = new \Shaarli\Bookmark\LinkDB( $linkDb = new BookmarkFileService(
$conf->get('resource.datastore'), $conf,
true, $this->container->get('history'),
$conf->get('privacy.hide_public_links') true
); );
$this->container['db'] = $linkDb; $this->container['db'] = $linkDb;
} }

View file

@ -66,6 +66,53 @@ protected function tearDown(): void
@unlink(self::$testDatastore); @unlink(self::$testDatastore);
} }
/**
* Invoke the middleware with a valid token
*/
public function testInvokeMiddlewareWithValidToken(): void
{
$next = function (Request $request, Response $response): Response {
return $response;
};
$mw = new ApiMiddleware($this->container);
$env = Environment::mock([
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/echo',
'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
]);
$request = Request::createFromEnvironment($env);
$response = new Response();
/** @var Response $response */
$response = $mw($request, $response, $next);
$this->assertEquals(200, $response->getStatusCode());
}
/**
* Invoke the middleware with a valid token
* Using specific Apache CGI redirected authorization.
*/
public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
{
$next = function (Request $request, Response $response): Response {
return $response;
};
$token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
$this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
$mw = new ApiMiddleware($this->container);
$env = Environment::mock([
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/echo',
]);
$request = Request::createFromEnvironment($env);
$response = new Response();
/** @var Response $response */
$response = $mw($request, $response, $next);
$this->assertEquals(200, $response->getStatusCode());
}
/** /**
* Invoke the middleware with the API disabled: * Invoke the middleware with the API disabled:
* should return a 401 error Unauthorized. * should return a 401 error Unauthorized.