/** * @covers Api::checkAuth * @depends testGenerateToken * @runInSeparateProcess */ public function testcheckAuthWithInvalidSubAttribute() { //set method for use in CLI $_SERVER['REQUEST_METHOD'] = 'GET'; //create valid token require_once $_SERVER['DOCUMENT_ROOT'] . '/server/lib/User.php'; $user = new User(1); $userProfile = $user->getProfile(); unset($userProfile->sub); $token = $this->object->generateToken($userProfile); $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer ' . $token->token; $this->object = new Api('json', array('GET')); ob_start(); $this->assertFalse($this->object->checkAuth()); $output = ob_get_contents(); ob_end_clean(); $this->assertEquals('{"code":401,"message":"Subject not found"}', $output, 'Output should be a json string but found: ' . $output); }
<?php /** * Authenticate user and create a token. * * Provides a token required for others API call * * @version 1.0.0 * * @api */ require_once $_SERVER['DOCUMENT_ROOT'] . '/server/lib/Api.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/server/lib/User.php'; $api = new Api('json', ['POST']); switch ($api->method) { case 'POST': if (!$api->checkParameterExists('login', $login) || !$api->checkParameterExists('password', $password)) { $api->output(400, 'Both login and password must be provided'); //login or password was not provided return; } $user = new User(); if (!$user->checkCredentials($login, $password)) { $api->output(401, 'Invalid credentials'); header('WWW-Authenticate: Bearer realm="WMP"'); //invalid credentials return; } $api->output(201, $api->generateToken($user->getProfile())); break; }