public function testVerify_ok()
{
$sr = \Mockery::mock(SR::class)->makePartial();
$ac = new AC($sr);
$r = $ac->verify();
$this->assertInstanceOf(JsonResponse::class, $r);
$this->assertSame(200, $r->getStatusCode());
$this->assertSame(':)', $r->getData());
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
//We don't know how we going to get user and password of the DOTW-API.
//The best practices are that it must be in URL, but it's a problem because
//we received the request, we can't proccess the URL
//In this case we enter the user and the password on the body of the request.
//It must be encrypted.
// Firstly check if user:password is in caché. If not is in caché
//(ElastiCaché in AWS), make new request to authorize of the DOWT API.
//* If token has expired make new request to authorize of the DOWT API.
//* If token is correct pass $request to Closure $next
/*if($request->getUser() != env('API_USERNAME') && $request->getPassword() != env('API_PASSWORD')) {
$headers = array('WWW-Authenticate' => 'Basic');
return response('Unauthorized', 401, $headers);
}*/
if (!$this->authController->checkAuthorization($request)) {
return response('Unauthorized.', 401);
}
return $next($request);
}
public function isAdmin()
{
$user = AuthController::getAuthenticatedUser();
return $user->admin;
}
