public function testAuthenticationFailsAndThrownExceptionIsHandled()
{
$request = Request::create('/', 'GET');
$route = new Route('GET', '/', ['protected']);
$auth = m::mock('Dingo\\Api\\Auth\\Shield');
$auth->shouldReceive('user')->once()->andReturn(false);
$this->container->shouldReceive('make')->once()->with('router')->andReturn($this->router);
$this->container->shouldReceive('make')->once()->once('dingo.api.auth')->andReturn($auth);
$this->router->shouldReceive('getApiRouteCollectionFromRequest')->once()->with($request)->andReturn($this->collection);
$this->collection->shouldReceive('match')->once()->with($request)->andReturn($route);
$auth->shouldReceive('authenticate')->once()->with($request, $route)->andThrow($exception = new UnauthorizedHttpException(null, 'test'));
$this->router->shouldReceive('handleException')->once()->with($exception)->andReturn(new Response(['message' => 'test'], 401));
$this->router->shouldReceive('parseAcceptHeader')->once()->with($request)->andReturn(['v1', 'json']);
Dingo\Api\Http\Response::setFormatters(['json' => new JsonResponseFormat()]);
$this->assertEquals('{"message":"test"}', $this->middleware->handle($request)->getContent());
}
public function testForbiddenResponseIsReturnedWhenRateLimitIsExceeded()
{
$request = Request::create('/', 'GET');
$this->auth->shouldReceive('check')->once()->andReturn(false);
$this->container->shouldReceive('make')->once()->with('config')->andReturn(m::mock(['get' => ['unauthenticated' => ['limit' => 1, 'reset' => 1]]]));
$this->container->shouldReceive('make')->once()->with('router')->andReturn($this->router);
$this->container->shouldReceive('make')->once()->with('cache')->andReturn($this->cache);
$this->router->shouldReceive('parseAcceptHeader')->once()->with($request)->andReturn(['v1', 'json']);
$this->router->shouldReceive('requestTargettingApi')->once()->with($request)->andReturn(true);
$ip = $request->getClientIp();
$this->cache->shouldReceive('add')->once()->with('dingo:api:requests:' . $ip, 0, 1);
$this->cache->shouldReceive('add')->once();
$this->cache->shouldReceive('increment')->once()->with('dingo:api:requests:' . $ip);
$this->cache->shouldReceive('get')->twice()->with('dingo:api:requests:' . $ip)->andReturn(2);
$this->cache->shouldReceive('get')->once()->with('dingo:api:reset:' . $ip);
Dingo\Api\Http\Response::setTransformer(m::mock('Dingo\\Api\\Transformer\\Transformer')->shouldReceive('transformableResponse')->andReturn(false)->getMock());
Dingo\Api\Http\Response::setFormatters(['json' => new Dingo\Api\Http\ResponseFormat\JsonResponseFormat()]);
$response = $this->middleware->handle($request);
$this->assertEquals(1, $response->headers->get('X-RateLimit-Limit'));
$this->assertEquals(0, $response->headers->get('X-RateLimit-Remaining'));
$this->assertEquals('{"message":"API rate limit has been exceeded."}', $response->getContent());
$this->assertEquals(403, $response->getStatusCode());
}