public function testAuthorizationToStringReturnsHeaderFormattedString()
{
$this->markTestIncomplete('Authorization needs to be completed');
$authorizationHeader = new Authorization();
// @todo set some values, then test output
$this->assertEmpty('Authorization: xxx', $authorizationHeader->toString());
}
public function testLogin()
{
$user_model = $this->getApplicationServiceLocator()->get('Core\\Model\\User');
$authentication = $this->getApplicationServiceLocator()->get('API\\Service\\AuthenticationService');
//1 - create user record
$uid = md5(time() . rand());
$id = $user_model->insert(array('username' => $uid, 'password' => md5($uid), 'email' => $uid . '@yahoo.com', 'status' => 'active', 'default_role' => 'root'));
//test if user was created
$this->assertTrue((bool) $id, 'User not created for authentication tests.');
//2 - send login request - incorrect
$response = $this->api('login', array('username' => $uid));
$this->assertArrayHasKey('error', $response);
$this->assertArrayHasKey('password', (array) $response['error']);
$response = (array) $response['error'];
$response = (array) $response['password'];
$this->assertArrayHasKey('isEmpty', (array) $response);
//2 - send login request - correct
$response = $this->api('login', array('username' => $uid, 'password' => $uid));
//test if login was successful
$this->assertArrayHasKey('error', $response, 'API response do not returned "error" key.');
$this->assertFalse($response['error'], '"error" key should be false.');
$this->assertArrayHasKey('response', $response, 'API response do not returned "response" key.');
$token = (array) $response['response'];
$this->assertArrayHasKey('$token', $token, '"token" not returned as a key.');
$token = $token['$token'];
$this->assertEquals(32, strlen($token), 'Not a proper MD5 token.');
//3 - get storage and test it with login request data
$storage = $authentication->getStorage()->read();
$this->assertEquals($id, $storage->id);
$this->assertEquals($uid, (string) $storage->username);
$this->assertEquals($token, (string) $storage->token);
$this->assertEquals('active', (string) $storage->status);
//32 - test session mehod
$headers = new Headers();
$headers->addHeader(Authorization::fromString('Authorization: Token ' . $token));
$this->getRequest()->setHeaders($headers);
$response = $this->api('session');
$this->assertArrayHasKey('error', $response);
$this->assertFalse($response['error']);
$this->assertArrayHasKey('response', $response);
$this->assertArrayHasKey('$user', (array) $response['response']);
$response = (array) $response['response'];
$this->assertEquals($id, $response['$user']->id);
$this->assertEquals($uid, (string) $response['$user']->username);
//4 - logout - without authentication
$this->reset();
$response = $this->api('logout');
$this->assertArrayHasKey('error', $response);
$this->assertEquals($response['error'], 'authentication-required');
$this->assertArrayHasKey('response', $response);
$this->assertNull($response['response']);
//5 - logout - with authentication
$this->reset();
$headers = new Headers();
//print_r($token);
$headers->addHeader(Authorization::fromString('Authorization: Token ' . $token));
$this->getRequest()->setHeaders($headers);
$response = $this->api('logout');
$this->assertArrayHasKey('error', $response);
$this->assertFalse($response['error']);
$this->assertArrayHasKey('response', $response);
$this->assertTrue($response['response']);
//6 - repeat previous request
$response = $this->api('logout');
$this->assertArrayHasKey('error', $response);
$this->assertEquals($response['error'], 'authentication-required');
$this->assertArrayHasKey('response', $response);
$this->assertNull($response['response']);
//delete the user created for testing
$this->assertTrue((bool) $user_model->delete(array('id' => $id)), 'Testing user was not deleted.');
}
/**
* @param \Zend\Http\Request $request
* @param \Zend\Http\Header\Authorization $authorizationHeader
*/
public function it_should_not_create_token_on_invalid_requests($request, $authorizationHeader)
{
$this->setRequest($request);
// Invalid query params:
$request->getQuery('token', [])->willReturn([]);
$this->shouldThrow('Phpro\\MvcAuthToken\\Exception\\TokenException')->duringCreateTokenFromQueryParams();
// No authentication header was set
$request->getHeader('Authorization')->willReturn(null);
$this->shouldThrow('Phpro\\MvcAuthToken\\Exception\\TokenException')->duringCreateToken();
// Invalid authentication type
$authorizationHeader->getFieldValue()->willReturn('Basic base64_user_and_password');
$request->getHeader('Authorization')->willReturn($authorizationHeader);
$this->shouldThrow('Phpro\\MvcAuthToken\\Exception\\TokenException')->duringCreateToken();
}
