/**
* @covers Api::checkAuth
* @depends testGenerateToken
* @runInSeparateProcess
*/
public function testcheckAuthWithInvalidSubAttribute()
{
//set method for use in CLI
$_SERVER['REQUEST_METHOD'] = 'GET';
//create valid token
require_once $_SERVER['DOCUMENT_ROOT'] . '/server/lib/User.php';
$user = new User(1);
$userProfile = $user->getProfile();
unset($userProfile->sub);
$token = $this->object->generateToken($userProfile);
$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer ' . $token->token;
$this->object = new Api('json', array('GET'));
ob_start();
$this->assertFalse($this->object->checkAuth());
$output = ob_get_contents();
ob_end_clean();
$this->assertEquals('{"code":401,"message":"Subject not found"}', $output, 'Output should be a json string but found: ' . $output);
}
<?php
/**
* Authenticate user and create a token.
*
* Provides a token required for others API call
*
* @version 1.0.0
*
* @api
*/
require_once $_SERVER['DOCUMENT_ROOT'] . '/server/lib/Api.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/server/lib/User.php';
$api = new Api('json', ['POST']);
switch ($api->method) {
case 'POST':
if (!$api->checkParameterExists('login', $login) || !$api->checkParameterExists('password', $password)) {
$api->output(400, 'Both login and password must be provided');
//login or password was not provided
return;
}
$user = new User();
if (!$user->checkCredentials($login, $password)) {
$api->output(401, 'Invalid credentials');
header('WWW-Authenticate: Bearer realm="WMP"');
//invalid credentials
return;
}
$api->output(201, $api->generateToken($user->getProfile()));
break;
}
