public function testLogout()
{
Session::set('role.name', 'test');
Session::set('role.id', 1);
$user = $this->createUser(1);
$payload = ['email' => $user['email'], 'password' => $this->user1['password']];
$rs = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload);
$content = $rs->getContent();
$this->assertTrue(!empty($content['session_id']));
$rs = $this->makeRequest(Verbs::DELETE, static::RESOURCE);
$content = $rs->getContent();
$this->assertTrue($content['success']);
$this->setExpectedException('\\DreamFactory\\Core\\Exceptions\\UnauthorizedException');
$this->makeRequest(Verbs::GET, static::RESOURCE);
}
public function testPOSTRegister()
{
$u = $this->user1;
$password = Arr::get($u, 'password');
$payload = ['first_name' => Arr::get($u, 'first_name'), 'last_name' => Arr::get($u, 'last_name'), 'name' => Arr::get($u, 'name'), 'email' => Arr::get($u, 'email'), 'phone' => Arr::get($u, 'phone'), 'security_question' => Arr::get($u, 'security_question'), 'security_answer' => Arr::get($u, 'security_answer'), 'password' => $password, 'password_confirmation' => Arr::get($u, 'password_confirmation', $password)];
Session::setUserInfoWithJWT(User::find(1));
$r = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload);
$c = $r->getContent();
$this->assertTrue(Arr::get($c, 'success'));
Session::set('role.name', 'test');
Session::set('role.id', 1);
$this->service = ServiceHandler::getService('user');
$r = $this->makeRequest(Verbs::POST, 'session', [], ['email' => Arr::get($u, 'email'), 'password' => Arr::get($u, 'password')]);
$c = $r->getContent();
$this->assertTrue(!empty(Arr::get($c, 'session_id')));
}
public static function set($name, $value)
{
\Session::set($name, $value);
}
/**
* @param Request $request
* @param \Closure $next
*
* @return array|mixed|string
*/
public function handle(Request $request, \Closure $next)
{
if (!in_array($route = $request->getPathInfo(), ['/setup', '/setup_db'])) {
try {
$apiKey = static::getApiKey($request);
Session::setApiKey($apiKey);
$appId = App::getAppIdByApiKey($apiKey);
//Get the JWT.
$token = static::getJwt($request);
Session::setSessionToken($token);
//Check for basic auth attempt.
$basicAuthUser = $request->getUser();
$basicAuthPassword = $request->getPassword();
if (!empty($basicAuthUser) && !empty($basicAuthPassword)) {
//Attempting to login using basic auth.
Auth::onceBasic();
/** @var User $authenticatedUser */
$authenticatedUser = Auth::user();
if (!empty($authenticatedUser)) {
$userId = $authenticatedUser->id;
Session::setSessionData($appId, $userId);
} else {
throw new UnauthorizedException('Unauthorized. User credentials did not match.');
}
} elseif (!empty($token)) {
//JWT supplied meaning an authenticated user session/token.
/**
* Note: All caught exception from JWT are stored in session variables.
* These are later checked and handled appropriately in the AccessCheck middleware.
*
* This is to allow processing API calls that do not require any valid
* authenticated session. For example POST user/session to login,
* PUT user/session to refresh old JWT, GET system/environment etc.
*
* This also allows for auditing API calls that are called by not permitted/processed.
* It also allows counting unauthorized API calls against Enterprise Console limits.
*/
try {
JWTAuth::setToken($token);
/** @type Payload $payload */
$payload = JWTAuth::getPayload();
JWTUtilities::verifyUser($payload);
$userId = $payload->get('user_id');
Session::setSessionData($appId, $userId);
} catch (TokenExpiredException $e) {
JWTUtilities::clearAllExpiredTokenMaps();
Session::set('token_expired', true);
Session::set('token_expired_msg', $e->getMessage());
} catch (TokenBlacklistedException $e) {
Session::set('token_blacklisted', true);
Session::set('token_blacklisted_msg', $e->getMessage());
} catch (TokenInvalidException $e) {
Session::set('token_invalid', true);
Session::set('token_invalid_msg', 'Invalid token: ' . $e->getMessage());
}
} elseif (!empty($apiKey)) {
//Just Api Key is supplied. No authenticated session
Session::setSessionData($appId);
}
return $next($request);
} catch (\Exception $e) {
return ResponseFactory::getException($e, $request);
}
}
return $next($request);
}
public function setUp()
{
parent::setUp();
Session::set('role.name', 'test');
Session::set('role.id', 1);
}
/**
* @param Request $request
* @param \Closure $next
*
* @return array|mixed|string
*/
public function handle(Request $request, \Closure $next)
{
if (!in_array($route = $request->getPathInfo(), ['/setup', '/setup_db'])) {
try {
$apiKey = static::getApiKey($request);
Session::setApiKey($apiKey);
$appId = App::getAppIdByApiKey($apiKey);
//Get the JWT.
$token = static::getJwt($request);
Session::setSessionToken($token);
//Check for basic auth attempt.
$basicAuthUser = $request->getUser();
$basicAuthPassword = $request->getPassword();
if (!empty($basicAuthUser) && !empty($basicAuthPassword)) {
//Attempting to login using basic auth.
Auth::onceBasic();
/** @var User $authenticatedUser */
$authenticatedUser = Auth::user();
if (!empty($authenticatedUser)) {
$userId = $authenticatedUser->id;
Session::setSessionData($appId, $userId);
} else {
throw new UnauthorizedException('Unauthorized. User credentials did not match.');
}
} elseif (!empty($token)) {
//JWT supplied meaning an authenticated user session/token.
try {
JWTAuth::setToken($token);
/** @type Payload $payload */
$payload = JWTAuth::getPayload();
JWTUtilities::verifyUser($payload);
$userId = $payload->get('user_id');
Session::setSessionData($appId, $userId);
} catch (TokenExpiredException $e) {
JWTUtilities::clearAllExpiredTokenMaps();
Session::set('token_expired', true);
Session::set('token_expired_msg', $e->getMessage());
} catch (TokenBlacklistedException $e) {
throw new ForbiddenException($e->getMessage());
} catch (TokenInvalidException $e) {
throw new BadRequestException('Invalid token: ' . $e->getMessage(), 401);
}
} elseif (!empty($apiKey)) {
//Just Api Key is supplied. No authenticated session
Session::setSessionData($appId);
}
return $next($request);
} catch (\Exception $e) {
return ResponseFactory::getException($e, $request);
}
}
return $next($request);
}
