Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/AuthTest.php
- This file was added.
<?php | |||||
namespace Tests\Feature\Controller; | |||||
use App\Domain; | |||||
use App\User; | |||||
use Tests\TestCase; | |||||
class AuthTest extends TestCase | |||||
{ | |||||
/** | |||||
* {@inheritDoc} | |||||
*/ | |||||
public function setUp(): void | |||||
{ | |||||
parent::setUp(); | |||||
$this->deleteTestUser('UsersControllerTest1@userscontroller.com'); | |||||
$this->deleteTestDomain('userscontroller.com'); | |||||
} | |||||
/** | |||||
* {@inheritDoc} | |||||
*/ | |||||
public function tearDown(): void | |||||
{ | |||||
$this->deleteTestUser('UsersControllerTest1@userscontroller.com'); | |||||
$this->deleteTestDomain('userscontroller.com'); | |||||
parent::tearDown(); | |||||
} | |||||
/** | |||||
* Test fetching current user info (/api/auth/info) | |||||
*/ | |||||
public function testInfo(): void | |||||
{ | |||||
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | |||||
$domain = $this->getTestDomain('userscontroller.com', [ | |||||
'status' => Domain::STATUS_NEW, | |||||
'type' => Domain::TYPE_PUBLIC, | |||||
]); | |||||
$response = $this->actingAs($user)->get("api/auth/info"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertEquals($user->id, $json['id']); | |||||
$this->assertEquals($user->email, $json['email']); | |||||
$this->assertEquals(User::STATUS_NEW | User::STATUS_ACTIVE, $json['status']); | |||||
$this->assertTrue(is_array($json['statusInfo'])); | |||||
$this->assertTrue(is_array($json['settings'])); | |||||
$this->assertTrue(is_array($json['aliases'])); | |||||
// Note: Details of the content are tested in testUserResponse() | |||||
} | |||||
/** | |||||
* Test /api/auth/login | |||||
*/ | |||||
public function testLogin(): string | |||||
{ | |||||
// Request with no data | |||||
$response = $this->post("api/auth/login", []); | |||||
$response->assertStatus(422); | |||||
$json = $response->json(); | |||||
$this->assertSame('error', $json['status']); | |||||
$this->assertCount(2, $json['errors']); | |||||
$this->assertArrayHasKey('email', $json['errors']); | |||||
$this->assertArrayHasKey('password', $json['errors']); | |||||
// Request with invalid password | |||||
$post = ['email' => 'john@kolab.org', 'password' => 'wrong']; | |||||
$response = $this->post("api/auth/login", $post); | |||||
$response->assertStatus(401); | |||||
$json = $response->json(); | |||||
$this->assertSame('error', $json['status']); | |||||
$this->assertSame('Invalid username or password.', $json['message']); | |||||
// Valid user+password | |||||
$post = ['email' => 'john@kolab.org', 'password' => 'simple123']; | |||||
$response = $this->post("api/auth/login", $post); | |||||
$json = $response->json(); | |||||
$response->assertStatus(200); | |||||
$this->assertTrue(!empty($json['access_token'])); | |||||
$this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']); | |||||
$this->assertEquals('bearer', $json['token_type']); | |||||
// TODO: We have browser tests for 2FA but we should probably also test it here | |||||
return $json['access_token']; | |||||
} | |||||
/** | |||||
* Test /api/auth/logout | |||||
* | |||||
* @depends testLogin | |||||
*/ | |||||
public function testLogout($token): void | |||||
{ | |||||
// Request with no token, testing that it requires auth | |||||
$response = $this->post("api/auth/logout"); | |||||
$response->assertStatus(401); | |||||
// Test the same using JSON mode | |||||
$response = $this->json('POST', "api/auth/logout", []); | |||||
$response->assertStatus(401); | |||||
// Request with valid token | |||||
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->post("api/auth/logout"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertEquals('success', $json['status']); | |||||
$this->assertEquals('Successfully logged out.', $json['message']); | |||||
// Check if it really destroyed the token? | |||||
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info"); | |||||
$response->assertStatus(401); | |||||
} | |||||
public function testRefresh(): void | |||||
{ | |||||
// TODO | |||||
$this->markTestIncomplete(); | |||||
} | |||||
} |