Differential D1114 Diff 2917 src/tests/Feature/Controller/AuthTest.php

Changeset View

Standalone View

src/tests/Feature/Controller/AuthTest.php

This file was added.

				<?php

				namespace Tests\Feature\Controller;

				use App\Domain;
				use App\User;
				use Tests\TestCase;

				class AuthTest extends TestCase
				{
				/**
				* {@inheritDoc}
				*/
				public function setUp(): void
				{
				parent::setUp();

				$this->deleteTestUser('UsersControllerTest1@userscontroller.com');
				$this->deleteTestDomain('userscontroller.com');
				}

				/**
				* {@inheritDoc}
				*/
				public function tearDown(): void
				{
				$this->deleteTestUser('UsersControllerTest1@userscontroller.com');
				$this->deleteTestDomain('userscontroller.com');

				parent::tearDown();
				}

				/**
				* Test fetching current user info (/api/auth/info)
				*/
				public function testInfo(): void
				{
				$user = $this->getTestUser('UsersControllerTest1@userscontroller.com');
				$domain = $this->getTestDomain('userscontroller.com', [
				'status' => Domain::STATUS_NEW,
				'type' => Domain::TYPE_PUBLIC,
				]);

				$response = $this->actingAs($user)->get("api/auth/info");
				$response->assertStatus(200);

				$json = $response->json();

				$this->assertEquals($user->id, $json['id']);
				$this->assertEquals($user->email, $json['email']);
				$this->assertEquals(User::STATUS_NEW \| User::STATUS_ACTIVE, $json['status']);
				$this->assertTrue(is_array($json['statusInfo']));
				$this->assertTrue(is_array($json['settings']));
				$this->assertTrue(is_array($json['aliases']));

				// Note: Details of the content are tested in testUserResponse()
				}

				/**
				* Test /api/auth/login
				*/
				public function testLogin(): string
				{
				// Request with no data
				$response = $this->post("api/auth/login", []);
				$response->assertStatus(422);
				$json = $response->json();

				$this->assertSame('error', $json['status']);
				$this->assertCount(2, $json['errors']);
				$this->assertArrayHasKey('email', $json['errors']);
				$this->assertArrayHasKey('password', $json['errors']);

				// Request with invalid password
				$post = ['email' => 'john@kolab.org', 'password' => 'wrong'];
				$response = $this->post("api/auth/login", $post);
				$response->assertStatus(401);

				$json = $response->json();

				$this->assertSame('error', $json['status']);
				$this->assertSame('Invalid username or password.', $json['message']);

				// Valid user+password
				$post = ['email' => 'john@kolab.org', 'password' => 'simple123'];
				$response = $this->post("api/auth/login", $post);
				$json = $response->json();

				$response->assertStatus(200);
				$this->assertTrue(!empty($json['access_token']));
				$this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']);
				$this->assertEquals('bearer', $json['token_type']);

				// TODO: We have browser tests for 2FA but we should probably also test it here

				return $json['access_token'];
				}

				/**
				* Test /api/auth/logout
				*
				* @depends testLogin
				*/
				public function testLogout($token): void
				{
				// Request with no token, testing that it requires auth
				$response = $this->post("api/auth/logout");
				$response->assertStatus(401);

				// Test the same using JSON mode
				$response = $this->json('POST', "api/auth/logout", []);
				$response->assertStatus(401);

				// Request with valid token
				$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->post("api/auth/logout");
				$response->assertStatus(200);

				$json = $response->json();

				$this->assertEquals('success', $json['status']);
				$this->assertEquals('Successfully logged out.', $json['message']);

				// Check if it really destroyed the token?
				$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info");
				$response->assertStatus(401);
				}

				public function testRefresh(): void
				{
				// TODO
				$this->markTestIncomplete();
				}
				}