Skip to content

Commit

Permalink
fix(testing): use cookie for testing authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
SychO9 committed Nov 5, 2023
1 parent d01c0e5 commit 3d3aa92
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 30 deletions.
52 changes: 52 additions & 0 deletions framework/core/tests/integration/admin/IndexTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<?php

/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/

namespace Flarum\Tests\integration\admin;

use Flarum\Testing\integration\RetrievesAuthorizedUsers;
use Flarum\Testing\integration\TestCase;

class IndexTest extends TestCase
{
use RetrievesAuthorizedUsers;

/**
* @inheritDoc
*/
protected function setUp(): void
{
$this->prepareDatabase([
'users' => [
$this->normalUser()
]
]);
}

public function admin_can_access_admin_route(): void
{
$response = $this->send(
$this->request('GET', '/admin', [
'authenticatedAs' => 1,
])
);

$this->assertEquals(200, $response->getStatusCode());
}

public function user_cannot_access_admin_route(): void
{
$response = $this->send(
$this->request('GET', '/admin', [
'authenticatedAs' => 2,
])
);

$this->assertEquals(403, $response->getStatusCode());
}
}
19 changes: 6 additions & 13 deletions framework/core/tests/integration/forum/GlobalLogoutTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,19 +59,12 @@ protected function setUp(): void
* @dataProvider canGloballyLogoutDataProvider
* @test
*/
public function can_globally_log_out(int $authenticatedAs, string $identification, string $password)
public function can_globally_log_out(int $authenticatedAs)
{
$loginResponse = $this->send(
$this->request('POST', '/login', [
'json' => compact('identification', 'password')
])
);

$response = $this->send(
$this->requestWithCookiesFrom(
$this->request('POST', '/global-logout'),
$loginResponse,
)
$this->request('POST', '/global-logout', [
'authenticatedAs' => $authenticatedAs,
]),
);

$this->assertEquals(204, $response->getStatusCode());
Expand All @@ -85,10 +78,10 @@ public function canGloballyLogoutDataProvider(): array
{
return [
// Admin
[1, 'admin', 'password'],
[1],

// Normal user
[2, 'normal', 'too-obscure'],
[2],
];
}
}
16 changes: 1 addition & 15 deletions framework/core/tests/integration/forum/IndexTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@

namespace Flarum\Tests\integration\forum;

use Flarum\Extend;
use Flarum\Testing\integration\RetrievesAuthorizedUsers;
use Flarum\Testing\integration\TestCase;

Expand All @@ -22,10 +21,6 @@ class IndexTest extends TestCase
*/
protected function setUp(): void
{
$this->extend(
(new Extend\Csrf)->exemptRoute('login')
);

$this->prepareDatabase([
'users' => [
$this->normalUser()
Expand All @@ -51,18 +46,9 @@ public function guest_not_serialized_by_current_user_serializer()
*/
public function user_serialized_by_current_user_serializer()
{
$login = $this->send(
$this->request('POST', '/login', [
'json' => [
'identification' => 'normal',
'password' => 'too-obscure'
]
])
);

$response = $this->send(
$this->request('GET', '/', [
'cookiesFrom' => $login
'authenticatedAs' => 2,
])
);

Expand Down
8 changes: 6 additions & 2 deletions php-packages/testing/src/integration/BuildsHttpRequests.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

use Carbon\Carbon;
use Dflydev\FigCookies\SetCookie;
use Flarum\Http\CookieFactory;
use Illuminate\Support\Str;
use Laminas\Diactoros\CallbackStream;
use Psr\Http\Message\ResponseInterface as Response;
Expand Down Expand Up @@ -46,11 +47,14 @@ protected function requestAsUser(Request $req, int $userId): Request
'user_id' => $userId,
'created_at' => Carbon::now()->toDateTimeString(),
'last_activity_at' => Carbon::now()->toDateTimeString(),
'type' => 'session'
'type' => 'session_remember'
]);

$cookies = $this->app()->getContainer()->make(CookieFactory::class);

return $req
->withAddedHeader('Authorization', "Token {$token}")
->withAttribute('bypassCsrfToken', true)
->withCookieParams([$cookies->getName('remember') => $token])
// We save the token as an attribute so that we can retrieve it for test purposes.
->withAttribute('tests_token', $token);
}
Expand Down

0 comments on commit 3d3aa92

Please sign in to comment.