From 3d3aa92479978d4c72451de1bc7ef130e546a2cb Mon Sep 17 00:00:00 2001 From: Sami Mazouz Date: Sun, 5 Nov 2023 16:19:39 +0100 Subject: [PATCH] fix(testing): use cookie for testing authentication --- .../tests/integration/admin/IndexTest.php | 52 +++++++++++++++++++ .../integration/forum/GlobalLogoutTest.php | 19 +++---- .../tests/integration/forum/IndexTest.php | 16 +----- .../src/integration/BuildsHttpRequests.php | 8 ++- 4 files changed, 65 insertions(+), 30 deletions(-) create mode 100644 framework/core/tests/integration/admin/IndexTest.php diff --git a/framework/core/tests/integration/admin/IndexTest.php b/framework/core/tests/integration/admin/IndexTest.php new file mode 100644 index 0000000000..2010f48b3a --- /dev/null +++ b/framework/core/tests/integration/admin/IndexTest.php @@ -0,0 +1,52 @@ +prepareDatabase([ + 'users' => [ + $this->normalUser() + ] + ]); + } + + public function admin_can_access_admin_route(): void + { + $response = $this->send( + $this->request('GET', '/admin', [ + 'authenticatedAs' => 1, + ]) + ); + + $this->assertEquals(200, $response->getStatusCode()); + } + + public function user_cannot_access_admin_route(): void + { + $response = $this->send( + $this->request('GET', '/admin', [ + 'authenticatedAs' => 2, + ]) + ); + + $this->assertEquals(403, $response->getStatusCode()); + } +} diff --git a/framework/core/tests/integration/forum/GlobalLogoutTest.php b/framework/core/tests/integration/forum/GlobalLogoutTest.php index 909a003ef4..be40570deb 100644 --- a/framework/core/tests/integration/forum/GlobalLogoutTest.php +++ b/framework/core/tests/integration/forum/GlobalLogoutTest.php @@ -59,19 +59,12 @@ protected function setUp(): void * @dataProvider canGloballyLogoutDataProvider * @test */ - public function can_globally_log_out(int $authenticatedAs, string $identification, string $password) + public function can_globally_log_out(int $authenticatedAs) { - $loginResponse = $this->send( - $this->request('POST', '/login', [ - 'json' => compact('identification', 'password') - ]) - ); - $response = $this->send( - $this->requestWithCookiesFrom( - $this->request('POST', '/global-logout'), - $loginResponse, - ) + $this->request('POST', '/global-logout', [ + 'authenticatedAs' => $authenticatedAs, + ]), ); $this->assertEquals(204, $response->getStatusCode()); @@ -85,10 +78,10 @@ public function canGloballyLogoutDataProvider(): array { return [ // Admin - [1, 'admin', 'password'], + [1], // Normal user - [2, 'normal', 'too-obscure'], + [2], ]; } } diff --git a/framework/core/tests/integration/forum/IndexTest.php b/framework/core/tests/integration/forum/IndexTest.php index e928985960..06b4543495 100644 --- a/framework/core/tests/integration/forum/IndexTest.php +++ b/framework/core/tests/integration/forum/IndexTest.php @@ -9,7 +9,6 @@ namespace Flarum\Tests\integration\forum; -use Flarum\Extend; use Flarum\Testing\integration\RetrievesAuthorizedUsers; use Flarum\Testing\integration\TestCase; @@ -22,10 +21,6 @@ class IndexTest extends TestCase */ protected function setUp(): void { - $this->extend( - (new Extend\Csrf)->exemptRoute('login') - ); - $this->prepareDatabase([ 'users' => [ $this->normalUser() @@ -51,18 +46,9 @@ public function guest_not_serialized_by_current_user_serializer() */ public function user_serialized_by_current_user_serializer() { - $login = $this->send( - $this->request('POST', '/login', [ - 'json' => [ - 'identification' => 'normal', - 'password' => 'too-obscure' - ] - ]) - ); - $response = $this->send( $this->request('GET', '/', [ - 'cookiesFrom' => $login + 'authenticatedAs' => 2, ]) ); diff --git a/php-packages/testing/src/integration/BuildsHttpRequests.php b/php-packages/testing/src/integration/BuildsHttpRequests.php index 43ed2cfe0f..3a134ed2e7 100644 --- a/php-packages/testing/src/integration/BuildsHttpRequests.php +++ b/php-packages/testing/src/integration/BuildsHttpRequests.php @@ -11,6 +11,7 @@ use Carbon\Carbon; use Dflydev\FigCookies\SetCookie; +use Flarum\Http\CookieFactory; use Illuminate\Support\Str; use Laminas\Diactoros\CallbackStream; use Psr\Http\Message\ResponseInterface as Response; @@ -46,11 +47,14 @@ protected function requestAsUser(Request $req, int $userId): Request 'user_id' => $userId, 'created_at' => Carbon::now()->toDateTimeString(), 'last_activity_at' => Carbon::now()->toDateTimeString(), - 'type' => 'session' + 'type' => 'session_remember' ]); + $cookies = $this->app()->getContainer()->make(CookieFactory::class); + return $req - ->withAddedHeader('Authorization', "Token {$token}") + ->withAttribute('bypassCsrfToken', true) + ->withCookieParams([$cookies->getName('remember') => $token]) // We save the token as an attribute so that we can retrieve it for test purposes. ->withAttribute('tests_token', $token); }