Improved some tests, got to 95% coverage

This commit is contained in:
Barnaby Walters 2021-06-13 15:30:58 +02:00
parent ca1819776e
commit bf16d0eb55
3 changed files with 82 additions and 1 deletions

View File

@ -150,7 +150,7 @@ class FilesystemJsonStorage implements TokenStorageInterface, LoggerAwareInterfa
if (!is_array($data)) { return null; } if (!is_array($data)) { return null; }
// Check that this is a redeemed access token. // Check that this is a redeemed access token.
if ($data['_redeemed'] ?? false === false) { return null; } if (($data['exchanged_at'] ?? false) === false) { return null; }
// Check that the access token is still valid. valid_until=null means it should live until // Check that the access token is still valid. valid_until=null means it should live until
// explicitly revoked. // explicitly revoked.

View File

@ -801,6 +801,16 @@ EOT
$this->assertEquals($authCodeData['me'], $resJson['me']); $this->assertEquals($authCodeData['me'], $resJson['me']);
$this->assertEquals($authCodeData['profile'], $resJson['profile']); $this->assertEquals($authCodeData['profile'], $resJson['profile']);
$this->assertTrue(scopeEquals($authCodeData['scope'], $resJson['scope'])); $this->assertTrue(scopeEquals($authCodeData['scope'], $resJson['scope']));
// Make sure we can fetch the token from the token storage.
$accessToken = $s->getTokenStorage()->getAccessToken($resJson['access_token']);
$this->assertNotNull($accessToken);
$this->assertEquals($accessToken['me'], $authCodeData['me']);
$this->assertEquals($accessToken['scope'], $authCodeData['scope']);
// Make sure we can revoke the token and no longer fetch it.
$this->assertTrue($s->getTokenStorage()->revokeAccessToken($resJson['access_token']));
$this->assertNull($s->getTokenStorage()->getAccessToken($resJson['access_token']));
} }
/** /**

View File

@ -0,0 +1,71 @@
<?php declare(strict_types=1);
namespace Taproot\IndieAuth\Test;
use BadMethodCallException;
use Exception;
use Nyholm\Psr7;
use Nyholm\Psr7\ServerRequest;
use PHPUnit\Framework\TestCase;
use Taproot\IndieAuth\Callback\SingleUserPasswordAuthenticationCallback;
use Taproot\IndieAuth\Server;
class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
public function testThrowsExceptionIfUserDataHasNoMeKey() {
try {
$c = new SingleUserPasswordAuthenticationCallback([
'not_me' => 'blah'
], password_hash('password', PASSWORD_DEFAULT));
$this->fail();
} catch (BadMethodCallException $e) {
$this->assertEquals('The $user array MUST contain a “me” key, the value which must be the users canonical URL as a string.', $e->getMessage());
}
}
public function testThrowsExceptionIfHashedPasswordIsInvalid() {
try {
$c = new SingleUserPasswordAuthenticationCallback([
'me' => 'https://me.example.com/'
], 'definitely not a hashed password');
$this->fail();
} catch (BadMethodCallException $e) {
$this->assertTrue(true);
}
}
public function testShowsAuthenticationFormOnUnauthenticatedRequest() {
$callback = new SingleUserPasswordAuthenticationCallback([
'me' => 'https://me.example.com/'
], password_hash('password', PASSWORD_DEFAULT));
$formAction = 'https://example.com/formaction';
$req = (new ServerRequest('GET', 'https://example.com/login'))->withAttribute(Server::DEFAULT_CSRF_KEY, 'csrf token');
$res = $callback($req, $formAction);
$this->assertEquals(200, $res->getStatusCode());
// For the moment, just do a very naieve test.
$this->assertStringContainsString($formAction, (string) $res->getBody());
}
public function testReturnsUserDataOnAuthenticatedRequest() {
$userData = [
'me' => 'https://me.example.com',
'profile' => ['name' => 'Me']
];
$password = 'my very secure password';
$callback = new SingleUserPasswordAuthenticationCallback($userData, password_hash($password, PASSWORD_DEFAULT));
$req = (new ServerRequest('POST', 'https://example.com/login'))
->withAttribute(Server::DEFAULT_CSRF_KEY, 'csrf token')
->withParsedBody([
SingleUserPasswordAuthenticationCallback::PASSWORD_FORM_PARAMETER => $password
]);
$res = $callback($req, 'form_action');
$this->assertEquals($userData, $res);
}
}