72 lines
2.3 KiB
PHP
72 lines
2.3 KiB
PHP
<?php declare(strict_types=1);
|
||
|
||
namespace Taproot\IndieAuth\Test;
|
||
|
||
use BadMethodCallException;
|
||
use Exception;
|
||
use Nyholm\Psr7;
|
||
use Nyholm\Psr7\ServerRequest;
|
||
use PHPUnit\Framework\TestCase;
|
||
use Taproot\IndieAuth\Callback\SingleUserPasswordAuthenticationCallback;
|
||
use Taproot\IndieAuth\Server;
|
||
|
||
class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
|
||
public function testThrowsExceptionIfUserDataHasNoMeKey() {
|
||
try {
|
||
$c = new SingleUserPasswordAuthenticationCallback([
|
||
'not_me' => 'blah'
|
||
], password_hash('password', PASSWORD_DEFAULT));
|
||
$this->fail();
|
||
} catch (BadMethodCallException $e) {
|
||
$this->assertEquals('The $user array MUST contain a “me” key, the value which must be the user’s canonical URL as a string.', $e->getMessage());
|
||
}
|
||
}
|
||
|
||
public function testThrowsExceptionIfHashedPasswordIsInvalid() {
|
||
try {
|
||
$c = new SingleUserPasswordAuthenticationCallback([
|
||
'me' => 'https://me.example.com/'
|
||
], 'definitely not a hashed password');
|
||
$this->fail();
|
||
} catch (BadMethodCallException $e) {
|
||
$this->assertTrue(true);
|
||
}
|
||
}
|
||
|
||
public function testShowsAuthenticationFormOnUnauthenticatedRequest() {
|
||
$callback = new SingleUserPasswordAuthenticationCallback([
|
||
'me' => 'https://me.example.com/'
|
||
], password_hash('password', PASSWORD_DEFAULT));
|
||
|
||
$formAction = 'https://example.com/formaction';
|
||
|
||
$req = (new ServerRequest('GET', 'https://example.com/login'))->withAttribute(Server::DEFAULT_CSRF_KEY, 'csrf token');
|
||
$res = $callback($req, $formAction);
|
||
|
||
$this->assertEquals(200, $res->getStatusCode());
|
||
// For the moment, just do a very naieve test.
|
||
$this->assertStringContainsString($formAction, (string) $res->getBody());
|
||
}
|
||
|
||
public function testReturnsUserDataOnAuthenticatedRequest() {
|
||
$userData = [
|
||
'me' => 'https://me.example.com',
|
||
'profile' => ['name' => 'Me']
|
||
];
|
||
|
||
$password = 'my very secure password';
|
||
|
||
$callback = new SingleUserPasswordAuthenticationCallback($userData, password_hash($password, PASSWORD_DEFAULT));
|
||
|
||
$req = (new ServerRequest('POST', 'https://example.com/login'))
|
||
->withAttribute(Server::DEFAULT_CSRF_KEY, 'csrf token')
|
||
->withParsedBody([
|
||
SingleUserPasswordAuthenticationCallback::PASSWORD_FORM_PARAMETER => $password
|
||
]);
|
||
|
||
$res = $callback($req, 'form_action');
|
||
|
||
$this->assertEquals($userData, $res);
|
||
}
|
||
}
|