152 lines
4.7 KiB
PHP
152 lines
4.7 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Slim HTTP Basic Authentication middleware
|
|
*
|
|
* Copyright (c) 2013-2018 Mika Tuupola
|
|
*
|
|
* Licensed under the MIT license:
|
|
* http://www.opensource.org/licenses/mit-license.php
|
|
*
|
|
* Project home:
|
|
* https://github.com/tuupola/slim-basic-auth
|
|
*
|
|
*/
|
|
|
|
namespace Tuupola\Middleware\HttpBasicAuthentication;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use Zend\Diactoros\ServerRequest;
|
|
use Zend\Diactoros\ServerRequestFactory;
|
|
use Zend\Diactoros\Response;
|
|
use Zend\Diactoros\Uri;
|
|
|
|
class RequestPathTest extends TestCase
|
|
{
|
|
|
|
public function testShouldAcceptArrayAndStringAsPath()
|
|
{
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/admin/protected"))
|
|
->withMethod("GET");
|
|
|
|
$rule = new RequestPathRule(["path" => "/admin"]);
|
|
$this->assertTrue($rule($request));
|
|
|
|
$rule = new RequestPathRule(["path" => ["/admin"]]);
|
|
$this->assertTrue($rule($request));
|
|
}
|
|
|
|
public function testShouldAuthenticateEverything()
|
|
{
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/"))
|
|
->withMethod("GET");
|
|
|
|
$rule = new RequestPathRule(["path" => "/"]);
|
|
$this->assertTrue($rule($request));
|
|
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api"))
|
|
->withMethod("GET");
|
|
|
|
$this->assertTrue($rule($request));
|
|
}
|
|
|
|
public function testShouldAuthenticateOnlyApi()
|
|
{
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/"))
|
|
->withMethod("GET");
|
|
|
|
$rule = new RequestPathRule(["path" => "/api"]);
|
|
$this->assertFalse($rule($request));
|
|
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api"))
|
|
->withMethod("GET");
|
|
|
|
$this->assertTrue($rule($request));
|
|
}
|
|
|
|
public function testShouldAuthenticateCreateAndList()
|
|
{
|
|
/* Authenticate only create and list actions */
|
|
$rule = new RequestPathRule([
|
|
"path" => ["/api/create", "/api/list"]
|
|
]);
|
|
|
|
/* Should not authenticate */
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api"))
|
|
->withMethod("GET");
|
|
$this->assertFalse($rule($request));
|
|
|
|
/* Should authenticate */
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api/create"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
|
|
/* Should authenticate */
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api/list"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
|
|
/* Should not authenticate */
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api/ping"))
|
|
->withMethod("GET");
|
|
$this->assertFalse($rule($request));
|
|
}
|
|
|
|
public function testShouldIgnoreLogin()
|
|
{
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api"))
|
|
->withMethod("GET");
|
|
|
|
$rule = new RequestPathRule([
|
|
"path" => "/api",
|
|
"ignore" => ["/api/login"]
|
|
]);
|
|
$this->assertTrue($rule($request));
|
|
|
|
$request = (new ServerRequest())
|
|
->withUri(new Uri("https://example.com/api/login"))
|
|
->withMethod("GET");
|
|
|
|
$this->assertFalse($rule($request));
|
|
}
|
|
|
|
public function testBug50ShouldAuthenticateMultipleSlashes()
|
|
{
|
|
$request = (new ServerRequest)
|
|
->withUri(new Uri("https://example.com/"))
|
|
->withMethod("GET");
|
|
$rule = new RequestPathRule(["path" => "/v1/api"]);
|
|
$this->assertFalse($rule($request));
|
|
$request = (new ServerRequest)
|
|
->withUri(new Uri("https://example.com/v1/api"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
$request = (new ServerRequest)
|
|
->withUri(new Uri("https://example.com/v1//api"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
$request = (new ServerRequest)
|
|
->withUri(new Uri("https://example.com/v1//////api"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
$request = (new ServerRequest)
|
|
->withUri(new Uri("https://example.com//v1/api"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
$request = (new ServerRequest)
|
|
->withUri(new Uri("https://example.com//////v1/api"))
|
|
->withMethod("GET");
|
|
$this->assertTrue($rule($request));
|
|
}
|
|
}
|