class UsersJwtRequestTest in JSON Web Token Authentication (JWT) 8
Tests JWT config schema.
@group JWT
Hierarchy
- class \Drupal\KernelTests\KernelTestBase extends \PHPUnit\Framework\TestCase implements ServiceProviderInterface uses AssertContentTrait, AssertLegacyTrait, AssertHelperTrait, ConfigTestTrait, PhpunitCompatibilityTrait, RandomGeneratorTrait, TestRequirementsTrait
- class \Drupal\Tests\users_jwt\Kernel\UsersJwtRequestTest uses UserCreationTrait
Expanded class hierarchy of UsersJwtRequestTest
File
- modules/
users_jwt/ tests/ src/ Kernel/ UsersJwtRequestTest.php, line 15
Namespace
Drupal\Tests\users_jwt\KernelView source
class UsersJwtRequestTest extends KernelTestBase {
use UserCreationTrait;
/**
* {@inheritdoc}
*/
public static $modules = [
'system',
'user',
'users_jwt',
];
/**
* The test user.
*
* @var \Drupal\user\Entity\User
*/
protected $testUser;
/**
* {@inheritdoc}
*/
public function setUp() {
parent::setUp();
$this
->installSchema('system', 'sequences');
$this
->installEntitySchema('user');
$this
->installSchema('user', [
'users_data',
]);
$this
->installConfig([
'users_jwt',
]);
$account = $this
->createUser([
'access content',
]);
$this
->setCurrentUser($account);
$this->testUser = $account;
}
/**
* Verify the authentication for a user.
*/
public function testAuth() {
/** @var \Drupal\users_jwt\UsersJwtKeyRepositoryInterface $key_repository */
$key_repository = $this->container
->get('users_jwt.key_repository');
$path = drupal_get_path('module', 'users_jwt') . '/tests/fixtures/users_jwt_rsa1-public.pem';
$public_key = file_get_contents($path);
$key_repository
->saveKey($this->testUser
->id(), 'wxyz', 'RS256', $public_key);
$iat = \Drupal::time()
->getRequestTime();
$good_payload = [
'iat' => $iat,
'exp' => $iat + 1000,
'drupal' => [
'uid' => $this->testUser
->id(),
],
];
$path = drupal_get_path('module', 'users_jwt') . '/tests/fixtures/users_jwt_rsa1-private.pem';
$private_key = file_get_contents($path);
/** @var \Drupal\Core\Authentication\AuthenticationProviderInterface $auth_service */
$auth_service = $this->container
->get('users_jwt.authentication.jwt');
$other_account = $this
->createUser([
'access content',
]);
foreach ([
'Authorization',
'JWT-Authorization',
] as $header) {
$token = JWT::encode($good_payload, $private_key, 'RS256', 'wxyz');
$this
->assertNotEmpty($token);
// Bearer token is ignored.
$request = Request::create('/');
$request->headers
->set($header, 'Bearer ' . $token);
$this
->assertFalse($auth_service
->applies($request));
$request = Request::create('/');
// Empty token is ignored.
$this
->assertFalse($auth_service
->applies($this
->createRequest($header, '')));
// Good token applies.
$request = $this
->createRequest($header, $token);
$this
->assertTrue($auth_service
->applies($request));
$user = $auth_service
->authenticate($request);
$this
->assertNotEmpty($user);
$this
->assertEqual($this->testUser
->id(), $user
->id());
// When blocked the account is no longer valid.
$this->testUser
->block()
->save();
$this
->assertNull($auth_service
->authenticate($request));
$this->testUser
->activate()
->save();
// Payload with more claims is accepted.
$extra_payload = $good_payload + [
'iss' => 'test',
'hello' => 'world',
];
$token = JWT::encode($extra_payload, $private_key, 'RS256', 'wxyz');
$this
->assertNotEmpty($auth_service
->authenticate($this
->createRequest($header, $token)));
// JWT with a non-existent key ID is rejected.
$token = JWT::encode($good_payload, $private_key, 'RS256', 'foo');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
// JWT with no key ID is rejected.
$token = JWT::encode($good_payload, $private_key, 'RS256');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
// User ID that does not match the key's user ID is rejected.
$payload = $good_payload;
$payload['drupal']['uid'] = $other_account
->id();
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
// Payload missing iat is rejected.
$payload = $good_payload;
unset($payload['iat']);
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
// Payload missing exp is rejected.
$payload = $good_payload;
unset($payload['exp']);
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
// Payload with too large iat to exp is rejected.
$payload = $good_payload;
$payload['exp'] += 24 * 3600;
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
// JWT with HMAC algorithm is rejected.
$token = JWT::encode($good_payload, $private_key, 'HS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
}
}
/**
* Create a request with UsersJwt authorization header.
*
* @param string $header_name
* Header name.
* @param string $token
* The JWT token string.
*
* @return \Symfony\Component\HttpFoundation\Request
* The new request.
*/
protected function createRequest($header_name, $token) : Request {
$request = Request::create('/');
$request->headers
->set($header_name, 'UsersJwt ' . $token);
return $request;
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AssertContentTrait:: |
protected | property | The current raw content. | |
AssertContentTrait:: |
protected | property | The drupalSettings value from the current raw $content. | |
AssertContentTrait:: |
protected | property | The XML structure parsed from the current raw $content. | 1 |
AssertContentTrait:: |
protected | property | The plain-text content of raw $content (text nodes). | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name or ID. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given ID and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is found. | |
AssertContentTrait:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is not found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is not found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href is not found in the main region. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page does not exist. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is not checked. | |
AssertContentTrait:: |
protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
AssertContentTrait:: |
protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
AssertContentTrait:: |
protected | function | Pass if the page title is not the given string. | |
AssertContentTrait:: |
protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
AssertContentTrait:: |
protected | function | Asserts that a select option with the visible text exists. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
AssertContentTrait:: |
protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) contains the text. | |
AssertContentTrait:: |
protected | function | Helper for assertText and assertNoText. | |
AssertContentTrait:: |
protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
AssertContentTrait:: |
protected | function | Asserts themed output. | |
AssertContentTrait:: |
protected | function | Pass if the page title is the given string. | |
AssertContentTrait:: |
protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
AssertContentTrait:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
AssertContentTrait:: |
protected | function | Builds an XPath query. | |
AssertContentTrait:: |
protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
AssertContentTrait:: |
protected | function | Searches elements using a CSS selector in the raw content. | |
AssertContentTrait:: |
protected | function | Get all option elements, including nested options, in a select. | |
AssertContentTrait:: |
protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
AssertContentTrait:: |
protected | function | Gets the current raw content. | |
AssertContentTrait:: |
protected | function | Get the selected value from a select field. | |
AssertContentTrait:: |
protected | function | Retrieves the plain-text content from the current raw content. | |
AssertContentTrait:: |
protected | function | Get the current URL from the cURL handler. | 1 |
AssertContentTrait:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
AssertContentTrait:: |
protected | function | Removes all white-space between HTML tags from the raw content. | |
AssertContentTrait:: |
protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
AssertContentTrait:: |
protected | function | Sets the raw content (e.g. HTML). | |
AssertContentTrait:: |
protected | function | Performs an xpath search on the contents of the internal browser. | |
AssertHelperTrait:: |
protected static | function | Casts MarkupInterface objects into strings. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertTrue() instead. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertEquals() instead. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertSame() instead. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertEquals() instead. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertNotEquals() instead. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertNotSame() instead. | |
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertTrue() instead. | |
AssertLegacyTrait:: |
protected | function | ||
ConfigTestTrait:: |
protected | function | Returns a ConfigImporter object to import test configuration. | |
ConfigTestTrait:: |
protected | function | Copies configuration objects from source storage to target storage. | |
KernelTestBase:: |
protected | property | Back up and restore any global variables that may be changed by tests. | |
KernelTestBase:: |
protected | property | Back up and restore static class properties that may be changed by tests. | |
KernelTestBase:: |
protected | property | Contains a few static class properties for performance. | |
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | @todo Move into Config test base class. | 7 |
KernelTestBase:: |
protected static | property | An array of config object names that are excluded from schema checking. | |
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | Do not forward any global state from the parent process to the processes that run the actual tests. | |
KernelTestBase:: |
protected | property | The app root. | |
KernelTestBase:: |
protected | property | Kernel tests are run in separate processes because they allow autoloading of code from extensions. Running the test in a separate process isolates this behavior from other tests. Subclasses should not override this property. | |
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | Set to TRUE to strict check all configuration saved. | 6 |
KernelTestBase:: |
protected | property | The virtual filesystem root directory. | |
KernelTestBase:: |
protected | function | 1 | |
KernelTestBase:: |
protected | function | Bootstraps a basic test environment. | |
KernelTestBase:: |
private | function | Bootstraps a kernel for a test. | |
KernelTestBase:: |
protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
KernelTestBase:: |
protected | function | Disables modules for this test. | |
KernelTestBase:: |
protected | function | Enables modules for this test. | |
KernelTestBase:: |
protected | function | Gets the config schema exclusions for this test. | |
KernelTestBase:: |
protected | function | Returns the Database connection info to be used for this test. | 1 |
KernelTestBase:: |
public | function | ||
KernelTestBase:: |
private | function | Returns Extension objects for $modules to enable. | |
KernelTestBase:: |
private static | function | Returns the modules to enable for this test. | |
KernelTestBase:: |
protected | function | Initializes the FileCache component. | |
KernelTestBase:: |
protected | function | Installs default configuration for a given list of modules. | |
KernelTestBase:: |
protected | function | Installs the storage schema for a specific entity type. | |
KernelTestBase:: |
protected | function | Installs database tables from a module schema definition. | |
KernelTestBase:: |
protected | function | Returns whether the current test method is running in a separate process. | |
KernelTestBase:: |
protected | function | ||
KernelTestBase:: |
public | function |
Registers test-specific services. Overrides ServiceProviderInterface:: |
26 |
KernelTestBase:: |
protected | function | Renders a render array. | 1 |
KernelTestBase:: |
protected | function | Sets the install profile and rebuilds the container to update it. | |
KernelTestBase:: |
protected | function | Sets an in-memory Settings variable. | |
KernelTestBase:: |
public static | function | 1 | |
KernelTestBase:: |
protected | function | Sets up the filesystem, so things like the file directory. | 2 |
KernelTestBase:: |
protected | function | Stops test execution. | |
KernelTestBase:: |
protected | function | 6 | |
KernelTestBase:: |
public | function | @after | |
KernelTestBase:: |
protected | function | Dumps the current state of the virtual filesystem to STDOUT. | |
KernelTestBase:: |
public | function | BC: Automatically resolve former KernelTestBase class properties. | |
KernelTestBase:: |
public | function | Prevents serializing any properties. | |
PhpunitCompatibilityTrait:: |
public | function | Returns a mock object for the specified class using the available method. | |
PhpunitCompatibilityTrait:: |
public | function | Compatibility layer for PHPUnit 6 to support PHPUnit 4 code. | |
RandomGeneratorTrait:: |
protected | property | The random generator. | |
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | 1 |
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
StorageCopyTrait:: |
protected static | function | Copy the configuration from one storage to another and remove stale items. | |
TestRequirementsTrait:: |
private | function | Checks missing module requirements. | |
TestRequirementsTrait:: |
protected | function | Check module requirements for the Drupal use case. | 1 |
TestRequirementsTrait:: |
protected static | function | Returns the Drupal root directory. | |
UserCreationTrait:: |
protected | function | Checks whether a given list of permission names is valid. | |
UserCreationTrait:: |
protected | function | Creates an administrative role. | |
UserCreationTrait:: |
protected | function | Creates a role with specified permissions. | |
UserCreationTrait:: |
protected | function | Create a user with a given set of permissions. | |
UserCreationTrait:: |
protected | function | Grant permissions to a user role. | |
UserCreationTrait:: |
protected | function | Switch the current logged in user. | |
UserCreationTrait:: |
protected | function | Creates a random user account and sets it as current user. | |
UsersJwtRequestTest:: |
public static | property |
Modules to enable. Overrides KernelTestBase:: |
|
UsersJwtRequestTest:: |
protected | property | The test user. | |
UsersJwtRequestTest:: |
protected | function | Create a request with UsersJwt authorization header. | |
UsersJwtRequestTest:: |
public | function |
Overrides KernelTestBase:: |
|
UsersJwtRequestTest:: |
public | function | Verify the authentication for a user. |