View source
<?php
namespace Drupal\Tests\jwt\Functional;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
class JwtAuthTest extends BrowserTestBase {
public static $modules = [
'system',
'user',
'router_test',
'key',
'jwt',
'jwt_auth_issuer',
'jwt_auth_consumer',
'jwt_test',
];
protected $defaultTheme = 'stark';
public function testJwtAuth() {
$config = $this
->config('system.performance');
$config
->set('cache.page.max_age', 300);
$config
->save();
$account = $this
->drupalCreateUser([
'access content',
]);
$transcoder = $this->container
->get('jwt.transcoder');
$this
->setCurrentUser($account);
$auth = $this->container
->get('jwt.authentication.jwt');
$token = $auth
->generateToken();
$decoded_jwt = $transcoder
->decode($token);
$this
->assertEqual($account
->id(), $decoded_jwt
->getClaim([
'drupal',
'uid',
]));
foreach ([
'jwt_test.11.1',
'jwt_test.11.2',
] as $route_name) {
$url = Url::fromRoute($route_name);
foreach ([
'Authorization',
'JWT-Authorization',
] as $header_name) {
$headers = [
$header_name => 'Bearer ' . $token,
];
$this
->drupalGet($url, [], $headers);
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->pageTextContains($account
->getAccountName());
self::assertNull($this
->drupalGetHeader('X-Drupal-Cache'));
self::assertFalse(strpos($this
->drupalGetHeader('Cache-Control'), 'public'), 'Cache-Control is not set to public');
$account
->block()
->save();
$this
->drupalGet($url, [], $headers);
$this
->assertSession()
->statusCodeEquals(403);
$account
->activate()
->save();
$this->mink
->resetSessions();
$headers = [
$header_name => 'Bearer ' . $this
->randomMachineName(),
];
$this
->drupalGet($url, [], $headers);
$this
->assertSession()
->pageTextNotContains($account
->getAccountName());
$this
->assertSession()
->statusCodeEquals(403);
$this->mink
->resetSessions();
}
}
foreach ([
'Authorization',
'JWT-Authorization',
] as $header_name) {
$headers = [
$header_name => 'Bearer ' . $this
->randomMachineName(),
];
$this
->drupalGet('<front>', [], $headers);
$this
->assertSession()
->pageTextNotContains($account
->getAccountName());
$this
->assertSession()
->statusCodeEquals(200);
$this->mink
->resetSessions();
}
$url = Url::fromRoute('jwt_test.10');
$this
->drupalGet($url);
$this
->assertEqual($this
->drupalGetHeader('X-Drupal-Cache'), 'MISS');
$this
->drupalGet($url);
$this
->assertEqual($this
->drupalGetHeader('X-Drupal-Cache'), 'HIT');
foreach ([
'Authorization',
'JWT-Authorization',
] as $header_name) {
$headers = [
$header_name => 'Bearer ' . $token,
];
$this
->drupalGet($url, [], $headers);
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertNull($this
->drupalGetHeader('X-Drupal-Cache'));
$this
->assertFalse(strpos($this
->drupalGetHeader('Cache-Control'), 'public'), 'No page cache response when requesting a cached page with jwt credentials.');
$this->mink
->resetSessions();
}
$modules = [
'basic_auth',
];
$success = $this->container
->get('module_installer')
->install($modules, TRUE);
$this
->assertTrue($success, new FormattableMarkup('Enabled modules: %modules', [
'%modules' => implode(', ', $modules),
]));
$username = $account
->getAccountName();
$password = $account->pass_raw;
$url = Url::fromRoute('jwt_test.11.2');
$headers = [
'Authorization' => 'Basic ' . base64_encode("{$username}:{$password}"),
];
$this
->drupalGet($url, [], $headers);
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->pageTextContains($account
->getAccountName());
$this->mink
->resetSessions();
$headers = [
'Authorization' => 'Basic ' . $this
->randomMachineName(),
];
$this
->drupalGet($url, [], $headers);
$code = (int) $this
->getSession()
->getStatusCode();
$this
->assertTrue(in_array($code, [
401,
403,
], TRUE), 'Access is not granted.');
$this->mink
->resetSessions();
$headers += [
'JWT-Authorization' => 'Bearer ' . $token,
];
$this
->drupalGet($url, [], $headers);
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->pageTextContains($account
->getAccountName());
}
}