View source
<?php
namespace Drupal\Tests\key_auth\Functional;
use Drupal\Tests\BrowserTestBase;
use Drupal\key_auth\KeyAuth;
use Drupal\Core\Url;
use Drupal\user\UserInterface;
class KeyAuthTest extends BrowserTestBase {
public static $modules = [
'key_auth',
'key_auth_test',
];
protected $keyAuth;
protected $keyAuthConfig;
protected $userStorage;
protected function setUp() {
parent::setUp();
$this->keyAuth = $this->container
->get('key_auth');
$this->keyAuthConfig = $this
->config('key_auth.settings');
$this->userStorage = $this->container
->get('entity_type.manager')
->getStorage('user');
}
public function testKeyLength() {
$this->keyAuthConfig
->set('key_length', 64);
$this->keyAuthConfig
->save();
$this
->assertTrue(strlen($this->keyAuth
->generateKey()) == 64);
}
public function testUserAutoKeyGeneration() {
$this->keyAuthConfig
->set('auto_generate_keys', TRUE);
$this->keyAuthConfig
->save();
$user = $this
->drupalCreateUser([
'use key authentication',
]);
$this
->assertNotEmpty($user->api_key->value);
$user = $this
->drupalCreateUser([]);
$this
->assertEmpty($user->api_key->value);
$this->keyAuthConfig
->set('auto_generate_keys', FALSE);
$this->keyAuthConfig
->save();
$user = $this
->drupalCreateUser([
'use key authentication',
]);
$this
->assertEmpty($user->api_key->value);
}
public function testRandomKey() {
$this
->assertNotEquals($this->keyAuth
->generateKey(), $this->keyAuth
->generateKey());
}
public function testUserKeyAuthForm() {
$this->keyAuthConfig
->set('detection_methods', [
KeyAuth::DETECTION_METHOD_HEADER,
KeyAuth::DETECTION_METHOD_QUERY,
])
->save();
$this
->drupalGet(Url::fromRoute('key_auth.user_key_auth_form', [
'user' => 1,
]));
$this
->assertSession()
->statusCodeEquals(403);
$user1 = $this
->drupalCreateUser([]);
$this
->drupalLogin($user1);
$this
->drupalGet(Url::fromRoute('key_auth.user_key_auth_form', [
'user' => $user1
->id(),
]));
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalLogout();
$user2 = $this
->drupalCreateUser([
'use key authentication',
]);
$this
->drupalLogin($user2);
$user2
->set('api_key', $this->keyAuth
->generateKey())
->save();
$this
->drupalGet(Url::fromRoute('key_auth.user_key_auth_form', [
'user' => $user2
->id(),
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->pageTextContains($user2->api_key->value);
$this
->assertSession()
->elementExists('css', '#edit-new');
$this
->assertSession()
->elementExists('css', '#edit-delete');
$this
->drupalPostForm(NULL, [], 'Delete current key');
$user2 = $this
->loadUser($user2
->id());
$this
->assertEmpty($user2->api_key->value);
$this
->assertSession()
->pageTextContains('You currently do not have a key');
$this
->assertSession()
->elementNotExists('css', '#edit-delete');
$this
->drupalPostForm(NULL, [], 'Generate new key');
$user2 = $this
->loadUser($user2
->id());
$this
->assertNotEmpty($user2->api_key->value);
$this
->assertSession()
->pageTextContains($user2->api_key->value);
$this
->assertSession()
->elementExists('css', '#edit-delete');
$this
->assertSession()
->pageTextContains('Include the following header');
$this
->assertSession()
->pageTextContains('Include the following query');
$this->keyAuthConfig
->set('detection_methods', [
KeyAuth::DETECTION_METHOD_QUERY,
])
->save();
$this
->drupalGet(Url::fromRoute('key_auth.user_key_auth_form', [
'user' => $user2
->id(),
]));
$this
->assertSession()
->pageTextNotContains('Include the following header');
$this
->drupalGet(Url::fromRoute('key_auth.user_key_auth_form', [
'user' => $user1
->id(),
]));
$this
->assertSession()
->statusCodeEquals(403);
$user3 = $this
->drupalCreateUser([
'administer users',
'use key authentication',
]);
$this
->drupalLogin($user3);
foreach ([
$user1
->id(),
$user2
->id(),
$user3
->id(),
] as $uid) {
$this
->drupalGet(Url::fromRoute('key_auth.user_key_auth_form', [
'user' => $uid,
]));
$this
->assertSession()
->statusCodeEquals(200);
}
}
public function testKeyAuth() {
$config = $this
->config('system.performance');
$config
->set('cache.page.max_age', 300);
$config
->save();
$this->keyAuthConfig
->set('detection_methods', [
KeyAuth::DETECTION_METHOD_HEADER,
KeyAuth::DETECTION_METHOD_QUERY,
])
->save();
$param_name = $this->keyAuthConfig
->get('param_name');
$this
->keyAuthRequest(NULL, NULL, 403);
$user = $this
->drupalCreateUser([
'use key authentication',
]);
$user
->set('api_key', $this->keyAuth
->generateKey())
->save();
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_QUERY, $param_name, 200, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_HEADER, $param_name, 200, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_QUERY, $param_name, 403, $this->keyAuth
->generateKey(), $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_HEADER, $param_name, 403, $this->keyAuth
->generateKey(), $user);
$this->keyAuthConfig
->set('detection_methods', [])
->save();
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_QUERY, $param_name, 403, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_HEADER, $param_name, 403, $user->api_key->value, $user);
$this->keyAuthConfig
->set('detection_methods', [
KeyAuth::DETECTION_METHOD_HEADER,
KeyAuth::DETECTION_METHOD_QUERY,
])
->save();
$this->keyAuthConfig
->set('param_name', 'testauth')
->save();
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_QUERY, 'testauth', 200, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_HEADER, 'testauth', 200, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_QUERY, $param_name, 403, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_HEADER, $param_name, 403, $user->api_key->value, $user);
$user = $this
->drupalCreateUser([]);
$user
->set('api_key', $this->keyAuth
->generateKey())
->save();
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_QUERY, 'testauth', 403, $user->api_key->value, $user);
$this
->keyAuthRequest(KeyAuth::DETECTION_METHOD_HEADER, 'testauth', 403, $user->api_key->value, $user);
}
public function keyAuthRequest($detection_method = NULL, $param_name = NULL, $status_code = 200, $key = NULL, UserInterface $user = NULL) {
if (!$detection_method || !$key) {
$this
->drupalGet(Url::fromRoute('key_auth.test'));
}
elseif ($detection_method == KeyAuth::DETECTION_METHOD_HEADER) {
$this
->drupalGet(Url::fromRoute('key_auth.test'), [], [
$param_name => $key,
]);
}
elseif ($detection_method == KeyAuth::DETECTION_METHOD_QUERY) {
$this
->drupalGet(Url::fromRoute('key_auth.test', [], [
'query' => [
$param_name => $key,
],
]));
}
else {
$this
->assertTrue(FALSE);
return;
}
$this
->assertSession()
->statusCodeEquals($status_code);
if ($status_code == 200) {
$this
->assertFalse($this
->drupalGetHeader('X-Drupal-Cache'));
$this
->assertIdentical(strpos($this
->drupalGetHeader('Cache-Control'), 'public'), FALSE);
}
if ($user) {
if ($status_code == 200) {
$this
->assertSession()
->pageTextContains($user
->getAccountName());
}
else {
$this
->assertSession()
->pageTextNotContains($user
->getAccountName());
}
}
$this->mink
->resetSessions();
}
public function loadUser($uid) {
$this->userStorage
->resetCache([
$uid,
]);
return $this->userStorage
->load($uid);
}
}