You are here

Home » API reference » RESTful 7 » RestfulAuthenticationTestCase.test » RestfulAuthenticationTestCase

function RestfulAuthenticationTestCase::testAuthentication in RESTful 7

Same name and namespace in other branches
  1. 7.2 tests/RestfulAuthenticationTestCase.test \RestfulAuthenticationTestCase::testAuthentication()

Test authenticating a user.

File

tests/RestfulAuthenticationTestCase.test, line 49
Contains RestfulAuthenticationTestCase.

Class

RestfulAuthenticationTestCase
@file Contains RestfulAuthenticationTestCase.

Code

function testAuthentication() {
  global $user;
  $handler = restful_get_restful_handler('main', 1, 5);

  // Case 1. Check that the handler has the expected authentication providers.
  $providers = array_keys($handler
    ->getAuthenticationManager()
    ->getArrayCopy());
  foreach ($handler
    ->getPluginKey('authentication_types') as $provider_name) {
    $this
      ->assertTrue(in_array($provider_name, $providers), format_string('The %name authorization type was found.', array(
      '%name' => $provider_name,
    )));
  }

  // Case 2. Test that the account from the authentication manager is the
  // logged in user.
  // We need to hijack the global user object in order to force it to be our
  // test account and make the cookie authentication provider to resolve it.
  $user = $this->account;
  $this
    ->assertEqual($this->account->uid, $handler
    ->getAccount()->uid, 'The authentication manager resolved the currently logged in user.');
  $cookie_provider = restful_get_authentication_handler('cookie');

  // Case 3. Test the 'cookie_auth' authentication provider.
  $this
    ->assertEqual($this->account->uid, $cookie_provider
    ->authenticate()->uid, 'The cookie provider resolved the currently logged in user.');
  $user = drupal_anonymous_user();

  // Case 4. Test that the 'cookie_auth' resolves the anonymous user.
  $this
    ->assertEqual(0, $cookie_provider
    ->authenticate()->uid, 'The cookie provider resolved the anonymous user.');
  $basic_auth_provider = restful_get_authentication_handler('basic_auth');

  // Case 5. Valid login using basic auth.
  $_SERVER['PHP_AUTH_USER'] = $this->account->name;
  $_SERVER['PHP_AUTH_PW'] = $this->account->pass_raw;
  $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = NULL;
  $this
    ->assertEqual($this->account->uid, $basic_auth_provider
    ->authenticate()->uid, 'The basic auth provider resolved the currently logged in user.');

  // Case 6. Valid login using REDIRECT_HTTP_AUTHORIZATION.
  $_SERVER['PHP_AUTH_USER'] = NULL;
  $_SERVER['PHP_AUTH_PW'] = NULL;
  $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Basic: ' . base64_encode($this->account->name . ':' . $this->account->pass_raw);
  $this
    ->assertEqual($this->account->uid, $basic_auth_provider
    ->authenticate()->uid, 'The basic auth provider resolved the currently logged in user. Using REDIRECT_HTTP_AUTHORIZATION.');

  // Case 7. Invalid pass for basic auth.
  $_SERVER['PHP_AUTH_USER'] = $this->account->name;
  $_SERVER['PHP_AUTH_PW'] = $this
    ->randomName();
  $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = NULL;
  $this
    ->assertNull($basic_auth_provider
    ->authenticate(), 'The basic auth provider could not resolve a user with invalid password.');

  // Case 8. Invalid username for basic auth.
  $_SERVER['PHP_AUTH_USER'] = $this
    ->randomName();
  $_SERVER['PHP_AUTH_PW'] = $this->account->pass_raw;
  $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = NULL;
  $this
    ->assertNull($basic_auth_provider
    ->authenticate(), 'The basic auth provider could not resolve a user with invalid username.');

  // Case 9. Valid login using REDIRECT_HTTP_AUTHORIZATION.
  $_SERVER['PHP_AUTH_USER'] = NULL;
  $_SERVER['PHP_AUTH_PW'] = NULL;
  $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Basic: ' . base64_encode($this
    ->randomName() . ':' . $this
    ->randomName());
  $this
    ->assertNull($basic_auth_provider
    ->authenticate(), 'The basic auth provider could not resolve a user with invalid encoded username & password. Using REDIRECT_HTTP_AUTHORIZATION.');

  // Case 11. Accessing a resource with optional authentication.
  // We are getting a 403 instead of 401, as the access is now based on the
  // permissions.
  $result = $this
    ->httpRequest('api/v1.0/users');
  $this
    ->assertEqual($result['code'], 403, 'Anonymous user got 403 when trying to access the "users" resource.');

  // To assert permissions control access to the resource, we change the
  // permission for anonymous to access other user's profile.
  user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
    'access user profiles' => TRUE,
  ));
  $result = $this
    ->httpRequest('api/v1.0/users');
  $this
    ->assertEqual($result['code'], 200, 'Anonymous user got 200 when trying to access the "users" resource after permissions changed.');
}