d7/d29/AuthHelperTest_8php_source.html

 <?php

 /*

  SPDX-FileCopyrightText: © 2020 Siemens AG

  Author: Gaurav Mishra <mishra.gaurav@siemens.com>


  SPDX-License-Identifier: GPL-2.0-only

 */

 namespace Fossology\UI\Api\Test\Helper;


 use Fossology\Lib\Dao\UserDao;

 use Fossology\UI\Api\Exceptions\HttpForbiddenException;

 use Fossology\UI\Api\Helper\AuthHelper;

 use Fossology\UI\Api\Helper\DbHelper;

 use Mockery as M;

 use Symfony\Component\HttpFoundation\Session\Session;


 class AuthHelperTest extends \PHPUnit\Framework\TestCase

 {


   private $assertCountBefore;


   private $authHelper;


   private $userDao;


   private $session;


   private $dbHelper;


   protected function setUp() : void

   {

     $this->userDao = M::mock(UserDao::class);

     $this->session = M::mock(Session::class);

     $this->dbHelper = M::mock(DbHelper::class);


     $this->session->shouldReceive('isStarted')->andReturn(true);


     $this->authHelper = new AuthHelper($this->userDao, $this->session,

       $this->dbHelper);

     $this->assertCountBefore = \Hamcrest\MatcherAssert::getCount();

   }


   protected function tearDown() : void

   {

     $this->addToAssertionCount(

       \Hamcrest\MatcherAssert::getCount() - $this->assertCountBefore);

     M::close();

   }


   public function testVerifyAuthToken()

   {

     $userId = null;

     $expectedUser = 2;

     $tokenScope = null;

     $jti = "4.2";

     $key = "mysecretkey";

     $createdOn = strftime('%Y-%m-%d');

     $expire = strftime('%Y-%m-%d', strtotime('+3 day'));

     $authToken = $this->authHelper->generateJwtToken($expire, $createdOn, $jti,

       "w", $key);

     $authHeader = "Bearer " . $authToken;

     $tokenRow = [

       "token_key" => $key,

       "created_on" => $createdOn,

       "expire_on" => $expire,

       "user_fk" => $expectedUser,

       "active" => 't',

       "token_scope" => "w"

     ];


     $this->dbHelper->shouldReceive('getTokenKey')

       ->withArgs(["4"])

       ->andReturn($tokenRow);

     $this->userDao->shouldReceive('isUserIdActive')

       ->withArgs([$expectedUser])

       ->andReturn(true);


     $GLOBALS['SysConf'] = ['AUTHENTICATION' => ['resttoken' => 'token']];

     $this->authHelper->verifyAuthToken($authHeader, $userId,

       $tokenScope);


     $this->assertEquals($expectedUser, $userId);

     $this->assertEquals("write", $tokenScope);

   }


   public function testVerifyAuthTokenInactiveUser()

   {

     $userId = null;

     $expectedUser = 2;

     $tokenScope = null;

     $jti = "4.2";

     $key = "mysecretkey";

     $createdOn = strftime('%Y-%m-%d');

     $expire = strftime('%Y-%m-%d', strtotime('+3 day'));

     $authToken = $this->authHelper->generateJwtToken($expire, $createdOn, $jti,

       "w", $key);

     $authHeader = "Bearer " . $authToken;

     $tokenRow = [

       "token_key" => $key,

       "created_on" => $createdOn,

       "expire_on" => $expire,

       "user_fk" => $expectedUser,

       "active" => 't',

       "token_scope" => "w"

     ];


     $this->dbHelper->shouldReceive('getTokenKey')

       ->withArgs(["4"])

       ->andReturn($tokenRow);

     $this->userDao->shouldReceive('isUserIdActive')

       ->withArgs([$expectedUser])

       ->andReturn(false);


     $GLOBALS['SysConf'] = ['AUTHENTICATION' => ['resttoken' => 'token']];


     $this->expectException(HttpForbiddenException::class);


     $this->authHelper->verifyAuthToken($authHeader, $userId, $tokenScope);

   }


   public function testIsTokenActive()

   {

     $key = "mysecretkey";

     $createdOn = strftime('%Y-%m-%d');

     $expire = strftime('%Y-%m-%d', strtotime('+3 day'));

     $tokenId = 4;

     $activeTokenRow = [

       "token_key" => $key,

       "created_on" => $createdOn,

       "expire_on" => $expire,

       "user_fk" => 2,

       "active" => 't',

       "token_scope" => "w"

     ];

     $expireTokenRow = [

       "token_key" => $key,

       "created_on" => $createdOn,

       "expire_on" => $expire,

       "user_fk" => 2,

       "active" => 'f',

       "token_scope" => "w"

     ];


     $this->authHelper->isTokenActive($activeTokenRow, $tokenId);


     $this->expectException(HttpForbiddenException::class);


     $this->authHelper->isTokenActive($expireTokenRow, $tokenId);

   }


   public function testIsTokenActiveExpireOldToken()

   {

     $key = "mysecretkey";

     $createdOn = strftime('%Y-%m-%d', strtotime('-3 day'));

     $expire = strftime('%Y-%m-%d', strtotime('-1 day'));

     $tokenId = 4;

     $tokenRow = [

       "token_key" => $key,

       "created_on" => $createdOn,

       "expire_on" => $expire,

       "user_fk" => 2,

       "active" => 't',

       "token_scope" => "w"

     ];


     $this->dbHelper->shouldReceive('invalidateToken')

       ->withArgs([$tokenId])->once();

     $this->expectException(HttpForbiddenException::class);


     $this->authHelper->isTokenActive($tokenRow, $tokenId);

   }


   public function testUserHasGroupAccess()

   {

     $userId = 3;

     $groupName = 'fossy';

     $groupMap = [

       2 => 'fossy',

       3 => 'read',

       4 => 'write'

     ];


     $this->userDao->shouldReceive('getGroupIdByName')

       ->withArgs([$groupName])->andReturn(['group_pk' => 2])->once();

     $this->userDao->shouldReceive('getUserGroupMap')

       ->withArgs([$userId])->andReturn($groupMap)->twice();


     $this->authHelper->userHasGroupAccess($userId, $groupName);


     $groupName = 'random';

     $this->userDao->shouldReceive('getGroupIdByName')

       ->withArgs([$groupName])->andReturn(['group_pk' => 6])->once();


     $this->expectException(HttpForbiddenException::class);


     $this->authHelper->userHasGroupAccess($userId, $groupName);

   }

 }

Fossology\Lib\Dao\UserDao
Definition: UserDao.php:19

Fossology\UI\Api\Exceptions\HttpForbiddenException
Definition: HttpForbiddenException.php:17

Fossology\UI\Api\Helper\AuthHelper
Provides helper methods for REST api.
Definition: AuthHelper.php:38

Fossology\UI\Api\Helper\DbHelper
Provides helper methods to access database for REST api.
Definition: DbHelper.php:38

Fossology\UI\Api\Test\Helper\AuthHelperTest
Test cases for AuthHelper.
Definition: AuthHelperTest.php:33

Fossology\UI\Api\Test\Helper\AuthHelperTest\testIsTokenActive
testIsTokenActive()
Definition: AuthHelperTest.php:186

Fossology\UI\Api\Test\Helper\AuthHelperTest\$userDao
$userDao
Definition: AuthHelperTest.php:51

Fossology\UI\Api\Test\Helper\AuthHelperTest\tearDown
tearDown()
Remove test objects.
Definition: AuthHelperTest.php:86

Fossology\UI\Api\Test\Helper\AuthHelperTest\$authHelper
$authHelper
Definition: AuthHelperTest.php:45

Fossology\UI\Api\Test\Helper\AuthHelperTest\$session
$session
Definition: AuthHelperTest.php:57

Fossology\UI\Api\Test\Helper\AuthHelperTest\testIsTokenActiveExpireOldToken
testIsTokenActiveExpireOldToken()
Definition: AuthHelperTest.php:223

Fossology\UI\Api\Test\Helper\AuthHelperTest\testVerifyAuthToken
testVerifyAuthToken()
Definition: AuthHelperTest.php:102

Fossology\UI\Api\Test\Helper\AuthHelperTest\$assertCountBefore
$assertCountBefore
Definition: AuthHelperTest.php:39

Fossology\UI\Api\Test\Helper\AuthHelperTest\$dbHelper
$dbHelper
Definition: AuthHelperTest.php:63

Fossology\UI\Api\Test\Helper\AuthHelperTest\setUp
setUp()
Setup test objects.
Definition: AuthHelperTest.php:69

Fossology\UI\Api\Test\Helper\AuthHelperTest\testUserHasGroupAccess
testUserHasGroupAccess()
Definition: AuthHelperTest.php:251

Fossology\UI\Api\Test\Helper\AuthHelperTest\testVerifyAuthTokenInactiveUser
testVerifyAuthTokenInactiveUser()
Definition: AuthHelperTest.php:145

Fossology\UI\Api\Test\Helper