diff --git a/framework/core/tests/integration/BuildsHttpRequests.php b/framework/core/tests/integration/BuildsHttpRequests.php index 09704de8b..410d67b56 100644 --- a/framework/core/tests/integration/BuildsHttpRequests.php +++ b/framework/core/tests/integration/BuildsHttpRequests.php @@ -9,8 +9,9 @@ namespace Flarum\Tests\integration; +use Carbon\Carbon; use Dflydev\FigCookies\SetCookie; -use Flarum\Http\AccessToken; +use Illuminate\Support\Str; use Laminas\Diactoros\CallbackStream; use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ServerRequestInterface as Request; @@ -33,10 +34,21 @@ trait BuildsHttpRequests protected function requestAsUser(Request $req, int $userId): Request { - $token = AccessToken::generate($userId); - $token->save(); + $token = Str::random(40); - return $req->withAddedHeader('Authorization', "Token {$token->token}"); + /** + * We insert this directly instead of via `prepareDatabase` + * so that requests can be created/sent after the app is booted. + */ + $this->database()->table('access_tokens')->insert([ + 'token' => $token, + 'user_id' => $userId, + 'created_at' => Carbon::now()->toDateTimeString(), + 'last_activity_at' => Carbon::now()->toDateTimeString(), + 'lifetime_seconds' => 3600 + ]); + + return $req->withAddedHeader('Authorization', "Token {$token}"); } protected function requestWithCookiesFrom(Request $req, Response $previous): Request diff --git a/framework/core/tests/integration/api/authentication/WithApiKeyTest.php b/framework/core/tests/integration/api/authentication/WithApiKeyTest.php index 2518d4238..180a4d630 100644 --- a/framework/core/tests/integration/api/authentication/WithApiKeyTest.php +++ b/framework/core/tests/integration/api/authentication/WithApiKeyTest.php @@ -27,20 +27,13 @@ class WithApiKeyTest extends TestCase 'users' => [ $this->normalUser(), ], + 'api_keys' => [ + ['key' => 'mastertoken', 'user_id' => null, 'created_at' => Carbon::now()->toDateTimeString()], + ['key' => 'personaltoken', 'user_id' => 2, 'created_at' => Carbon::now()->toDateTimeString()], + ] ]); } - protected function key(int $user_id = null): ApiKey - { - return ApiKey::unguarded(function () use ($user_id) { - return ApiKey::query()->firstOrCreate([ - 'key' => Str::random(), - 'user_id' => $user_id, - 'created_at' => Carbon::now() - ]); - }); - } - /** * @test */ @@ -59,18 +52,16 @@ class WithApiKeyTest extends TestCase */ public function master_token_can_authenticate_as_anyone() { - $key = $this->key(); - $response = $this->send( $this->request('GET', '/api') - ->withAddedHeader('Authorization', "Token {$key->key}; userId=1") + ->withAddedHeader('Authorization', 'Token mastertoken; userId=1') ); $data = json_decode($response->getBody(), true); $this->assertTrue($data['data']['attributes']['canViewUserList']); $this->assertArrayHasKey('adminUrl', $data['data']['attributes']); - $key->refresh(); + $key = ApiKey::where('key', 'mastertoken')->first(); $this->assertNotNull($key->last_activity_at); } @@ -80,18 +71,16 @@ class WithApiKeyTest extends TestCase */ public function personal_api_token_cannot_authenticate_as_anyone() { - $key = $this->key(2); - $response = $this->send( $this->request('GET', '/api') - ->withAddedHeader('Authorization', "Token {$key->key}; userId=1") + ->withAddedHeader('Authorization', 'Token personaltoken; userId=1') ); $data = json_decode($response->getBody(), true); $this->assertTrue($data['data']['attributes']['canViewUserList']); $this->assertArrayNotHasKey('adminUrl', $data['data']['attributes']); - $key->refresh(); + $key = ApiKey::where('key', 'personaltoken')->first(); $this->assertNotNull($key->last_activity_at); } @@ -101,18 +90,16 @@ class WithApiKeyTest extends TestCase */ public function personal_api_token_authenticates_user() { - $key = $this->key(2); - $response = $this->send( $this->request('GET', '/api') - ->withAddedHeader('Authorization', "Token {$key->key}") + ->withAddedHeader('Authorization', 'Token personaltoken') ); $data = json_decode($response->getBody(), true); $this->assertTrue($data['data']['attributes']['canViewUserList']); $this->assertArrayNotHasKey('adminUrl', $data['data']['attributes']); - $key->refresh(); + $key = ApiKey::where('key', 'personaltoken')->first(); $this->assertNotNull($key->last_activity_at); } diff --git a/framework/core/tests/integration/api/users/ListTest.php b/framework/core/tests/integration/api/users/ListTest.php index ab9dac7a5..c2b05a941 100644 --- a/framework/core/tests/integration/api/users/ListTest.php +++ b/framework/core/tests/integration/api/users/ListTest.php @@ -33,12 +33,11 @@ class ListTest extends TestCase */ public function shows_index_for_guest_when_they_have_permission() { - Permission::unguarded(function () { - Permission::create([ - 'permission' => 'viewUserList', - 'group_id' => 2, - ]); - }); + $this->prepareDatabase([ + 'group_permission' => [ + ['permission' => 'viewUserList', 'group_id' => 2], + ], + ]); $response = $this->send( $this->request('GET', '/api/users')