Implement token-based auth API

tests/_support/ApiHelper.php

@@ -1,10 +1,35 @@
 <?php
 namespace Codeception\Module;
 
-// here you can define custom actions
-// all public methods declared in helper class will be available in $I
+use Laracasts\TestDummy\Factory;
+use Auth;
+use DB;
 
 class ApiHelper extends \Codeception\Module
 {
+	public function haveAnAccount($data = [])
+	{
+		return Factory::create('Flarum\Core\Users\User', $data);
+	}
 
+	public function login($identifier, $password)
+	{
+		$this->getModule('REST')->sendPOST('/api/auth/login', ['identifier' => $identifier, 'password' => $password]);
+
+		$response = json_decode($this->getModule('REST')->grabResponse(), true);
+		if ($response && is_array($response) && isset($response['token'])) {
+			return $response['token'];
+		}
+
+		return false;
+	}
+
+	public function amAuthenticated()
+	{
+		$user = $this->haveAnAccount();
+		$user->groups()->attach(3); // Add member group
+		Auth::onceUsingId($user->id);
+
+        return $user;
+	}
 }

tests/api/ApiTester.php

@@ -1,4 +1,4 @@
-<?php //[STAMP] 56e5f4700a805fa943ff8199ddb69b69
+<?php //[STAMP] 93c972ae47d60c70b9045d971476f0bc
 
 // This class was automatically generated by build task
 // You should not change it manually as it will be overwritten on next build
@@ -3029,4 +3029,37 @@ class ApiTester extends \Codeception\Actor
     public function fail($message) {
         return $this->scenario->runStep(new \Codeception\Step\Action('fail', func_get_args()));
     }
+
+ 
+    /**
+     * [!] Method is generated. Documentation taken from corresponding module.
+     *
+     *
+     * @see \Codeception\Module\ApiHelper::haveAnAccount()
+     */
+    public function haveAnAccount($data = null) {
+        return $this->scenario->runStep(new \Codeception\Step\Action('haveAnAccount', func_get_args()));
+    }
+
+ 
+    /**
+     * [!] Method is generated. Documentation taken from corresponding module.
+     *
+     *
+     * @see \Codeception\Module\ApiHelper::login()
+     */
+    public function login($identifier, $password) {
+        return $this->scenario->runStep(new \Codeception\Step\Action('login', func_get_args()));
+    }
+
+ 
+    /**
+     * [!] Method is generated. Documentation taken from corresponding module.
+     *
+     *
+     * @see \Codeception\Module\ApiHelper::amAuthenticated()
+     */
+    public function amAuthenticated() {
+        return $this->scenario->runStep(new \Codeception\Step\Condition('amAuthenticated', func_get_args()));
+    }
 }

tests/api/AuthCest.php

@@ -0,0 +1,55 @@
+<?php
+use \ApiTester;
+
+use Laracasts\TestDummy\Factory;
+
+class AuthCest
+{
+    protected $endpoint = '/api/auth';
+
+    public function loginWithEmail(ApiTester $I)
+    {
+        $I->wantTo('login via API with email');
+
+        $user = $I->haveAnAccount([
+            'email' => 'foo@bar.com',
+            'password' => 'pass7word'
+        ]);
+
+        $token = $I->login('foo@bar.com', 'pass7word');
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        
+        $loggedIn = User::where('remember_token', $token)->first();
+        $I->assertEquals($user->id, $loggedIn->id);
+    }
+
+    public function loginWithUsername(ApiTester $I)
+    {
+        $I->wantTo('login via API with username');
+
+        $user = $I->haveAnAccount([
+            'username' => 'tobscure',
+            'password' => 'pass7word'
+        ]);
+
+        $token = $I->login('tobscure', 'pass7word');
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        
+        $loggedIn = User::where('remember_token', $token)->first();
+        $I->assertEquals($user->id, $loggedIn->id);
+    }
+
+    public function invalidLogin(ApiTester $I)
+    {
+        $user = $I->haveAnAccount([
+            'email' => 'foo@bar.com',
+            'password' => 'pass7word'
+        ]);
+
+        $I->login('foo@bar.com', 'incorrect');
+        $I->seeResponseCodeIs(401);
+        $I->seeResponseIsJson();
+    }
+}

tests/api/DiscussionsResourceCest.php

@@ -42,7 +42,7 @@ class DiscussionsResourceCest {
     {
         $I->wantTo('create a discussion via API');
 
-        $I->haveHttpHeader('Authorization', 'Token 123456');
+        $I->amAuthenticated();
 
         $I->sendPOST($this->endpoint, ['discussions' => ['title' => 'foo', 'content' => 'bar']]);
         $I->seeResponseCodeIs(200);
@@ -58,9 +58,9 @@ class DiscussionsResourceCest {
     {
         $I->wantTo('update a discussion via API');
 
-        $I->haveHttpHeader('Authorization', 'Token 123456');
+        $user = $I->amAuthenticated();
 
-        $discussion = Factory::create('Flarum\Core\Discussions\Discussion');
+        $discussion = Factory::create('Flarum\Core\Discussions\Discussion', ['start_user_id' => $user->id]);
 
         $I->sendPUT($this->endpoint.'/'.$discussion->id, ['discussions' => ['title' => 'foo']]);
         $I->seeResponseCodeIs(200);
@@ -75,9 +75,10 @@ class DiscussionsResourceCest {
     {
         $I->wantTo('delete a discussion via API');
 
-        $I->haveHttpHeader('Authorization', 'Token 123456');
+        $user = $I->amAuthenticated();
+        $user->groups()->attach(4);
 
-        $discussion = Factory::create('Flarum\Core\Discussions\Discussion');
+        $discussion = Factory::create('Flarum\Core\Discussions\Discussion', ['start_user_id' => $user->id]);
 
         $I->sendDELETE($this->endpoint.'/'.$discussion->id);
         $I->seeResponseCodeIs(204);

tests/factories/factories.php

@@ -1,9 +1,15 @@
 <?php
 
 $factory('Flarum\Core\Discussions\Discussion', [
-    'title' => $faker->sentence
+    'title' => $faker->sentence,
+    'start_time' => $faker->dateTimeThisYear,
+    'start_user_id' => 'factory:Flarum\Core\Users\User'
 ]);
 
 $factory('Flarum\Core\Users\User', [
-    'username' => $faker->sentence
+    'username' => $faker->userName,
+    'email' => $faker->safeEmail,
+    'password' => 'password',
+    'join_time' => $faker->dateTimeThisYear,
+    'time_zone' => $faker->timezone
 ]);