Implement token-based auth API

2025-08-07 00:47:00 +02:00 · 2015-01-22 14:44:33 +10:30
parent 74c9b48870
commit ad269fdb5a
11 changed files with 194 additions and 44 deletions
--- a/tests/api/ApiTester.php
+++ b/tests/api/ApiTester.php
@@ -1,4 +1,4 @@
-<?php //[STAMP] 56e5f4700a805fa943ff8199ddb69b69
+<?php //[STAMP] 93c972ae47d60c70b9045d971476f0bc

 // This class was automatically generated by build task
 // You should not change it manually as it will be overwritten on next build
@@ -3029,4 +3029,37 @@ class ApiTester extends \Codeception\Actor
    public function fail($message) {
        return $this->scenario->runStep(new \Codeception\Step\Action('fail', func_get_args()));
    }
+
+ 
+    /**
+     * [!] Method is generated. Documentation taken from corresponding module.
+     *
+     *
+     * @see \Codeception\Module\ApiHelper::haveAnAccount()
+     */
+    public function haveAnAccount($data = null) {
+        return $this->scenario->runStep(new \Codeception\Step\Action('haveAnAccount', func_get_args()));
+    }
+
+ 
+    /**
+     * [!] Method is generated. Documentation taken from corresponding module.
+     *
+     *
+     * @see \Codeception\Module\ApiHelper::login()
+     */
+    public function login($identifier, $password) {
+        return $this->scenario->runStep(new \Codeception\Step\Action('login', func_get_args()));
+    }
+
+ 
+    /**
+     * [!] Method is generated. Documentation taken from corresponding module.
+     *
+     *
+     * @see \Codeception\Module\ApiHelper::amAuthenticated()
+     */
+    public function amAuthenticated() {
+        return $this->scenario->runStep(new \Codeception\Step\Condition('amAuthenticated', func_get_args()));
+    }
 }
--- a/tests/api/AuthCest.php
+++ b/tests/api/AuthCest.php
@@ -0,0 +1,55 @@
+<?php
+use \ApiTester;
+
+use Laracasts\TestDummy\Factory;
+
+class AuthCest
+{
+    protected $endpoint = '/api/auth';
+
+    public function loginWithEmail(ApiTester $I)
+    {
+        $I->wantTo('login via API with email');
+
+        $user = $I->haveAnAccount([
+            'email' => 'foo@bar.com',
+            'password' => 'pass7word'
+        ]);
+
+        $token = $I->login('foo@bar.com', 'pass7word');
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        
+        $loggedIn = User::where('remember_token', $token)->first();
+        $I->assertEquals($user->id, $loggedIn->id);
+    }
+
+    public function loginWithUsername(ApiTester $I)
+    {
+        $I->wantTo('login via API with username');
+
+        $user = $I->haveAnAccount([
+            'username' => 'tobscure',
+            'password' => 'pass7word'
+        ]);
+
+        $token = $I->login('tobscure', 'pass7word');
+        $I->seeResponseCodeIs(200);
+        $I->seeResponseIsJson();
+        
+        $loggedIn = User::where('remember_token', $token)->first();
+        $I->assertEquals($user->id, $loggedIn->id);
+    }
+
+    public function invalidLogin(ApiTester $I)
+    {
+        $user = $I->haveAnAccount([
+            'email' => 'foo@bar.com',
+            'password' => 'pass7word'
+        ]);
+
+        $I->login('foo@bar.com', 'incorrect');
+        $I->seeResponseCodeIs(401);
+        $I->seeResponseIsJson();
+    }
+}
--- a/tests/api/DiscussionsResourceCest.php
+++ b/tests/api/DiscussionsResourceCest.php
@@ -42,7 +42,7 @@ class DiscussionsResourceCest {
    {
        $I->wantTo('create a discussion via API');

-        $I->haveHttpHeader('Authorization', 'Token 123456');
+        $I->amAuthenticated();

        $I->sendPOST($this->endpoint, ['discussions' => ['title' => 'foo', 'content' => 'bar']]);
        $I->seeResponseCodeIs(200);
@@ -58,9 +58,9 @@ class DiscussionsResourceCest {
    {
        $I->wantTo('update a discussion via API');

-        $I->haveHttpHeader('Authorization', 'Token 123456');
+        $user = $I->amAuthenticated();

-        $discussion = Factory::create('Flarum\Core\Discussions\Discussion');
+        $discussion = Factory::create('Flarum\Core\Discussions\Discussion', ['start_user_id' => $user->id]);

        $I->sendPUT($this->endpoint.'/'.$discussion->id, ['discussions' => ['title' => 'foo']]);
        $I->seeResponseCodeIs(200);
@@ -75,9 +75,10 @@ class DiscussionsResourceCest {
    {
        $I->wantTo('delete a discussion via API');

-        $I->haveHttpHeader('Authorization', 'Token 123456');
+        $user = $I->amAuthenticated();
+        $user->groups()->attach(4);

-        $discussion = Factory::create('Flarum\Core\Discussions\Discussion');
+        $discussion = Factory::create('Flarum\Core\Discussions\Discussion', ['start_user_id' => $user->id]);

        $I->sendDELETE($this->endpoint.'/'.$discussion->id);
        $I->seeResponseCodeIs(204);