From 25f772c1ea36053c9ce78df6fbc419eceae0f1b6 Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Fri, 20 Mar 2020 18:22:52 +0100
Subject: [PATCH] Replace authenticatedRequest() by request() option

I feel this makes the parameters a bit more clear, does not rely on
inheritance (you can only inherit from one class, but we might want more
of these helpers in the future), and has less side effects (e.g. no
creation and, more importantly, deletion of users in the database).

Refs #2052.
---
 tests/integration/AuthenticatedTestCase.php | 72 ---------------------
 tests/integration/BuildsHttpRequests.php    |  9 +++
 tests/integration/TestCase.php              | 10 +++
 3 files changed, 19 insertions(+), 72 deletions(-)
 delete mode 100644 tests/integration/AuthenticatedTestCase.php

diff --git a/tests/integration/AuthenticatedTestCase.php b/tests/integration/AuthenticatedTestCase.php
deleted file mode 100644
index 3f2ce4e5f..000000000
--- a/tests/integration/AuthenticatedTestCase.php
+++ /dev/null
@@ -1,72 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * For detailed copyright and license information, please view the
- * LICENSE file that was distributed with this source code.
- */
-
-namespace Flarum\Tests\integration;
-
-use Carbon\Carbon;
-use Flarum\Api\ApiKey;
-use Illuminate\Support\Str;
-use Psr\Http\Message\ServerRequestInterface;
-
-abstract class AuthenticatedTestCase extends TestCase
-{
-    use RetrievesAuthorizedUsers;
-
-    protected function genKey(int $user_id = null): ApiKey
-    {
-        return ApiKey::unguarded(function () use ($user_id) {
-            return ApiKey::query()->firstOrCreate([
-                'key'        => Str::random(),
-                'user_id'    => $user_id,
-                'created_at' => Carbon::now()
-            ]);
-        });
-    }
-
-    /**
-     * Build an authenticated HTTP request that can be passed through middleware.
-     *
-     * This method simplifies building HTTP request for use in our HTTP-level
-     * integration tests. It provides options for all features repeatedly being
-     * used in those tests.
-     *
-     * @param string $method
-     * @param string $path
-     * @param array $options
-     *   An array of optional request properties.
-     *   Currently supported:
-     *   - "json" should point to a JSON-serializable object that will be
-     *     serialized and used as request body. The corresponding Content-Type
-     *     header will be set automatically.
-     *   - "cookiesFrom" should hold a response object from a previous HTTP
-     *     interaction. All cookies returned from the server in that response
-     *     (via the "Set-Cookie" header) will be copied to the cookie params of
-     *     the new request.
-     * @param int $userId Which user should be emulated? User ID 1 will return a
-     * user with admin perms unless this has been modified in your test case.
-     * @return ServerRequestInterface
-     */
-    protected function authenticatedRequest(string $method, string $path, array $options = [], int $userId = 1): ServerRequestInterface
-    {
-        $request = $this->request($method, $path, $options);
-
-        $this->prepareDatabase([
-            'users' => [
-                $this->adminUser(),
-                $this->normalUser(),
-            ],
-        ]);
-
-        if (! isset($this->key)) {
-            $this->key = $this->genKey();
-        }
-
-        return $request->withAddedHeader('Authorization', "Token {$this->key->key}; userId=$userId");
-    }
-}
diff --git a/tests/integration/BuildsHttpRequests.php b/tests/integration/BuildsHttpRequests.php
index d0a21b61c..09704de8b 100644
--- a/tests/integration/BuildsHttpRequests.php
+++ b/tests/integration/BuildsHttpRequests.php
@@ -10,6 +10,7 @@
 namespace Flarum\Tests\integration;
 
 use Dflydev\FigCookies\SetCookie;
+use Flarum\Http\AccessToken;
 use Laminas\Diactoros\CallbackStream;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -30,6 +31,14 @@ trait BuildsHttpRequests
             );
     }
 
+    protected function requestAsUser(Request $req, int $userId): Request
+    {
+        $token = AccessToken::generate($userId);
+        $token->save();
+
+        return $req->withAddedHeader('Authorization', "Token {$token->token}");
+    }
+
     protected function requestWithCookiesFrom(Request $req, Response $previous): Request
     {
         $cookies = array_reduce(
diff --git a/tests/integration/TestCase.php b/tests/integration/TestCase.php
index 65af8cdca..6e99a778e 100644
--- a/tests/integration/TestCase.php
+++ b/tests/integration/TestCase.php
@@ -143,6 +143,9 @@ abstract class TestCase extends \PHPUnit\Framework\TestCase
      *   - "json" should point to a JSON-serializable object that will be
      *     serialized and used as request body. The corresponding Content-Type
      *     header will be set automatically.
+     *   - "authenticatedAs" should identify an *existing* user by ID. This will
+     *     cause an access token to be created for this user, which will be used
+     *     to authenticate the request via the "Authorization" header.
      *   - "cookiesFrom" should hold a response object from a previous HTTP
      *     interaction. All cookies returned from the server in that response
      *     (via the "Set-Cookie" header) will be copied to the cookie params of
@@ -160,6 +163,13 @@ abstract class TestCase extends \PHPUnit\Framework\TestCase
             );
         }
 
+        // Authenticate as a given user
+        if (isset($options['authenticatedAs'])) {
+            $request = $this->requestAsUser(
+                $request, $options['authenticatedAs']
+            );
+        }
+
         // Let's copy the cookies from a previous response
         if (isset($options['cookiesFrom'])) {
             $request = $this->requestWithCookiesFrom(