* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Flarum\Tests\integration\api\authentication; use Flarum\Http\AccessToken; use Flarum\Tests\integration\RetrievesAuthorizedUsers; use Flarum\Tests\integration\TestCase; class WithTokenTest extends TestCase { use RetrievesAuthorizedUsers; public function setUp() { parent::setUp(); $this->prepareDatabase([ 'users' => [ $this->normalUser(), ], ]); } /** * @test */ public function user_generates_token() { $response = $this->send( $this->request( 'POST', '/api/token', [ 'json' => [ 'identification' => 'normal', 'password' => 'too-obscure' ], ] )->withAttribute('bypassCsrfToken', true) ); $this->assertEquals(200, $response->getStatusCode()); // The response body should contain the user ID... $body = (string) $response->getBody(); $this->assertJson($body); $data = json_decode($body, true); $this->assertEquals(2, $data['userId']); // ...and an access token belonging to this user. $token = $data['token']; $this->assertEquals(2, AccessToken::findOrFail($token)->user_id); } /** * @test */ public function failure_with_invalid_credentials() { $response = $this->send( $this->request( 'POST', '/api/token', [ 'json' => [ 'identification' => 'normal', 'password' => 'too-incorrect' ], ] )->withAttribute('bypassCsrfToken', true) ); // HTTP 401 signals an authentication problem $this->assertEquals(401, $response->getStatusCode()); // The response body should contain an error code $body = (string) $response->getBody(); $this->assertJson($body); $data = json_decode($body, true); $this->assertCount(1, $data['errors']); $this->assertEquals('not_authenticated', $data['errors'][0]['code']); } }