mirror of
https://github.com/flarum/framework.git
synced 2024-11-30 13:36:10 +08:00
e37d3743ed
Laravel’s remember_token is tied to the session/cookies, which we don’t need as the API is stateless. It makes much more sense to use our own token mechanism.
63 lines
1.7 KiB
PHP
63 lines
1.7 KiB
PHP
<?php
|
|
use \ApiTester;
|
|
|
|
use Laracasts\TestDummy\Factory;
|
|
|
|
class AuthCest
|
|
{
|
|
protected $endpoint = '/api/auth';
|
|
|
|
public function loginWithEmail(ApiTester $I)
|
|
{
|
|
$I->wantTo('login via API with email');
|
|
|
|
$user = $I->haveAnAccount([
|
|
'email' => 'foo@bar.com',
|
|
'password' => 'pass7word'
|
|
]);
|
|
|
|
$I->login('foo@bar.com', 'pass7word');
|
|
$I->seeResponseCodeIs(200);
|
|
$I->seeResponseIsJson();
|
|
|
|
$token = $I->grabDataFromJsonResponse('token');
|
|
$userId = $I->grabDataFromJsonResponse('userId');
|
|
$I->assertNotEmpty($token);
|
|
|
|
$loggedIn = User::where('token', $token)->where('id', $userId)->first();
|
|
$I->assertEquals($user->id, $loggedIn->id);
|
|
}
|
|
|
|
public function loginWithUsername(ApiTester $I)
|
|
{
|
|
$I->wantTo('login via API with username');
|
|
|
|
$user = $I->haveAnAccount([
|
|
'username' => 'tobscure',
|
|
'password' => 'pass7word'
|
|
]);
|
|
|
|
$I->login('tobscure', 'pass7word');
|
|
$I->seeResponseCodeIs(200);
|
|
$I->seeResponseIsJson();
|
|
|
|
$token = $I->grabDataFromJsonResponse('token');
|
|
$userId = $I->grabDataFromJsonResponse('userId');
|
|
$I->assertNotEmpty($token);
|
|
|
|
$loggedIn = User::where('token', $token)->where('id', $userId)->first();
|
|
$I->assertEquals($user->id, $loggedIn->id);
|
|
}
|
|
|
|
public function invalidLogin(ApiTester $I)
|
|
{
|
|
$user = $I->haveAnAccount([
|
|
'email' => 'foo@bar.com',
|
|
'password' => 'pass7word'
|
|
]);
|
|
|
|
$I->login('foo@bar.com', 'incorrect');
|
|
$I->seeResponseCodeIs(401);
|
|
$I->seeResponseIsJson();
|
|
}
|
|
} |