mirror of
https://github.com/flarum/framework.git
synced 2025-01-10 13:03:43 +08:00
08ba2599d7
- Make session token-based instead of user-based - Clear current session access tokens on logout - Introduce increment ID so we can show tokens to moderators in the future without exposing secrets - Switch to type classes to manage the different token types. New implementation fixes #2075 - Drop ability to customize lifetime per-token - Add developer access keys that don't expire. These must be created from the database for now - Add title in preparation for the developer token UI - Add IP and user agent logging - Delete all non-remember tokens in migration
96 lines
2.4 KiB
PHP
96 lines
2.4 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* For detailed copyright and license information, please view the
|
|
* LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\Tests\integration\api\authentication;
|
|
|
|
use Flarum\Http\AccessToken;
|
|
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
|
|
use Flarum\Tests\integration\TestCase;
|
|
|
|
class WithTokenTest extends TestCase
|
|
{
|
|
use RetrievesAuthorizedUsers;
|
|
|
|
/**
|
|
* @inheritDoc
|
|
*/
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->prepareDatabase([
|
|
'users' => [
|
|
$this->normalUser(),
|
|
],
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function user_generates_token()
|
|
{
|
|
$response = $this->send(
|
|
$this->request(
|
|
'POST',
|
|
'/api/token',
|
|
[
|
|
'json' => [
|
|
'identification' => 'normal',
|
|
'password' => 'too-obscure'
|
|
],
|
|
]
|
|
)
|
|
);
|
|
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
|
|
// The response body should contain the user ID...
|
|
$body = (string) $response->getBody();
|
|
$this->assertJson($body);
|
|
|
|
$data = json_decode($body, true);
|
|
$this->assertEquals(2, $data['userId']);
|
|
|
|
// ...and an access token belonging to this user.
|
|
$token = $data['token'];
|
|
$this->assertEquals(2, AccessToken::whereToken($token)->firstOrFail()->user_id);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function failure_with_invalid_credentials()
|
|
{
|
|
$response = $this->send(
|
|
$this->request(
|
|
'POST',
|
|
'/api/token',
|
|
[
|
|
'json' => [
|
|
'identification' => 'normal',
|
|
'password' => 'too-incorrect'
|
|
],
|
|
]
|
|
)
|
|
);
|
|
|
|
// HTTP 401 signals an authentication problem
|
|
$this->assertEquals(401, $response->getStatusCode());
|
|
|
|
// The response body should contain an error code
|
|
$body = (string) $response->getBody();
|
|
$this->assertJson($body);
|
|
|
|
$data = json_decode($body, true);
|
|
$this->assertCount(1, $data['errors']);
|
|
$this->assertEquals('not_authenticated', $data['errors'][0]['code']);
|
|
}
|
|
}
|