magdev
eafe12b588
All checks were successful
CI / Quality (push) Successful in 4s
Bundle code for php-qml/bridge: BridgeBundle (AbstractBundle, autoloads config/services.yaml), Publisher (thin wrapper over Mercure HubInterface that enforces envelope-as-JSON), SessionAuthenticator (bearer-token custom Symfony authenticator with problem+json failures), and HealthController (GET /healthz readiness probe). Composer constraints bumped to Symfony ^8.0 across the board (per user request); mercure component to ^0.7. PHPUnit 11 suite covers Publisher publish + private flag and SessionAuthenticator support/auth/failure paths — 8 tests, 22 assertions, all green. PLAN.md §13 updated to record the Symfony 8 minimum. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
87 lines
3.2 KiB
PHP
87 lines
3.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace PhpQml\Bridge\Tests;
|
|
|
|
use PhpQml\Bridge\SessionAuthenticator;
|
|
use PHPUnit\Framework\Attributes\CoversClass;
|
|
use PHPUnit\Framework\TestCase;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
|
|
|
|
#[CoversClass(SessionAuthenticator::class)]
|
|
final class SessionAuthenticatorTest extends TestCase
|
|
{
|
|
public function testSupportsOnlyWhenAuthorizationHeaderPresent(): void
|
|
{
|
|
$auth = new SessionAuthenticator('s3cret');
|
|
|
|
self::assertFalse($auth->supports(new Request()));
|
|
|
|
$request = new Request();
|
|
$request->headers->set('Authorization', 'Bearer s3cret');
|
|
self::assertTrue($auth->supports($request));
|
|
}
|
|
|
|
public function testAuthenticateAcceptsMatchingBearerToken(): void
|
|
{
|
|
$auth = new SessionAuthenticator('s3cret');
|
|
$request = new Request();
|
|
$request->headers->set('Authorization', 'Bearer s3cret');
|
|
|
|
$passport = $auth->authenticate($request);
|
|
|
|
self::assertInstanceOf(SelfValidatingPassport::class, $passport);
|
|
self::assertSame('bridge', $passport->getBadge(\Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge::class)->getUserIdentifier());
|
|
}
|
|
|
|
public function testAuthenticateRejectsMissingBearerScheme(): void
|
|
{
|
|
$auth = new SessionAuthenticator('s3cret');
|
|
$request = new Request();
|
|
$request->headers->set('Authorization', 'Basic deadbeef');
|
|
|
|
$this->expectException(AuthenticationException::class);
|
|
$this->expectExceptionMessage('Bearer token missing.');
|
|
$auth->authenticate($request);
|
|
}
|
|
|
|
public function testAuthenticateRejectsWrongToken(): void
|
|
{
|
|
$auth = new SessionAuthenticator('s3cret');
|
|
$request = new Request();
|
|
$request->headers->set('Authorization', 'Bearer wrong');
|
|
|
|
$this->expectException(AuthenticationException::class);
|
|
$this->expectExceptionMessage('Bearer token invalid.');
|
|
$auth->authenticate($request);
|
|
}
|
|
|
|
public function testAuthenticateRejectsEmptyExpectedToken(): void
|
|
{
|
|
// Avoids passing a misconfigured (empty) deployment.
|
|
$auth = new SessionAuthenticator('');
|
|
$request = new Request();
|
|
$request->headers->set('Authorization', 'Bearer ');
|
|
|
|
$this->expectException(AuthenticationException::class);
|
|
$auth->authenticate($request);
|
|
}
|
|
|
|
public function testAuthenticationFailureProducesProblemJson(): void
|
|
{
|
|
$auth = new SessionAuthenticator('s3cret');
|
|
$response = $auth->onAuthenticationFailure(new Request(), new AuthenticationException('Bearer token invalid.'));
|
|
|
|
self::assertNotNull($response);
|
|
self::assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
|
|
self::assertSame('application/problem+json', $response->headers->get('Content-Type'));
|
|
$body = json_decode((string) $response->getContent(), true);
|
|
self::assertSame(401, $body['status']);
|
|
self::assertSame('Unauthorized', $body['title']);
|
|
}
|
|
}
|