tag/v0.5.1/tests/Unit/AuthenticationTest.php

<?php

declare(strict_types=1);

namespace Magdev\WpPrometheus\Tests\Unit;

use Magdev\WpPrometheus\Tests\Helpers\GlobalFunctionState;
use PHPUnit\Framework\Attributes\CoversFunction;
use PHPUnit\Framework\Attributes\Test;

#[CoversFunction('wp_prometheus_authenticate_request')]
#[CoversFunction('wp_prometheus_get_authorization_header')]
class AuthenticationTest extends TestCase
{
    private array $originalServer = [];
    private array $originalGet = [];

    protected function setUp(): void
    {
        parent::setUp();
        $this->originalServer = $_SERVER;
        $this->originalGet = $_GET;
    }

    protected function tearDown(): void
    {
        $_SERVER = $this->originalServer;
        $_GET = $this->originalGet;
        parent::tearDown();
    }

    // ── wp_prometheus_authenticate_request() ─────────────────────────

    #[Test]
    public function returns_false_when_no_token_configured(): void
    {
        // No auth token in options → deny all.
        $this->assertFalse(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function returns_false_when_token_is_empty_string(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = '';
        $this->assertFalse(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function bearer_token_authenticates_successfully(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';
        $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer secret-token-123';

        $this->assertTrue(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function bearer_token_fails_with_wrong_token(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';
        $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer wrong-token';

        $this->assertFalse(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function bearer_prefix_is_case_insensitive(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';
        $_SERVER['HTTP_AUTHORIZATION'] = 'BEARER secret-token-123';

        $this->assertTrue(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function query_parameter_authenticates_successfully(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';
        $_GET['token'] = 'secret-token-123';

        $this->assertTrue(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function query_parameter_fails_with_wrong_token(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';
        $_GET['token'] = 'wrong-token';

        $this->assertFalse(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function returns_false_when_no_auth_provided(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';
        unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
        unset($_GET['token']);

        $this->assertFalse(wp_prometheus_authenticate_request());
    }

    #[Test]
    public function bearer_takes_precedence_over_query_parameter(): void
    {
        GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'correct-token';
        $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer correct-token';
        $_GET['token'] = 'wrong-token';

        $this->assertTrue(wp_prometheus_authenticate_request());
    }

    // ── wp_prometheus_get_authorization_header() ─────────────────────

    #[Test]
    public function get_authorization_header_from_http_authorization(): void
    {
        $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer my-token';

        $this->assertSame('Bearer my-token', wp_prometheus_get_authorization_header());
    }

    #[Test]
    public function get_authorization_header_from_redirect(): void
    {
        unset($_SERVER['HTTP_AUTHORIZATION']);
        $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer redirect-token';

        $this->assertSame('Bearer redirect-token', wp_prometheus_get_authorization_header());
    }

    #[Test]
    public function get_authorization_header_returns_empty_when_absent(): void
    {
        unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);

        $this->assertSame('', wp_prometheus_get_authorization_header());
    }

    #[Test]
    public function http_authorization_takes_precedence_over_redirect(): void
    {
        $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer primary';
        $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer redirect';

        $this->assertSame('Bearer primary', wp_prometheus_get_authorization_header());
    }
}
feat: Add comprehensive PHPUnit test suite and CI/CD test gating (v0.5.0) 189 tests across 8 test classes covering all core plugin classes: CustomMetricBuilder, StorageFactory, Authentication, DashboardProvider, RuntimeCollector, Installer, Collector, and MetricsEndpoint. Added test job to Gitea release workflow that gates build-release. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-26 08:41:51 +01:00			`<?php`

			`declare(strict_types=1);`

			`namespace Magdev\WpPrometheus\Tests\Unit;`

			`use Magdev\WpPrometheus\Tests\Helpers\GlobalFunctionState;`
			`use PHPUnit\Framework\Attributes\CoversFunction;`
			`use PHPUnit\Framework\Attributes\Test;`

			`#[CoversFunction('wp_prometheus_authenticate_request')]`
			`#[CoversFunction('wp_prometheus_get_authorization_header')]`
			`class AuthenticationTest extends TestCase`
			`{`
			`private array $originalServer = [];`
			`private array $originalGet = [];`

			`protected function setUp(): void`
			`{`
			`parent::setUp();`
			`$this->originalServer = $_SERVER;`
			`$this->originalGet = $_GET;`
			`}`

			`protected function tearDown(): void`
			`{`
			`$_SERVER = $this->originalServer;`
			`$_GET = $this->originalGet;`
			`parent::tearDown();`
			`}`

			`// ── wp_prometheus_authenticate_request() ─────────────────────────`

			`#[Test]`
			`public function returns_false_when_no_token_configured(): void`
			`{`
			`// No auth token in options → deny all.`
			`$this->assertFalse(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function returns_false_when_token_is_empty_string(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = '';`
			`$this->assertFalse(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function bearer_token_authenticates_successfully(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';`
			`$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer secret-token-123';`

			`$this->assertTrue(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function bearer_token_fails_with_wrong_token(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';`
			`$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer wrong-token';`

			`$this->assertFalse(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function bearer_prefix_is_case_insensitive(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';`
			`$_SERVER['HTTP_AUTHORIZATION'] = 'BEARER secret-token-123';`

			`$this->assertTrue(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function query_parameter_authenticates_successfully(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';`
			`$_GET['token'] = 'secret-token-123';`

			`$this->assertTrue(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function query_parameter_fails_with_wrong_token(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';`
			`$_GET['token'] = 'wrong-token';`

			`$this->assertFalse(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function returns_false_when_no_auth_provided(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123';`
			`unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);`
			`unset($_GET['token']);`

			`$this->assertFalse(wp_prometheus_authenticate_request());`
			`}`

			`#[Test]`
			`public function bearer_takes_precedence_over_query_parameter(): void`
			`{`
			`GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'correct-token';`
			`$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer correct-token';`
			`$_GET['token'] = 'wrong-token';`

			`$this->assertTrue(wp_prometheus_authenticate_request());`
			`}`

			`// ── wp_prometheus_get_authorization_header() ─────────────────────`

			`#[Test]`
			`public function get_authorization_header_from_http_authorization(): void`
			`{`
			`$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer my-token';`

			`$this->assertSame('Bearer my-token', wp_prometheus_get_authorization_header());`
			`}`

			`#[Test]`
			`public function get_authorization_header_from_redirect(): void`
			`{`
			`unset($_SERVER['HTTP_AUTHORIZATION']);`
			`$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer redirect-token';`

			`$this->assertSame('Bearer redirect-token', wp_prometheus_get_authorization_header());`
			`}`

			`#[Test]`
			`public function get_authorization_header_returns_empty_when_absent(): void`
			`{`
			`unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);`

			`$this->assertSame('', wp_prometheus_get_authorization_header());`
			`}`

			`#[Test]`
			`public function http_authorization_takes_precedence_over_redirect(): void`
			`{`
			`$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer primary';`
			`$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer redirect';`

			`$this->assertSame('Bearer primary', wp_prometheus_get_authorization_header());`
			`}`
			`}`