originalServer = $_SERVER; $this->originalGet = $_GET; } protected function tearDown(): void { $_SERVER = $this->originalServer; $_GET = $this->originalGet; parent::tearDown(); } // ── wp_prometheus_authenticate_request() ───────────────────────── #[Test] public function returns_false_when_no_token_configured(): void { // No auth token in options → deny all. $this->assertFalse(wp_prometheus_authenticate_request()); } #[Test] public function returns_false_when_token_is_empty_string(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = ''; $this->assertFalse(wp_prometheus_authenticate_request()); } #[Test] public function bearer_token_authenticates_successfully(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123'; $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer secret-token-123'; $this->assertTrue(wp_prometheus_authenticate_request()); } #[Test] public function bearer_token_fails_with_wrong_token(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123'; $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer wrong-token'; $this->assertFalse(wp_prometheus_authenticate_request()); } #[Test] public function bearer_prefix_is_case_insensitive(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123'; $_SERVER['HTTP_AUTHORIZATION'] = 'BEARER secret-token-123'; $this->assertTrue(wp_prometheus_authenticate_request()); } #[Test] public function query_parameter_authenticates_successfully(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123'; $_GET['token'] = 'secret-token-123'; $this->assertTrue(wp_prometheus_authenticate_request()); } #[Test] public function query_parameter_fails_with_wrong_token(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123'; $_GET['token'] = 'wrong-token'; $this->assertFalse(wp_prometheus_authenticate_request()); } #[Test] public function returns_false_when_no_auth_provided(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'secret-token-123'; unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']); unset($_GET['token']); $this->assertFalse(wp_prometheus_authenticate_request()); } #[Test] public function bearer_takes_precedence_over_query_parameter(): void { GlobalFunctionState::$options['wp_prometheus_auth_token'] = 'correct-token'; $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer correct-token'; $_GET['token'] = 'wrong-token'; $this->assertTrue(wp_prometheus_authenticate_request()); } // ── wp_prometheus_get_authorization_header() ───────────────────── #[Test] public function get_authorization_header_from_http_authorization(): void { $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer my-token'; $this->assertSame('Bearer my-token', wp_prometheus_get_authorization_header()); } #[Test] public function get_authorization_header_from_redirect(): void { unset($_SERVER['HTTP_AUTHORIZATION']); $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer redirect-token'; $this->assertSame('Bearer redirect-token', wp_prometheus_get_authorization_header()); } #[Test] public function get_authorization_header_returns_empty_when_absent(): void { unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']); $this->assertSame('', wp_prometheus_get_authorization_header()); } #[Test] public function http_authorization_takes_precedence_over_redirect(): void { $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer primary'; $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer redirect'; $this->assertSame('Bearer primary', wp_prometheus_get_authorization_header()); } }