498 lines
12 KiB
PHP
498 lines
12 KiB
PHP
<?php
|
|
|
|
use Kahlan\Plugin\Stub;
|
|
use Kahlan\Plugin\Monkey;
|
|
|
|
use api\core\Request;
|
|
use api\core\AuthSystem;
|
|
use api\core\AuthSystemDefault;
|
|
use error\core\Error;
|
|
use error\core\Err;
|
|
|
|
describe('api', function(){
|
|
describe('core', function(){
|
|
describe('Request', function(){
|
|
|
|
|
|
beforeEach(function(){
|
|
$_SERVER = [
|
|
'REQUEST_METHOD' => 'POST'
|
|
];
|
|
});
|
|
|
|
describe('[check] config file', function(){
|
|
|
|
it('pass when config file exists', function(){
|
|
|
|
expect( file_exists(Request::config_path()) )->toBeTruthy();
|
|
|
|
});
|
|
|
|
it('pass when we can read the config file', function(){
|
|
|
|
expect( @file_get_contents(Request::config_path()) )->not->toBe(false);
|
|
|
|
});
|
|
|
|
it('pass when the config file is valid json', function(){
|
|
|
|
$read = @file_get_contents(Request::config_path());
|
|
expect($read)->not->toBe(false);
|
|
expect( json_decode($read, true) )->not->toBeNull();
|
|
expect( json_decode($read, true) )->toBeA('array');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
describe('setAuthSystem(@instance)', function(){
|
|
|
|
it('pass when instance of AuthSystem', function(){
|
|
|
|
$instance = new AuthSystemDefault();
|
|
|
|
expect($instance)->toBeAnInstanceOf('api\core\AuthSystem');
|
|
expect(Request::setAuthSystem($instance))->toBeTruthy();
|
|
|
|
});
|
|
|
|
it('fail when not instance of AuthSystem', function(){
|
|
|
|
$instance = new Error(Err::Success);
|
|
|
|
expect($instance)->not->toBeAnInstanceOf('api\core\AuthSystem');
|
|
expect(Request::setAuthSystem($instance))->toBeFalsy();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
describe('__construct(@path, @params)', function(){
|
|
|
|
context('with argument combinations', function(){
|
|
|
|
it('fail if @path is missing', function(){
|
|
|
|
$req = new Request();
|
|
|
|
expect($req->error->get())->toBe(Err::MissingPath);
|
|
|
|
});
|
|
|
|
it('fail if @path is not a string', function(){
|
|
|
|
expect('is_string')->toBeCalled();
|
|
$req = new Request(1);
|
|
|
|
expect($req->error->get())->toBe(Err::WrongPathModule);
|
|
|
|
});
|
|
|
|
it('pass if @params is an array', function(){
|
|
|
|
unset($_SERVER);
|
|
expect('is_array')->toBeCalled();
|
|
|
|
$req = new Request('someString', ['a', 'b']);
|
|
|
|
expect($req->error->get())->toBe(Err::UnknownHttpMethod);
|
|
|
|
});
|
|
|
|
it('pass if @params is not an array (default: [])', function(){
|
|
|
|
unset($_SERVER);
|
|
|
|
expect('is_array')->toBeCalled();
|
|
|
|
$types = [true, false, null, 1, 2.3, -1.2, 0, 'blabla'];
|
|
|
|
foreach($types as $type){
|
|
|
|
$req = new Request('someString', true);
|
|
expect($req->error->get())->toBe(Err::UnknownHttpMethod);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
context('with config errors', function(){
|
|
|
|
it('fail if the config file exists', function(){
|
|
|
|
// Request::config_path -> 'aa'
|
|
allow(Request::class)->toReceive('::config_path')->andReturn('invalid_fname');
|
|
expect(Request::config_path())->toBe('invalid_fname');
|
|
|
|
// file_exists -> false
|
|
allow('file_exists')->toBeCalled()->andReturn(false);
|
|
expect('file_exists')->toBeCalled();
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::UnreachableResource);
|
|
|
|
});
|
|
|
|
it('fail if the config file cannot be read', function(){
|
|
|
|
// file_get_contents -> false
|
|
allow('file_get_contents')->toBeCalled()->andReturn(false);
|
|
expect('file_get_contents')->toBeCalled();
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::UnreachableResource);
|
|
|
|
});
|
|
|
|
it('fail if the json format is not valid', function(){
|
|
|
|
// file_exists -> true
|
|
allow('file_exists')->toBeCalled()->andReturn(true);
|
|
expect('file_exists')->toBeCalled();
|
|
|
|
// file_get_contents -> false
|
|
allow('file_get_contents')->toBeCalled()->andReturn('{incorrect_json');
|
|
expect('file_get_contents')->toBeCalled();
|
|
|
|
// json_decode -> called
|
|
expect('json_decode')->toBeCalled();
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::ParsingFailed);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
context('with checks errors', function(){
|
|
|
|
it('fail with checkPath() fails', function(){
|
|
|
|
allow(Request::class)->toReceive('checkPath')->andRun(function(){
|
|
$this->error->set(Err::UnknownError);
|
|
return false;
|
|
});
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::UnknownError);
|
|
|
|
});
|
|
|
|
it('fail with checkPermission() fails', function(){
|
|
|
|
// bypass checkPath();
|
|
allow(Request::class)->toReceive('checkPath')->andReturn(true);
|
|
|
|
allow(Request::class)->toReceive('checkPermission')->andRun(function(){
|
|
$this->error->set(Err::UnknownError);
|
|
return false;
|
|
});
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::UnknownError);
|
|
|
|
});
|
|
|
|
it('fail with checkParams() fails', function(){
|
|
|
|
// bypass checkPath(); + checkPermission();
|
|
allow(Request::class)->toReceive('checkPath')->andReturn(true);
|
|
allow(Request::class)->toReceive('checkPermission')->andReturn(true);
|
|
|
|
allow(Request::class)->toReceive('checkParams')->andRun(function(){
|
|
$this->error->set(Err::UnknownError);
|
|
return false;
|
|
});
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::UnknownError);
|
|
|
|
});
|
|
|
|
it('pass with all checks ok', function(){
|
|
|
|
// bypass all checks
|
|
allow(Request::class)->toReceive('checkPath')->andReturn(true);
|
|
allow(Request::class)->toReceive('checkPermission')->andReturn(true);
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
|
|
// bypass buildOptions();
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
$req = new Request('a/b');
|
|
|
|
expect($req->error->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
describe('checkPath(@path)', function(){
|
|
|
|
it('fail when wrong path format: \'module/method\'', function(){
|
|
|
|
$values = ['a-b', 'a /b', 'a/b '];
|
|
|
|
foreach($values as $value){
|
|
|
|
$req = new Request($value);
|
|
expect($req->error->get())->toBe(Err::WrongPathModule);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
it('pass when valid path format: letter/number/-/_', function(){
|
|
|
|
$values = ['a_b-c/d-e_f', 'abc/def', '_a_/_b_'];
|
|
|
|
foreach($values as $value){
|
|
|
|
$req = new Request($value);
|
|
expect($req->error->get())->not->toBe(Err::WrongPathModule);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
it('fail when unknown module', function(){
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'mo-du_leA' => [],
|
|
'moduleB' => []
|
|
]);
|
|
|
|
$values = ['modulea/method', 'MODULEA/method', 'moduleC/method'];
|
|
|
|
foreach($values as $value){
|
|
|
|
$req = new Request($value);
|
|
expect($req->error->get())->toBe(Err::UnknownModule);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
it('fail when unknown method', function(){
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'mo-du_leA' => [ 'POST::me-th_odA' => [] ],
|
|
'moduleB' => []
|
|
]);
|
|
|
|
$values = ['mo-du_leA/me-thodA', 'mo-du_leA/meth_odA', 'mo-du_leA/me-th_oda'];
|
|
|
|
foreach($values as $value){
|
|
|
|
$req = new Request($value);
|
|
expect($req->error->get())->toBe(Err::UnknownMethod);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
it('pass all right', function(){
|
|
|
|
// bypass all checks
|
|
allow(Request::class)->toReceive('checkPermission')->andReturn(true);
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
|
|
// bypass buildOptions();
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'mo-du_leA' => [ 'POST::me-th_odA' => [] ],
|
|
'moduleB' => []
|
|
]);
|
|
|
|
$req = new Request('mo-du_leA/me-th_odA');
|
|
expect($req->error->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
describe('checkPermission()', function(){
|
|
|
|
it('pass when no permission', function(){
|
|
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => []
|
|
]
|
|
]);
|
|
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('pass when permission is not an array', function(){
|
|
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => 23.2
|
|
]
|
|
]
|
|
]);
|
|
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail if no AuthSystem and no api/core/AuthSystemDefault.php', function(){
|
|
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('file_exists')->toBeCalled()->andReturn(false);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => []
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::UnreachableResource);
|
|
|
|
});
|
|
|
|
it('pass if no AuthSystem and the api/core/AuthSystemDefault.php', function(){
|
|
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => []
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail if incorrect format', function(){
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => ['a']
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::FormatError);
|
|
});
|
|
|
|
it('fail when not \'warehouse\' granted', function(){
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => [['warehouse']]
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::PermissionError);
|
|
});
|
|
|
|
it('fail when not \'admin\' granted', function(){
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => [['admin']]
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::PermissionError);
|
|
});
|
|
|
|
it('fail when not \'sats\' granted', function(){
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => [['sats']]
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::TokenError);
|
|
});
|
|
|
|
it('fail when not \'unknown permission\' granted', function(){
|
|
// bypass checkers
|
|
allow(Request::class)->toReceive('checkParams')->andReturn(true);
|
|
allow(Request::class)->toReceive('buildOptions')->andReturn(true);
|
|
|
|
allow('json_decode')->toBeCalled()->andReturn([
|
|
'moduleA' => [
|
|
'POST::methodA' => [
|
|
'permissions' => [['unk']]
|
|
]
|
|
]
|
|
]);
|
|
|
|
$req = new Request('moduleA/methodA');
|
|
expect($req->error->get())->toBe(Err::PermissionError);
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
});
|
|
});
|
|
}); |