Added unit tests for middleware

2016-05-15 20:56:01 -04:00 · 2016-05-15 20:56:01 -04:00 · 4eaab1f6da
parent 8a6f02735b
commit 4eaab1f6da
7 changed files with 293 additions and 6 deletions
--- a/app/Core/Controller/BaseMiddleware.php
+++ b/app/Core/Controller/BaseMiddleware.php
@ -25,7 +25,7 @@ abstract class BaseMiddleware extends Base
    /**
     * Set next middleware
     *
-     * @param  BaseMiddleware|null $nextMiddleware
+     * @param  BaseMiddleware $nextMiddleware
     * @return BaseMiddleware
     */
    public function setNextMiddleware(BaseMiddleware $nextMiddleware)
--- a/app/Core/Helper.php
+++ b/app/Core/Helper.php
@ -94,7 +94,7 @@ class Helper
    {
        $container = $this->container;

-        $this->helpers[$property] = function() use($className, $container) {
+        $this->helpers[$property] = function() use ($className, $container) {
            return new $className($container);
        };

--- a/app/Middleware/AuthenticationMiddleware.php
+++ b/app/Middleware/AuthenticationMiddleware.php
@ -33,7 +33,7 @@ class AuthenticationMiddleware extends BaseMiddleware
    protected function handleAuthentication()
    {
        if (! $this->userSession->isLogged() && ! $this->authenticationManager->preAuthentication()) {
-            $this->setNextMiddleware(null);
+            $this->nextMiddleware = null;

            if ($this->request->isAjax()) {
                $this->response->text('Not Authorized', 401);
@ -44,10 +44,10 @@ class AuthenticationMiddleware extends BaseMiddleware
        }
    }

-    private function isPublicAccess()
+    protected function isPublicAccess()
    {
        if ($this->applicationAuthorization->isAllowed($this->router->getController(), $this->router->getAction(), Role::APP_PUBLIC)) {
-            $this->setNextMiddleware(null);
+            $this->nextMiddleware = null;
            return true;
        }

--- a/app/Middleware/PostAuthenticationMiddleware.php
+++ b/app/Middleware/PostAuthenticationMiddleware.php
@ -22,7 +22,7 @@ class PostAuthenticationMiddleware extends BaseMiddleware
        $ignore = ($controller === 'twofactor' && in_array($action, array('code', 'check'))) || ($controller === 'auth' && $action === 'logout');

        if ($ignore === false && $this->userSession->hasPostAuthentication() && ! $this->userSession->isPostAuthenticationValidated()) {
-            $this->setNextMiddleware(null);
+            $this->nextMiddleware = null;

            if ($this->request->isAjax()) {
                $this->response->text('Not Authorized', 401);
--- a/tests/units/Middleware/ApplicationAuthorizationMiddlewareTest.php
+++ b/tests/units/Middleware/ApplicationAuthorizationMiddlewareTest.php
@ -0,0 +1,65 @@
+<?php
+
+use Kanboard\Middleware\ApplicationAuthorizationMiddleware;
+
+require_once __DIR__.'/../Base.php';
+
+class ApplicationAuthorizationMiddlewareMiddlewareTest extends Base
+{
+    /**
+     * @var ApplicationAuthorizationMiddleware
+     */
+    private $middleware;
+    private $nextMiddleware;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->container['helper'] = new stdClass();
+
+        $this->container['helper']->user = $this
+            ->getMockBuilder('Kanboard\Helper\UserHelper')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('hasAccess'))
+            ->getMock();
+
+        $this->nextMiddleware = $this
+            ->getMockBuilder('Kanboard\Middleware\ApplicationAuthorizationMiddleware')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('execute'))
+            ->getMock();
+
+        $this->middleware = new ApplicationAuthorizationMiddleware($this->container);
+        $this->middleware->setNextMiddleware($this->nextMiddleware);
+    }
+
+    public function testWithAccessDenied()
+    {
+        $this->container['helper']->user
+            ->expects($this->once())
+            ->method('hasAccess')
+            ->will($this->returnValue(false));
+
+        $this->nextMiddleware
+            ->expects($this->never())
+            ->method('execute');
+
+        $this->setExpectedException('Kanboard\Core\Controller\AccessForbiddenException');
+        $this->middleware->execute();
+    }
+
+    public function testWithAccessGranted()
+    {
+        $this->container['helper']->user
+            ->expects($this->once())
+            ->method('hasAccess')
+            ->will($this->returnValue(true));
+
+        $this->nextMiddleware
+            ->expects($this->once())
+            ->method('execute');
+
+        $this->middleware->execute();
+    }
+}
--- a/tests/units/Middleware/AuthenticationMiddlewareTest.php
+++ b/tests/units/Middleware/AuthenticationMiddlewareTest.php
@ -0,0 +1,141 @@
+<?php
+
+use Kanboard\Middleware\AuthenticationMiddleware;
+
+require_once __DIR__.'/../Base.php';
+
+class AuthenticationMiddlewareTest extends Base
+{
+    /**
+     * @var AuthenticationMiddleware
+     */
+    private $middleware;
+    private $nextMiddleware;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->container['authenticationManager'] = $this
+            ->getMockBuilder('Kanboard\Core\Security\AuthenticationManager')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('checkCurrentSession'))
+            ->getMock();
+
+        $this->container['applicationAuthorization'] = $this
+            ->getMockBuilder('Kanboard\Core\Security\AccessMap')
+            ->setMethods(array('isAllowed'))
+            ->getMock();
+
+        $this->container['response'] = $this
+            ->getMockBuilder('Kanboard\Core\Http\Response')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('redirect'))
+            ->getMock();
+
+        $this->container['userSession'] = $this
+            ->getMockBuilder('Kanboard\Core\User\UserSession')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('isLogged'))
+            ->getMock();
+
+        $this->nextMiddleware = $this
+            ->getMockBuilder('Kanboard\Middleware\AuthenticationMiddleware')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('execute'))
+            ->getMock();
+
+        $this->middleware = new AuthenticationMiddleware($this->container);
+        $this->middleware->setNextMiddleware($this->nextMiddleware);
+    }
+
+    public function testWithBadSession()
+    {
+        $this->container['authenticationManager']
+            ->expects($this->once())
+            ->method('checkCurrentSession')
+            ->will($this->returnValue(false));
+
+        $this->nextMiddleware
+            ->expects($this->never())
+            ->method('execute');
+
+        $this->setExpectedException('Kanboard\Core\Controller\AccessForbiddenException');
+        $this->middleware->execute();
+    }
+
+    public function testWithPublicAction()
+    {
+        $this->container['authenticationManager']
+            ->expects($this->once())
+            ->method('checkCurrentSession')
+            ->will($this->returnValue(true));
+
+        $this->container['applicationAuthorization']
+            ->expects($this->once())
+            ->method('isAllowed')
+            ->will($this->returnValue(true));
+
+        $this->nextMiddleware
+            ->expects($this->never())
+            ->method('execute');
+
+        $this->middleware->execute();
+    }
+
+    public function testWithNotAuthenticatedUser()
+    {
+        $this->container['authenticationManager']
+            ->expects($this->once())
+            ->method('checkCurrentSession')
+            ->will($this->returnValue(true));
+
+        $this->container['applicationAuthorization']
+            ->expects($this->once())
+            ->method('isAllowed')
+            ->will($this->returnValue(false));
+
+        $this->container['userSession']
+            ->expects($this->once())
+            ->method('isLogged')
+            ->will($this->returnValue(false));
+
+        $this->container['response']
+            ->expects($this->once())
+            ->method('redirect');
+
+        $this->nextMiddleware
+            ->expects($this->never())
+            ->method('execute');
+
+        $this->middleware->execute();
+    }
+
+    public function testWithAuthenticatedUser()
+    {
+        $this->container['authenticationManager']
+            ->expects($this->once())
+            ->method('checkCurrentSession')
+            ->will($this->returnValue(true));
+
+        $this->container['applicationAuthorization']
+            ->expects($this->once())
+            ->method('isAllowed')
+            ->will($this->returnValue(false));
+
+        $this->container['userSession']
+            ->expects($this->once())
+            ->method('isLogged')
+            ->will($this->returnValue(true));
+
+        $this->container['response']
+            ->expects($this->never())
+            ->method('redirect');
+
+        $this->nextMiddleware
+            ->expects($this->once())
+            ->method('execute');
+
+        $this->middleware->execute();
+    }
+}
--- a/tests/units/Middleware/ProjectAuthorizationMiddlewareTest.php
+++ b/tests/units/Middleware/ProjectAuthorizationMiddlewareTest.php
@ -0,0 +1,81 @@
+<?php
+
+use Kanboard\Middleware\ProjectAuthorizationMiddleware;
+
+require_once __DIR__.'/../Base.php';
+
+class ProjectAuthorizationMiddlewareMiddlewareTest extends Base
+{
+    /**
+     * @var ProjectAuthorizationMiddleware
+     */
+    private $middleware;
+    private $nextMiddleware;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->container['helper'] = new stdClass();
+
+        $this->container['helper']->user = $this
+            ->getMockBuilder('Kanboard\Helper\UserHelper')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('hasProjectAccess'))
+            ->getMock();
+
+        $this->container['request'] = $this
+            ->getMockBuilder('Kanboard\Core\Http\Request')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('getIntegerParam'))
+            ->getMock();
+
+        $this->nextMiddleware = $this
+            ->getMockBuilder('Kanboard\Middleware\ProjectAuthorizationMiddleware')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('execute'))
+            ->getMock();
+
+        $this->middleware = new ProjectAuthorizationMiddleware($this->container);
+        $this->middleware->setNextMiddleware($this->nextMiddleware);
+    }
+
+    public function testWithAccessDenied()
+    {
+        $this->container['request']
+            ->expects($this->any())
+            ->method('getIntegerParam')
+            ->will($this->returnValue(123));
+
+        $this->container['helper']->user
+            ->expects($this->once())
+            ->method('hasProjectAccess')
+            ->will($this->returnValue(false));
+
+        $this->nextMiddleware
+            ->expects($this->never())
+            ->method('execute');
+
+        $this->setExpectedException('Kanboard\Core\Controller\AccessForbiddenException');
+        $this->middleware->execute();
+    }
+
+    public function testWithAccessGranted()
+    {
+        $this->container['request']
+            ->expects($this->any())
+            ->method('getIntegerParam')
+            ->will($this->returnValue(123));
+
+        $this->container['helper']->user
+            ->expects($this->once())
+            ->method('hasProjectAccess')
+            ->will($this->returnValue(true));
+
+        $this->nextMiddleware
+            ->expects($this->once())
+            ->method('execute');
+
+        $this->middleware->execute();
+    }
+}