mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 10:08:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
flexisip-account-manager/flexiapi/tests/Feature/ApiAccountApiKeyTest.php
Timothée Jaussoin 86f4a67c1e Fix #77 Add proper SIP username validation
2023-03-21 13:03:02 +00:00

124 lines
4.3 KiB
PHP
Raw Blame History

<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2020 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Tests\Feature;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
use App\Password;
class ApiAccountApiKeyTest extends TestCase
{
use RefreshDatabase;
protected $route = '/api/accounts/me/api_key';
protected $method = 'GET';
public function testRefresh()
{
$password = Password::factory()->create();
$response0 = $this->generateFirstResponse($password);
$response1 = $this->generateSecondResponse($password, $response0)
->get($this->route);
// Get the API Key using the DIGEST method
$password->account->refresh();
$response1->assertStatus(200)
->assertSee($password->account->apiKey->key)
->assertPlainCookie('x-api-key', $password->account->apiKey->key);
// Get it again using the key authenticated method
$response2 = $this->keyAuthenticated($password->account)
->get($this->route);
$password->account->refresh();
$response2->assertStatus(200)
->assertSee($password->account->apiKey->key)
->assertPlainCookie('x-api-key', $password->account->apiKey->key);
}
public function testAuthToken()
{
// Generate a public auth_token
$response = $this->json('POST', '/api/accounts/auth_token')
->assertStatus(201)
->assertJson([
'token' => true
])->content();
$authToken = json_decode($response)->token;
// Try to retrieve an API key from the un-attached auth_token
$response = $this->json($this->method, $this->route . '/' . $authToken)
->assertStatus(404);
// Attach the auth_token to the account
$password = Password::factory()->create();
$password->account->generateApiKey();
$this->keyAuthenticated($password->account)
->json($this->method, '/api/accounts/auth_token/' . $authToken . '/attach')
->assertStatus(200);
// Re-attach
$this->keyAuthenticated($password->account)
->json($this->method, '/api/accounts/auth_token/' . $authToken . '/attach')
->assertStatus(404);
// Attach using a wrong auth_token
$this->keyAuthenticated($password->account)
->json($this->method, '/api/accounts/auth_token/wrong_token/attach')
->assertStatus(404);
// Retrieve an API key from the attached auth_token
$response = $this->json($this->method, $this->route . '/' . $authToken)
->assertStatus(200)
->assertJson([
'api_key' => true
])->content();
$apiKey = json_decode($response)->api_key;
// Re-retrieve
$this->json($this->method, $this->route . '/' . $authToken)
->assertStatus(404);
// Check the if the API key can be used for the account
$response = $this->withHeaders(['x-api-key' => $apiKey])
->json($this->method, '/api/accounts/me')
->assertStatus(200)
->content();
// Try with a wrong From
$response = $this->withHeaders([
'x-api-key' => $apiKey,
'From' => 'sip:baduser@server.tld'
])
->json($this->method, '/api/accounts/me')
->assertStatus(200)
->content();
// Check if the account was correctly attached
$this->assertEquals(json_decode($response)->email, $password->account->email);
}
}
Reference in a new issue View git blame Copy permalink