AuthenticationTest::testProtectedRouteWithInvalidJWTToken() - Code Metrics - Inspection of "Merge pull request #53 from Matth--/fix/parse-toke..." - thecatontheflat/atlassian-connect-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( bfb540...645113 )

by Bukashk0zzz

created 2021-07-29 13:16 UTC

testProtectedRouteWithInvalidJWTToken() A

↳ Parent: AuthenticationTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	7
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	4
nc	1
nop	0
dl	0
loc	7
rs	10
c	0
b	0
f	0

<?php declare(strict_types = 1);

namespace AtlassianConnectBundle\Tests\Functional;

use AtlassianConnectBundle\Service\QSHGenerator;
use Firebase\JWT\JWT;

/**
 * Class AuthenticationTest
 */
final class AuthenticationTest extends AbstractWebTestCase
{
    /**
     * test a protected route without any authentication headers
     * also test the entry point response
     */
    public function testProtectedRouteWithoutAuthentication(): void
    {
        $client = self::createClient(['environment' => 'prod']);

        $client->request('GET', '/protected/route');

        $this->assertResponseStatusCodeSame(401);
        $this->assertSame('Authentication header required', $client->getResponse()->getContent());
    }

    /**
     * test authentication with bearer endpoint
     */
    public function testProtectedRouteWithBearerToken(): void
    {
        $client = self::createClient(['environment' => 'prod'], ['HTTP_AUTHORIZATION' => 'Bearer '.$this->getTenantJWTCode()]);

        $client->request('GET', '/protected/route');
        $this->assertResponseIsSuccessful();
    }

    /**
     * test authentication with jwt endpoint
     */
    public function testProtectedRouteWithQueryToken(): void
    {
        $client = self::createClient(['environment' => 'prod']);

        $client->request('GET', '/protected/route?jwt='.$this->getTenantJWTCode());
        $this->assertResponseIsSuccessful();
    }

    /**
     * test authentication in dev mode
     */
    public function testProtectedRouteInDevEnvironment(): void
    {
        $client = self::createClient(['environment' => 'dev']);

        $client->request('GET', '/protected/route');
        $this->assertResponseIsSuccessful();
    }

    /**
     * test authentication with invalid jwt token
     */
    public function testProtectedRouteWithInvalidJWTToken(): void
    {
        $client = self::createClient(['environment' => 'prod']);

        $client->request('GET', '/protected/route?jwt=invalid');
        $this->assertResponseStatusCodeSame(403);
        $this->assertEquals('Authentication Failed: Failed to parse token', $client->getResponse()->getContent());
    }

    /**
     * @return string
     */
    public function getTenantJWTCode(): string
    {
        return JWT::encode([
            'iss' => 'client_key',
            'iat' => \time(),
            'exp' => \strtotime('+1 day'),
            'qsh' => QSHGenerator::generate('/protected_route', 'GET'),
            'sub' => 'admin',
        ], 'shared_secret');
    }
}


1			<?php declare(strict_types = 1);
2
3			namespace AtlassianConnectBundle\Tests\Functional;
4
5			use AtlassianConnectBundle\Service\QSHGenerator;
6			use Firebase\JWT\JWT;
7
8			/**
9			* Class AuthenticationTest
10			*/
11			final class AuthenticationTest extends AbstractWebTestCase
12			{
13			/**
14			* test a protected route without any authentication headers
15			* also test the entry point response
16			*/
17			public function testProtectedRouteWithoutAuthentication(): void
18			{
19			$client = self::createClient(['environment' => 'prod']);
20
21			$client->request('GET', '/protected/route');
22
23			$this->assertResponseStatusCodeSame(401);
24			$this->assertSame('Authentication header required', $client->getResponse()->getContent());
25			}
26
27			/**
28			* test authentication with bearer endpoint
29			*/
30			public function testProtectedRouteWithBearerToken(): void
31			{
32			$client = self::createClient(['environment' => 'prod'], ['HTTP_AUTHORIZATION' => 'Bearer '.$this->getTenantJWTCode()]);
33
34			$client->request('GET', '/protected/route');
35			$this->assertResponseIsSuccessful();
36			}
37
38			/**
39			* test authentication with jwt endpoint
40			*/
41			public function testProtectedRouteWithQueryToken(): void
42			{
43			$client = self::createClient(['environment' => 'prod']);
44
45			$client->request('GET', '/protected/route?jwt='.$this->getTenantJWTCode());
46			$this->assertResponseIsSuccessful();
47			}
48
49			/**
50			* test authentication in dev mode
51			*/
52			public function testProtectedRouteInDevEnvironment(): void
53			{
54			$client = self::createClient(['environment' => 'dev']);
55
56			$client->request('GET', '/protected/route');
57			$this->assertResponseIsSuccessful();
58			}
59
60			/**
61			* test authentication with invalid jwt token
62			*/
63			public function testProtectedRouteWithInvalidJWTToken(): void
64			{
65			$client = self::createClient(['environment' => 'prod']);
66
67			$client->request('GET', '/protected/route?jwt=invalid');
68			$this->assertResponseStatusCodeSame(403);
69			$this->assertEquals('Authentication Failed: Failed to parse token', $client->getResponse()->getContent());
70			}
71
72			/**
73			* @return string
74			*/
75			public function getTenantJWTCode(): string
76			{
77			return JWT::encode([
78			'iss' => 'client_key',
79			'iat' => \time(),
80			'exp' => \strtotime('+1 day'),
81			'qsh' => QSHGenerator::generate('/protected_route', 'GET'),
82			'sub' => 'admin',
83			], 'shared_secret');
84			}
85			}
86

thecatontheflat / atlassian-connect-bundle

Push — master ( bfb540...645113 )

testProtectedRouteWithInvalidJWTToken() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like