Completed
Pull Request — master (#54)
by Ross
07:07
created

SecurityTest::testSecurityMiddleware()   A

Complexity

Conditions 2
Paths 2

Size

Total Lines 23
Code Lines 10

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 23
rs 9.0856
c 0
b 0
f 0
cc 2
eloc 10
nc 2
nop 3
1
<?php
2
3
namespace League\Tactician\Bundle\Tests\Integration;
4
5
use League\Tactician\Bundle\DependencyInjection\Compiler\UnknownMiddlewareException;
6
use League\Tactician\Bundle\Tests\Fake\FakeCommand;
7
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
8
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
9
use Symfony\Component\Security\Core\Role\Role;
10
use stdClass;
11
12
/**
13
 * Integration test for security middleware.
14
 *
15
 * @author Ron Rademaker
16
 *
17
 * @runTestsInSeparateProcesses
18
 */
19
class SecurityTest extends IntegrationTest
20
{
21
    public function testCanBootKernelWithSecurityMiddleware()
22
    {
23
        $this->loadSecurityConfiguration();
24
25
        $this->givenConfig('tactician', <<<'EOF'
26
commandbus:
27
    default:
28
        middleware:
29
            - tactician.middleware.security
30
EOF
31
        );
32
        static::$kernel->boot();
33
        $this->assertTrue(true);
34
    }
35
36
    public function testCanNotBootKernelIfLoadingSecurityMiddlewareWithoutSecurityBeingTurnedOn()
37
    {
38
        $this->expectException(UnknownMiddlewareException::class);
39
        $this->givenConfig('tactician', <<<'EOF'
40
commandbus:
41
    default:
42
        middleware:
43
            - tactician.middleware.security
44
EOF
45
        );
46
        static::$kernel->boot();
47
    }
48
49
    public function testCanBootKernelWithoutSecurityOrSecurityMiddleware()
50
    {
51
        static::$kernel->boot();
52
        $this->assertTrue(true);
53
    }
54
55
    /**
56
     * @dataProvider provideTestData
57
     */
58
    public function testSecurityMiddleware($command, string $role, string $expectedExceptionClassName = null)
59
    {
60
        if ($expectedExceptionClassName) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $expectedExceptionClassName of type null|string is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For string values, the empty string '' is a special case, in particular the following results might be unexpected:

''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
Loading history...
61
            $this->expectException($expectedExceptionClassName);
62
        }
63
64
        $this->loadSecurityConfiguration();
65
        $this->givenConfig('tactician', <<<'EOF'
66
commandbus:
67
    default:
68
        middleware:
69
            - tactician.middleware.security
70
security:
71
    League\Tactician\Bundle\Tests\Fake\FakeCommand:
72
        - 'ROLE_ADMIN'
73
EOF
74
        );
75
76
        static::$kernel->boot();
77
        $this->setUserRole($role);
78
79
        static::$kernel->getContainer()->get('tactician.commandbus.default')->handle($command);
80
    }
81
82
    /**
83
     * Gets test data for security middleware integration test.
84
     *
85
     * @return array
86
     */
87
    public function provideTestData(): array
88
    {
89
        return [
90
            'Role may handle the command' => [new FakeCommand(), 'ROLE_ADMIN'],
91
            'Test role hierarchy' => [new FakeCommand(), 'ROLE_SUPER_ADMIN'],
92
            'Role may not handle the command' => [new FakeCommand(), 'ROLE_USER', AccessDeniedException::class],
93
            'Deny access if command is not in the mapping' => [new stdClass(), 'ROLE_SUPER_ADMIN', AccessDeniedException::class],
94
        ];
95
    }
96
97
    /**
98
     * Security configuration.
99
     */
100
    private function loadSecurityConfiguration()
101
    {
102
        $this->givenConfig('security', <<< 'EOF'
103
access_denied_url: /
104
105
role_hierarchy:
106
    ROLE_ADMIN:       ROLE_USER
107
    ROLE_SUPER_ADMIN: ROLE_ADMIN
108
109
providers:
110
    my_in_memory_provider:
111
        memory:
112
113
firewalls:
114
    main:
115
        anonymous: ~
116
        http_basic: ~
117
EOF
118
        );
119
    }
120
121
    /**
122
     * @param string $role
123
     */
124
    protected function setUserRole(string $role): void
125
    {
126
        static::$kernel->getContainer()
127
            ->get('security.token_storage')
128
            ->setToken(
129
                new AnonymousToken('test', 'anon', [new Role($role)])
130
            );
131
    }
132
}
133