Add additional test coverage for jwt-auth (#127)

Author: cnizzardini

plugins/jwt-auth/tests/ControllerTest.php

@@ -8,6 +8,7 @@
 use Firebase\JWT\Key;
 use Firebase\JWT\JWK as FirebaseJWK;
 use MixerApi\JwtAuth\Configuration\Configuration;
+use MixerApi\JwtAuth\Exception\JwtAuthException;
 use MixerApi\JwtAuth\Jwk\JwkSet;
 
 class ControllerTest extends TestCase
@@ -23,10 +24,13 @@ class ControllerTest extends TestCase
 
     public function setUp(): void
     {
-        parent::setUp(); // TODO: Change the autogenerated stub
+        parent::setUp();
         static::setAppNamespace('MixerApi\JwtAuth\Test\App');
     }
 
+    /**
+     * When requesting the JWKS endpoint, the server responds with the keyset.
+     */
     public function test_jwks(): void
     {
         TestHelper::createRs256Config();
@@ -38,9 +42,12 @@ public function test_jwks(): void
     }
 
     /**
+     * When a valid login request is made with the given algorithm, the server responds with a JWT.
+     *
      * @dataProvider dataProviderForAlg
      * @param string $alg
      * @return void
+     * @throws JwtAuthException
      */
     public function test_login(string $alg): void
     {
@@ -60,6 +67,8 @@ public function test_login(string $alg): void
     }
 
     /**
+     * When a login request is made with invalid credentials for the given algorithm the server responds with a 401.
+     *
      * @dataProvider dataProviderForAlg
      * @param string $alg
      * @return void
@@ -72,6 +81,29 @@ public function test_login_fails(string $alg): void
     }
 
     /**
+     * When an authenticated request is made to an endpoint requiring authentication, the server responds with a 200.
+     *
+     * @dataProvider dataProviderForAlg
+     * @param string $alg
+     * @return void
+     */
+    public function test_auth_works(string $alg): void
+    {
+        $alg === 'RS' ? TestHelper::createRs256Config() : TestHelper::createHs256Config();
+        $this->post('/test/login.json', ['email' => '[email protected]', 'password' => 'password']);
+        $this->assertResponseCode(200);
+        $body = (string)$this->_response->getBody();
+        $this->configRequest([
+            'headers' => ['Authorization' => 'Bearer ' . $body],
+        ]);
+
+        $this->get('/test/index.json');
+        $this->assertResponseOk();
+    }
+
+    /**
+     * When an unauthenticated request is made to an endpoint requiring authentication, the server responds with a 401.
+     *
      * @dataProvider dataProviderForAlg
      * @param string $alg
      * @return void

tests/bootstrap.php

@@ -35,6 +35,8 @@
 Configure::write('App.fullBaseUrl', 'http://localhost');
 putenv('DB=sqlite');
 
+ini_set('error_reporting', 'E_ALL ^ E_DEPRECATED');
+
 // Fixate sessionid early on, as php7.2+
 // does not allow the sessionid to be set after stdout
 // has been written to.