[DX][Testing] Added a loginUser() method to test protected resources

Author: javiereguiluz

KernelBrowser.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\FrameworkBundle;
 
+use Symfony\Component\BrowserKit\Cookie;
 use Symfony\Component\BrowserKit\CookieJar;
 use Symfony\Component\BrowserKit\History;
 use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -19,6 +20,8 @@
 use Symfony\Component\HttpKernel\HttpKernelBrowser;
 use Symfony\Component\HttpKernel\KernelInterface;
 use Symfony\Component\HttpKernel\Profiler\Profile as HttpProfile;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
  * Simulates a browser and makes requests to a Kernel object.
@@ -203,4 +206,17 @@ protected function getScript($request)
 
         return $code.$this->getHandleScript();
     }
+
+    public function loginUser(UserInterface $user, string $firewallContext = 'main'): self
+    {
+        $token = new UsernamePasswordToken($user, null, $firewallContext, $user->getRoles());
+        $session = $this->getContainer()->get('session');
+        $session->set('_security_'.$firewallContext, serialize($token));
+        $session->save();
+
+        $cookie = new Cookie($session->getName(), $session->getId());
+        $this->getCookieJar()->set($cookie);
+
+        return $this;
+    }
 }

Tests/Functional/SecurityTest.php

@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Functional;
+
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\User;
+
+class SecurityTest extends AbstractWebTestCase
+{
+    /**
+     * @dataProvider getUsers
+     */
+    public function testLoginUser(string $username, ?string $password, array $roles, ?string $firewallContext, string $expectedProviderKey)
+    {
+        $user = new User($username, $password, $roles);
+        $client = $this->createClient(['test_case' => 'Security', 'root_config' => 'config.yml']);
+
+        if (null === $firewallContext) {
+            $client->loginUser($user);
+        } else {
+            $client->loginUser($user, $firewallContext);
+        }
+
+        /** @var SessionInterface $session */
+        $session = $client->getContainer()->get('session');
+        /** @var UsernamePasswordToken $userToken */
+        $userToken = unserialize($session->get('_security_'.$expectedProviderKey));
+
+        $this->assertSame('_security_'.$expectedProviderKey, array_keys($session->all())[0]);
+        $this->assertSame($expectedProviderKey, $userToken->getProviderKey());
+        $this->assertSame($username, $userToken->getUsername());
+        $this->assertSame($password, $userToken->getUser()->getPassword());
+        $this->assertSame($roles, $userToken->getUser()->getRoles());
+
+        $this->assertNotNull($client->getCookieJar()->get('MOCKSESSID'));
+    }
+
+    public function getUsers()
+    {
+        yield ['the-username', 'the-password', ['ROLE_FOO'], null, 'main'];
+        yield ['the-username', 'the-password', ['ROLE_FOO'], 'main', 'main'];
+        yield ['the-username', 'the-password', ['ROLE_FOO'], 'custom_firewall_context', 'custom_firewall_context'];
+
+        yield ['the-username', null, ['ROLE_FOO'], null, 'main'];
+        yield ['the-username', 'the-password', [], null, 'main'];
+    }
+}

Tests/Functional/app/Security/bundles.php

@@ -0,0 +1,20 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
+use Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\TestBundle;
+use Symfony\Bundle\SecurityBundle\SecurityBundle;
+
+return [
+    new FrameworkBundle(),
+    new SecurityBundle(),
+    new TestBundle(),
+];

Tests/Functional/app/Security/config.yml

@@ -0,0 +1,2 @@
+imports:
+    - { resource: ./../config/default.yml }

Tests/Functional/app/Security/routing.yml

@@ -0,0 +1,2 @@
+_sessiontest_bundle:
+    resource: '@TestBundle/Resources/config/routing.yml'

composer.json

@@ -47,6 +47,7 @@
         "symfony/messenger": "^4.4|^5.0",
         "symfony/mime": "^4.4|^5.0",
         "symfony/process": "^4.4|^5.0",
+        "symfony/security-bundle": "^4.0|^5.0",
         "symfony/security-csrf": "^4.4|^5.0",
         "symfony/security-http": "^4.4|^5.0",
         "symfony/serializer": "^4.4|^5.0",