Commit 9a6c5ae7 authored by Fabrice Gangler's avatar Fabrice Gangler 🎨 Committed by Matthieu FAURE
Browse files

TEST(mapping): add basic controler test (ACL, code HTTP)

Tests:
- admin role can use each action
- connected user have no access yet ---> HTTP"403
- anonymous user have no access yet ---> redirect to login

Refs: 788
parent 28152e21
......@@ -36,4 +36,105 @@ abstract class ApiIntegrationTestCase extends IntegrationTestCase
]
]);
}
/**
* To be used when the HTTP GET request
* is allowed for the URL ---> HTTP code 200
* - format HTML ----> $url
* - format JSON ----> $url.'.json'
*
* return [ 'html' => [ 'headers' => $htmlHeaders,
'data' => $html ],
'json' => [ 'headers' => $jsonHeaders,
'data' => $json,
'obj' => $objJson ]]
*
* @param string $url
* @return array
*/
protected function getUrlOk(string $url): Array
{
// HTML
$this->get($url);
$this->assertResponseCode(200);
$html = $this->_response->body();
$htmlHeaders = $this->_response->header();
$this->assertEquals('text/html; charset=UTF-8', $htmlHeaders['Content-Type']);
$this->assertEquals('DENY', $htmlHeaders['X-Frame-Options']);
$this->assertEquals('nosniff', $htmlHeaders['X-Content-Type-Options']);
$this->assertEquals('1; mode=block', $htmlHeaders['X-XSS-Protection']);
$this->assertEquals('strict-origin-when-cross-origin', $htmlHeaders['Referrer-Policy']);
// Json
$this->get("$url .json");
$this->assertResponseCode(200);
$jsonHeaders = $this->_response->header();
$json = $this->_response->body();
$objJson = json_decode($json);
$this->assertEquals('application/json; charset=UTF-8', $jsonHeaders['Content-Type']);
return [
'html' => [
'headers' => $htmlHeaders,
'data' => $html,
],
'json' => [
'headers' => $jsonHeaders,
'data' => $json,
'obj' => $objJson,
],
];
}
/**
* For anonymous user:
* - loads the HTTP GET request
* - expects a redirect to login form.
*
* @param string $url
* @param string $redirectTo
* @param int $httpCode
*/
protected function getUrlRedirectToAnotherUrl(string $url, string $redirectTo, int $httpCode = 302)
{
// HTML
$this->get("$url");
$this->assertResponseCode($httpCode);
$headers = $this->_response->header();
$this->assertEquals($redirectTo, $headers['Location']);
// Json
$this->get("$url.json");
$this->assertResponseCode($httpCode);
$headers = $this->_response->header();
$this->assertEquals($redirectTo, $headers['Location']);
}
/**
* To be used when the HTTP GET request
* is not allowed for the URL ---> HTTP code 403 - Not authorized
* - format HTML ----> $url
* - format JSON ----> $url.'.json'
*
* @param string $url
* @return Array
*/
protected function getUrlNotAuthorized(string $url): Array
{
// HTML
$this->get($url);
$html = $this->_response->body();
$this->assertResponseCode(403);
$this->assertContains("<title>Error-400</title>", $html);
// Json
$this->get($url.'.json');
$json = json_decode($this->_response->body());
$this->assertResponseCode(403);
$this->assertEquals("You are not authorized to access that location.", $json->message);
$this->assertEquals(403, $json->code);
return ['html' => $html, 'json' => $json];
}
}
......@@ -3,12 +3,11 @@
namespace App\Test\TestCase\Controller\Api\V1;
use App\Controller\TaxonomysController;
use Cake\TestSuite\IntegrationTestCase;
/**
* App\Controller\TaxonomysController Test Case
*/
class TaxonomysControllerTest extends IntegrationTestCase
class TaxonomysControllerTest extends ApiIntegrationTestCase
{
/**
......@@ -48,52 +47,336 @@ class TaxonomysControllerTest extends IntegrationTestCase
// 'app.alternativeto'
];
// Admin user
/////////////////////////////////////////////////////////////////////////////////////////
/**
* Set session for a admin user
*/
private function setAdminSession()
{
$this->session([
'Auth' => [
'User' => [
'id' => 2,
"user_type_id" => 2,
"role" => 'admin',
]
]
]);
}
/**
* Test index method
* For a connected user
* - loads the HTTP GET request
* - expects a "not authorized" response.
*
* @param string $url
* @return Array
*/
private function getUrlOkForAdminUser(string $url): Array
{
$this->setAdminSession();
return $this->getUrlOk($url);
}
/**
* Test index method for admin user ---> allowed
*
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @group admin
* @group taxonomy
* @return void
*/
public function testIndex()
public function testIndexForAdminUser()
{
$this->markTestIncomplete('Not implemented yet.');
$result = $this->getUrlOkForAdminUser('/api/v1/taxonomys');
$json = $result['json'];
$html = $result['html'];
}
/**
* Test view method
*
* URL: /api/v1/taxonomys/view/1
* ----> allowed only for user with "admin" role
*
* @group admin
* @group taxonomy
* @return void
*/
public function testView()
public function testViewForAdminUser()
{
$this->markTestIncomplete('Not implemented yet.');
$result = $this->getUrlOkForAdminUser('/api/v1/taxonomys/view/1');
}
/**
* Test add method
*
* URL: /api/v1/taxonomys/add
* ----> allowed only for user with "admin" role
*
* @group admin
* @group taxonomy
* @return void
*/
public function testAdd()
public function testAddForAdminUser()
{
$this->setAdminSession();
$this->markTestIncomplete('Not implemented yet.');
}
/**
* Test edit method
*
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @group admin
* @group taxonomy
* @return void
*/
public function testEdit()
public function testEditForAdminUser()
{
$this->setAdminSession();
$this->markTestIncomplete('Not implemented yet.');
}
/**
* Test delete method
*
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @group admin
* @group taxonomy
* @return void
*/
public function testDeleteForAdminUser()
{
$this->setAdminSession();
$this->markTestIncomplete('Not implemented yet.');
}
// Connected user
/////////////////////////////////////////////////////////////////////////////////////////
/**
* Set session for a connected user
*/
private function setConnectedUserSession()
{
$this->session([
'Auth' => [
'User' => [
'id' => 2,
"user_type_id" => 2,
"role" => 'User',
]
]
]);
}
/**
* For a connected user
* - loads the HTTP GET request
* - expects a "not authorized" response.
*
* @param string $url
*/
private function getUrlNotAuthorizedForConnectedUser(string $url)
{
$this->setConnectedUserSession();
$this->getUrlNotAuthorized($url);
}
/**
* Test index method for connected user ---> not authorized
*
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @group user
* @group taxonomy
* @return void
*/
public function testFailIndexForConnectedUser()
{
$this->getUrlNotAuthorizedForConnectedUser('/api/v1/taxonomys');
}
/**
* Test view method for connected user ---> not authorized
*
* URL: /api/v1/taxonomys/view/1
* ----> allowed only for user with "admin" role
*
* @group user
* @group taxonomy
* @return void
*/
public function testFailViewForConnectedUser()
{
$this->getUrlNotAuthorizedForConnectedUser('/api/v1/taxonomys/view/1');
}
/**
* Test add method for connected user
* GET ---> not authorized
* POST ---> @todo
*
* URL: /api/v1/taxonomys/add
* ----> allowed only for user with "admin" role
*
* @group user
* @group taxonomy
* @return void
*/
public function testFailAddForConnectedUser()
{
$this->getUrlNotAuthorizedForConnectedUser('/api/v1/taxonomys/add');
}
/**
* Test edit method for connected user
* GET ---> not authorized
* POST ---> @todo
*
* @group user
* @group taxonomy
* @return void
*/
public function testFailEditForConnectedUser()
{
$this->getUrlNotAuthorizedForConnectedUser('/api/v1/taxonomys/edit/1');
}
/**
* Test delete method for connected user
*
*
* @todo
* @group user
* @group taxonomy
* @return void
*/
public function testFailDeleteForConnectedUser()
{
$this->markTestIncomplete('Not implemented yet.');
}
// Anonymous user
/////////////////////////////////////////////////////////////////////////////////////////
/**
* Set session for a anonymous user
*/
private function setAnonymousUserSession()
{
$this->session([]);
}
/**
* For anonymous user:
* - loads the HTTP GET request
* - expects a redirect to login form.
*
* @param string $url
*/
private function getUrlRedirectToLoginForAnonymousUser(string $url)
{
$redirectTo = '/users/login';
$this->setAnonymousUserSession();
$this->getUrlRedirectToAnotherUrl($url, $redirectTo);
}
/**
* Test index method for anonymous user ---> redirect to login form
*
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @group anonymous
* @group taxonomy
* @return void
*/
public function testFailIndexForAnonymousUser()
{
$this->getUrlRedirectToLoginForAnonymousUser('/api/v1/taxonomys');
}
/**
* Test view method for anonymous user ---> redirect to login form
*
* URL: /api/v1/taxonomys/view/1
* ----> allowed only for user with "admin" role
*
* @group anonymous
* @group taxonomy
* @return void
*/
public function testFailViewForAnonymousUser()
{
$this->getUrlRedirectToLoginForAnonymousUser('/api/v1/taxonomys/view/1');
}
/**
* Test add method for anonymous user
* GET ---> redirect to login form
* POST ---> @todo
*
* URL: /api/v1/taxonomys/add
* ----> allowed only for user with "admin" role
*
* @group anonymous
* @group taxonomy
* @return void
*/
public function testFailAddForAnonymousUser()
{
$this->getUrlRedirectToLoginForAnonymousUser('/api/v1/taxonomys/add');
}
/**
* Test edit method for anonymous user
* GET ---> redirect to login form
* POST ---> @todo
*
* @group anonymous
* @group taxonomy
* @return void
*/
public function testFailEditForAnonymousUser()
{
$this->getUrlRedirectToLoginForAnonymousUser('/api/v1/taxonomys/edit/1');
}
/**
* Test delete method for anonymous user
* @todo
*
* @group anonymous
* @group taxonomy
* @return void
*/
public function testDelete()
public function testFailDeleteForAnonymousUser()
{
$this->markTestIncomplete('Not implemented yet.');
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment