69 lines
2.3 KiB
PHP
69 lines
2.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Integration;
|
|
|
|
use Tests\Support\DatabaseSeeder;
|
|
use Tests\Support\QdbTestCase;
|
|
|
|
final class AuthTest extends QdbTestCase
|
|
{
|
|
public function testAdminLoginSuccess(): void
|
|
{
|
|
$res = $this->api()->loginWeb(DatabaseSeeder::ADMIN_USERNAME, DatabaseSeeder::PASSWORD);
|
|
$this->assertApiOk($res);
|
|
$this->assertNotEmpty($res['data']['token']);
|
|
$this->assertSame('admin', $res['data']['role']);
|
|
}
|
|
|
|
public function testInvalidCredentials(): void
|
|
{
|
|
$res = $this->api()->loginWeb(DatabaseSeeder::ADMIN_USERNAME, 'wrong');
|
|
$this->assertApiError($res, 'INVALID_CREDENTIALS', 401);
|
|
}
|
|
|
|
public function testCoachBlockedOnWebClient(): void
|
|
{
|
|
$res = $this->api()->loginWeb(DatabaseSeeder::COACH_USERNAME, DatabaseSeeder::PASSWORD);
|
|
$this->assertApiError($res, 'FORBIDDEN', 403);
|
|
}
|
|
|
|
public function testRateLimitAfterFailures(): void
|
|
{
|
|
require_once dirname(__DIR__, 2) . '/lib/settings.php';
|
|
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
|
|
qdb_settings_save_on_pdo($pdo, qdb_settings_validate_and_merge([
|
|
'login_max_attempts' => 2,
|
|
'login_window_seconds' => 600,
|
|
'login_lockout_seconds' => 600,
|
|
], qdb_settings_get_on_pdo($pdo)));
|
|
qdb_save($tmpDb, $lockFp);
|
|
|
|
$this->api()->loginWeb('rate_user', 'bad1');
|
|
$this->api()->loginWeb('rate_user', 'bad2');
|
|
$res = $this->api()->loginWeb('rate_user', 'bad3');
|
|
$this->assertApiError($res, 'RATE_LIMITED', 429);
|
|
}
|
|
|
|
public function testMissingFields(): void
|
|
{
|
|
$res = $this->api()->request('POST', 'auth/login', ['username' => '']);
|
|
$this->assertApiError($res, 'MISSING_FIELDS', 400);
|
|
}
|
|
|
|
public function testKeycloakConfigDisabledByDefault(): void
|
|
{
|
|
$res = $this->api()->request('GET', 'auth/keycloak-config');
|
|
$this->assertApiOk($res);
|
|
$this->assertFalse($res['data']['enabled']);
|
|
$this->assertSame('', $res['data']['loginUrl']);
|
|
}
|
|
|
|
public function testKeycloakLoginRequiresConfiguration(): void
|
|
{
|
|
$res = $this->api()->request('GET', 'auth/keycloak-login');
|
|
$this->assertApiError($res, 'KEYCLOAK_NOT_CONFIGURED', 503);
|
|
}
|
|
}
|