phphd/api-test-bundle

JWT Authentication for API testing

Maintainers

Details

github.com/phphd/api-test-bundle

Source

Issues

Installs: 1 059

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

1.0.0 2024-02-05 06:45 UTC

Requires

Requires (Dev)

MIT 1182cd24016b8865f52aae1255bceb711a7eee01

  • Yevhen Sidelnyk <zsidelnik.woop@gmail.com>

testingphpunitauthjwt

This package is auto-updated.

Last update: 2024-04-05 07:11:02 UTC

README

🧰 Provides lightweight jwt authorization utilities for Api Testing in Symfony applications. In essence, this package integrates Lexik JWT Authentication Bundle into your Api Test Cases.

Build Status Codecov Psalm coverage Psalm level Total Downloads Licence

Quick Start

Installation 📥

  1. Install via composer

    composer require --dev phphd/api-test-bundle

  2. Enable the bundle in the bundles.php

    PhPhD\ApiTestBundle\PhdApiTestBundle::class => ['test' => true],

Configuration ⚒️

Create phd_api_test.yaml configuration file under config/packages/test directory. It's necessary to specify service id of application user provider here. If you have only one authenticated user entity (hence, one provider), use current default configuration.

phd_api_test:
    jwt_authenticators:
        -   name: default
            user_provider: security.user_providers

Usage 🚀

In your Api Test class use JwtLoginTrait and login method to handle authentication:

use ApiPlatform\Symfony\Bundle\Test\ApiTestCase;
use ApiPlatform\Symfony\Bundle\Test\Client;
use PhPhD\ApiTest\JwtLoginTrait;

final class ExampleProtectedApiTest extends ApiTestCase
{
    use JwtLoginTrait;
    
    // ...

    public function testAccessFeatureWithoutPassword(): void
    {
        $token = $this->login('username');

        $this->client->request('GET', '/api/protected-route', [
            'auth_bearer' => $token,
        ]);

        self::assertResponseStatusCodeSame(200);
    }
}

In this example, login is used to generate jwt token for username user so that api request will be sent on his behalf.

Advanced Configuration ⚙️

Multiple Authenticators

It is possible to use multiple authenticators for your specific needs. For instance if you have admin panel alongside your main authenticated application, you may want to use the dedicated authenticator.

In essence, if you're utilizing security.user_providers, additional configuration is typically unnecessary, since security.user_providers acts as a chain user provider, meaning that first found user from any subordinate providers will be used.

Nonetheless, in case of conflicting usernames or any other specific reason, you may register an additional authenticator in the same configuration file by different name:

phd_api_test:
    jwt_authenticators:
        -   name: admin
            user_provider: security.user.provider.concrete.api_admin_user_provider

In this config, api_admin_user_provider is the name of user provider from security.yaml and admin - just an alias for our usage in tests.

Having registered authenticator, we may use its alias as a second parameter of login method:

public function testDedicatedAdminAuthenticator(): void
{
    $token = $this->login('admin@test.com', authenticator: 'admin');

    $this->client->request('GET', '/api/admin/protected-route', [
        'auth_bearer' => $token,
    ]);

    self::assertResponseStatusCodeSame(200);
}