phphd / api-testing
JWT Authentication for API testing
Requires
- php: >=8.1
- lexik/jwt-authentication-bundle: ^2.0 || ^3.0
Requires (Dev)
- phphd/coding-standard: ~0.5.3
- phpstan/phpstan: ^1.10
- phpstan/phpstan-phpunit: ^1.3
- phpunit/phpunit: ^9.4
- psalm/plugin-phpunit: ^0.18.4
- symfony/var-dumper: ^6.0
- tomasvotruba/type-coverage: ^0.2.1
- vimeo/psalm: ^5.16
Conflicts
- symfony/config: <6.0 || >=8.0
- symfony/dependency-injection: <6.1 || >=8.0
- symfony/http-kernel: <6.0 || >=8.0
- symfony/security-core: <6.0 || >=8.0
README
🧰 Provides lightweight jwt authorization utilities for Api Testing in Symfony applications. In essence, this package integrates Lexik JWT Authentication Bundle into your Api Test Cases.
Quick Start
Installation 📥
-
Install via composer
composer require --dev phphd/api-testing
-
Enable the bundle in the
bundles.php
PhPhD\ApiTesting\Bundle\PhdApiTestingBundle::class => ['test' => true],
Configuration ⚒️
Create phd_api_testing.yaml
configuration file under config/packages/test
directory. It's necessary to specify
service id of application user provider here. If you
have only one authenticated user entity (hence, one provider), use current default configuration.
phd_api_testing: jwt_authenticators: - name: default user_provider: security.user_providers
Usage 🚀
In your Api Test class use JwtLoginTrait
and login
method to handle authentication:
use PhPhD\ApiTesting\Jwt\JwtLoginTrait; final class ExampleProtectedApiTest extends ApiTestCase { use JwtLoginTrait; // ... public function testAccessFeatureWithoutPassword(): void { $token = $this->login('username'); $this->client->request('GET', '/api/protected-route', [ 'auth_bearer' => $token, ]); self::assertResponseStatusCodeSame(200); } }
In this example, login
is used to generate jwt token for username
user so that api request will be sent on his
behalf.
Advanced Configuration ⚙️
Multiple Authenticators
It is possible to use multiple authenticators for your specific needs. For instance if you have admin panel alongside your main authenticated application, you may want to use the dedicated authenticator.
In essence, if you're utilizing security.user_providers
, additional configuration is typically unnecessary,
since security.user_providers
acts as a chain user provider, meaning that first found user from any subordinate
providers will be used.
Nonetheless, in case of conflicting usernames or any other specific reason, you may register an additional authenticator in the same configuration file by different name:
phd_api_testing: jwt_authenticators: - name: admin user_provider: security.user.provider.concrete.api_admin_user_provider
In this config, api_admin_user_provider
is the name of user provider from security.yaml
and admin
- just an alias
for our usage in tests.
Having registered authenticator, we may use its alias as a second parameter of login
method:
public function testDedicatedAdminAuthenticator(): void { $token = $this->login('admin@test.com', authenticator: 'admin'); $this->client->request('GET', '/api/admin/protected-route', [ 'auth_bearer' => $token, ]); self::assertResponseStatusCodeSame(200); }