gramps
373ebc8c93
952 days continuous production uptime, 40k+ tp/s single node. Original corpo Bitbucket history not included — clean archive commit.
362 lines
16 KiB
PHP
362 lines
16 KiB
PHP
<?php
|
|
|
|
$_REDIRECT = false;
|
|
require(dirname(__DIR__) . '/../config/sneakerstrap.inc'); // and load the namaste environment
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
class apiClientAuthTest extends TestCase
|
|
{
|
|
protected ?gacBrokerClient $readBrokerClient = null;
|
|
protected static ?array $meta = null;
|
|
|
|
|
|
/**
|
|
* setUpBeforeClass() -- public static unit test method
|
|
*
|
|
* this method is called first, and once, on execution. This method calls the setUpBeforeClass() method and then
|
|
* established the meta data payloads we'll use for client and admin event requests.
|
|
*
|
|
* NOTE:
|
|
* -----
|
|
* You have to ensure that the GUID value assigned to CLIENT_AUTH_TOKEN exists and that the same value has been
|
|
* set in the gatTestMongo template constructor.
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-02-20 mks ECI-108: original coding
|
|
*
|
|
*/
|
|
public static function setUpBeforeClass()
|
|
{
|
|
parent::setUpBeforeClass();
|
|
|
|
// meta data (for namaste)
|
|
static::$meta = [
|
|
META_DO_CACHE => false, // disable cache-mapping for the request
|
|
META_LIMIT => 1, // return one record only in the test-fetch query
|
|
META_CLIENT => CLIENT_API_USER, // simulate an API call to Namaste
|
|
CLIENT_AUTH_TOKEN => '79344859-5403-1556-7663-4E34D6B4CBE4',
|
|
META_CLIENT_IP => STRING_SESSION_HOME,
|
|
META_SYSTEM_NOTES => STRING_ORIGIN_UT,
|
|
META_TEMPLATE => TEMPLATE_CLASS_TEST_MONGO
|
|
];
|
|
}
|
|
|
|
|
|
/**
|
|
* setUp() -- unit test reserved method
|
|
*
|
|
* the setUp method is executed prior to each test, executing the following tasks:
|
|
*
|
|
* 1. validate that the meta data persisted across tests
|
|
* 2. validate that we successfully created a read-broker client
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-02-20 mks ECI-108: original coding
|
|
*
|
|
*/
|
|
protected function setUp()
|
|
{
|
|
parent::setUp();
|
|
$file = basename(__FILE__);
|
|
// validate the meta data for the pending query
|
|
$this->assertTrue(!empty(static::$meta), $file . AT . __LINE__ . COLON . ERROR_DATA_META_404);
|
|
$this->assertTrue(is_array(static::$meta), $file . AT . __LINE__ . COLON . ERROR_META_INVALID_FORMAT_ARRAY);
|
|
$this->assertTrue(array_key_exists(META_TEMPLATE, static::$meta), $file . AT . __LINE__ . COLON . ERROR_DATA_META_KEY_404 . META_TEMPLATE);
|
|
$this->assertTrue(array_key_exists(CLIENT_AUTH_TOKEN, static::$meta), $file . AT . __LINE__ . COLON . ERROR_DATA_META_KEY_404 . CLIENT_AUTH_TOKEN);
|
|
// create the read broker client
|
|
$this->readBrokerClient = new gacBrokerClient(BROKER_QUEUE_R, $file . AT . __LINE__);
|
|
$this->assertTrue($this->readBrokerClient->status, $file . AT . __LINE__ . COLON . ERROR_BROKER_QUEUE_DECLARE . BROKER_QUEUE_R);
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
* tearDown() -- unit test method
|
|
*
|
|
* This is the (reserved) tearDown method which is executed at the end of every test. The method deletes the
|
|
* current broker client to clean-up the heap.
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-02-20 mks ECI-108: original coding
|
|
*
|
|
*/
|
|
protected function tearDown()
|
|
{
|
|
if (is_object($this->readBrokerClient)) $this->readBrokerClient->__destruct();
|
|
unset($this->readBrokerClient);
|
|
}
|
|
|
|
|
|
/**
|
|
* testFetch() -- unit test method
|
|
*
|
|
* This test is a positive test - we expect this test to successfully fetch a random record with the implication
|
|
* being that the request was validated in Namaste by comparing the meta-payload's auth key to the authKey token
|
|
* stored in the template.
|
|
*
|
|
* As such, we don't really care about the return payload other than we returned a record, and only record. We're
|
|
* testing the ability to successfully fetch a record while mimic'ing an API request. Tests for the accuracy of
|
|
* the data are handled in other tests.
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-02-20 mks ECI-108: original coding
|
|
*
|
|
*/
|
|
/**
|
|
*/
|
|
public function testFetch()
|
|
{
|
|
$meth = basename(__METHOD__);
|
|
// assertions that the static data is set and accessible
|
|
$this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$query = null; // fetch any active record
|
|
// set-up the broker fetch payload
|
|
$payload = [
|
|
BROKER_REQUEST => BROKER_REQUEST_FETCH,
|
|
BROKER_DATA => [
|
|
STRING_QUERY_DATA => $query
|
|
],
|
|
BROKER_META_DATA => static::$meta
|
|
];
|
|
// submit generic fetch request to namaste read broker
|
|
$response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
|
|
// test the response payload
|
|
$this->assertTrue($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_BROKER_EVENT_FAIL, BROKER_REQUEST_FETCH, $response[PAYLOAD_STATE]));
|
|
$recCount = count($response[PAYLOAD_RESULTS][STRING_QUERY_RESULTS]);
|
|
$this->assertEquals(1, $recCount, sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_INTEGER_MISMATCH, 1, $recCount));
|
|
}
|
|
|
|
|
|
/**
|
|
* testNegativeNoAuthToken() -- unit test method
|
|
*
|
|
* This unit test is a negative test; we expect the request to Namaste to fail with the reason being is that we've
|
|
* pulled/deleted the client-auth-token from the meta payload. This should cause the request to be rejected by
|
|
* namaste (in the functions.inc validation, rather than in the factory-class validation code) returning a meta
|
|
* data error for the error state and an white-box error message. (We'll test for both.)
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-02-20 mks ECI-108: original coding
|
|
*
|
|
*/
|
|
public function testNegativeNoAuthToken()
|
|
{
|
|
$meth = basename(__METHOD__);
|
|
// assertions that the static data is set and accessible
|
|
$this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$metaCopy = static::$meta;
|
|
unset($metaCopy[CLIENT_AUTH_TOKEN]);
|
|
$this->assertArrayNotHasKey(CLIENT_AUTH_TOKEN, $metaCopy, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_GENERIC_FAIL . 'did not remove client auth key from meta copy');
|
|
$query = null;
|
|
$payload = [
|
|
BROKER_REQUEST => BROKER_REQUEST_FETCH,
|
|
BROKER_DATA => [
|
|
STRING_QUERY_DATA => $query
|
|
],
|
|
BROKER_META_DATA => $metaCopy
|
|
];
|
|
// submit generic fetch request to namaste read broker
|
|
$response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
|
|
// we expect a failed (false) return because the meta payload is missing the client auth key token
|
|
$this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
|
|
$this->assertEquals(STATE_META_ERROR, $response[PAYLOAD_STATE], sprintf($meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_META_ERROR, $response[PAYLOAD_STATE]));
|
|
}
|
|
|
|
|
|
/**
|
|
* testNegativeMalformedToken() -- unit test method
|
|
*
|
|
* This is another negative unit test; we expect this test to fail because we're passing a malformed token value
|
|
* as the client-auth-token value. As in the previous test, this request should be rejected by Namaste at the
|
|
* broker-level instead of allowing the request to proceed deeper into the class-instantiation level.
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-02-20 mks ECI-108: original coding
|
|
*
|
|
*/
|
|
public function testNegativeMalformedToken()
|
|
{
|
|
$meth = basename(__METHOD__);
|
|
// assertions that the static data is set and accessible
|
|
$this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$metaCopy = static::$meta;
|
|
// token is malformed
|
|
$metaCopy[CLIENT_AUTH_TOKEN] = '18D5C150-4639-32C8-07CD';
|
|
$query = null;
|
|
$payload = [
|
|
BROKER_REQUEST => BROKER_REQUEST_FETCH,
|
|
BROKER_DATA => [
|
|
STRING_QUERY_DATA => $query
|
|
],
|
|
BROKER_META_DATA => $metaCopy
|
|
];
|
|
// submit generic fetch request to namaste read broker
|
|
$response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
|
|
// we expect a failed (false) return because the meta payload is missing the client auth key token
|
|
$this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
|
|
$this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_META_ERROR, $response[PAYLOAD_STATE]));
|
|
}
|
|
|
|
|
|
/**
|
|
* testNegativeWrongToken() -- unit test method
|
|
*
|
|
* This test makes a request against a template requiring authentication but provides the wrong (incorrect)
|
|
* authentication token in the payload. As such, we should return, in this limited case an authentication error
|
|
* as opposed to a not-found error.
|
|
*
|
|
* Think of two scenarios - one is that we submit a superfluous token that doesn't exist (this test) or we submit
|
|
* a token that's exists, but isn't the correct value as defined in the data template (next test).
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-04-20 mks ECI-108: Original coding
|
|
*
|
|
*/
|
|
public function testNegativeMeaninglessToken()
|
|
{
|
|
$meth = basename(__METHOD__);
|
|
// assertions that the static data is set and accessible
|
|
$this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$metaCopy = static::$meta;
|
|
// token is incorrect, but valid - but doesn't like to any record in the db
|
|
$metaCopy[CLIENT_AUTH_TOKEN] = '18D5C150-4639-32C8-07CD-C7CD5970675F';
|
|
$query = null;
|
|
$payload = [
|
|
BROKER_REQUEST => BROKER_REQUEST_FETCH,
|
|
BROKER_DATA => [
|
|
STRING_QUERY_DATA => $query
|
|
],
|
|
BROKER_META_DATA => $metaCopy
|
|
];
|
|
// submit generic fetch request to namaste read broker
|
|
$response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
|
|
// we expect a failed (false) return because the meta payload is missing the client auth key token
|
|
$this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
|
|
$this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_AUTH_ERROR, $response[PAYLOAD_STATE]));
|
|
}
|
|
|
|
|
|
/**
|
|
* testNegativeWrongClient() -- unit test method
|
|
*
|
|
* This unit test is designed to fail - we're going to submit a request for a record and the client auth token
|
|
* is linked to an active, valid, smax-token record. However, it's not the record that's defined in the template.
|
|
* This test covers the case were Partner A attempts to instantiate a data template belonging to Partner B.
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-04-20 mks ECI-108: Original coding
|
|
*
|
|
*/
|
|
public function testNegativeWrongClient()
|
|
{
|
|
$meth = basename(__METHOD__);
|
|
// assertions that the static data is set and accessible
|
|
$this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$metaCopy = static::$meta;
|
|
// token is to another active record other than the one defined in the template
|
|
$metaCopy[CLIENT_AUTH_TOKEN] = '136EA67A-B1E2-0A4B-2BD8-EE34D39DFDE1';
|
|
$query = null;
|
|
$payload = [
|
|
BROKER_REQUEST => BROKER_REQUEST_FETCH,
|
|
BROKER_DATA => [
|
|
STRING_QUERY_DATA => $query
|
|
],
|
|
BROKER_META_DATA => $metaCopy
|
|
];
|
|
// submit generic fetch request to namaste read broker
|
|
$response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
|
|
// we expect a failed (false) return because the meta payload is missing the client auth key token
|
|
$this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
|
|
$this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_AUTH_ERROR, $response[PAYLOAD_STATE]));
|
|
}
|
|
|
|
|
|
/**
|
|
* testNegativeRequestFromDeletedClient() -- unit test method
|
|
*
|
|
* This test is a negative test - we expect the request to fail. In this test, we're submitting a fetch request
|
|
* using a client auth token from a deleted record; the smax token record is no longer in an active state.
|
|
*
|
|
* The return message doesn't give away the status of the record - we don't want the white-box user to know anything
|
|
* other than they encountered an authentication error.
|
|
*
|
|
*
|
|
* @author mike@givingassistant.org
|
|
* @version 1.0
|
|
*
|
|
* HISTORY:
|
|
* ========
|
|
* 06-04-20 mks ECI-108: Original coding
|
|
*
|
|
*/
|
|
public function testNegativeRequestFromDeletedClient()
|
|
{
|
|
$meth = basename(__METHOD__);
|
|
// assertions that the static data is set and accessible
|
|
$this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
|
|
$metaCopy = static::$meta;
|
|
// token is to a deleted record other than the one defined in the template
|
|
$metaCopy[CLIENT_AUTH_TOKEN] = 'B79652AA-6EA5-27CB-74DD-814E7BFAAD66';
|
|
$query = null;
|
|
$payload = [
|
|
BROKER_REQUEST => BROKER_REQUEST_FETCH,
|
|
BROKER_DATA => [
|
|
STRING_QUERY_DATA => $query
|
|
],
|
|
BROKER_META_DATA => $metaCopy
|
|
];
|
|
// submit generic fetch request to namaste read broker
|
|
$response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
|
|
// we expect a failed (false) return because the meta payload is missing the client auth key token
|
|
$this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
|
|
$this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_AUTH_ERROR, $response[PAYLOAD_STATE]));
|
|
}
|
|
}
|