Merge pull request #593 from leepeuker/change-auth-header

Change token header name

docs/openapi.json

@@ -1076,7 +1076,7 @@
         "parameters": [
           {
             "in": "header",
-            "name": "X-Auth-Token",
+            "name": "X-Movary-Token",
             "schema": {
               "type": "string"
             },
@@ -1131,7 +1131,7 @@
           "Authentication"
         ],
         "summary": "Create authentication token",
-        "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Auth-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.",
+        "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Movary-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.",
         "parameters": [
           {
             "in": "header",
@@ -1230,11 +1230,11 @@
           "Authentication"
         ],
         "summary": "Delete authentication token",
-        "description": "Delete the authentication token provided in the X-Auth-Token header value.",
+        "description": "Delete the authentication token provided in the X-Movary-Token header value.",
         "parameters": [
           {
             "in": "header",
-            "name": "X-Auth-Token",
+            "name": "X-Movary-Token",
             "schema": {
               "type": "string"
             },
@@ -1471,7 +1471,7 @@
     "securitySchemes": {
       "token": {
         "type": "apiKey",
-        "name": "X-Auth-Token",
+        "name": "X-Movary-Token",
         "in": "header"
       }
     }

src/Domain/User/Service/Authentication.php

@@ -105,7 +105,7 @@ public function getToken(Request $request) : ?string
             return $tokenInCookie;
         }
 
-        return $request->getHeaders()['X-Auth-Token'] ?? null;
+        return $request->getHeaders()['X-Movary-Token'] ?? null;
     }
 
     public function getUserIdByApiToken(Request $request) : ?int

tests/rest/api/authentication.http

@@ -4,21 +4,102 @@ Cache-Control: no-cache
 Content-Type: application/json
 X-Movary-Client: RestAPI Test
 
-{"email" : "{{email}}", "password" : "{{password}}", "rememberMe" : 1, "totpCode" : 123456}
+{}
+
+> {%
+    client.test("Response has correct status code", function() {
+        let expected = 400
+        client.assert(response.status === expected, "Expected status code: " + expected);
+    });
+    client.test("Response has correct body", function() {
+        let expected = '{"error":"MissingCredentials","message":"Email or password is missing"}';
+        client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected);
+    });
+%}
+
+###
+
+POST http://127.0.0.1/api/authentication/token
+Accept: */*
+Cache-Control: no-cache
+Content-Type: application/json
+X-Movary-Client: RestAPI Test
+
+{"email" : "wrongEmail", "password" : "wrongPassword"}
+
+> {%
+    client.test("Response has correct status code", function() {
+        let expected = 401
+        client.assert(response.status === expected, "Expected status code: " + expected);
+    });
+    client.test("Response has correct body", function() {
+        let expected = '{"error":"InvalidCredentials","message":"Invalid credentials"}';
+        client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected);
+    });
+%}
+
+###
+
+POST http://127.0.0.1/api/authentication/token
+Accept: */*
+Cache-Control: no-cache
+Content-Type: application/json
+X-Movary-Client: RestAPI Test
+
+{"email" : "{{email}}", "password" : "{{password}}"}
+
+> {%
+    client.test("Response has correct status code", function() {
+        let expected = 200
+        client.assert(response.status === expected, "Expected status code: " + expected);
+    });
+    client.test("Response has correct body", function() {
+        client.assert(response.body.hasOwnProperty("'userId'") === false, "Response body missing property: userId");
+        client.assert(response.body.hasOwnProperty("'authToken'") === false, "Response body missing property: authToken");
+    });
+
+    client.global.set("responseAuthToken", response.body.authToken);
+%}
 
 ###
 
 GET http://127.0.0.1/api/authentication/token
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 ###
 
 DELETE http://127.0.0.1/api/authentication/token
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Movary-Client: RestAPI Test
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{responseAuthToken}}
+
+> {%
+    client.test("Response has correct status code", function() {
+        let expected = 204
+        client.assert(response.status === expected, "Expected status code: " + expected);
+    });
+%}
+
+###
+
+DELETE http://127.0.0.1/api/authentication/token
+Accept: */*
+Cache-Control: no-cache
+Content-Type: application/json
+
+> {%
+    client.test("Response has correct status code", function() {
+        let expected = 400
+        client.assert(response.status === expected, "Expected status code: " + expected);
+    });
+    client.test("Response has correct body", function() {
+        let expected = '{"error":"MissingAuthToken","message":"Authentication token header is missing"}';
+        client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected);
+    });
+%}
+
+###

tests/rest/api/http-client.env.json

@@ -1,7 +1,7 @@
 {
   "testUser": {
     "username": "testUser",
-    "xAuthToken": "4f0fbe93e2752932e5700e14ffa49f67",
+    "xMovaryToken": "4f0fbe93e2752932e5700e14ffa49f67",
     "email": "[email protected]",
     "password": "password1234"
   }

tests/rest/api/movie-search.http

@@ -2,6 +2,6 @@ GET http://127.0.0.1/api/movies/search?search=Matrix&page=1&releaseYear=2012
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 ####

tests/rest/api/user-history.http

@@ -2,15 +2,15 @@ GET http://127.0.0.1/api/users/{{username}}/history/movies?search=Matrix&limit=1
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 ####
 
 PUT http://127.0.0.1/api/users/{{username}}/history/movies
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 [{"movaryId" : 1, "watchedAt" : "2011-05-06", "plays" :  1, "comment" :  "comment"}]
 
@@ -20,7 +20,7 @@ POST http://127.0.0.1/api/users/{{username}}/history/movies
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 [{"movaryId" : 1, "watchedAt" : "2011-05-06"}]
 
@@ -30,7 +30,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/history/movies
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 [{"movaryId" : 1, "watchedAt" : "2011-05-06"}]
 

tests/rest/api/user-played.http

@@ -2,15 +2,15 @@ GET http://127.0.0.1/api/users/{{username}}/played/movies?limit=10&sortOrder=des
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 ####
 
 PUT http://127.0.0.1/api/users/{{username}}/played/movies
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 [
   {
@@ -36,7 +36,7 @@ POST http://127.0.0.1/api/users/{{username}}/played/movies
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 [
   {
@@ -60,7 +60,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/played/movies
 Accept: */*
 Cache-Control: no-cache
 Content-Type: application/json
-X-Auth-Token: {{xAuthToken}}
+X-Movary-Token: {{xMovaryToken}}
 
 [
   {