diff --git a/docs/openapi.json b/docs/openapi.json index ce1054b4..0ba8eb00 100644 --- a/docs/openapi.json +++ b/docs/openapi.json @@ -1076,7 +1076,7 @@ "parameters": [ { "in": "header", - "name": "X-Auth-Token", + "name": "X-Movary-Token", "schema": { "type": "string" }, @@ -1131,7 +1131,7 @@ "Authentication" ], "summary": "Create authentication token", - "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Auth-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.", + "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Movary-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.", "parameters": [ { "in": "header", @@ -1230,11 +1230,11 @@ "Authentication" ], "summary": "Delete authentication token", - "description": "Delete the authentication token provided in the X-Auth-Token header value.", + "description": "Delete the authentication token provided in the X-Movary-Token header value.", "parameters": [ { "in": "header", - "name": "X-Auth-Token", + "name": "X-Movary-Token", "schema": { "type": "string" }, @@ -1471,7 +1471,7 @@ "securitySchemes": { "token": { "type": "apiKey", - "name": "X-Auth-Token", + "name": "X-Movary-Token", "in": "header" } } diff --git a/src/Domain/User/Service/Authentication.php b/src/Domain/User/Service/Authentication.php index 0d03aeb8..9de9cf7c 100644 --- a/src/Domain/User/Service/Authentication.php +++ b/src/Domain/User/Service/Authentication.php @@ -105,7 +105,7 @@ public function getToken(Request $request) : ?string return $tokenInCookie; } - return $request->getHeaders()['X-Auth-Token'] ?? null; + return $request->getHeaders()['X-Movary-Token'] ?? null; } public function getUserIdByApiToken(Request $request) : ?int diff --git a/tests/rest/api/authentication.assert.http b/tests/rest/api/authentication.assert.http deleted file mode 100644 index d056dbc7..00000000 --- a/tests/rest/api/authentication.assert.http +++ /dev/null @@ -1,151 +0,0 @@ -POST http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Movary-Client: RestAPI Test - -{} - -> {% - client.test("Response has correct status code", function() { - let expected = 400 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - let expected = '{"error":"MissingCredentials","message":"Email or password is missing"}'; - client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); - }); -%} - -### - -POST http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Movary-Client: RestAPI Test - -{"email" : "wrongEmail", "password" : "wrongPassword"} - -> {% - client.test("Response has correct status code", function() { - let expected = 401 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - let expected = '{"error":"InvalidCredentials","message":"Invalid credentials"}'; - client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); - }); -%} - -### - -POST http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Movary-Client: RestAPI Test - -{"email" : "{{email}}", "password" : "{{password}}"} - -> {% - client.test("Response has correct status code", function() { - let expected = 200 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - client.assert(response.body.hasOwnProperty("authToken") === true, "Response body missing property: authToken"); - client.assert(response.body.user.hasOwnProperty("id") === true, "Response body missing property: user.id"); - client.assert(response.body.user.hasOwnProperty("name") === true, "Response body missing property: user.name"); - client.assert(response.body.user.hasOwnProperty("isAdmin") === true, "Response body missing property: user.isAdmin"); - }); - - client.global.set("responseAuthToken", response.body.authToken); -%} - -### - -GET http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Auth-Token: {{responseAuthToken}} - -> {% - client.test("Response has correct status code", function() { - let expected = 200 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - client.assert(response.body.user.hasOwnProperty("id") === true, "Response body missing property: user.id"); - client.assert(response.body.user.hasOwnProperty("name") === true, "Response body missing property: user.name"); - client.assert(response.body.user.hasOwnProperty("isAdmin") === true, "Response body missing property: user.isAdmin"); - }); -%} - -### - -DELETE http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Auth-Token: {{responseAuthToken}} - -> {% - client.test("Response has correct status code", function() { - let expected = 204 - client.assert(response.status === expected, "Expected status code: " + expected); - }); -%} - -### - -GET http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Auth-Token: {{responseAuthToken}} - -> {% - client.test("Response has correct status code", function() { - let expected = 401 - client.assert(response.status === expected, "Expected status code: " + expected); - }); -%} - -### - -GET http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json - -> {% - client.test("Response has correct status code", function() { - let expectedStatusCode = 400 - let expectedError = "MissingAuthToken"; - client.assert(response.status === expectedStatusCode, "Expected status code: " + expectedStatusCode); - client.assert(response.body.error === expectedError, "Expected error: " + expectedError); - client.assert(response.body.message === 'Authentication token header is missing'); - }); -%} - -### - -DELETE http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json - -> {% - client.test("Response has correct status code", function() { - let expected = 400 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - let expected = '{"error":"MissingAuthToken","message":"Authentication token header is missing"}'; - client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); - }); -%} - -### diff --git a/tests/rest/api/authentication.http b/tests/rest/api/authentication.http index 324ccbab..001610f3 100644 --- a/tests/rest/api/authentication.http +++ b/tests/rest/api/authentication.http @@ -4,7 +4,62 @@ Cache-Control: no-cache Content-Type: application/json X-Movary-Client: RestAPI Test -{"email" : "{{email}}", "password" : "{{password}}", "rememberMe" : 1, "totpCode" : 123456} +{} + +> {% + client.test("Response has correct status code", function() { + let expected = 400 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + let expected = '{"error":"MissingCredentials","message":"Email or password is missing"}'; + client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); + }); +%} + +### + +POST http://127.0.0.1/api/authentication/token +Accept: */* +Cache-Control: no-cache +Content-Type: application/json +X-Movary-Client: RestAPI Test + +{"email" : "wrongEmail", "password" : "wrongPassword"} + +> {% + client.test("Response has correct status code", function() { + let expected = 401 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + let expected = '{"error":"InvalidCredentials","message":"Invalid credentials"}'; + client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); + }); +%} + +### + +POST http://127.0.0.1/api/authentication/token +Accept: */* +Cache-Control: no-cache +Content-Type: application/json +X-Movary-Client: RestAPI Test + +{"email" : "{{email}}", "password" : "{{password}}"} + +> {% + client.test("Response has correct status code", function() { + let expected = 200 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + client.assert(response.body.hasOwnProperty("'userId'") === false, "Response body missing property: userId"); + client.assert(response.body.hasOwnProperty("'authToken'") === false, "Response body missing property: authToken"); + }); + + client.global.set("responseAuthToken", response.body.authToken); +%} ### @@ -12,7 +67,7 @@ GET http://127.0.0.1/api/authentication/token Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} ### @@ -20,5 +75,31 @@ DELETE http://127.0.0.1/api/authentication/token Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Client: RestAPI Test -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{responseAuthToken}} + +> {% + client.test("Response has correct status code", function() { + let expected = 204 + client.assert(response.status === expected, "Expected status code: " + expected); + }); +%} + +### + +DELETE http://127.0.0.1/api/authentication/token +Accept: */* +Cache-Control: no-cache +Content-Type: application/json + +> {% + client.test("Response has correct status code", function() { + let expected = 400 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + let expected = '{"error":"MissingAuthToken","message":"Authentication token header is missing"}'; + client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); + }); +%} + +### diff --git a/tests/rest/api/http-client.env.json b/tests/rest/api/http-client.env.json index 2770a373..a7290f33 100644 --- a/tests/rest/api/http-client.env.json +++ b/tests/rest/api/http-client.env.json @@ -1,7 +1,7 @@ { "testUser": { "username": "testUser", - "xAuthToken": "4f0fbe93e2752932e5700e14ffa49f67", + "xMovaryToken": "4f0fbe93e2752932e5700e14ffa49f67", "email": "testUser@domain.com", "password": "password1234" } diff --git a/tests/rest/api/movie-search.http b/tests/rest/api/movie-search.http index f8bdc8db..5eac7844 100644 --- a/tests/rest/api/movie-search.http +++ b/tests/rest/api/movie-search.http @@ -2,6 +2,6 @@ GET http://127.0.0.1/api/movies/search?search=Matrix&page=1&releaseYear=2012 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### diff --git a/tests/rest/api/user-history.http b/tests/rest/api/user-history.http index 3253c379..cb5845a4 100644 --- a/tests/rest/api/user-history.http +++ b/tests/rest/api/user-history.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/history/movies?search=Matrix&limit=1 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -10,7 +10,7 @@ PUT http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06", "plays" : 1, "comment" : "comment"}] @@ -20,7 +20,7 @@ POST http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06"}] @@ -30,7 +30,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06"}] diff --git a/tests/rest/api/user-played.http b/tests/rest/api/user-played.http index 4d6092a6..e79ca6a7 100644 --- a/tests/rest/api/user-played.http +++ b/tests/rest/api/user-played.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/played/movies?limit=10&sortOrder=des Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -10,7 +10,7 @@ PUT http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { @@ -36,7 +36,7 @@ POST http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { @@ -60,7 +60,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { diff --git a/tests/rest/api/user-watchlist.http b/tests/rest/api/user-watchlist.http index 1a24e1ab..37e63d75 100644 --- a/tests/rest/api/user-watchlist.http +++ b/tests/rest/api/user-watchlist.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -10,7 +10,7 @@ GET http://127.0.0.1/api/users/{{username}}/watchlist/movies?limit=1&page=2 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -18,7 +18,7 @@ POST http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { @@ -32,7 +32,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ {