From b1ffe383058c3b59b31f748e8d3ad57ed6b251ba Mon Sep 17 00:00:00 2001 From: JVT038 <47184046+JVT038@users.noreply.github.com> Date: Tue, 27 Feb 2024 16:55:17 +0100 Subject: [PATCH 1/3] Changed header to `X-Movary-Token` and moved the contents of `authentication.assert.http` to `authentication.http` Signed-off-by: JVT038 <47184046+JVT038@users.noreply.github.com> --- docs/openapi.json | 8 +- src/Domain/User/Service/Authentication.php | 2 +- .../Api/AuthenticationController.php | 2 +- tests/rest/api/authentication.assert.http | 97 ------------------- tests/rest/api/authentication.http | 87 ++++++++++++++++- tests/rest/api/movie-search.http | 2 +- tests/rest/api/user-history.http | 8 +- tests/rest/api/user-played.http | 8 +- tests/rest/api/user-watchlist.http | 8 +- 9 files changed, 103 insertions(+), 119 deletions(-) delete mode 100644 tests/rest/api/authentication.assert.http diff --git a/docs/openapi.json b/docs/openapi.json index bb676856..dc1f2df2 100644 --- a/docs/openapi.json +++ b/docs/openapi.json @@ -1071,7 +1071,7 @@ "tags": [ "Authentication" ], - "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Auth-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.", + "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Movary-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.", "parameters": [ { "in": "header", @@ -1156,11 +1156,11 @@ "tags": [ "Authentication" ], - "description": "Delete the authentication token provided in the X-Auth-Token header value.", + "description": "Delete the authentication token provided in the X-Movary-Token header value.", "parameters": [ { "in": "header", - "name": "X-Auth-Token", + "name": "X-Movary-Token", "schema": { "type": "string" }, @@ -1397,7 +1397,7 @@ "securitySchemes": { "token": { "type": "apiKey", - "name": "X-Auth-Token", + "name": "X-Movary-Token", "in": "header" }, "cookie": { diff --git a/src/Domain/User/Service/Authentication.php b/src/Domain/User/Service/Authentication.php index 4eb2c3bf..2aa50d1b 100644 --- a/src/Domain/User/Service/Authentication.php +++ b/src/Domain/User/Service/Authentication.php @@ -105,7 +105,7 @@ public function getToken() : ?string public function getUserIdByApiToken(Request $request) : ?int { - $apiToken = $request->getHeaders()['X-Auth-Token'] ?? filter_input(INPUT_COOKIE, self::AUTHENTICATION_COOKIE_NAME) ?? null; + $apiToken = $request->getHeaders()['X-Movary-Token'] ?? filter_input(INPUT_COOKIE, self::AUTHENTICATION_COOKIE_NAME) ?? null; if ($apiToken === null) { return null; } diff --git a/src/HttpController/Api/AuthenticationController.php b/src/HttpController/Api/AuthenticationController.php index f1687c0c..e49ff054 100644 --- a/src/HttpController/Api/AuthenticationController.php +++ b/src/HttpController/Api/AuthenticationController.php @@ -99,7 +99,7 @@ public function destroyToken(Request $request) : Response return Response::CreateNoContent(); } - $apiToken = $request->getHeaders()['X-Auth-Token'] ?? null; + $apiToken = $request->getHeaders()['X-Movary-Token'] ?? null; if ($apiToken === null) { return Response::createBadRequest( Json::encode([ diff --git a/tests/rest/api/authentication.assert.http b/tests/rest/api/authentication.assert.http deleted file mode 100644 index 96c5fcf4..00000000 --- a/tests/rest/api/authentication.assert.http +++ /dev/null @@ -1,97 +0,0 @@ -POST http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Movary-Client: RestAPI Test - -{} - -> {% - client.test("Response has correct status code", function() { - let expected = 400 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - let expected = '{"error":"MissingCredentials","message":"Email or password is missing"}'; - client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); - }); -%} - -### - -POST http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Movary-Client: RestAPI Test - -{"email" : "wrongEmail", "password" : "wrongPassword"} - -> {% - client.test("Response has correct status code", function() { - let expected = 401 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - let expected = '{"error":"InvalidCredentials","message":"Invalid credentials"}'; - client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); - }); -%} - -### - -POST http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Movary-Client: RestAPI Test - -{"email" : "{{email}}", "password" : "{{password}}"} - -> {% - client.test("Response has correct status code", function() { - let expected = 200 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - client.assert(response.body.hasOwnProperty("'userId'") === false, "Response body missing property: userId"); - client.assert(response.body.hasOwnProperty("'authToken'") === false, "Response body missing property: authToken"); - }); - - client.global.set("responseAuthToken", response.body.authToken); -%} - -### - -DELETE http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json -X-Auth-Token: {{responseAuthToken}} - -> {% - client.test("Response has correct status code", function() { - let expected = 204 - client.assert(response.status === expected, "Expected status code: " + expected); - }); -%} - -### - -DELETE http://127.0.0.1/api/authentication/token -Accept: */* -Cache-Control: no-cache -Content-Type: application/json - -> {% - client.test("Response has correct status code", function() { - let expected = 400 - client.assert(response.status === expected, "Expected status code: " + expected); - }); - client.test("Response has correct body", function() { - let expected = '{"error":"MissingAuthToken","message":"Authentication token to delete in headers missing"}'; - client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); - }); -%} - -### diff --git a/tests/rest/api/authentication.http b/tests/rest/api/authentication.http index 9e2d2a5e..b3e861a2 100644 --- a/tests/rest/api/authentication.http +++ b/tests/rest/api/authentication.http @@ -4,13 +4,94 @@ Cache-Control: no-cache Content-Type: application/json X-Movary-Client: RestAPI Test -{"email" : "{{email}}", "password" : "{{password}}", "rememberMe" : 1, "totpCode" : 123456} +{} + +> {% + client.test("Response has correct status code", function() { + let expected = 400 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + let expected = '{"error":"MissingCredentials","message":"Email or password is missing"}'; + client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); + }); +%} ### -DELETE http://127.0.0.1/api/authentication/token +POST http://127.0.0.1/api/authentication/token Accept: */* Cache-Control: no-cache Content-Type: application/json X-Movary-Client: RestAPI Test -X-Auth-Token: {{xAuthToken}} + +{"email" : "wrongEmail", "password" : "wrongPassword"} + +> {% + client.test("Response has correct status code", function() { + let expected = 401 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + let expected = '{"error":"InvalidCredentials","message":"Invalid credentials"}'; + client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); + }); +%} + +### + +POST http://127.0.0.1/api/authentication/token +Accept: */* +Cache-Control: no-cache +Content-Type: application/json +X-Movary-Client: RestAPI Test + +{"email" : "{{email}}", "password" : "{{password}}"} + +> {% + client.test("Response has correct status code", function() { + let expected = 200 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + client.assert(response.body.hasOwnProperty("'userId'") === false, "Response body missing property: userId"); + client.assert(response.body.hasOwnProperty("'authToken'") === false, "Response body missing property: authToken"); + }); + + client.global.set("responseAuthToken", response.body.authToken); +%} + +### + +DELETE http://127.0.0.1/api/authentication/token +Accept: */* +Cache-Control: no-cache +Content-Type: application/json +X-Movary-Token: {{responseAuthToken}} + +> {% + client.test("Response has correct status code", function() { + let expected = 204 + client.assert(response.status === expected, "Expected status code: " + expected); + }); +%} + +### + +DELETE http://127.0.0.1/api/authentication/token +Accept: */* +Cache-Control: no-cache +Content-Type: application/json + +> {% + client.test("Response has correct status code", function() { + let expected = 400 + client.assert(response.status === expected, "Expected status code: " + expected); + }); + client.test("Response has correct body", function() { + let expected = '{"error":"MissingAuthToken","message":"Authentication token to delete in headers missing"}'; + client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); + }); +%} + +### diff --git a/tests/rest/api/movie-search.http b/tests/rest/api/movie-search.http index f8bdc8db..dec7db83 100644 --- a/tests/rest/api/movie-search.http +++ b/tests/rest/api/movie-search.http @@ -2,6 +2,6 @@ GET http://127.0.0.1/api/movies/search?search=Matrix&page=1&releaseYear=2012 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} #### diff --git a/tests/rest/api/user-history.http b/tests/rest/api/user-history.http index 3253c379..93245b5f 100644 --- a/tests/rest/api/user-history.http +++ b/tests/rest/api/user-history.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/history/movies?search=Matrix&limit=1 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} #### @@ -10,7 +10,7 @@ PUT http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06", "plays" : 1, "comment" : "comment"}] @@ -20,7 +20,7 @@ POST http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06"}] @@ -30,7 +30,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06"}] diff --git a/tests/rest/api/user-played.http b/tests/rest/api/user-played.http index 4d6092a6..7c508c90 100644 --- a/tests/rest/api/user-played.http +++ b/tests/rest/api/user-played.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/played/movies?limit=10&sortOrder=des Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} #### @@ -10,7 +10,7 @@ PUT http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [ { @@ -36,7 +36,7 @@ POST http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [ { @@ -60,7 +60,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [ { diff --git a/tests/rest/api/user-watchlist.http b/tests/rest/api/user-watchlist.http index 1a24e1ab..24adadbe 100644 --- a/tests/rest/api/user-watchlist.http +++ b/tests/rest/api/user-watchlist.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} #### @@ -10,7 +10,7 @@ GET http://127.0.0.1/api/users/{{username}}/watchlist/movies?limit=1&page=2 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} #### @@ -18,7 +18,7 @@ POST http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [ { @@ -32,7 +32,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} [ { From dcd683ed3eb1263867dca6489dc3156e35d255a2 Mon Sep 17 00:00:00 2001 From: JVT038 <47184046+JVT038@users.noreply.github.com> Date: Tue, 27 Feb 2024 20:56:37 +0100 Subject: [PATCH 2/3] Fix the tests and merge conflicts with main Signed-off-by: JVT038 <47184046+JVT038@users.noreply.github.com> --- docs/openapi.json | 6 +++--- src/Domain/User/Service/Authentication.php | 2 +- tests/rest/api/authentication.http | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/openapi.json b/docs/openapi.json index 054263f9..0ba8eb00 100644 --- a/docs/openapi.json +++ b/docs/openapi.json @@ -1076,7 +1076,7 @@ "parameters": [ { "in": "header", - "name": "X-Auth-Token", + "name": "X-Movary-Token", "schema": { "type": "string" }, @@ -1131,7 +1131,7 @@ "Authentication" ], "summary": "Create authentication token", - "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Auth-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.", + "description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Movary-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.", "parameters": [ { "in": "header", @@ -1230,7 +1230,7 @@ "Authentication" ], "summary": "Delete authentication token", - "description": "Delete the authentication token provided in the X-Auth-Token header value.", + "description": "Delete the authentication token provided in the X-Movary-Token header value.", "parameters": [ { "in": "header", diff --git a/src/Domain/User/Service/Authentication.php b/src/Domain/User/Service/Authentication.php index 0d03aeb8..9de9cf7c 100644 --- a/src/Domain/User/Service/Authentication.php +++ b/src/Domain/User/Service/Authentication.php @@ -105,7 +105,7 @@ public function getToken(Request $request) : ?string return $tokenInCookie; } - return $request->getHeaders()['X-Auth-Token'] ?? null; + return $request->getHeaders()['X-Movary-Token'] ?? null; } public function getUserIdByApiToken(Request $request) : ?int diff --git a/tests/rest/api/authentication.http b/tests/rest/api/authentication.http index a54a351f..b946566f 100644 --- a/tests/rest/api/authentication.http +++ b/tests/rest/api/authentication.http @@ -67,7 +67,7 @@ GET http://127.0.0.1/api/authentication/token Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Auth-Token: {{xAuthToken}} +X-Movary-Token: {{xAuthToken}} ### @@ -97,7 +97,7 @@ Content-Type: application/json client.assert(response.status === expected, "Expected status code: " + expected); }); client.test("Response has correct body", function() { - let expected = '{"error":"MissingAuthToken","message":"Authentication token to delete in headers missing"}'; + let expected = '{"error":"MissingAuthToken","message":"Authentication token header is missing"}'; client.assert(JSON.stringify(response.body) === expected, "Expected response body: " + expected); }); %} From 1e96bc0f3764f0e364ca8932dbe2400940a82ffc Mon Sep 17 00:00:00 2001 From: Lee Peuker Date: Wed, 28 Feb 2024 08:26:59 +0100 Subject: [PATCH 3/3] Fix auth token naming in rest tests --- tests/rest/api/authentication.assert.http | 0 tests/rest/api/authentication.http | 2 +- tests/rest/api/http-client.env.json | 2 +- tests/rest/api/movie-search.http | 2 +- tests/rest/api/user-history.http | 8 ++++---- tests/rest/api/user-played.http | 8 ++++---- tests/rest/api/user-watchlist.http | 8 ++++---- 7 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 tests/rest/api/authentication.assert.http diff --git a/tests/rest/api/authentication.assert.http b/tests/rest/api/authentication.assert.http deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/rest/api/authentication.http b/tests/rest/api/authentication.http index b946566f..001610f3 100644 --- a/tests/rest/api/authentication.http +++ b/tests/rest/api/authentication.http @@ -67,7 +67,7 @@ GET http://127.0.0.1/api/authentication/token Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} ### diff --git a/tests/rest/api/http-client.env.json b/tests/rest/api/http-client.env.json index 2770a373..a7290f33 100644 --- a/tests/rest/api/http-client.env.json +++ b/tests/rest/api/http-client.env.json @@ -1,7 +1,7 @@ { "testUser": { "username": "testUser", - "xAuthToken": "4f0fbe93e2752932e5700e14ffa49f67", + "xMovaryToken": "4f0fbe93e2752932e5700e14ffa49f67", "email": "testUser@domain.com", "password": "password1234" } diff --git a/tests/rest/api/movie-search.http b/tests/rest/api/movie-search.http index dec7db83..5eac7844 100644 --- a/tests/rest/api/movie-search.http +++ b/tests/rest/api/movie-search.http @@ -2,6 +2,6 @@ GET http://127.0.0.1/api/movies/search?search=Matrix&page=1&releaseYear=2012 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### diff --git a/tests/rest/api/user-history.http b/tests/rest/api/user-history.http index 93245b5f..cb5845a4 100644 --- a/tests/rest/api/user-history.http +++ b/tests/rest/api/user-history.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/history/movies?search=Matrix&limit=1 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -10,7 +10,7 @@ PUT http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06", "plays" : 1, "comment" : "comment"}] @@ -20,7 +20,7 @@ POST http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06"}] @@ -30,7 +30,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/history/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [{"movaryId" : 1, "watchedAt" : "2011-05-06"}] diff --git a/tests/rest/api/user-played.http b/tests/rest/api/user-played.http index 7c508c90..e79ca6a7 100644 --- a/tests/rest/api/user-played.http +++ b/tests/rest/api/user-played.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/played/movies?limit=10&sortOrder=des Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -10,7 +10,7 @@ PUT http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { @@ -36,7 +36,7 @@ POST http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { @@ -60,7 +60,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/played/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { diff --git a/tests/rest/api/user-watchlist.http b/tests/rest/api/user-watchlist.http index 24adadbe..37e63d75 100644 --- a/tests/rest/api/user-watchlist.http +++ b/tests/rest/api/user-watchlist.http @@ -2,7 +2,7 @@ GET http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -10,7 +10,7 @@ GET http://127.0.0.1/api/users/{{username}}/watchlist/movies?limit=1&page=2 Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} #### @@ -18,7 +18,7 @@ POST http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ { @@ -32,7 +32,7 @@ DELETE http://127.0.0.1/api/users/{{username}}/watchlist/movies Accept: */* Cache-Control: no-cache Content-Type: application/json -X-Movary-Token: {{xAuthToken}} +X-Movary-Token: {{xMovaryToken}} [ {