Update and complete phpunit tests

This commit is contained in:
Bubka 2020-10-09 13:35:03 +02:00
parent 342d656724
commit d716213ece
5 changed files with 39 additions and 23 deletions

View File

@ -115,10 +115,6 @@ private function customApiResponse($exception, $debug)
$response['message'] = 'Unauthorized';
break;
case 403:
$response['message'] = 'Forbidden';
break;
case 404:
$response['message'] = 'Not Found';
break;

View File

@ -11,6 +11,7 @@ class Authenticate extends Middleware
*
* @param \Illuminate\Http\Request $request
* @return string
* @codeCoverageIgnore
*/
protected function redirectTo($request)
{

View File

@ -29,20 +29,27 @@ public function handle($request, Closure $next)
$user = Auth::guard('api')->user();
$now = Carbon::now();
$last_seen = Carbon::parse($user->last_seen_at);
$inactiveFor = $now->diffInMinutes($last_seen);
$inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at));
// Fetch all setting values
$settings = Options::get();
// If user has been inactivity longer than the allowed inactivity period
if ($settings['kickUserAfter'] > 0 && $inactiveFor > $settings['kickUserAfter']) {
$kickUserAfterXSecond = intval($settings['kickUserAfter']) * 60;
// If user has been inactive longer than the allowed inactivity period
if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
$user->last_seen_at = $now->format('Y-m-d H:i:s');
$user->save();
$accessToken = Auth::user()->token();
$accessToken->revoke();
$accessToken = $user->token();
// phpunit does not generate token during tests, so we revoke it only if it exists
// @codeCoverageIgnoreStart
if( $accessToken ) {
$accessToken->revoke();
}
// @codeCoverageIgnoreEnd
return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED);
}

View File

@ -8,6 +8,7 @@
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Auth\RequestGuard;
use Illuminate\Support\Facades\Config;
class LoginTest extends TestCase
{
@ -173,4 +174,26 @@ public function testUserLogout()
]);
}
/**
* test User logout after inactivity via API
*
* @test
*/
public function testUserLogoutAfterInactivity()
{
// Set the autolock period to 1 minute
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/settings/options', [
'kickUserAfter' => '1'])
->assertStatus(200);
sleep(61);
// Ping a restricted endpoint to log last_seen_at time
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/settings/account')
->assertStatus(401);
}
}

View File

@ -44,17 +44,6 @@ public function test_HTTP_UNAUTHORIZED()
}
/**
* test Unauthorized
*
* @test
*/
public function test_HTTP_FORBIDDEN()
{
}
/**
* test Not Found
*