From d716213eceba4b2a327a2d8fafc0cbd4e10308f7 Mon Sep 17 00:00:00 2001 From: Bubka <858858+Bubka@users.noreply.github.com> Date: Fri, 9 Oct 2020 13:35:03 +0200 Subject: [PATCH] Update and complete phpunit tests --- app/Exceptions/Handler.php | 4 ---- app/Http/Middleware/Authenticate.php | 1 + app/Http/Middleware/LogoutInactiveUser.php | 23 ++++++++++++++-------- tests/Feature/Auth/LoginTest.php | 23 ++++++++++++++++++++++ tests/Unit/ApiExceptionTest.php | 11 ----------- 5 files changed, 39 insertions(+), 23 deletions(-) diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php index 6ca1f035..72bed828 100644 --- a/app/Exceptions/Handler.php +++ b/app/Exceptions/Handler.php @@ -115,10 +115,6 @@ private function customApiResponse($exception, $debug) $response['message'] = 'Unauthorized'; break; - case 403: - $response['message'] = 'Forbidden'; - break; - case 404: $response['message'] = 'Not Found'; break; diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php index a4be5c58..4ff95e92 100644 --- a/app/Http/Middleware/Authenticate.php +++ b/app/Http/Middleware/Authenticate.php @@ -11,6 +11,7 @@ class Authenticate extends Middleware * * @param \Illuminate\Http\Request $request * @return string + * @codeCoverageIgnore */ protected function redirectTo($request) { diff --git a/app/Http/Middleware/LogoutInactiveUser.php b/app/Http/Middleware/LogoutInactiveUser.php index 173ae320..9fa0c814 100644 --- a/app/Http/Middleware/LogoutInactiveUser.php +++ b/app/Http/Middleware/LogoutInactiveUser.php @@ -29,20 +29,27 @@ public function handle($request, Closure $next) $user = Auth::guard('api')->user(); $now = Carbon::now(); - $last_seen = Carbon::parse($user->last_seen_at); - $inactiveFor = $now->diffInMinutes($last_seen); + $inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at)); // Fetch all setting values $settings = Options::get(); - - // If user has been inactivity longer than the allowed inactivity period - if ($settings['kickUserAfter'] > 0 && $inactiveFor > $settings['kickUserAfter']) { + $kickUserAfterXSecond = intval($settings['kickUserAfter']) * 60; + + // If user has been inactive longer than the allowed inactivity period + if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) { + $user->last_seen_at = $now->format('Y-m-d H:i:s'); $user->save(); - - $accessToken = Auth::user()->token(); - $accessToken->revoke(); + + $accessToken = $user->token(); + + // phpunit does not generate token during tests, so we revoke it only if it exists + // @codeCoverageIgnoreStart + if( $accessToken ) { + $accessToken->revoke(); + } + // @codeCoverageIgnoreEnd return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED); } diff --git a/tests/Feature/Auth/LoginTest.php b/tests/Feature/Auth/LoginTest.php index 6c9537ce..4b280a12 100644 --- a/tests/Feature/Auth/LoginTest.php +++ b/tests/Feature/Auth/LoginTest.php @@ -8,6 +8,7 @@ use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; use Illuminate\Auth\RequestGuard; +use Illuminate\Support\Facades\Config; class LoginTest extends TestCase { @@ -173,4 +174,26 @@ public function testUserLogout() ]); } + + /** + * test User logout after inactivity via API + * + * @test + */ + public function testUserLogoutAfterInactivity() + { + // Set the autolock period to 1 minute + $response = $this->actingAs($this->user, 'api') + ->json('POST', '/api/settings/options', [ + 'kickUserAfter' => '1']) + ->assertStatus(200); + + sleep(61); + + // Ping a restricted endpoint to log last_seen_at time + $response = $this->actingAs($this->user, 'api') + ->json('GET', '/api/settings/account') + ->assertStatus(401); + } + } \ No newline at end of file diff --git a/tests/Unit/ApiExceptionTest.php b/tests/Unit/ApiExceptionTest.php index f72a9ca7..648bfa90 100644 --- a/tests/Unit/ApiExceptionTest.php +++ b/tests/Unit/ApiExceptionTest.php @@ -44,17 +44,6 @@ public function test_HTTP_UNAUTHORIZED() } - /** - * test Unauthorized - * - * @test - */ - public function test_HTTP_FORBIDDEN() - { - - } - - /** * test Not Found *