extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-01-11 16:58:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update and complete phpunit tests

Browse Source
This commit is contained in:
Bubka 2020-10-09 13:35:03 +02:00
parent 342d656724
commit d716213ece
5 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Exceptions/Handler.php
View File

@ -115,10 +115,6 @@ private function customApiResponse($exception, $debug)
$response['message'] = 'Unauthorized'; $response['message'] = 'Unauthorized';
break; break;
case 403:
$response['message'] = 'Forbidden';
break;
case 404: case 404:
$response['message'] = 'Not Found'; $response['message'] = 'Not Found';
break; break;

1
app/Http/Middleware/Authenticate.php
View File

@ -11,6 +11,7 @@ class Authenticate extends Middleware
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return string * @return string
* @codeCoverageIgnore
*/ */
protected function redirectTo($request) protected function redirectTo($request)
{ {

23
app/Http/Middleware/LogoutInactiveUser.php
View File

@ -29,20 +29,27 @@ public function handle($request, Closure $next)
$user = Auth::guard('api')->user(); $user = Auth::guard('api')->user();
$now = Carbon::now(); $now = Carbon::now();
$last_seen = Carbon::parse($user->last_seen_at); $inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at));
$inactiveFor = $now->diffInMinutes($last_seen);
// Fetch all setting values // Fetch all setting values
$settings = Options::get(); $settings = Options::get();
// If user has been inactivity longer than the allowed inactivity period
if ($settings['kickUserAfter'] > 0 && $inactiveFor > $settings['kickUserAfter']) {
$kickUserAfterXSecond = intval($settings['kickUserAfter']) * 60;
// If user has been inactive longer than the allowed inactivity period
if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
$user->last_seen_at = $now->format('Y-m-d H:i:s'); $user->last_seen_at = $now->format('Y-m-d H:i:s');
$user->save(); $user->save();
$accessToken = Auth::user()->token(); $accessToken = $user->token();
$accessToken->revoke();
// phpunit does not generate token during tests, so we revoke it only if it exists
// @codeCoverageIgnoreStart
if( $accessToken ) {
$accessToken->revoke();
}
// @codeCoverageIgnoreEnd
return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED); return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED);
} }

23
tests/Feature/Auth/LoginTest.php
View File

@ -8,6 +8,7 @@
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
use Illuminate\Auth\RequestGuard; use Illuminate\Auth\RequestGuard;
use Illuminate\Support\Facades\Config;
class LoginTest extends TestCase class LoginTest extends TestCase
{ {
@ -173,4 +174,26 @@ public function testUserLogout()
]); ]);
} }
/**
* test User logout after inactivity via API
*
* @test
*/
public function testUserLogoutAfterInactivity()
{
// Set the autolock period to 1 minute
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/settings/options', [
'kickUserAfter' => '1'])
->assertStatus(200);
sleep(61);
// Ping a restricted endpoint to log last_seen_at time
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/settings/account')
->assertStatus(401);
}
} }

11
tests/Unit/ApiExceptionTest.php
View File

@ -44,17 +44,6 @@ public function test_HTTP_UNAUTHORIZED()
} }
/**
* test Unauthorized
*
* @test
*/
public function test_HTTP_FORBIDDEN()
{
}
/** /**
* test Not Found * test Not Found
* *