Geek Answers Handbook

Authorization header does not go through Codeception API testing

I am trying to test my Laravel 4 REST API using Codeception, but when I try to send through my authorization header (using the $ I-> amBearerAuthenticated () function of the REST module), it does not bring up a possible request.

From what I see, the Symfony2 BrowserKit module modifies any headers added to the HTTP_XXX_XXX format, so the sent header seems to be HTTP_AUTHORIZATION - when I output the received headers in my application, however, neither authorization nor HTTP_AUTHORIZATION is present.

If this helps, here is my Codeception test:

public function loginAndHitProtectedPage(ApiTester $I) { $I->wantTo('login and successfully get to a protected page'); $I->sendPOST('/auth/login', ['username' => 'user1', 'password' => 'pass']); $I->seeResponseIsJson(); $token = $I->grabDataFromJsonResponse('token'); $I->amBearerAuthenticated($token); $I->sendGET('/runs'); $I->seeResponseCodeIs(200); $I->seeResponseIsJson(); $I->dontSeeResponseContains('error'); }

Headers sent according to BrowserKit (output $this->client->getInternalRequest()->getServer() in the REST module):

 HTTP_HOST : localhost HTTP_USER_AGENT : Symfony2 BrowserKit HTTP_AUTHORIZATION : Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3RcL2F1dGhcL2xvZ2luIiwic3ViIjoxLCJpYXQiOjE0MjE3ODY0NDEsImV4cCI6MTQyMTg3Mjg0MX0.XxxxZMe8gwF9GS8CdKsh5coNQer1c6G6prK05QJEmDQ HTTP_REFERER : http://localhost/auth/login HTTPS : false

Headers obtained according to PHP:

 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: en-us,en;q=0.5 Content-Type: application/x-www-form-urlencoded Host: localhost Referer: http://localhost/auth/login User-Agent: Symfony2 BrowserKit

The token is received correctly, but my API (correctly) returns 401 in the GET request, because it does not receive the token.

Any help would be greatly appreciated!

+7
php authorization laravel codeception bearer-token
source share
3 answers

After some digging into the guts of Laravel and Codeception, I found that the problem was that I was using the Laravel4 module at the same time as the REST module. I did not understand that using Laravel4 for HTTP requests actually just simulates a route request within the same session, and therefore my JWTAuth object was only allowed from the IOC container when I first called REST in any particular test. This meant that during subsequent calls, the request (including headers) from the first call was saved and, therefore, the authorization header (which at that moment passed through the Request object correctly) was not seen.

I really only used the Laravel4 module to set my environment to β€œtest” and make sure my filters are running in that environment, so now I just need to figure out another way to install this without changing my bootstrap / start.php every time I I want to run my tests.

+2
source share

I am using Laravel 5 (no big differences from L4) and REST modules. This is exactly how I am doing it right now:

 protected $token; public function _before(ApiTester $I) { $user = TestDummy(...); $I->sendPOST('/v1/auth/login', [ 'email' => $user->email, 'password' => $user->password ]); $this->token = $I->grabDataFromResponseByJsonPath('$.token'); }

Then in my tests:

 // Do stuff ... $I->amBearerAuthenticated($this->token[0]); // Do more stuff ...

I am sure there are better ways to do this, but until I find the best, it works.

+4
source share

There is a workaround. Using $I->amHttpAuthenticated("test", "test") makes the Authorization: header permanent. Not sure if this is a bug or feature. Instead, manually create an Authorization: Basic header to remove it before setting the Authorization: Bearer header.

 $I = new ApiTester($scenario); $I->wantTo("fetch token and use it as bearer"); /* This does not work. */ /* $I->amHttpAuthenticated("test", "test"); */ /* Instead use this. */ $I->setHeader("Authorization", "Basic dGVzdDp0ZXN0"); $I->haveHttpHeader("Content-Type", "application/json"); $I->sendPOST("token", ["read", "write"]); $I->seeResponseCodeIs(201); $I->seeResponseIsJson(); $I->seeResponseContainsJson(["status" => "ok"]); $token = $I->grabDataFromJsonResponse("token"); /* Delete the basic auth header before adding bearer. */ $I->deleteHeader("Authorization"); $I->amBearerAuthenticated($token);
+4
source share

More articles:


All Articles