api keys, validation and test
This commit is contained in:
parent
8bca5cd13e
commit
8013276515
2 changed files with 65 additions and 16 deletions
|
@ -266,9 +266,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons
|
||||||
if (!empty($authKey)) { // API Key authentication
|
if (!empty($authKey)) { // API Key authentication
|
||||||
// Check if given key match project API keys
|
// Check if given key match project API keys
|
||||||
$key = $project->find('secret', $authKey, 'keys');
|
$key = $project->find('secret', $authKey, 'keys');
|
||||||
var_dump($project->getAttribute('keys'));
|
|
||||||
var_dump($authKey);
|
|
||||||
var_dump($key);
|
|
||||||
/*
|
/*
|
||||||
* Try app auth when we have project key and no user
|
* Try app auth when we have project key and no user
|
||||||
* Mock user to app and grant API key scopes in addition to default app scopes
|
* Mock user to app and grant API key scopes in addition to default app scopes
|
||||||
|
@ -286,11 +284,11 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons
|
||||||
$role = Auth::USER_ROLE_APP;
|
$role = Auth::USER_ROLE_APP;
|
||||||
$scopes = \array_merge($roles[$role]['scopes'], $key->getAttribute('scopes', []));
|
$scopes = \array_merge($roles[$role]['scopes'], $key->getAttribute('scopes', []));
|
||||||
|
|
||||||
|
$expire = $key->getAttribute('expire', 0);
|
||||||
|
|
||||||
//$expire = $key->getAttribute('expire', 0);
|
if($expire !== 0 && $expire < \time()){
|
||||||
// if($expire !== 0 && $expire < \time()){
|
throw new Exception('Project key expired', 401, Exception:: PROJECT_KEY_EXPIRED);
|
||||||
//throw new Exception('Project key expired', 401, Exception:: PROJECT_KEY_EXPIRED);
|
}
|
||||||
//}
|
|
||||||
|
|
||||||
Authorization::setRole('role:'.Auth::USER_ROLE_APP);
|
Authorization::setRole('role:'.Auth::USER_ROLE_APP);
|
||||||
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
|
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
|
||||||
|
|
|
@ -1055,7 +1055,6 @@ class ProjectsConsoleClientTest extends Scope
|
||||||
], $this->getHeaders()), [
|
], $this->getHeaders()), [
|
||||||
'name' => 'Key Test',
|
'name' => 'Key Test',
|
||||||
'scopes' => ['teams.read', 'teams.write'],
|
'scopes' => ['teams.read', 'teams.write'],
|
||||||
'expire' => time()-3600,
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$this->assertEquals(201, $response['headers']['status-code']);
|
$this->assertEquals(201, $response['headers']['status-code']);
|
||||||
|
@ -1099,6 +1098,7 @@ class ProjectsConsoleClientTest extends Scope
|
||||||
'x-appwrite-project' => $this->getProject()['$id'],
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
], $this->getHeaders()), []);
|
], $this->getHeaders()), []);
|
||||||
|
|
||||||
|
|
||||||
$this->assertEquals(200, $response['headers']['status-code']);
|
$this->assertEquals(200, $response['headers']['status-code']);
|
||||||
$this->assertEquals(1, $response['body']['total']);
|
$this->assertEquals(1, $response['body']['total']);
|
||||||
|
|
||||||
|
@ -1121,6 +1121,7 @@ class ProjectsConsoleClientTest extends Scope
|
||||||
$response = $this->client->call(Client::METHOD_GET, '/projects/' . $id . '/keys/' . $keyId, array_merge([
|
$response = $this->client->call(Client::METHOD_GET, '/projects/' . $id . '/keys/' . $keyId, array_merge([
|
||||||
'content-type' => 'application/json',
|
'content-type' => 'application/json',
|
||||||
'x-appwrite-project' => $this->getProject()['$id'],
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
|
'x-appwrite-key' => $keyId
|
||||||
], $this->getHeaders()), []);
|
], $this->getHeaders()), []);
|
||||||
|
|
||||||
$this->assertEquals(200, $response['headers']['status-code']);
|
$this->assertEquals(200, $response['headers']['status-code']);
|
||||||
|
@ -1146,22 +1147,72 @@ class ProjectsConsoleClientTest extends Scope
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @depends testCreateProjectKey
|
* @depends testCreateProject
|
||||||
*/
|
*/
|
||||||
public function testValidateProjectKey($data): void
|
public function testValidateProjectKey($data): void
|
||||||
{
|
{
|
||||||
$id = $data['projectId'] ?? '';
|
$id = $data['projectId'] ?? '';
|
||||||
$secret = $data['secret'] ?? '';
|
|
||||||
|
|
||||||
$response = $this->client->call(Client::METHOD_GET, '/projects/' . $id , array_merge([
|
/**
|
||||||
|
* Test for SUCCESS
|
||||||
|
*/
|
||||||
|
$response = $this->client->call(Client::METHOD_POST, '/projects/' . $id . '/keys', array_merge([
|
||||||
'content-type' => 'application/json',
|
'content-type' => 'application/json',
|
||||||
'x-appwrite-project' => $this->getProject()['$id'],
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
'x-appwrite-key' => $secret
|
], $this->getHeaders()), [
|
||||||
], $this->getHeaders()), []);
|
'name' => 'Key Test',
|
||||||
|
'scopes' => ['health.read'],
|
||||||
|
'expire' => time()+3600,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->client->call(Client::METHOD_GET, '/health' , [
|
||||||
|
'content-type' => 'application/json',
|
||||||
|
'x-appwrite-project' => $id,
|
||||||
|
'x-appwrite-key' => $response['body']['secret']
|
||||||
|
], []);
|
||||||
|
|
||||||
|
$this->assertEquals(200, $response['headers']['status-code']);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test for SUCCESS
|
||||||
|
*/
|
||||||
|
$response = $this->client->call(Client::METHOD_POST, '/projects/' . $id . '/keys', array_merge([
|
||||||
|
'content-type' => 'application/json',
|
||||||
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
|
], $this->getHeaders()), [
|
||||||
|
'name' => 'Key Test',
|
||||||
|
'scopes' => ['health.read'],
|
||||||
|
'expire' => 0,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->client->call(Client::METHOD_GET, '/health' , [
|
||||||
|
'content-type' => 'application/json',
|
||||||
|
'x-appwrite-project' => $id,
|
||||||
|
'x-appwrite-key' => $response['body']['secret']
|
||||||
|
], []);
|
||||||
|
|
||||||
|
$this->assertEquals(200, $response['headers']['status-code']);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test for FAILURE
|
||||||
|
*/
|
||||||
|
$response = $this->client->call(Client::METHOD_POST, '/projects/' . $id . '/keys', array_merge([
|
||||||
|
'content-type' => 'application/json',
|
||||||
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
|
], $this->getHeaders()), [
|
||||||
|
'name' => 'Key Test',
|
||||||
|
'scopes' => ['health.read'],
|
||||||
|
'expire' => time()-3600,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->client->call(Client::METHOD_GET, '/health' , [
|
||||||
|
'content-type' => 'application/json',
|
||||||
|
'x-appwrite-project' => $id,
|
||||||
|
'x-appwrite-key' => $response['body']['secret']
|
||||||
|
], []);
|
||||||
|
|
||||||
|
$this->assertEquals(401, $response['headers']['status-code']);
|
||||||
|
|
||||||
//var_dump($id);
|
|
||||||
//var_dump($secret);
|
|
||||||
exit;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue