1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2023 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\Middleware; 21 22use Fig\Http\Message\StatusCodeInterface; 23use Fisharebest\Webtrees\Contracts\UserInterface; 24use Fisharebest\Webtrees\GuestUser; 25use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; 26use Fisharebest\Webtrees\TestCase; 27use Fisharebest\Webtrees\Tree; 28use Fisharebest\Webtrees\User; 29use Psr\Http\Server\RequestHandlerInterface; 30 31use function response; 32 33/** 34 * Test the AuthModerator middleware. 35 * 36 * @covers \Fisharebest\Webtrees\Http\Middleware\AuthModerator 37 */ 38class AuthModeratorTest extends TestCase 39{ 40 public function testAllowed(): void 41 { 42 $handler = $this->createMock(RequestHandlerInterface::class); 43 $handler->method('handle')->willReturn(response('lorem ipsum')); 44 45 $user = $this->createMock(User::class); 46 $user->method('getPreference')->with(UserInterface::PREF_IS_ADMINISTRATOR)->willReturn(''); 47 48 $tree = $this->createMock(Tree::class); 49 $tree->method('getUserPreference')->with($user, UserInterface::PREF_TREE_ROLE)->willReturn(UserInterface::ROLE_MODERATOR); 50 51 $request = self::createRequest()->withAttribute('tree', $tree)->withAttribute('user', $user); 52 $middleware = new AuthModerator(); 53 $response = $middleware->process($request, $handler); 54 55 self::assertSame(StatusCodeInterface::STATUS_OK, $response->getStatusCode()); 56 self::assertSame('lorem ipsum', (string) $response->getBody()); 57 } 58 59 public function testNotAllowed(): void 60 { 61 $this->expectException(HttpAccessDeniedException::class); 62 $this->expectExceptionMessage('You do not have permission to view this page.'); 63 64 $handler = $this->createMock(RequestHandlerInterface::class); 65 $handler->method('handle')->willReturn(response('lorem ipsum')); 66 67 $user = $this->createMock(User::class); 68 $user->method('getPreference')->with(UserInterface::PREF_IS_ADMINISTRATOR)->willReturn(''); 69 70 $tree = $this->createMock(Tree::class); 71 $tree->method('getUserPreference')->with($user, UserInterface::PREF_TREE_ROLE)->willReturn(UserInterface::ROLE_EDITOR); 72 73 $request = self::createRequest()->withAttribute('tree', $tree)->withAttribute('user', $user); 74 $middleware = new AuthModerator(); 75 76 $middleware->process($request, $handler); 77 } 78 79 public function testNotLoggedIn(): void 80 { 81 $handler = $this->createMock(RequestHandlerInterface::class); 82 $handler->method('handle')->willReturn(response('lorem ipsum')); 83 84 $tree = $this->createMock(Tree::class); 85 86 $request = self::createRequest()->withAttribute('tree', $tree)->withAttribute('user', new GuestUser()); 87 $middleware = new AuthModerator(); 88 $response = $middleware->process($request, $handler); 89 90 self::assertSame(StatusCodeInterface::STATUS_FOUND, $response->getStatusCode()); 91 } 92} 93