Files
breadcrumb-the-shire/tests/Http/ApiAuthTest.php
fs 25370a1a55 add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00

70 lines
2.1 KiB
PHP

<?php
namespace MintyPHP\Tests\Http;
use MintyPHP\Http\ApiAuth;
use PHPUnit\Framework\TestCase;
class ApiAuthTest extends TestCase
{
private array $serverBackup = [];
protected function setUp(): void
{
$this->serverBackup = $_SERVER;
}
protected function tearDown(): void
{
$_SERVER = $this->serverBackup;
}
public function testExtractsValidBearerToken(): void
{
$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer abc123def456';
unset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
$this->assertSame('abc123def456', ApiAuth::extractBearerToken());
}
public function testReturnsEmptyStringWhenNoHeader(): void
{
unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
$this->assertSame('', ApiAuth::extractBearerToken());
}
public function testReturnsEmptyStringForNonBearerScheme(): void
{
$_SERVER['HTTP_AUTHORIZATION'] = 'Basic dXNlcjpwYXNz';
unset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
$this->assertSame('', ApiAuth::extractBearerToken());
}
public function testReturnsEmptyStringForBearerWithNoToken(): void
{
$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer ';
unset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
$this->assertSame('', ApiAuth::extractBearerToken());
}
public function testFallsBackToRedirectHeader(): void
{
unset($_SERVER['HTTP_AUTHORIZATION']);
$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Bearer fallback_token';
$this->assertSame('fallback_token', ApiAuth::extractBearerToken());
}
public function testIsCaseInsensitiveForBearerScheme(): void
{
$_SERVER['HTTP_AUTHORIZATION'] = 'bearer lowercase_token';
unset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
$this->assertSame('lowercase_token', ApiAuth::extractBearerToken());
}
public function testTrimsWhitespaceFromToken(): void
{
$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer token_with_spaces ';
unset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
$this->assertSame('token_with_spaces', ApiAuth::extractBearerToken());
}
}