1
0
Files
breadcrumb-the-shire/tests/Service/Settings/SettingsApiPolicyGatewayTest.php
2026-03-19 20:32:34 +01:00

120 lines
4.9 KiB
PHP

<?php
namespace MintyPHP\Tests\Service\Settings;
use MintyPHP\Repository\Settings\SettingRepositoryInterface;
use MintyPHP\Service\Settings\SettingsApiPolicyGateway;
use MintyPHP\Service\Settings\SettingsMetadataGateway;
use PHPUnit\Framework\TestCase;
class SettingsApiPolicyGatewayTest extends TestCase
{
public function testSetApiTokenDefaultTtlDaysRejectsAboveCurrentMax(): void
{
$settings = $this->createMock(SettingRepositoryInterface::class);
$settings->method('getValue')->willReturnCallback(static function (string $key): ?string {
if ($key === 'api_token_max_ttl_days') {
return '30';
}
return null;
});
$settings->expects($this->never())->method('set');
$gateway = new SettingsApiPolicyGateway(new SettingsMetadataGateway($settings));
$this->assertFalse($gateway->setApiTokenDefaultTtlDays(31));
}
public function testSetApiTokenMaxTtlDaysReturnsFalseWhenDefaultClampPersistFails(): void
{
$settings = $this->createMock(SettingRepositoryInterface::class);
$settings->method('getValue')->willReturnCallback(static function (string $key): ?string {
if ($key === 'api_token_default_ttl_days') {
return '365';
}
return null;
});
$settings->expects($this->once())
->method('set')
->with('api_token_default_ttl_days', '120', 'setting.api_token_default_ttl_days')
->willReturn(false);
$gateway = new SettingsApiPolicyGateway(new SettingsMetadataGateway($settings));
$this->assertFalse($gateway->setApiTokenMaxTtlDays(120));
}
public function testSetApiTokenMaxTtlDaysUpdatesDefaultWhenNeeded(): void
{
$settings = $this->createMock(SettingRepositoryInterface::class);
$settings->method('getValue')->willReturnCallback(static function (string $key): ?string {
if ($key === 'api_token_default_ttl_days') {
return '365';
}
return null;
});
$calls = [];
$settings->expects($this->exactly(2))
->method('set')
->willReturnCallback(static function (string $key, ?string $value, ?string $description) use (&$calls): bool {
$calls[] = [$key, $value, $description];
return true;
});
$gateway = new SettingsApiPolicyGateway(new SettingsMetadataGateway($settings));
$this->assertTrue($gateway->setApiTokenMaxTtlDays(120));
$this->assertSame(
[
['api_token_default_ttl_days', '120', 'setting.api_token_default_ttl_days'],
['api_token_max_ttl_days', '120', 'setting.api_token_max_ttl_days'],
],
$calls
);
}
public function testSetApiCorsAllowedOriginsRejectsInvalidOrigins(): void
{
$settings = $this->createMock(SettingRepositoryInterface::class);
$settings->expects($this->never())->method('set');
$gateway = new SettingsApiPolicyGateway(new SettingsMetadataGateway($settings));
$this->assertFalse($gateway->setApiCorsAllowedOrigins("https://ok.example\njavascript:alert(1)"));
}
public function testCorsOriginsRoundtripNormalizesAndDeduplicates(): void
{
$settings = $this->createMock(SettingRepositoryInterface::class);
$stored = null;
$settings->expects($this->once())
->method('set')
->willReturnCallback(static function (string $key, ?string $value) use (&$stored): bool {
if ($key === 'api_cors_allowed_origins') {
$stored = $value;
}
return true;
});
$settings->method('getValue')->willReturnCallback(static function (string $key) use (&$stored): ?string {
if ($key === 'api_cors_allowed_origins') {
return $stored;
}
return null;
});
$gateway = new SettingsApiPolicyGateway(new SettingsMetadataGateway($settings));
$this->assertTrue($gateway->setApiCorsAllowedOrigins("https://a.example,https://a.example/\nhttps://b.example:443"));
$this->assertSame(['https://a.example', 'https://b.example'], $gateway->getApiCorsAllowedOrigins());
$this->assertSame("https://a.example\nhttps://b.example", $gateway->getApiCorsAllowedOriginsText());
}
public function testSetApiCorsAllowedOriginsClearsSettingForEmptyInput(): void
{
$settings = $this->createMock(SettingRepositoryInterface::class);
$settings->expects($this->once())
->method('set')
->with('api_cors_allowed_origins', null, 'setting.api_cors_allowed_origins')
->willReturn(true);
$gateway = new SettingsApiPolicyGateway(new SettingsMetadataGateway($settings));
$this->assertTrue($gateway->setApiCorsAllowedOrigins(" \n "));
}
}