I am trying to test a simple controller action in Zend FrameWork and I am not 100% sure why my mocks are not working.
Original Action:
public function overviewAction()
{
$page = $this->params()->fromQuery('page', 1);
$count = 10;
$user = $this->authenticationService->getIdentity();
return new ViewModel([
'paginator' => $this->agentService->getAgentsOwnedByUser($page, $count, $user),
]);
}
My Test for this action
/**
* Set Rbac Role and route
*/
$url = "cp/agent";
$this->setRbacGuards(['admin']);
//Nb Rbac class code is here
/**
* Objects required in this test
*/
$user = $this->createMock(User::class);
$paginator = $this->createMock(Paginator::class);
/**
* Mock classes and their methods to be called
*/
$authentication = $this->createMock(AuthenticationService::class);
$authentication
->expects($this->once())
->method('getIdentity')
->will($this->returnValue($this->registerMockObject($user)));
$agentService = $this->createMock(AgentService::class);
$agentService
->expects($this->once())
->method('getAgentsOwnedByUser')
->will($this->returnValue($this->registerMockObject($paginator)));
$this->dispatch('/'.$url);
$this->assertResponseStatusCode(200);
The error message
There was 1 failure:
1) ControlPanelTest\Controller\AgentControllerTest::testAgentOverviewActionCanBeAccessed
Failed asserting response code "200", actual status code is "500"
Exceptions raised:
Exception 'TypeError' with message 'Argument 3 passed to
Admin\Service\AgentService::getAgentsOwnedByUser() must be an instance of Domain\User\User, null given
.
For completeness, Rbac Class
public function rbacGuards($roles)
{
/**
* Deal with Rbac Guards
*/
$roleService = $this->getApplicationServiceLocator()->get(RoleService::class);
$identityProvider = $this->prophesize(IdentityProviderInterface::class);
$identity = $this->prophesize(IdentityInterface::class);
// Here you use the setter to inject your mocked identity provider
$roleService->setIdentityProvider($identityProvider->reveal());
$identityProvider->getIdentity()->shouldBeCalled()->willReturn($identity->reveal());
$identity->getRoles()->shouldBeCalled()->willReturn($roles);
}
Prognosis
It seems the mocks are not being called...
In your example, you create $authentication mock, but you don't register it as property of class you are testing.
Thus, when overviewAction is using $this->authenticationService->getIdentity();, it is not using the mock you created.
Related
I have a Laravel application and I am currently working on integrating docker. The app runs perfectly locally but on production I simply can't log in. Every time I submit the log in form I get redirected to the log in form without any message of success nor failure.
I have realized that the request it reaches the controller it should but it does not reach the action. I put a die command in the constructor and it worked but it didn't when I did the same in the first line of the controller's action.
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Monolog\Logger;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class AuthController extends Controller
{
/*
|---------------------------------------------------------------------
| Registration & Login Controller
|---------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login / registration.
*
* #var string
*/
protected $redirectTo = '/';
/**
* Create a new authentication controller instance.
*
* #return void
*/
public function __construct()
{
// die('something') works here
$this->middleware('guest', ['except' => ['logout', 'register', 'showRegistrationForm']]);
// die('something') works here too
}
/**
* Get a validator for an incoming registration request.
*
* #param array $data
* #return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'rut' => 'required|max:30',
'apellidos' => 'required|max:255',
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
/**
* Create a new user instance after a valid registration.
*
* #param array $data
* #return User
*/
protected function create(array $data)
{
}
public function login(Request $request)
{
//die('something'); doesn't work here
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
}
I don't know if you still need it, but I had the same problem. You need to modify the paths in bootstrap/cache/config.php with the path that you set it for WORKDIR in Dockerfile.
In a ZF2 project i am using the AuthenticationService to validate a users log in credentials. This is working fine, except it only stores in the session a string containing the users name.
What i would like would be for subsequent calls to AuthenticationService::getIdentity to return a custom Identity object, that is populated with the users database id, roles and permissions (popualted from an RBAC service), so that the object in the session is a bit more useful.
I am able to create this object, but am unsure of the best way to keep it in the session; ideally i would like to override the entry with the key Zend_Auth, but this does not seem to be working.
My code so far:
<?php
namespace Authentication\Controller;
use Zend\Mvc\Controller\AbstractActionController;
use Zend\View\Model\ViewModel;
use Zend\Authentication\AuthenticationService;
use Authentication\Form\Login\LoginForm;
use Zend\Form\Form;
use Authentication\Model\Identity\AuthenticatedIdentity;
class AuthenticationController extends AbstractActionController
{
/**
*
* #var AuthenticationService
*/
protected $authenticationService;
/**
*
* #var LoginForm
*/
protected $loginForm;
/**
*
* #param AuthenticationService $authenticationService
* #param LoginForm $loginForm
*/
public function __construct(AuthenticationService $authenticationService, LoginForm $loginForm){
$this->authenticationService = $authenticationService;
$this->loginForm = $loginForm;
}
public function indexAction(){
$form = $this->loginForm;
$viewModel = new ViewModel();
$viewModel->setVariables([
'loginForm' => $form
]);
if($this->getRequest()->isPost() === false){
return $viewModel;
}
$form->setData($this->getRequest()->getPost());
if($form->isValid() === false){
return $viewModel;
}
$data = $form->getData();
$authenticationAdapter = $this->authenticationService->getAdapter();
$authenticationAdapter->setIdentity($data['credentials']['username'])
->setCredential($data['credentials']['password']);
$authenticationResult = $this->authenticationService->authenticate($authenticationAdapter);
if($authenticationResult->isValid() === false){
$viewModel->setVariable('validCredentials', false);
return $viewModel;
}
/**
* Create a user model and save it to the session.
*/
$authenticationResultRow = $authenticationAdapter->getResultRowObject(null, ['password']);
$permissions = $this->rbacService->getPermissionsForUser($authenticationResultRow->user_id);
$roles = $this->rbacService->getRolesForUser($authenticationResultRow->user_id);
$identity = new AuthenticatedIdentity(
$authenticationResult->getIdentity(),
'admin',
$permissions,
$roles
);
$identity->setUserId($authenticationResultRow->user_id);
//how to store this Identity object in session so AuthenticationService will return it?
return $this->redirect()->toRoute('dashboard');
}
}
Check out https://github.com/zendframework/zend-authentication/blob/master/src/AuthenticationService.php#L75 and https://github.com/zendframework/zend-authentication/blob/master/src/Storage/StorageInterface.php
You can write the AuthenticatedIdentity object directly to the storage like so:
$this->authenticationService->getStorage()->write($identity);
However, I would advice against doing so because:
If the user's permissions/roles change during the session he/she would have to log out and back in to see any changes which is not very user-friendly.
Your AuthenticatedIdentity object and all objects it contains need to be serializable, which can become problematic to maintain.
I would (and do) fetch the user object and/or roles when needed, either from DB or some form of cache but don't store it in the session.
I have added below code inside zfc_rbac.global.php:
return [
'zfc_rbac' => [
'assertion_map' => [
'isAuthorizedToAddUser' => 'Application\Assertions\WhoCanAddUser',
'isBranchOrOrgIdPresentIfNotAdmin' => 'Application\Assertions\BranchOrOrgIdPresentIfNotAdmin'
]
]]
And used it inside controller like below:
if (! $this->authorizationService->isGranted('isBranchOrOrgIdPresentIfNotAdmin')) {
throw new UnauthorizedException('You are not authorized to add this aaa!');
}
but its throwing the exception even if I return true from assert method. But if I replace isBranchOrOrgIdPresentIfNotAdmin with isAuthorizedToAddUser, its working fine. What could be wrong here. Second assertion class BranchOrOrgIdPresentIfNotAdmin is just the replica of WhoCanAddUser class. Below is my WhoCanAddUser assertion class.
namespace Application\Assertions;
use ZfcRbac\Assertion\AssertionInterface;
use ZfcRbac\Service\AuthorizationService;
use ZfcRbac\Exception\UnauthorizedException;
use Zend\Session\Container;
class WhoCanAddUser implements AssertionInterface
{
protected $notAuthorizedMessage = 'You are not authorized to add this user!';
public function __construct()
{
$this->org_session = new Container('org');
}
/**
* Check if this assertion is true
*
* #param AuthorizationService $authorization
* #param mixed $role
*
* #return bool
*/
public function assert(AuthorizationService $authorization, $role = null)
{
return true; //added this for testing if true is working and it worked, but second assertion is not working!
switch($authorization->getIdentity()->getRole()->getName()){
case 'admin':
return true;
break;
case 'owner':
if($role != 'member'){
throw new UnauthorizedException($this->notAuthorizedMessage);
}
return true;
break;
default:
throw new UnauthorizedException($this->notAuthorizedMessage);
break;
}
if($authorization->getIdentity()->getRole()->getName() != 'admin' && !$this->org_session->offsetExists('branchId')){
throw new \Zend\Session\Exception\RuntimeException('You need to be connected to an Organisation's branch before you can add members. Contact your Organisation Owner.');
}
}
}
Am I missing something that second assertion is not working at all.
Just found that, isBranchOrOrgIdPresentIfNotAdmin entry has to be inside permission table and have to assign that permission to lower level of role inside hierarchicalrole_permission table (that permission will be given to upper level of role as well in hierarchical way automatically) and it will work fine for all of them.
in my ZF2 application I am adding the following event listener, however I want to make the execution of the action actually stop, however this doesnt happen.
public function setEventManager(EventManagerInterface $events)
{
parent::setEventManager($events);
$controller = $this;
$events->attach('dispatch', function ($e) use ($controller) {
$request = $e->getRequest();
$method = $request->getMethod();
$headers = $request->getHeaders();
// If we get here, based on some conditions, the original intended action must return a new JsonViewModel()...
return new JsonViewModel([]); // However, this doesn't do anything.
}, 100); // execute before executing action logic
}
Based on your comments, I am assuming you are doing some sort of authentication. You can perfecty use the event manager for this. However, I would not tie the listener to a single controller. If your API increases, you might want to split the API over several controllers and you get into trouble with your authentication.
My solution is to create a listener which listens to the dispatch event of the Zend\Mvc\Application. This is an event which is triggered before the event in the controllers itself.
use Zend\Mvc\MvcEvent;
public function onBootstrap(MvcEvent $e)
{
$app = $e->getApplication();
$em = $app->getEventManager();
$sm = $app->getServiceManager()->getSharedManager();
$listener = new Listener\Authentication();
$identifier = 'MyModule\Controller\ApiController';
$em->attach($identifier, MvcEvent::EVENT_DISPATCH, $listener, 1000);
}
This way, the listener is attached to all controllers which are identified with MyModule\Controller\ApiController. The listener will be triggered on every dispatch call of those controllers. Your listener can short-circuit the complete dispatch loop in case you need it:
use Zend\Http\Request as HttpRequest;
use Zend\Mvc\MvcEvent;
use Zend\Json\Json;
use Zend\View\Model\JsonModel;
class Authentication
{
public function __invoke(MvcEvent $e)
{
$request = $e->getRequest();
if (!$request instanceof HttpRequest) {
// Don't run on CLI requests
return;
}
if ($result->isValid()) {
// Say you get auth result and all is OK
return;
}
// Case 1: short-circuit and return response, this is the fast way
// The response I use here is the HTTP problem API
$message = array(
'httpStatus' => 401,
'title' => 'Unauthorized',
'detail' => 'You are unauthorized to perform this request',
);
$response = $e->getResponse();
$response->setStatusCode(401);
$response->getHeaders()->addHeaderLine('Content-Type', 'application/json');
$response->setContent(Json::encode($message);
return $response;
// Case 2: don't short circuit and stop propagation, you're using the JSON renderer
$e->getResponse()->setStatusCode(401);
$message = array(
'httpStatus' => 401,
'title' => 'Unauthorized',
'detail' => 'You are unauthorized to perform this request',
);
$model = new JsonModel($message);
return $model;
}
}
I would advice you to use the first method (returning the response yourself) because you'll short circuit the complete dispatch process and skip the complete finishing of the request. If you really rely on the view and response senders, use the second case.
Now if you need a controller which is authenticated via this system, add the identifier to this controller:
namespace MyModule\Controller;
use Zend\Mvc\Controller\AbstractActionController;
class MyFooBarApiController extends AbstractActionController
{
protected $eventIdentifer = 'MyModule\Controller\ApiController';
// your code here
}
If you need to allow certain requests without validation (I would always use a whitelist!), you can do this in your listener:
use Zend\Mvc\Route\RouteMatch;
$routematch = $e->getRouteMatch();
if (!$routematch instance of RouteMatch) {
// It's a 404, don't perform auth
return;
}
$route = $routematch->getMatchedRouteName();
if (
($request->isPost() && 'foo/bar' === $route)
|| ($request->isGet() && 'baz/bat' === $route)
) {
// We allow these requests to pass on without auth
return;
}
In your code you can explicitly check request method and route name. If you need parameters of the route, you can access it with $routematch->getParam('id').
Use the following in your event:
$e->stopPropagation();
Hello Stackoverflow Community.
I am currently developing a XML-RPc Server with Zend Framework 2.
I have a ServiceController which is responsible for creating the Server
class ServiceController extends AbstractActionController{
public function xmlAction()
{
$this->handleXML();
$response = $this->getResponse();
return $response;
}
private function handleXML()
{
$xmlServer = new Zend\XmlRpc\Server();
$xmlServer->setClass('Beam\Model\service\Service', 'service');
echo $xmlServer->handle();
}
}
The ServiceClass is my Webapi
class Service{
/**
* getAvailablePackages
*
* getAvailablePackages is responsible for returning all packages which reference a given licensenumber
*
* #param string $licenseNumber
* #return String
*/
public function getAvailablePackages($licenseNumber){
//need to access the entityManager
$em = $this->getServiceLocator->get('Doctrine\ORM\EntityManager');
return "testresponse";
}
}
The XML RPC server works fine. I can call the getAvailablePackages method with a client and i get "testrespons" as a response.
However the problem is, that i would like to select some data from my database in the getAvailablePackages but i'm not sure how to access the entityManager in a non Controller class.
Does anyone have an idea on how to solve this problem ? Thankx for your responses.
Possible solution would be to have a factory.
<?php
namespace ....;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\ServiceManager\FactoryInterface;
class ServiceFactory implements FactoryInterface
{
public function createService (ServiceLocatorInterface $serviceLocator)
{
return new Service ($serviceLocator->get ('Doctrine\ORM\EntityManager'));
}
}
thus, you would be able to have an access to Entity manager.