Improve functional tests.

MedicalMundi · Mar 5, 2024 · 8fca9e2 · 8fca9e2
1 parent 6394df7
commit 8fca9e2
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 6 deletions.
diff --git a/_iam/src/AdapterForWeb/AdminIndexController.php b/_iam/src/AdapterForWeb/AdminIndexController.php
@@ -21,7 +21,7 @@
 
 class AdminIndexController extends AbstractController
 {
-    #[Route('/admin', name: 'iam_admin_index')]
+    #[Route('/admin', name: 'iam_admin_index', methods: 'GET')]
     public function index(): Response
     {
         return $this->render('@iam/administration/index.html.twig', []);

diff --git a/_iam/src/AdapterForWeb/Administration/Account/AccountsController.php b/_iam/src/AdapterForWeb/Administration/Account/AccountsController.php
@@ -21,15 +21,17 @@
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
+#[IsGranted('ROLE_ADMIN')]
 class AccountsController extends AbstractController
 {
     public function __construct(
         private readonly QueryBus $queryBus
     ) {
     }
 
-    #[Route('/admin/accounts', name: 'iam_admin_accounts_index')]
+    #[Route('/admin/accounts', name: 'iam_admin_accounts_index', methods: 'GET')]
     public function index(): Response
     {
         $allAccounts = (array) $this->queryBus->send(new ShowAllAccountsQuery());
@@ -39,7 +41,7 @@ public function index(): Response
         ]);
     }
 
-    #[Route('/admin/accounts/unverified', name: 'iam_admin_accounts_unverified')]
+    #[Route('/admin/accounts/unverified', name: 'iam_admin_accounts_unverified', methods: 'GET')]
     public function unverifiedAccounts(): Response
     {
         $pendingRegistrations = (array) $this->queryBus->send(new ShowUnverifiedAccounts());

diff --git a/_iam/src/AdapterForWeb/Administration/OauthClient/OauthClientController.php b/_iam/src/AdapterForWeb/Administration/OauthClient/OauthClientController.php
@@ -30,8 +30,10 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 #[Route('/admin/oauth/client')]
+#[IsGranted('ROLE_ADMIN')]
 class OauthClientController extends AbstractController
 {
     public function __construct(

diff --git a/_iam/src/AdapterForWeb/Administration/OauthClient/OauthTokenController.php b/_iam/src/AdapterForWeb/Administration/OauthClient/OauthTokenController.php
@@ -26,6 +26,7 @@
 use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 #[Route('/admin/oauth/token')]
+#[IsGranted('ROLE_ADMIN')]
 class OauthTokenController extends AbstractController
 {
     public function __construct(
@@ -44,7 +45,6 @@ public function showAllOauthAccessToken(): Response
     }
 
     #[Route('/clear/expired/access-tokens', name: 'iam_admin_oauth_token_clear_expired_access_token', methods: 'GET')]
-    #[IsGranted('ROLE_ADMIN')]
     public function clearExpiredAccessTokens(AccessTokenManagerInterface $accessTokenManager): Response
     {
         $numOfClearedAccessTokens = $accessTokenManager->clearExpired();
@@ -63,7 +63,6 @@ public function clearExpiredAccessTokens(AccessTokenManagerInterface $accessToke
     }
 
     #[Route('/clear/expired/refresh-tokens', name: 'iam_admin_oauth_token_clear_expired_refresh_token', methods: 'GET')]
-    #[IsGranted('ROLE_ADMIN')]
     public function clearExpiredRefreshTokens(RefreshTokenManagerInterface $refreshTokenManager): Response
     {
         $numOfClearedRefreshTokens = $refreshTokenManager->clearExpired();
@@ -82,7 +81,6 @@ public function clearExpiredRefreshTokens(RefreshTokenManagerInterface $refreshT
     }
 
     #[Route('/clear/expired/auth-codes', name: 'iam_admin_oauth_token_clear_expired_auth_codes', methods: 'GET')]
-    #[IsGranted('ROLE_ADMIN')]
     public function clearExpiredAuthCodes(AuthorizationCodeManagerInterface $authorizationCodeManager): Response
     {
         $numOfClearedAuthCodes = $authorizationCodeManager->clearExpired();

diff --git a/_iam/tests/Functional/Regression/WebSecuredAreasAreProtectedTest.php b/_iam/tests/Functional/Regression/WebSecuredAreasAreProtectedTest.php
@@ -0,0 +1,78 @@
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of the medicalmundi/marketplace-accounts
+ *
+ * @copyright (c) 2023 MedicalMundi
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * {@link https://github.com/medicalmundi/marketplace-accounts/graphs/contributors developer} and is licensed under the MIT license.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ * @license https://github.com/MedicalMundi/marketplace-accounts/blob/main/LICENSE MIT
+ */
+
+namespace IdentityAccess\Tests\Functional\Regression;
+
+use PHPUnit\Framework\Attributes\CoversNothing;
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\Attributes\Test;
+use Symfony\Bundle\FrameworkBundle\KernelBrowser;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+
+#[CoversNothing]
+class WebSecuredAreasAreProtectedTest extends WebTestCase
+{
+    protected KernelBrowser $client;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->client = static::createClient();
+    }
+
+    #[DataProvider('restrictedWebUrlDataProvider')]
+    #[Test]
+    public function restrictedPageIsRedirectedToLogin(string $restrictedUrl, array $urlParams = []): void
+    {
+        $this->client->request('GET', $this->urlTo($restrictedUrl, $urlParams));
+
+        self::assertTrue($this->client->getResponse()->isRedirect('/login'));
+    }
+
+    public static function restrictedWebUrlDataProvider()
+    {
+        return [
+            ['iam_admin_index'],
+
+            ['iam_admin_accounts_index'],
+            ['iam_admin_accounts_unverified'],
+
+            ['iam_admin_oauth_client_index'],
+            ['iam_admin_oauth_client_show', ['clientIdentifier' => 'fakeIdentifier']],
+            ['iam_admin_oauth_client_new'],
+            ['iam_admin_oauth_client_edit', ['clientIdentifier' => 'fakeIdentifier']],
+
+            ['iam_admin_oauth_token_index'],
+            ['iam_admin_oauth_token_clear_expired_access_token'],
+            ['iam_admin_oauth_token_clear_expired_refresh_token'],
+            ['iam_admin_oauth_token_clear_expired_auth_codes'],
+        ];
+    }
+
+    /**
+     * @param array<mixed> $parameters
+     */
+    protected function urlTo(string $path, array $parameters = [], int $referenceType = UrlGeneratorInterface::ABSOLUTE_PATH): string
+    {
+        return $this->container()->get('router')->generate($path, $parameters, $referenceType);
+    }
+
+    protected function container(): ContainerInterface
+    {
+        return self::$kernel->getContainer()->get('test.service_container');
+    }
+}