Cannot use actingAs unit tests functionality

[philliphartin]

Description

I am having issues getting the actingAs($user) functionality working in our http unit tests since using the Auth0 implementation.

Our API uses the CheckJWT middleware outlined in Auth0's Laravel API auth guide. This middleware expects a Bearer token to authenticate the user.

We are always receiving a 401 - Unauthenticated and can see that the middleware is still being processed and obviously failing due to no Bearer token being sent.

What are our options in this regard?

• The user is created from a user factory and does not actually exist on Auth0, we just want to spoof the identity to facilitate the request.

Example implementation

<?php

namespace Tests\Feature;

use App\Models\User;
use Tests\TestCase;

class ExampleTests extends TestCase
{
    /**
     * A basic feature test example.
     *
     * @return void
     */
    public function testExample()
    {
        $user = factory(User::class)->create();
        $response = $this->actingAs($user, 'api')->json('POST', '/api/v1/post', ['title' => 'Welcome to Mars']);
        $response
            ->assertStatus(200)
            ->assertExactJson([
                'created' => true,
            ]);
    }
}

Environment

Packages:

• "auth0/login": "~5.0"
• "laravel/framework": "^6.0

[joshcanhelp]

@pjhartin - I'm not entirely sure how to help here. If you're using an Auth0 JWT, then you would not ever be able to generate a new one as you don't have our signing keys.

obviously failing due to no Bearer token being sent

That's a different issue than an invalid one. I'm not sure how to address that. I'm guessing that actingAs() just manipulates the user that is stored in session. That won't change anything about your API call, AFAIK.

You can try the change-user-model branch that I posted in another thread, though. Your issue might be tied to how we were creating the Auth0User model (though you mention that it's not an Auth0 user so maybe not):

https://github.com/auth0/laravel-auth0/tree/change-user-model

[Tamrael]

@joshcanhelp had the same problem. We chose to not implement the middleware and instead implement the Guard "auth0" which remove all problems while testing and giving the more native way of authentication in laravel since 5.1

below is our Auth0 Guard.

Maybe this helps you some. you can do "auth:auth0" as middleware once the guard is defined

EDIT: removed

[joshcanhelp]

@Tamrael - That was linking somewhere strange. Would you mind posting that in a Gist?

[Tamrael]

@joshcanhelp sorry for that. the "code" markup didn't want to work and my brain farted and uploaded the php as text file. Here is the gist
can't even imagine why I didn't use that in the first place

[joshcanhelp]

@Tamrael - No problem! I've just never seen that before and the random link to a random file had me worried for a sec 😄Thank you for the Gist and your way of working around this. Do you think it would make sense to have that as part of this library? If so, would you be willing to add your solution as a PR here? Would be helpful to have some documentation on how it works as well.

[Tamrael]

@joshcanhelp sure thing. it'll take me a few but i'll send you a pull request. where/how would want the documentation? as file in the pull request or separated?

[Tamrael]

@joshcanhelp while working on that pull request I redesigned most of the guard into a single extend on the register. no whole guard-file required that implements a lot of things we don't actually need

[joshcanhelp]

I think the guard solution above should solve this. It's merged and ready to try out in 7.0.0-dev. We'll get that released officially next week!

[philliphartin]

Just to give a confirmation, we are now able to use auth:auth0 as our middleware on our previous JWT middleware endpoints and can now use actingAs->($user, 'auth0') in our tests and it works beautifully.

Thank you for the hard work.

[morganlaneap]

Forgive my naiveness on this, but I've tried to use the auth:auth0 guard, and in my tests I am asserting a response of 401 if no Authorization header is provided, however I am running into a 'route login is not defined' error. To get round this, I wrote my own middleware that checks if the $request->user('auth0') is not null, and this seems to work. What am I doing wrong to use the auth0 guard? I'm not very familiar with laravel testing, it's all a bit new!