Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add scope support for actingAs method for running UnitTests #275

Closed
le-bru opened this issue Apr 20, 2022 · 4 comments
Closed

add scope support for actingAs method for running UnitTests #275

le-bru opened this issue Apr 20, 2022 · 4 comments
Assignees
@evansims

Comments

@le-bru
Copy link
Contributor

le-bru commented Apr 20, 2022

What should be added?

While writing tests for an API that is using scopes for protecting some endpoints, I faced some issues since even though thanks to #166, we are able to use actingAs to fake authentication, one currently can't fake scopes.
This is because actingAs only set's the user object, but not a JWT. And the auth0 guard that checks for scopes, does so by reading the JWT payload, which is empty.

Which is why I propose the following solution.

Add a Trait that can be used within Test classes that are children of Illuminate\Foundation\Testing\TestCase

use Auth0\Laravel\Model\Stateless\User;
use Auth0\Laravel\StateInstance;
use Illuminate\Contracts\Auth\Authenticatable as UserContract;

trait ActingAsAuth0
{
    abstract public function actingAs(UserContract $user, string|null $guard = null);

    public function actingAsAuth0User(array $attributes){

        $auth0user = new User($attributes);

        if(array_key_exists("scope",$attributes)){
            app()->make(StateInstance::class)->setAccessTokenScope(explode(" ",$attributes["scope"]));
        }

        return parent::actingAs($auth0user, "auth0");
    }

}

In a test class where you use this trait, you then could do the following:

    public function test_readPosts(){

        $response = $this->actingAsAuth0User([
            "scope"=>"read:posts"
        ])->getJson(route("posts.read"));

        $response->assertStatus(200);

    }

and assuming that the route posts.read is secured by the middleware auth0.authorize:read:posts, your test would pass now.

Since I'm guessing that I'm not the only one having this problem, I thought to add this feature idea.

What's your feedback on this?
@le-bru le-bru added the triage label Apr 20, 2022
@evansims evansims self-assigned this Apr 24, 2022
@evansims
Copy link
Member

Hi @le-bru 👋 Thanks for your feature suggestion! Sounds like a solid enhancement to me. Is this something you'd be willing to contribute a PR for?

@le-bru
Copy link
Contributor Author

le-bru commented Apr 24, 2022

Sure, will do!

@le-bru le-bru mentioned this issue Apr 26, 2022
Merged
@le-bru
Copy link
Contributor Author

le-bru commented Apr 26, 2022

@evansims there you go: #276

@evansims
Copy link
Member

evansims commented May 1, 2022

Thanks again! We'll get this shipped in the next release in a week or so.

@evansims evansims closed this as completed May 1, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@evansims evansims

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evansims @le-bru