From b910305ef5a018aa58229fd3f859659c07d86fc8 Mon Sep 17 00:00:00 2001 From: Dat Date: Thu, 30 Apr 2026 19:35:11 +0200 Subject: [PATCH 1/4] Add test class for Authenticate middleware --- tests/Middleware/AuthenticateTest.php | 54 +++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 tests/Middleware/AuthenticateTest.php diff --git a/tests/Middleware/AuthenticateTest.php b/tests/Middleware/AuthenticateTest.php new file mode 100644 index 000000000..19ad7bfbf --- /dev/null +++ b/tests/Middleware/AuthenticateTest.php @@ -0,0 +1,54 @@ + true]); + Artisan::call('passport:client', [ + '--personal' => true, + '--name' => 'Authenticate middleware test', + '--no-interaction' => true, + ]); + + Route::middleware('auth:api')->get(self::ENDPOINT, function (Request $request) { + return response()->json([ + 'email' => $request->user()->email, + ]); + }); + } + + public function testReturnsCustomJsonWhenUnauthenticated(): void { + $this->json('GET', self::ENDPOINT) + ->assertStatus(401) + ->assertJson(['error' => 'Unauthenticated.']); + } + + public function testAuthenticatesUsingPassportTokenFromCookie(): void { + $user = User::factory()->create(); + + $this->withCredentials() + ->withUnencryptedCookie(Config::get('auth.cookies.key'), $this->issueTokenFor($user)) + ->json('GET', self::ENDPOINT) + ->assertStatus(200) + ->assertJson(['email' => $user->email]); + } + + private function issueTokenFor(User $user): string { + return $user->createToken('authenticate-middleware-test')->accessToken; + } +} From eb535c76ba687be8eebec8466be6d6e4f9ea42d8 Mon Sep 17 00:00:00 2001 From: Perside Rosalie Date: Wed, 6 May 2026 11:24:24 +0200 Subject: [PATCH 2/4] Add comment to the AuthenticateTest.php --- tests/Middleware/AuthenticateTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Middleware/AuthenticateTest.php b/tests/Middleware/AuthenticateTest.php index 19ad7bfbf..0099b4d7e 100644 --- a/tests/Middleware/AuthenticateTest.php +++ b/tests/Middleware/AuthenticateTest.php @@ -25,6 +25,7 @@ protected function setUp(): void { '--no-interaction' => true, ]); + // Register new test route with Authenticate middleware. This also tests the config in Kernel.php and auth.php. Route::middleware('auth:api')->get(self::ENDPOINT, function (Request $request) { return response()->json([ 'email' => $request->user()->email, From 938680389f9d3c4c168a00f8b1dcc3a63a5083fc Mon Sep 17 00:00:00 2001 From: Dat Date: Wed, 6 May 2026 14:19:26 +0200 Subject: [PATCH 3/4] Add test for token from Authorization Header --- tests/Middleware/AuthenticateTest.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/Middleware/AuthenticateTest.php b/tests/Middleware/AuthenticateTest.php index 0099b4d7e..35cde7058 100644 --- a/tests/Middleware/AuthenticateTest.php +++ b/tests/Middleware/AuthenticateTest.php @@ -49,6 +49,16 @@ public function testAuthenticatesUsingPassportTokenFromCookie(): void { ->assertJson(['email' => $user->email]); } + public function testAuthenticatesUsingPassportTokenFromAuthorizationHeader(): void { + $user = User::factory()->create(); + + $this->withCredentials() + ->withHeader('Authorization', 'Bearer ' . $this->issueTokenFor($user)) + ->json('GET', self::ENDPOINT) + ->assertStatus(200) + ->assertJson(['email' => $user->email]); + } + private function issueTokenFor(User $user): string { return $user->createToken('authenticate-middleware-test')->accessToken; } From 2a73631e1958f19e2256cffde698a2f354916a22 Mon Sep 17 00:00:00 2001 From: Dat Date: Thu, 7 May 2026 11:21:35 +0200 Subject: [PATCH 4/4] Add fail test cases --- tests/Middleware/AuthenticateTest.php | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/tests/Middleware/AuthenticateTest.php b/tests/Middleware/AuthenticateTest.php index 35cde7058..567a98f76 100644 --- a/tests/Middleware/AuthenticateTest.php +++ b/tests/Middleware/AuthenticateTest.php @@ -18,12 +18,7 @@ class AuthenticateTest extends TestCase { protected function setUp(): void { parent::setUp(); - Artisan::call('passport:keys', ['--force' => true]); - Artisan::call('passport:client', [ - '--personal' => true, - '--name' => 'Authenticate middleware test', - '--no-interaction' => true, - ]); + Artisan::call('passport:install', ['--no-interaction' => true]); // Register new test route with Authenticate middleware. This also tests the config in Kernel.php and auth.php. Route::middleware('auth:api')->get(self::ENDPOINT, function (Request $request) { @@ -49,6 +44,14 @@ public function testAuthenticatesUsingPassportTokenFromCookie(): void { ->assertJson(['email' => $user->email]); } + public function testFailsUsingInvalidPassportTokenFromCookie(): void { + $this->withCredentials() + ->withUnencryptedCookie(Config::get('auth.cookies.key'), 'this is an invalid token') + ->json('GET', self::ENDPOINT) + ->assertStatus(401) + ->assertJson(['error' => 'Unauthenticated.']); + } + public function testAuthenticatesUsingPassportTokenFromAuthorizationHeader(): void { $user = User::factory()->create(); @@ -59,6 +62,14 @@ public function testAuthenticatesUsingPassportTokenFromAuthorizationHeader(): vo ->assertJson(['email' => $user->email]); } + public function testFailsUsingInvalidPassportTokenFromAuthorizationHeader(): void { + $this->withCredentials() + ->withHeader('Authorization', 'Bearer ' . 'this is an invalid token') + ->json('GET', self::ENDPOINT) + ->assertStatus(401) + ->assertJson(['error' => 'Unauthenticated.']); + } + private function issueTokenFor(User $user): string { return $user->createToken('authenticate-middleware-test')->accessToken; }