CODEWITHSUNDEEP
phpunit-testingtddlumen
Donnie Ashok
Donnie Ashok

Reputation: 1405

Lumen 5.4: PHPUnit: How to test authorisation?

I am working on an ecommerce project, a generic book shop.

I started out with a Test Driven approach, and I adhered to it fully till now.

Different endpoints on this Lumen Microservice project have been successfully tested earlier to make sure they do CRUD operations. However, as I have to protect the Create, Update and Delete method with token authorisation, I am quite confused how to introduce tests for authorisation.

As of now this is my testing structure:

tests/app/Exceptions/HandlerTest.php
tests/app/Http/Controllers/BooksControllerTest.php

The tests are for index, show, store, update, delete. This is one of the tests:

public function testStoreBookByPost()
{
    $book = factory('App\Book')->make();

    $this->post(
        '/books',
        [
            'isbn' => $book->isbn,
            'title' => $book->title,
            'description' => $book->description,
            'author' => $book->author,
            'image' => $book->image,
            'price' => $book->price,
            'slug' => $book->slug
        ]
    );

    $this
    ->seeJson(
        [
            'created' => true
        ]
    )
    ->seeInDatabase(
        'books',
        [
            'title' => $book->title
        ]
    );
}

I had earlier separated Exception Handler tests, similarly I would prefer to separate the AuthControllerTest to AuthControllerTest.php.

What is the best way to do this?

Do I need to write the authorisation tests by refactoring all the BooksControllerTest?

Or should I just test for issuing of token and inability to manipulate database? Would that be fine?

Upvotes: 0

Views: 295

Answers (1)

Donnie Ashok
Donnie Ashok

Reputation: 1405

Short answer: I needed to write the authorisation tests by refactoring all the BooksControllerTest

Long answer: I found out a fantastic way of logging in dummy users during testing.

With that I have created this method.

public function loginWithUserGetJWT()
{
    $user = factory('App\User')->create(
        [
            'password' => bcrypt('366643') // random password
        ]
    );

    $content = $this
    ->post(
        '/auth/login',
        [
            'email' => $user->email,
            'password' => '366643'
        ]
    )
    ->seeStatusCode(200)
    ->response->getContent();

    $token = json_decode($content)->token;

    return $token;
}

And I am reusing this method in all the test cases, like so:

public function testStoreBookByPost()
{
    $token = $this->loginWithUserGetJWT();

    $book = factory('App\Book')->make();

    $this->post(
        '/books',
        [
            'isbn' => $book->isbn,
            'title' => $book->title,
            'description' => $book->description,
            'author' => $book->author,
            'image' => $book->image,
            'price' => $book->price,
            'slug' => $book->slug,
            'token' => $token
        ]
    );

    $this
    ->seeJson(
        [
            'created' => true
        ]
    )
    ->seeInDatabase(
        'books',
        [
            'title' => $book->title
        ]
    );
}

Upvotes: 1

Related Questions