Move the API tests into their respective bundles

We create a dummy kernel and use that for running tests

.gitignore

 /vendor
 /composer.lock
+/var
\ No newline at end of file

composer.json

@@ -14,13 +14,22 @@
         "web-token/jwt-easy": "^2.1",
         "web-token/jwt-signature-algorithm-rsa": "^2.1",
         "adldap2/adldap2": "^10.0",
-        "kevinrob/guzzle-cache-middleware": "^3.3"
+        "kevinrob/guzzle-cache-middleware": "^3.3",
+        "nelmio/cors-bundle": "^2.1.0",
+        "symfony/twig-bundle": "^4.4",
+        "symfony/security-bundle": "^4.4",
+        "symfony/config": "^4.4",
+        "symfony/yaml": "^4.4"
     },
     "require-dev": {
-        "symfony/phpunit-bridge": "^4.4",
-        "vimeo/psalm": "^3.12",
+        "doctrine/doctrine-bundle": "^2.1.0",
+        "mockery/mockery": "^1.2",
         "phpstan/phpstan": "^0.12.33",
-        "phpstan/phpstan-phpunit": "^0.12.13"
+        "phpstan/phpstan-phpunit": "^0.12.13",
+        "symfony/browser-kit": "^4.4",
+        "symfony/http-client": "^4.4",
+        "symfony/phpunit-bridge": "^4.4",
+        "vimeo/psalm": "^3.12"
     },
     "autoload": {
         "psr-4": {

phpunit.xml.dist

@@ -14,6 +14,8 @@
         <server name="SHELL_VERBOSITY" value="-1" />
         <server name="SYMFONY_PHPUNIT_REMOVE" value="" />
         <server name="SYMFONY_PHPUNIT_VERSION" value="8" />
+        <server name="SYMFONY_DEPRECATIONS_HELPER" value="weak" />
+        <server name="KERNEL_CLASS" value="DBP\API\CoreBundle\Tests\Kernel" />
     </php>
 
     <testsuites>

src/DependencyInjection/DbpCoreExtension.php

@@ -49,9 +49,9 @@ class DbpCoreExtension extends ConfigurableExtension implements PrependExtension
         $def->setPublic(true);
         $def->addTag('cache.pool');
 
-        $container->setParameter('dbp_api.core.keycloak_config', $configs['keycloak']);
-        $container->setParameter('dbp_api.core.ldap_config', $configs['ldap']);
-        $container->setParameter('dbp_api.core.co_config', $configs['campus_online']);
+        $container->setParameter('dbp_api.core.keycloak_config', $configs['keycloak'] ?? []);
+        $container->setParameter('dbp_api.core.ldap_config', $configs['ldap'] ?? []);
+        $container->setParameter('dbp_api.core.co_config', $configs['campus_online'] ?? []);
     }
 
     private function extendArrayParameter(ContainerBuilder $container, string $parameter, array $values)
@@ -92,7 +92,7 @@ class DbpCoreExtension extends ConfigurableExtension implements PrependExtension
             ItemNotUsableException::class => Response::HTTP_FAILED_DEPENDENCY,
         ];
 
-        $container->prependExtensionConfig('api_platform', [
+        $container->loadFromExtension('api_platform', [
             'version' => $packageVersion,
             'title' => 'DBP API Gateway',
             'http_cache' => [
@@ -175,17 +175,17 @@ class DbpCoreExtension extends ConfigurableExtension implements PrependExtension
             'exception_controller' => null,
         ]);
 
-        $configs = $container->getExtensionConfig($this->getAlias());
-        $keycloak = $configs[0]['keycloak'];
-        $api_docs = $configs[0]['api_docs'];
+        $config = $container->getExtensionConfig($this->getAlias())[0];
+        $keycloak = $config['keycloak'] ?? [];
+        $api_docs = $config['api_docs'] ?? [];
 
         $container->loadFromExtension('twig', [
             'globals' => [
-                'keycloak_server_url' => $keycloak['server_url'],
-                'keycloak_realm' => $keycloak['realm'],
-                'keycloak_frontend_client_id' => $api_docs['keycloak_client_id'],
-                'app_buildinfo' => $api_docs['build_info'],
-                'app_buildinfo_url' => $api_docs['build_info_url'],
+                'keycloak_server_url' => $keycloak['server_url'] ?? '',
+                'keycloak_realm' => $keycloak['realm'] ?? '',
+                'keycloak_frontend_client_id' => $api_docs['keycloak_client_id'] ?? '',
+                'app_buildinfo' => $api_docs['build_info'] ?? '',
+                'app_buildinfo_url' => $api_docs['build_info_url'] ?? '',
                 'app_env' => '%kernel.environment%',
                 'app_debug' => '%kernel.debug%',
             ],

src/Resources/config/services.yaml

@@ -83,3 +83,14 @@ services:
       - "%api_platform.swagger.versions%"
     autoconfigure: false
     autowire: true
+
+
+  # This alias exist so we can replace the service during tests
+  test.App\Security\User\KeycloakBearerUserProvider:
+    alias: 'DBP\API\CoreBundle\Keycloak\KeycloakBearerUserProvider'
+    public: true
+
+  # This alias exist so we can replace the service during tests
+  test.App\Service\PersonProviderInterface:
+    alias: 'DBP\API\CoreBundle\Service\PersonProviderInterface'
+    public: true

src/Service/LDAPApi.php

@@ -58,10 +58,10 @@ class LDAPApi implements PersonProviderInterface
         $this->security = $security;
 
         $config = [
-            'hosts' => [$config['host']],
-            'base_dn' => $config['base_dn'],
-            'username' => $config['username'],
-            'password' => $config['password'],
+            'hosts' => [$config['host'] ?? ''],
+            'base_dn' => $config['base_dn'] ?? '',
+            'username' => $config['username'] ?? '',
+            'password' => $config['password'] ?? '',
             'use_tls' => true,
         ];
 

src/Service/TUGOnlineApi.php

@@ -50,7 +50,7 @@ class TUGOnlineApi
     {
         $this->config = $container->getParameter('dbp_api.core.co_config');
         $this->security = $security;
-        $this->token = $this->config['api_token'];
+        $this->token = $this->config['api_token'] ?? '';
         $this->container = $container;
         $this->guzzleLogger = $guzzleLogger;
     }

tests/ExtTest.php

+<?php
+
+declare(strict_types=1);
+
+namespace DBP\API\CoreBundle\Tests;
+
+use ApiPlatform\Core\Bridge\Symfony\Bundle\Test\ApiTestCase;
+use DBP\API\CoreBundle\Entity\Person;
+use DBP\API\CoreBundle\Keycloak\KeycloakBearerUser;
+use DBP\API\CoreBundle\Keycloak\KeycloakBearerUserProvider;
+use DBP\API\CoreBundle\TestUtils\DummyPersonProvider;
+use DBP\API\CoreBundle\TestUtils\DummyUserProvider;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class ExtTest extends ApiTestCase
+{
+    private $client;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->client = static::createClient();
+    }
+
+    protected function withUserEx($id, $token, $roles, $functions, $scopes, $isServiceAccount): UserInterface
+    {
+        $container = $this->client->getContainer();
+
+        if ($isServiceAccount) {
+            $person = null;
+        } else {
+            $person = new Person();
+            $person->setIdentifier($id);
+            $person->setFunctions($functions);
+            $person->setRoles($roles);
+            $person->setAccountTypes([]);
+        }
+        $personProvider = new DummyPersonProvider($person);
+
+        $user = new KeycloakBearerUser($id, $token, $personProvider, $isServiceAccount, $scopes);
+        $userProvider = new DummyUserProvider($user);
+        $container->set("test.App\Security\User\KeycloakBearerUserProvider", $userProvider);
+        $container->set("test.App\Service\PersonProviderInterface", $personProvider);
+
+        return $user;
+    }
+
+    protected function withUser($id, $token, $roles, $functions, $scopes): UserInterface
+    {
+        return $this->withUserEx($id, $token, $roles, $functions, $scopes, false);
+    }
+
+    protected function withServiceAccount($id, $token, $scopes): UserInterface
+    {
+        return $this->withUserEx($id, $token, [], [], $scopes, true);
+    }
+
+    public function testServiceAccountRoles()
+    {
+        $user = $this->withServiceAccount('foobar', '42', ['SCOPE1', 'SCOPE2']);
+        $this->assertEquals(['ROLE_SCOPE_SCOPE1', 'ROLE_SCOPE_SCOPE2'], $user->getRoles());
+    }
+
+    public function testScopeToRolesMapping()
+    {
+        $this->withUser('foobar', '42', ['SOMEROLE'], ['FUNC'], ['SCOPE1', 'SCOPE2']);
+
+        $container = $this->client->getContainer();
+        $userProvider = $container->get("test.App\Security\User\KeycloakBearerUserProvider");
+        $user = $userProvider->loadUserByUsername('42');
+        $this->assertEquals($user->getRoles(), ['SOMEROLE', 'ROLE_SCOPE_SCOPE1', 'ROLE_SCOPE_SCOPE2']);
+    }
+
+    public function testIsServiceAccountToken()
+    {
+        $this->assertTrue(KeycloakBearerUserProvider::isServiceAccountToken(['scope' => 'foo bar']));
+        $this->assertFalse(KeycloakBearerUserProvider::isServiceAccountToken(['scope' => 'openid foo bar']));
+        $this->assertFalse(KeycloakBearerUserProvider::isServiceAccountToken(['scope' => 'openid']));
+        $this->assertFalse(KeycloakBearerUserProvider::isServiceAccountToken(['scope' => 'foo openid bar']));
+        $this->assertFalse(KeycloakBearerUserProvider::isServiceAccountToken(['scope' => 'foo bar openid']));
+    }
+
+    public function testGetPersonNoAuth()
+    {
+        $this->withUser('foobar', '42', [], [], []);
+        $response = $this->client->request('GET', '/people/foobar');
+        $this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+    }
+
+    public function testGetPersonWrongAuth()
+    {
+        $this->withUser('foobar', '42', [], [], []);
+        $response = $this->client->request('GET', '/people/foobar', ['headers' => [
+            'Authorization' => 'Bearer NOT42',
+        ]]);
+        $this->assertEquals(Response::HTTP_FORBIDDEN, $response->getStatusCode());
+    }
+
+    public function testGetPerson()
+    {
+        $this->withUser('foobar', '42', [], [], []);
+        $response = $this->client->request('GET', '/people/foobar', ['headers' => [
+            'Authorization' => 'Bearer 42',
+        ]]);
+        $this->assertJson($response->getContent(false));
+        $data = json_decode($response->getContent(false), true);
+        $this->assertEquals('/people/foobar', $data['@id']);
+    }
+
+    public function testGetPersonRolesFunctions()
+    {
+        $this->withUser('foobar', '42', ['ROLE'], ['FUNC'], []);
+        $response = $this->client->request('GET', '/people/foobar', ['headers' => [
+            'Authorization' => 'Bearer 42',
+        ]]);
+        $data = json_decode($response->getContent(), true);
+        $this->assertEquals(['ROLE'], $data['roles']);
+        $this->assertEquals(['FUNC'], $data['functions']);
+    }
+}

tests/Kernel.php

+<?php
+
+declare(strict_types=1);
+
+namespace DBP\API\CoreBundle\Tests;
+
+use ApiPlatform\Core\Bridge\Symfony\Bundle\ApiPlatformBundle;
+use DBP\API\CoreBundle\DbpCoreBundle;
+use Nelmio\CorsBundle\NelmioCorsBundle;
+use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
+use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
+use Symfony\Bundle\SecurityBundle\SecurityBundle;
+use Symfony\Bundle\TwigBundle\TwigBundle;
+use Symfony\Component\Config\Loader\LoaderInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\HttpKernel\Kernel as BaseKernel;
+use Symfony\Component\Routing\RouteCollectionBuilder;
+
+class Kernel extends BaseKernel
+{
+    use MicroKernelTrait;
+
+    public function registerBundles(): iterable
+    {
+        yield new FrameworkBundle();
+        yield new SecurityBundle();
+        yield new TwigBundle();
+        yield new NelmioCorsBundle();
+        yield new ApiPlatformBundle();
+        yield new DbpCoreBundle();
+    }
+
+    protected function configureRoutes(RouteCollectionBuilder $routes)
+    {
+        $routes->import($this->getProjectDir().'/../../config/routes/api_platform.yaml');
+    }
+
+    protected function configureContainer(ContainerBuilder $c, LoaderInterface $loader)
+    {
+        $c->loadFromExtension('framework', [
+            'test' => true,
+        ]);
+    }
+}

tests/LDAPApiTest.php

+<?php
+
+declare(strict_types=1);
+
+namespace DBP\API\CoreBundle\Tests;
+
+use Adldap\Connections\ConnectionInterface;
+use Adldap\Models\User as AdldapUser;
+use Adldap\Query\Builder;
+use Adldap\Query\Grammar;
+use ApiPlatform\Core\Bridge\Symfony\Bundle\Test\ApiTestCase;
+use DBP\API\CoreBundle\Service\GuzzleLogger;
+use DBP\API\CoreBundle\Service\LDAPApi;
+use DBP\API\CoreBundle\Service\TUGOnlineApi;
+use Mockery;
+use Monolog\Handler\NullHandler;
+use Monolog\Logger;
+use Symfony\Component\Security\Core\Security;
+
+class LDAPApiTest extends ApiTestCase
+{
+    /**
+     * @var LDAPApi
+     */
+    private $api;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $client = static::createClient();
+        $security = new Security($client->getContainer());
+        $nullLogger = new Logger('dummy', [new NullHandler()]);
+        $guzzleLogger = new GuzzleLogger($nullLogger);
+        $tugapi = new TUGOnlineApi($client->getContainer(), $security, $guzzleLogger);
+
+        $this->api = new LDAPApi($client->getContainer(), $tugapi, $security, $nullLogger);
+    }
+
+    public function testBasic()
+    {
+        $this->expectExceptionMessageMatches('/.*/');
+        $this->api->getPerson('____nope____');
+    }
+
+    protected function newBuilder()
+    {
+        $connection = Mockery::mock(ConnectionInterface::class);
+
+        return new Builder($connection, new Grammar());
+    }
+
+    public function testLDAPParsing()
+    {
+        $user = new AdldapUser([
+            'cn' => ['John Doe'],
+            'dateofbirth' => ['1994-06-24 00:00:00'],
+        ], $this->newBuilder());
+
+        $person = $this->api->personFromUserItem($user, false);
+
+        $this->assertEquals(new \DateTime('1994-06-24'), $person->getBirthDate());
+    }
+}

tests/Test.php

+<?php
+
+declare(strict_types=1);
+
+namespace DBP\API\CoreBundle\Tests;
+
+use ApiPlatform\Core\Bridge\Symfony\Bundle\Test\ApiTestCase;
+use ApiPlatform\Core\Bridge\Symfony\Bundle\Test\Client;
+use Symfony\Component\HttpFoundation\Response;
+
+class Test extends ApiTestCase
+{
+    /** @var Client */
+    protected $client;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->client = static::createClient();
+    }
+
+    public function testIndex()
+    {
+        $response = $this->client->request('GET', '/');
+        $this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
+    }
+
+    public function testJSONLD()
+    {
+        $response = $this->client->request('GET', '/', ['headers' => ['HTTP_ACCEPT' => 'application/ld+json']]);
+        $this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
+        $this->assertJson($response->getContent(false));
+    }
+}