2

I'am trying to authenticate a user by adding the PHP_AUTH_USER and PHP_AUTH_PW to the $_ENV-Variable, but this has no affect. I'am using the following configuration with memory-Storage:

$this->loadComponent('Auth', [
        'authenticate' => [
            'Basic' => [
                'fields' => ['username' => 'username', 'password' => 'password'],
                'userModel' => 'CmUsers'
            ],
        ],
        'storage' => 'Memory',
        'unauthorizedRedirect' => false
]);

The Test fails with exception 'Cake\Network\Exception\UnauthorizedException' with message 'Unauthorized'.

public function testIndex()
{         
    $_ENV['PHP_AUTH_USER'] = 'ApiUser';  
    $_ENV['PHP_AUTH_PW'] = '123456';   

    $this->get('/index');                

    $this->assertResponseOk();                         
}

Does anyone have an idea how to add the authentication-data to the request?

If I follow the advice from @ndm and add the Authentication-Header... 

$this->configRequest([
            'environment' => [
                'PHP_AUTH_USER' => 'ApiUser',
                'PHP_AUTH_PW' => '123456',                  
            ],
            'headers' => ['Authorization' => 'Basic ApiUser:123456']
]);

... the envirement Variables looks like this:

[_environment:protected] => Array
    (
        [HTTP_AUTHORIZATION] => Basic ApiUser:123456
        [REQUEST_METHOD] => GET
        [PHP_AUTH_USER] => ApiUser
        [PHP_AUTH_PW] => 123456
        [HTTP_X_HTTP_METHOD_OVERRIDE] => 
        [ORIGINAL_REQUEST_METHOD] => GET
        [SERVER_PORT] => 
        [HTTPS] => 
        [HTTP_HOST] => 
    )

My Fixture looks like this:

public $records = [
    [
        'id' => 2,
        'username' => 'ApiUser',
        'password' => '123456',
        'role' => 'api-user',
        'created' => 1460710056,
        'modified' => 1460710056
    ],        
];

Unfortunately the request still gets blocked.

Niklas
  • 95
  • 1
  • 9

1 Answers1

2

Integration test cases should never fiddle with superglobals, as they usually aren't touched by the test case in order to avoid polluting the test environment with non-CakePHP request related data.

The test request can be configured via the \Cake\TestSuite\IntegrationTestCase::configRequest() method. It accepts an array which will basically just be passed to the \Cake\Network\Request constructor of the request object used by the test.

Long story short, environment variables can be defined via the environment config key, like

public function testIndex()
{
    $this->configRequest([
        'environment' => [
            'PHP_AUTH_USER' => 'ApiUser',
            'PHP_AUTH_PW' => '123456'
        ]
    ]);  

    $this->get('/index');                

    $this->assertResponseOk();                         
}

See also

ndm
  • 59,784
  • 9
  • 71
  • 110
  • Thanks, thats a good advice. Unfortunately the request still gets blocked. I' am wondering if I have to write the Userdata somehow manually in the Memory-Database?! In my development envirement it works fine, but in my testcases is fails. – Niklas May 19 '16 at 12:06
  • Even adding the header `'headers' => ['Authorization' => 'Basic ApiUser:123456']` to the `configRequest` does not work. – Niklas May 19 '16 at 12:18
  • 1
    @Niklas Works fine for me, looking at your updated question, your fixture is incorrect, as the password isn't hashed! The fixture data will be written directly to the database (via `Query::insert/into()`), it is not being processed by your tables and entities, ie the password will be stored as is. – ndm May 19 '16 at 12:46