2

I'm making a REST api with basic http authentication.

The authentication works as expected in a browser and Postman, status 200 Ok and controller behaving fine if the credentials are entered right, 401 Unauthorized otherwise.

The problem is that I'm struggling to make the phpunit test to successfully authenticate, it always returns a 401 Unauthorized code and I can't get why.

security.yml:

security:
providers:
    in_memory:
        memory:
            users:
                test:
                    password: testpass
                    roles: 'ROLE_TEST'

encoders:
    Symfony\Component\Security\Core\User\User: plaintext

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    default:
        anonymous: ~
        http_basic: ~

access_control:
    - { path: ^/api/test, roles: ROLE_TEST }

ApiControllerTest.php 

namespace ApiBundle\Tests\Controller;

use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Response;

class ApiControllerTest extends WebTestCase
{
    public function testIndex()
    {

        $client = static::createClient();

        $crawler = $client->request(
            'GET',
            '/api/test/hello/unittestname',
            array(),
            array(),
            array(),
            array('PHP_AUTH_USER' => 'test', 'PHP_AUTH_PW' => 'testpass'));

        $this->assertSame(Response::HTTP_OK, $client->getResponse()->getStatusCode());

    }
}

launching the test :

1) ApiBundle\Tests\Controller\ApiControllerTest::testIndex
Failed asserting that 401 is identical to 200.
TNCreator
  • 123
  • 6
  • are you logged in as that user? First try as anonymous and configure your app with this `- { path: ^/api/test, role: IS_AUTHENTICATED_ANONYMOUSLY }` and by the way is **role** not _roles_ – Rodolfo Velasco May 04 '17 at 17:13
  • @RodolVelasco , I used "roles" following this doc : http://symfony.com/doc/2.8/security.html#add-code-to-deny-access – TNCreator May 05 '17 at 06:54

1 Answers1

4

Depends on documentation base authentication credentials should be passed in $_SERVER. The same point is mentioned in Symfony documentation ("More about the request() Method" section).

Put the credentials into fifth argument - server parameters.

$crawler = $client->request(
    'GET',
    '/api/test/hello/unittestname',
    [],
    [],
    ['PHP_AUTH_USER' => 'test', 'PHP_AUTH_PW' => 'testpass']
);
miikes
  • 964
  • 7
  • 13
  • That was it, I found some sources putting the credentials in the 6th argument, I should have stuck with the sf2 doc. thanks ! – TNCreator May 05 '17 at 06:50