Appwrite/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite.git synced 2026-05-26 13:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feat/command-execute-migration
appwrite/tests/e2e/Services/Tokens/TokensConsoleClientTest.php
T
Chirag Aggarwal d2230f8fe7 chore: bump PHPStan to level 4 and fix all new errors 
Raises `phpstan.neon` level from 3 to 4 and fixes the 549 new errors
that level 4 surfaces across 157 files. Fixes are root-cause — no
`@phpstan-ignore`, no `@var` casts, no baseline entries, no widened
types. A handful of latent bugs were fixed along the way:

- `app/controllers/general.php`: path-traversal guard was negating
  `\substr(...)` before the strict comparison (`!\substr(...) === $base`
  was always `false === $base`). Rewritten as `\substr(...) !== $base`.
- `src/Appwrite/Platform/Modules/Databases/Http/Databases/Logs/XList.php`
  and `.../TablesDB/Logs/XList.php`: were importing the raw Matomo
  `DeviceDetector` (whose `getDevice()` returns `?int`) but treating the
  result as an array with `deviceName/deviceBrand/deviceModel` keys.
  Swapped to `Appwrite\Detector\Detector`, matching the wrapper already
  used a few lines below for `$os`/`$client`.
- `src/Appwrite/Platform/Modules/Functions/Workers/Builds.php`: a match
  key was checking `$resourceKey === 'functions'` when `$resourceKey`
  is `'functionId'|'siteId'` — always false. Switched to the intended
  `$resource->getCollection() === 'functions'` check.
- `src/Appwrite/OpenSSL/OpenSSL.php`: `encrypt()` return type tightened
  to `string|false` to match `openssl_encrypt`; this lets callers'
  `=== false` error handling remain meaningful.
- `app/controllers/api/messaging.php`: removed a dead
  `array_key_exists('from', [])` branch in the Msg91 provider (empty
  array literal; branch was unreachable).

Large cleanup categories across the 549 fixes:
- Removed redundant `?? default` on array offsets and expressions that
  PHPStan now knows are non-nullable.
- Removed unreachable statements (mostly `return;` after `throw` or
  `markTestSkipped()`).
- Removed redundant `is_array`/`is_string`/`is_bool`/`instanceof` checks
  on already-narrowed types.
- Added `default =>` arms (or throwing arms) to non-exhaustive matches
  on `string`/`mixed` input.
- Removed dead `$document === false` branches where method return types
  were tightened to non-nullable `Document`.
- Removed unused properties (`$version` on Etsy/Zoom OAuth2, `$paths` on
  Installer State, `$source` on MigrationsWorker, `$account2` on two
  GraphQL auth tests), unused traits (`ApiVectorsDB`, `DatabaseFixture`),
  and an unused `cleanupStaleExecutions` task method.
- Replaced `assertTrue(true)` and redundant `assertIsArray`/`assertIsString`/
  `assertNotNull` assertions with `addToAssertionCount(1)` or
  `assertNotEmpty` where the runtime type was already known.
2026-04-19 17:31:20 +05:30

308 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
namespace Tests\E2E\Services\Tokens;
use Ahc\Jwt\JWT;
use Ahc\Jwt\JWTException;
use CURLFile;
use Tests\E2E\Client;
use Tests\E2E\Scopes\ProjectCustom;
use Tests\E2E\Scopes\Scope;
use Tests\E2E\Scopes\SideServer;
use Utopia\Database\Helpers\ID;
use Utopia\Database\Helpers\Permission;
use Utopia\Database\Helpers\Role;
use Utopia\Database\Validator\Datetime as DatetimeValidator;
use Utopia\System\System;
class TokensConsoleClientTest extends Scope
{
use TokensBase;
use ProjectCustom;
use SideServer;
private static array $tokenData = [];
protected function setupToken(): array
{
if (!empty(self::$tokenData)) {
return self::$tokenData;
}
$bucket = $this->client->call(Client::METHOD_POST, '/storage/buckets', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()), [
'bucketId' => ID::unique(),
'name' => 'Test Bucket',
'fileSecurity' => true,
'maximumFileSize' => 2000000, //2MB
'allowedFileExtensions' => ['jpg', 'png', 'jfif'],
'permissions' => [
Permission::read(Role::any()),
Permission::create(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
],
]);
$bucketId = $bucket['body']['$id'];
$file = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', array_merge([
'content-type' => 'multipart/form-data',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'fileId' => ID::unique(),
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'permissions' => [
Permission::read(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
],
]);
$fileId = $file['body']['$id'];
$token = $this->client->call(Client::METHOD_POST, '/tokens/buckets/' . $bucketId . '/files/' . $fileId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()));
self::$tokenData = [
'fileId' => $fileId,
'bucketId' => $bucketId,
'tokenId' => $token['body']['$id'],
];
return self::$tokenData;
}
public function testCreateToken(): void
{
$bucket = $this->client->call(Client::METHOD_POST, '/storage/buckets', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()), [
'bucketId' => ID::unique(),
'name' => 'Test Bucket',
'fileSecurity' => true,
'maximumFileSize' => 2000000, //2MB
'allowedFileExtensions' => ['jpg', 'png', 'jfif'],
'permissions' => [
Permission::read(Role::any()),
Permission::create(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
],
]);
$this->assertEquals(201, $bucket['headers']['status-code']);
$this->assertNotEmpty($bucket['body']['$id']);
$bucketId = $bucket['body']['$id'];
$file = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', array_merge([
'content-type' => 'multipart/form-data',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'fileId' => ID::unique(),
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'permissions' => [
Permission::read(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
],
]);
$this->assertEquals(201, $file['headers']['status-code']);
$this->assertNotEmpty($file['body']['$id']);
$fileId = $file['body']['$id'];
// Failure case: Expire date is in the past
$token = $this->client->call(Client::METHOD_POST, '/tokens/buckets/' . $bucketId . '/files/' . $fileId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()), [
'expire' => '2022-11-02',
]);
$this->assertEquals(400, $token['headers']['status-code']);
$this->assertStringContainsString('Value must be valid date in the future', $token['body']['message']);
// Success cases: With & without expiry
$expireList = [null, date('Y-m-d', strtotime("tomorrow"))];
foreach ($expireList as $expire) {
$token = $this->client->call(Client::METHOD_POST, '/tokens/buckets/' . $bucketId . '/files/' . $fileId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()), [
'expire' => $expire,
]);
$this->assertEquals(201, $token['headers']['status-code']);
$this->assertEquals('files', $token['body']['resourceType']);
$this->assertNotEmpty($token['body']['$id']);
$this->assertNotEmpty($token['body']['secret']);
// Verify the generated token JWT contains correct resource information
$jwt = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400 * 365 * 10, 10); // 10 years maxAge
try {
$payload = $jwt->decode($token['body']['secret']);
$this->assertArrayHasKey('tokenId', $payload, 'JWT payload should contain tokenId');
$this->assertArrayHasKey('resourceId', $payload, 'JWT payload should contain resourceId');
$this->assertArrayHasKey('resourceType', $payload, 'JWT payload should contain resourceType');
$this->assertArrayHasKey('resourceInternalId', $payload, 'JWT payload should contain resourceInternalId');
$this->assertArrayHasKey('iat', $payload, 'JWT payload should contain iat');
if (!empty($expire)) {
$this->assertArrayHasKey('exp', $payload, 'JWT payload should contain exp');
} else {
$this->assertArrayNotHasKey('exp', $payload, 'JWT payload should not contain exp field for tokens without expiry');
}
$this->assertEquals($token['body']['$id'], $payload['tokenId'], 'JWT tokenId should match token ID');
$this->assertEquals($bucketId . ':' . $fileId, $payload['resourceId'], 'JWT resourceId should match bucketId:fileId format');
$this->assertEquals('files', $payload['resourceType'], 'JWT resourceType should be files');
} catch (JWTException $e) {
$this->fail('Failed to decode JWT: ' . $e->getMessage());
}
}
}
public function testUpdateToken(): void
{
$data = $this->setupToken();
$tokenId = $data['tokenId'];
// Failure case: Expire date is in the past
$token = $this->client->call(Client::METHOD_PATCH, '/tokens/' . $tokenId, [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'expire' => '2022-11-02',
]);
$this->assertEquals(400, $token['headers']['status-code']);
$this->assertStringContainsString('Value must be valid date in the future', $token['body']['message']);
// Finite expiry
$expiry = date('Y-m-d', strtotime("tomorrow"));
$token = $this->client->call(Client::METHOD_PATCH, '/tokens/' . $tokenId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()), [
'expire' => $expiry,
]);
$dateValidator = new DatetimeValidator();
$this->assertTrue($dateValidator->isValid($token['body']['expire']));
// Verify JWT contains correct expiration using native JWT decode
$this->assertNotEmpty($token['body']['secret']);
$jwt = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400 * 365 * 10, 10); // 10 years maxAge
try {
$payload = $jwt->decode($token['body']['secret']);
$this->assertArrayHasKey('exp', $payload, 'JWT payload should contain exp field');
$expectedExp = (new \DateTime($expiry))->getTimestamp();
$this->assertEquals($expectedExp, $payload['exp'], 'JWT exp should match token expiry');
} catch (JWTException $e) {
$this->fail('Failed to decode JWT: ' . $e->getMessage());
}
// Infinite expiry
$token = $this->client->call(Client::METHOD_PATCH, '/tokens/' . $tokenId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()), [
'expire' => null,
]);
$this->assertEmpty($token['body']['expire']);
// Verify JWT does not contain exp for infinite expiry using native JWT decode
try {
$payload = $jwt->decode($token['body']['secret']);
$this->assertArrayNotHasKey('exp', $payload, 'JWT payload should not contain exp field for infinite expiry');
} catch (JWTException $e) {
$this->fail('Failed to decode JWT: ' . $e->getMessage());
}
}
public function testListTokens(): void
{
$data = $this->setupToken();
$res = $this->client->call(
Client::METHOD_GET,
'/tokens/buckets/' . $data['bucketId'] . '/files/' . $data['fileId'],
array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders())
);
$this->assertIsArray($res['body']);
$this->assertEquals(200, $res['headers']['status-code']);
$this->assertArrayHasKey('tokens', $res['body']);
$this->assertIsArray($res['body']['tokens']);
$this->assertGreaterThan(0, count($res['body']['tokens']), 'Should have at least one token');
// Verify each token in the list
$jwt = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400 * 365 * 10, 10); // 10 years maxAge
foreach ($res['body']['tokens'] as $token) {
$this->assertArrayHasKey('$id', $token, 'Token should have an ID');
$this->assertArrayHasKey('secret', $token, 'Token should have a secret');
$this->assertArrayHasKey('resourceType', $token, 'Token should have resourceType');
$this->assertArrayHasKey('resourceId', $token, 'Token should have resourceId');
$this->assertEquals('files', $token['resourceType'], 'Token resourceType should be files');
$this->assertEquals($data['bucketId'] . ':' . $data['fileId'], $token['resourceId'], 'Token resourceId should match bucketId:fileId format');
// Verify the JWT token is valid and contains correct information
try {
$payload = $jwt->decode($token['secret']);
$this->assertArrayHasKey('tokenId', $payload, 'JWT payload should contain tokenId');
$this->assertArrayHasKey('resourceId', $payload, 'JWT payload should contain resourceId');
$this->assertArrayHasKey('resourceType', $payload, 'JWT payload should contain resourceType');
$this->assertArrayHasKey('resourceInternalId', $payload, 'JWT payload should contain resourceInternalId');
$this->assertArrayHasKey('iat', $payload, 'JWT payload should contain iat');
if (!empty($token['expire'])) {
$this->assertArrayHasKey('exp', $payload, 'JWT payload should contain exp');
}
$this->assertEquals($token['$id'], $payload['tokenId'], 'JWT tokenId should match token ID');
$this->assertEquals($data['bucketId'] . ':' . $data['fileId'], $payload['resourceId'], 'JWT resourceId should match bucketId:fileId format');
$this->assertEquals('files', $payload['resourceType'], 'JWT resourceType should be files');
} catch (JWTException $e) {
$this->fail('Failed to decode JWT for token ' . $token['$id'] . ': ' . $e->getMessage());
}
}
}
public function testDeleteToken(): void
{
// Create a fresh token specifically for deletion test
$data = $this->setupToken();
$bucketId = $data['bucketId'];
$fileId = $data['fileId'];
// Create a new token to delete
$token = $this->client->call(Client::METHOD_POST, '/tokens/buckets/' . $bucketId . '/files/' . $fileId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()));
$this->assertEquals(201, $token['headers']['status-code']);
$tokenId = $token['body']['$id'];
$res = $this->client->call(Client::METHOD_DELETE, '/tokens/' . $tokenId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id']
], $this->getHeaders()));
$this->assertEquals(204, $res['headers']['status-code']);
}
}
Reference in New Issue View Git Blame Copy Permalink