mirror of
https://github.com/appwrite/appwrite.git
synced 2026-05-26 13:51:13 +00:00
Matej Bačo
104 lines
3.3 KiB
PHP
104 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace Tests\E2E\Services\Project;
|
|
|
|
use Tests\E2E\Client;
|
|
use Tests\E2E\Scopes\ProjectCustom;
|
|
use Tests\E2E\Scopes\Scope;
|
|
use Tests\E2E\Scopes\SideServer;
|
|
use Utopia\Database\Helpers\ID;
|
|
|
|
class KeysIntegrationTest extends Scope
|
|
{
|
|
use ProjectCustom;
|
|
use SideServer;
|
|
|
|
public function testEphemeralKeyScopeEnforcement(): void
|
|
{
|
|
$projectId = $this->getProject()['$id'];
|
|
$apiKey = $this->getProject()['apiKey'];
|
|
|
|
$serverHeaders = [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'x-appwrite-key' => $apiKey,
|
|
];
|
|
|
|
$consoleHeaders = [
|
|
'origin' => 'http://localhost',
|
|
'content-type' => 'application/json',
|
|
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
|
|
'x-appwrite-mode' => 'admin',
|
|
'x-appwrite-project' => $projectId,
|
|
];
|
|
|
|
// Step 1: Create an ephemeral key scoped to users.read only.
|
|
$ephemeralKey = $this->client->call(
|
|
Client::METHOD_POST,
|
|
'/project/keys/ephemeral',
|
|
$serverHeaders,
|
|
[
|
|
'scopes' => ['users.read'],
|
|
'duration' => 900,
|
|
]
|
|
);
|
|
$this->assertSame(201, $ephemeralKey['headers']['status-code']);
|
|
$this->assertNotEmpty($ephemeralKey['body']['secret']);
|
|
|
|
$ephemeralKeySecret = $ephemeralKey['body']['secret'];
|
|
|
|
$ephemeralHeaders = [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'x-appwrite-key' => $ephemeralKeySecret,
|
|
];
|
|
|
|
// Step 2: Create a project user using console headers.
|
|
$user = $this->client->call(
|
|
Client::METHOD_POST,
|
|
'/users',
|
|
$consoleHeaders,
|
|
[
|
|
'userId' => ID::unique(),
|
|
'email' => 'ephemeral_key_' . \uniqid() . '@localhost.test',
|
|
'password' => 'password1234',
|
|
'name' => 'Ephemeral Key Test User',
|
|
]
|
|
);
|
|
$this->assertSame(201, $user['headers']['status-code']);
|
|
$userId = $user['body']['$id'];
|
|
|
|
// Step 3: Ephemeral key can list users.
|
|
$list = $this->client->call(
|
|
Client::METHOD_GET,
|
|
'/users',
|
|
$ephemeralHeaders
|
|
);
|
|
$this->assertSame(200, $list['headers']['status-code']);
|
|
$this->assertGreaterThanOrEqual(1, $list['body']['total']);
|
|
|
|
// Step 4: Ephemeral key can get the specific user.
|
|
$get = $this->client->call(
|
|
Client::METHOD_GET,
|
|
'/users/' . $userId,
|
|
$ephemeralHeaders
|
|
);
|
|
$this->assertSame(200, $get['headers']['status-code']);
|
|
$this->assertSame($userId, $get['body']['$id']);
|
|
|
|
// Step 5: Ephemeral key cannot create users (missing users.write scope).
|
|
$createAttempt = $this->client->call(
|
|
Client::METHOD_POST,
|
|
'/users',
|
|
$ephemeralHeaders,
|
|
[
|
|
'userId' => ID::unique(),
|
|
'email' => 'should_fail_' . \uniqid() . '@localhost.test',
|
|
'password' => 'password1234',
|
|
'name' => 'Should Fail',
|
|
]
|
|
);
|
|
$this->assertSame(401, $createAttempt['headers']['status-code']);
|
|
}
|
|
}
|