README

🧰 Provides lightweight jwt authorization utilities for Api Testing in Symfony applications. In essence, this package integrates Lexik JWT Authentication Bundle into your Api Test Cases.

Quick Start

Installation 📥

1. Install via composer

   composer require --dev phphd/api-testing

2. Enable the bundle in the bundles.php

   PhPhD\ApiTesting\Bundle\PhdApiTestingBundle::class => ['test' => true],

Configuration ⚒️

Create phd_api_testing.yaml configuration file under config/packages/test directory. It's necessary to specify service id of application user provider here. If you have only one authenticated user entity (hence, one provider), use current default configuration.

phd_api_testing:
    jwt_authenticators:
        -   name: default
            user_provider: security.user_providers

Usage 🚀

In your Api Test class use JwtLoginTrait and login method to handle authentication:

use PhPhD\ApiTesting\Jwt\JwtLoginTrait;

final class ExampleProtectedApiTest extends ApiTestCase
{
    use JwtLoginTrait;
    
    // ...

    public function testAccessFeatureWithoutPassword(): void
    {
        $token = $this->login('username');

        $this->client->request('GET', '/api/protected-route', [
            'auth_bearer' => $token,
        ]);

        self::assertResponseStatusCodeSame(200);
    }
}

In this example, login is used to generate jwt token for username user so that api request will be sent on his behalf.

Advanced Configuration ⚙️

Multiple Authenticators

It is possible to use multiple authenticators for your specific needs. For instance if you have admin panel alongside your main authenticated application, you may want to use the dedicated authenticator.

In essence, if you're utilizing security.user_providers, additional configuration is typically unnecessary, since security.user_providers acts as a chain user provider, meaning that first found user from any subordinate providers will be used.

Nonetheless, in case of conflicting usernames or any other specific reason, you may register an additional authenticator in the same configuration file by different name:

phd_api_testing:
    jwt_authenticators:
        -   name: admin
            user_provider: security.user.provider.concrete.api_admin_user_provider

In this config, api_admin_user_provider is the name of user provider from security.yaml and admin - just an alias for our usage in tests.

Having registered authenticator, we may use its alias as a second parameter of login method:

public function testDedicatedAdminAuthenticator(): void
{
    $token = $this->login('admin@test.com', authenticator: 'admin');

    $this->client->request('GET', '/api/admin/protected-route', [
        'auth_bearer' => $token,
    ]);

    self::assertResponseStatusCodeSame(200);
}