AspireCloud/tests/Feature/API/WpOrg/SecretKeyControllerTest.php
Chuck Adams e3bb766b61
minor tweaks ahead of upgrades (#198)
* zap: drop redundant caching middleware

* fix: make PluginFactory generate proper versions format

* refactor: use $this->get directly instead of makeApiRequest

* ci: pin action versions in dependency-review action (irony)

Admittedly if actions/checkout is ever compromised, it's game over anyway.

* ci: make OSSF scorecard action manual-only

* ci: pin all runners onto ubuntu-24.04

* test: inline the sole use of assertWpPluginAPIStructure

* meta: add github-actions to dependabot

* build: composer upgrade and bump
2025-03-17 15:02:02 -06:00

94 lines
2.9 KiB
PHP

<?php
namespace Tests\Feature\API\WpOrg;
use App\Http\Controllers\API\WpOrg\SecretKey\SecretKeyController;
$validKeys = SecretKeyController::VALID_KEY_CHARACTERS;
// Helper function to validate keys
function validateKeys(string $content, array $expectedKeyNames, string $validKeys): void
{
foreach ($expectedKeyNames as $keyName) {
preg_match("/define\\('$keyName',\\s+'([^']+)'\\);/", $content, $matches);
// Ensure we have a match and a captured group
expect($matches)->toHaveCount(2);
// Extract the key value from the matches
$keyValue = $matches[1];
// Validate that the key contains only valid characters
expect(preg_match('/^[' . preg_quote($validKeys, '/') . ']{64}$/', $keyValue))
->toBe(1)
->and(preg_match(
'/^define\(\'' . preg_quote(
$keyName,
'/',
) . '\',\s+\'[^\']+\'\);$/',
$matches[0],
))->toBe(1);
}
}
it(
'can generate a secret keys for version 1.0 and 1.1',
function (string $version, int $expectedKeys) use ($validKeys) {
$response = $this->get("/secret-key/$version");
expect($response->getStatusCode())
->toBe(200)
->and($response->headers->get('Content-Type'))->toContain('text/plain');
$expectedKeyNames = match ($version) {
'1.0' => ['SECRET_KEY'],
'1.1' => ['AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY'],
};
$content = $response->getContent();
// Validate the number of keys, the +1 is for the last line break
expect(explode("\n", $content))->toHaveCount($expectedKeys + 1);
validateKeys($content, $expectedKeyNames, $validKeys);
},
)->with([
'1.0 version' => ['1.0', 1],
'1.1 version' => ['1.1', 4],
]);
it('can generate a secret keys with salt for version 1.1', function () use ($validKeys) {
$response = $this->get('/secret-key/1.1/salt');
expect($response->getStatusCode())
->toBe(200)
->and($response->headers->get('Content-Type'))->toContain('text/plain');
$content = $response->getContent();
// Validate the number of keys, the +1 is for the last line break
expect(explode("\n", $content))->toHaveCount(8 + 1);
$expectedKeyNames = [
'AUTH_KEY',
'SECURE_AUTH_KEY',
'LOGGED_IN_KEY',
'NONCE_KEY',
'AUTH_SALT',
'SECURE_AUTH_SALT',
'LOGGED_IN_SALT',
'NONCE_SALT',
];
validateKeys($content, $expectedKeyNames, $validKeys);
});
it('returns 404 for unsupported salt versions', function () {
$response = $this->get('/secret-key/1.0/salt');
expect($response->getStatusCode())->toBe(404);
});
it('returns 404 for unsupported secret key versions', function () {
$response = $this->get('/secret-key/2.0');
expect($response->getStatusCode())->toBe(404);
});