From a550c7c85354950b981bb49dbc519f83f89026a7 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Wed, 29 Jan 2025 18:32:56 +0100
Subject: Add error message on missing owa auth headers

If the /owa endpoint received a request with a missing or invalid
Authorization header, it would return an error to the requester, but
without any message describing why it failes.

This patch adds a message to the error response, so that it will be a
bit easier to debug these issues in the future.

The owa spec includes a 'message' field in the error response, but makes
it optional. Any conforming implementations should accept a response
that includes the 'message' field.
---
 tests/unit/Module/OwaTest.php | 64 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 tests/unit/Module/OwaTest.php

(limited to 'tests')

diff --git a/tests/unit/Module/OwaTest.php b/tests/unit/Module/OwaTest.php
new file mode 100644
index 000000000..dbb25c0b5
--- /dev/null
+++ b/tests/unit/Module/OwaTest.php
@@ -0,0 +1,64 @@
+<?php
+/*
+ * SPDX-FileCopyrightText: 2025 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+namespace Zotlabs\Tests\Unit\Module;
+
+class OwaTest extends TestCase
+{
+	public function testShouldReturnErrorIfNoAuthorizationHeader(): void
+	{
+		// Expect the call to return error
+		$this->expectJsonResponse([
+			'success' => false,
+			'message' => 'Missing or invalid authorization header.'
+		]);
+
+		$this->get('owa');
+	}
+
+	public function testShouldReturnErrorIfWrongAuthorizationHeader(): void
+	{
+		// Expect the call to return error
+		$this->expectJsonResponse([
+			'success' => false,
+			'message' => 'Missing or invalid authorization header.'
+		]);
+
+		$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer kjkjhkjhkjh';
+		$this->get('owa');
+	}
+
+	public function testShouldReturnErrorIfInvalidAuthorizationHeader(): void
+	{
+		// Expect the call to return error
+		$this->expectJsonResponse(['success' => false]);
+
+		$_SERVER['HTTP_AUTHORIZATION'] = 'Signature kjkjhkjhkjh';
+		$this->get('owa');
+	}
+
+	/**
+	 * Expect the request to be terminated and return a json response.
+	 */
+	private function expectJsonResponse(array $data): void
+	{
+		$this->getFunctionMock('Zotlabs\Module', 'json_return_and_die')
+		    ->expects($this->once())
+		    ->with(
+				$this->identicalTo($data),
+				$this->identicalTo('application/x-zot+json')
+			)
+			->willReturnCallback(
+				function() {
+					throw new KillmeException();
+				}
+			);
+
+		$this->expectException(KillmeException::class);
+	}
+}
-- 
cgit v1.2.3