ap2i/tests/Unit/Service/Security/InternalRequestsServiceTest.php

<?php

namespace App\Tests\Unit\Service\Security;

use App\Entity\Access\Access;
use App\Service\Security\InternalRequestsService;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Security\Core\User\UserInterface;

class TestableInternalRequestsService extends InternalRequestsService
{
    public function isInternalIp(string $clientIp): bool
    {
        return parent::isInternalIp($clientIp);
    }

    public function tokenIsValid(string|null $token): bool
    {
        return parent::tokenIsValid($token);
    }
}

class InternalRequestsServiceTest extends TestCase
{
    public const internalRequestsToken = 'azerty';
    private Security $security;

    public function setUp(): void
    {
        $this->security = $this->getMockBuilder(Security::class)->disableOriginalConstructor()->getMock();
    }

    private function getInternalRequestsServiceMockFor(string $methodName, ?string $token = null): TestableInternalRequestsService|MockObject
    {
        return $this->getMockBuilder(TestableInternalRequestsService::class)
            ->setConstructorArgs([$token ?? self::internalRequestsToken, $this->security])
            ->setMethodsExcept([$methodName])
            ->getMock();
    }

    public function testIsInternalIp(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isInternalIp');

        $this->assertTrue($internalRequestsService->isInternalIp('127.0.0.0'));
        $this->assertTrue($internalRequestsService->isInternalIp('127.0.0.1'));

        $this->assertTrue($internalRequestsService->isInternalIp('10.8.0.1'));
        $this->assertTrue($internalRequestsService->isInternalIp('10.8.0.255'));

        $this->assertFalse($internalRequestsService->isInternalIp('141.94.117.32'));
        $this->assertTrue($internalRequestsService->isInternalIp('141.94.117.33'));
        $this->assertTrue($internalRequestsService->isInternalIp('141.94.117.50'));
        $this->assertTrue($internalRequestsService->isInternalIp('141.94.117.61'));
        $this->assertFalse($internalRequestsService->isInternalIp('141.94.117.62'));

        $this->assertTrue($internalRequestsService->isInternalIp('172.20.0.0'));
        $this->assertTrue($internalRequestsService->isInternalIp('172.20.255.255'));
    }

    public function testTokenIsValid(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('tokenIsValid');

        $this->assertTrue($internalRequestsService->tokenIsValid(self::internalRequestsToken));
        $this->assertFalse($internalRequestsService->tokenIsValid('foo'));
    }

    public function testTokenIsValidWithEmptyToken(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('tokenIsValid', '');

        // A token can not be valid if it is an empty string, even if it's equal to the internal token
        $this->assertFalse($internalRequestsService->tokenIsValid(''));
    }

    public function testIsSuperAdmin(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isSuperAdmin', '');

        $user = $this->getMockBuilder(Access::class)->getMock();
        $user->method('getSuperAdminAccess')->willReturn(true);
        $this->security->expects($this->once())->method('getUser')->willReturn($user);

        $this->assertTrue(
            $internalRequestsService->isSuperAdmin()
        );
    }

    public function testIsSuperAdminIsNot(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isSuperAdmin', '');

        $user = $this->getMockBuilder(Access::class)->getMock();
        $user->method('getSuperAdminAccess')->willReturn(false);
        $this->security->expects($this->once())->method('getUser')->willReturn($user);

        $this->assertFalse(
            $internalRequestsService->isSuperAdmin()
        );
    }

    public function testIsSuperAdminNoUser(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isSuperAdmin', '');

        $this->security->expects($this->once())->method('getUser')->willReturn(null);

        $this->assertFalse(
            $internalRequestsService->isSuperAdmin()
        );
    }

    public function testIsAllowed(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isAllowed');

        $internalRequestsService->expects(self::once())->method('isInternalIp')->with('128.0.0.1')->willReturn(true);
        $internalRequestsService->expects(self::once())->method('tokenIsValid')->with('azerty')->willReturn(true);

        $result = $internalRequestsService->isAllowed('128.0.0.1', 'azerty');

        $this->assertTrue($result);
    }

    public function testIsAllowedInvalidIp(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isAllowed');

        $internalRequestsService->expects(self::once())->method('isInternalIp')->with('128.0.0.1')->willReturn(false);
        $internalRequestsService->expects(self::never())->method('tokenIsValid');

        $result = $internalRequestsService->isAllowed('128.0.0.1', 'azerty');

        $this->assertFalse($result);
    }

    public function testIsAllowedInvalidToken(): void
    {
        $internalRequestsService = $this->getInternalRequestsServiceMockFor('isAllowed');

        $internalRequestsService->expects(self::once())->method('isInternalIp')->with('128.0.0.1')->willReturn(true);
        $internalRequestsService->expects(self::once())->method('tokenIsValid')->with('azerty')->willReturn(false);

        $result = $internalRequestsService->isAllowed('128.0.0.1', 'azerty');

        $this->assertFalse($result);
    }
}