Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-03-10 17:23:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Do not allow API keys to be disabled by plain-text key

Browse Source
This commit is contained in:
Alejandro Celaya
2025-11-08 09:16:15 +01:00
parent 1b6929acf6
commit 9f564b9785
6 changed files with 26 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
module/Rest/test/Service/ApiKeyServiceTest.php
View File

@@ -143,35 +143,29 @@ class ApiKeyServiceTest extends TestCase
self::assertSame($apiKey, $result->apiKey);
}
#[Test, DataProvider('provideDisableArgs')]
public function disableThrowsExceptionWhenNoApiKeyIsFound(string $disableMethod, array $findOneByArg): void
#[Test]
public function disableThrowsExceptionWhenNoApiKeyIsFound(): void
{
$this->repo->expects($this->once())->method('findOneBy')->with($findOneByArg)->willReturn(null);
$this->repo->expects($this->once())->method('findOneBy')->with(['name' => '12345'])->willReturn(null);
$this->expectException(ApiKeyNotFoundException::class);
$this->service->{$disableMethod}('12345');
$this->service->disableByName('12345');
}
#[Test, DataProvider('provideDisableArgs')]
public function disableReturnsDisabledApiKeyWhenFound(string $disableMethod, array $findOneByArg): void
#[Test]
public function disableReturnsDisabledApiKeyWhenFound(): void
{
$key = ApiKey::create();
$this->repo->expects($this->once())->method('findOneBy')->with($findOneByArg)->willReturn($key);
$this->repo->expects($this->once())->method('findOneBy')->with(['name' => '12345'])->willReturn($key);
$this->em->expects($this->once())->method('flush');
self::assertTrue($key->isEnabled());
$returnedKey = $this->service->{$disableMethod}('12345');
$returnedKey = $this->service->disableByName('12345');
self::assertFalse($key->isEnabled());
self::assertSame($key, $returnedKey);
}
public static function provideDisableArgs(): iterable
{
yield 'disableByKey' => ['disableByKey', ['key' => ApiKey::hashKey('12345')]];
yield 'disableByName' => ['disableByName', ['name' => '12345']];
}
#[Test]
public function listFindsAllApiKeys(): void
{