Wednesday, January 5, 2022

[FIXED] Unit testing endpoint protected by In-memory Authentication Engine

      , ,      No comments   

Issue

I'm using stateless authentication in CakePHP3 provided by ADmad/cakephp-jwt-auth. I configured Auth component to use the memory storage.

In the IntegrationTestCase I set

$this->session([
        'Auth' => [
            'User' => [
                'id' => 100,
                ...
            ]
        ]
]);

But the test always fails, because the auth component is not searching the user data in the session. Is there a way to bypass authentication when using memory storage?


Solution

It's not searching in the session because JWT is not using the session. That's the whole point of a token based stateless auth system. It's explained here as well.

You need to get and send the token along with your request.

I would recommend you to get an understanding of how things work before implementing them, especially when it comes to authentication and authorization or other security related topics. Otherwise this can end up in security holes and funky bugs.



Answered By - floriank

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...