Ad

Laravel Running Tests As Different Users

- 1 answer

I am using Laravel 5.1 and I am trying to test my controllers.

I have several roles for my users and policies defined for different actions. Firstly, each of the requests needs to be made by an authenticated user, so running a test with no user returns a 401 Unauthorized, as expected.

But when I want to test the functionality for authorized users, I still get the 401 Unauthorized status code.

It may be worth mentioning that I use basic stateless HTTP authentication on these controllers.

I have tried the following:

public function testViewAllUsersAsAdmin()
{
    $user = UserRepositoryTest::createTestAdmin();

    Auth::login($user);

    $response = $this->call('GET', route('users.index'));
    $this->assertEquals($response->getStatusCode(), Response::HTTP_OK);
}

and

public function testViewAllUsersAsAdmin()
{
    $user = UserRepositoryTest::createTestAdmin();

    $response = $this->actingAs($user)
        ->call('GET', route('users.index'));

    $this->assertEquals($response->getStatusCode(), Response::HTTP_OK);
}

and also this (in case there was anything wrong with my new user, which there shouldn't be)

public function testViewAllUsersAsAdmin()
{
    $user = User::find(1);

    $response = $this->actingAs($user)
        ->call('GET', route('users.index'));

    $this->assertEquals($response->getStatusCode(), Response::HTTP_OK);
}

but in every case I get a 401 response code so my tests fail.

I can access the routes fine using postman when logging in as a dummy user.

I am running out of ideas, so any help would be appreciated.

Ad

Answer

Through some experimentation, I found that the problem lay inside my authentication middleware. Since I want the API to be stateless, the authentication looks like this:

public function handle($request, Closure $next)
{
    return Auth::onceBasic() ?: $next($request);
}

And apparently, it's not possible to authenticate a user the way I was doing it.

My solution was simply to disable the middleware, using the WithoutMiddleware trait or $this->withoutMiddleware() at the beginning of each test.

Ad
source: stackoverflow.com
Ad