request = $this->createMock(IRequest::class); $this->userSession = $this->createMock(IUserSession::class); $this->reflector = new ControllerMethodReflector(); $this->limiter = $this->createMock(Limiter::class); $this->session = $this->createMock(ISession::class); $this->rateLimitingMiddleware = new RateLimitingMiddleware( $this->request, $this->userSession, $this->reflector, $this->limiter, $this->session ); } public function testBeforeControllerWithoutAnnotationForAnon(): void { $this->limiter ->expects($this->never()) ->method('registerUserRequest'); $this->limiter ->expects($this->never()) ->method('registerAnonRequest'); $this->userSession->expects($this->once()) ->method('isLoggedIn') ->willReturn(false); /** @var TestRateLimitController|MockObject $controller */ $controller = $this->createMock(TestRateLimitController::class); $this->reflector->reflect($controller, 'testMethodWithoutAnnotation'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithoutAnnotation'); } public function testBeforeControllerWithoutAnnotationForLoggedIn(): void { $this->limiter ->expects($this->never()) ->method('registerUserRequest'); $this->limiter ->expects($this->never()) ->method('registerAnonRequest'); $this->userSession->expects($this->once()) ->method('isLoggedIn') ->willReturn(true); /** @var TestRateLimitController|MockObject $controller */ $controller = $this->createMock(TestRateLimitController::class); $this->reflector->reflect($controller, 'testMethodWithoutAnnotation'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithoutAnnotation'); } public function testBeforeControllerForAnon(): void { $controller = new TestRateLimitController('test', $this->request); $this->request ->method('getRemoteAddress') ->willReturn('127.0.0.1'); $this->userSession ->expects($this->once()) ->method('isLoggedIn') ->willReturn(false); $this->limiter ->expects($this->never()) ->method('registerUserRequest'); $this->limiter ->expects($this->once()) ->method('registerAnonRequest') ->with(get_class($controller) . '::testMethodWithAnnotation', '10', '100', '127.0.0.1'); $this->reflector->reflect($controller, 'testMethodWithAnnotation'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithAnnotation'); } public function testBeforeControllerForLoggedIn(): void { $controller = new TestRateLimitController('test', $this->request); /** @var IUser|MockObject $user */ $user = $this->createMock(IUser::class); $this->userSession ->expects($this->once()) ->method('isLoggedIn') ->willReturn(true); $this->userSession ->expects($this->once()) ->method('getUser') ->willReturn($user); $this->limiter ->expects($this->never()) ->method('registerAnonRequest'); $this->limiter ->expects($this->once()) ->method('registerUserRequest') ->with(get_class($controller) . '::testMethodWithAnnotation', '20', '200', $user); $this->reflector->reflect($controller, 'testMethodWithAnnotation'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithAnnotation'); } public function testBeforeControllerAnonWithFallback(): void { $controller = new TestRateLimitController('test', $this->request); $this->request ->expects($this->once()) ->method('getRemoteAddress') ->willReturn('127.0.0.1'); $this->userSession ->expects($this->once()) ->method('isLoggedIn') ->willReturn(true); $this->limiter ->expects($this->never()) ->method('registerUserRequest'); $this->limiter ->expects($this->once()) ->method('registerAnonRequest') ->with(get_class($controller) . '::testMethodWithAnnotationFallback', '10', '100', '127.0.0.1'); $this->reflector->reflect($controller, 'testMethodWithAnnotationFallback'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithAnnotationFallback'); } public function testBeforeControllerAttributesForAnon(): void { $controller = new TestRateLimitController('test', $this->request); $this->request ->method('getRemoteAddress') ->willReturn('127.0.0.1'); $this->userSession ->expects($this->once()) ->method('isLoggedIn') ->willReturn(false); $this->limiter ->expects($this->never()) ->method('registerUserRequest'); $this->limiter ->expects($this->once()) ->method('registerAnonRequest') ->with(get_class($controller) . '::testMethodWithAttributes', '10', '100', '127.0.0.1'); $this->reflector->reflect($controller, 'testMethodWithAttributes'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithAttributes'); } public function testBeforeControllerAttributesForLoggedIn(): void { $controller = new TestRateLimitController('test', $this->request); /** @var IUser|MockObject $user */ $user = $this->createMock(IUser::class); $this->userSession ->expects($this->once()) ->method('isLoggedIn') ->willReturn(true); $this->userSession ->expects($this->once()) ->method('getUser') ->willReturn($user); $this->limiter ->expects($this->never()) ->method('registerAnonRequest'); $this->limiter ->expects($this->once()) ->method('registerUserRequest') ->with(get_class($controller) . '::testMethodWithAttributes', '20', '200', $user); $this->reflector->reflect($controller, 'testMethodWithAttributes'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithAttributes'); } public function testBeforeControllerAttributesAnonWithFallback(): void { $controller = new TestRateLimitController('test', $this->request); $this->request ->expects($this->once()) ->method('getRemoteAddress') ->willReturn('127.0.0.1'); $this->userSession ->expects($this->once()) ->method('isLoggedIn') ->willReturn(true); $this->limiter ->expects($this->never()) ->method('registerUserRequest'); $this->limiter ->expects($this->once()) ->method('registerAnonRequest') ->with(get_class($controller) . '::testMethodWithAttributesFallback', '10', '100', '127.0.0.1'); $this->reflector->reflect($controller, 'testMethodWithAttributesFallback'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethodWithAttributesFallback'); } public function testAfterExceptionWithOtherException(): void { $this->expectException(\Exception::class); $this->expectExceptionMessage('My test exception'); $controller = new TestRateLimitController('test', $this->request); $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new \Exception('My test exception')); } public function testAfterExceptionWithJsonBody(): void { $controller = new TestRateLimitController('test', $this->request); $this->request ->expects($this->once()) ->method('getHeader') ->with('Accept') ->willReturn('JSON'); $result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException()); $expected = new DataResponse([], 429 ); $this->assertEquals($expected, $result); } public function testAfterExceptionWithHtmlBody(): void { $controller = new TestRateLimitController('test', $this->request); $this->request ->expects($this->once()) ->method('getHeader') ->with('Accept') ->willReturn('html'); $result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException()); $expected = new TemplateResponse( 'core', '429', [], TemplateResponse::RENDER_AS_GUEST ); $expected->setStatus(429); $this->assertEquals($expected, $result); $this->assertIsString($result->render()); } }