bitstream/fuel-price
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83809cd4f3bd55d3eb2923c531df870ac034a80b
fuel-price/tests/Feature/VerifyApiKeyMiddlewareTest.php
Ovidiu U acaa791eda feat: allow Sanctum-authenticated sessions through VerifyApiKey middleware 
Enables stateful API via Sanctum so the Vue SPA can call /api/* routes
using cookie auth, without requiring an X-Api-Key header.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 17:56:14 +01:00

30 lines
932 B
PHP
Raw Blame History

<?php
use App\Models\User;
use Laravel\Sanctum\Sanctum;
it('rejects requests without api key or sanctum session', function (): void {
$response = $this->getJson('/api/stations?postcode=SW1A1AA&fuel_type=petrol');
$response->assertStatus(403);
});
it('accepts requests with valid api key', function (): void {
config(['app.api_secret_key' => 'test-secret']);
$response = $this->withHeader('X-Api-Key', 'test-secret')
->getJson('/api/stations?postcode=SW1A1AA&fuel_type=petrol');
// 403 would mean middleware rejected — any other status means it passed through
expect($response->status())->not->toBe(403);
});
it('accepts requests from sanctum authenticated users', function (): void {
$user = User::factory()->create();
Sanctum::actingAs($user);
$response = $this->getJson('/api/stations?postcode=SW1A1AA&fuel_type=petrol');
expect($response->status())->not->toBe(403);
});
Reference in New Issue View Git Blame Copy Permalink