Remove http basic auth example

odan · Jul 31, 2022 · fac8c83 · fac8c83
1 parent 41901d2
commit fac8c83
Show file tree

Hide file tree

Showing 10 changed files with 14 additions and 64 deletions.
diff --git a/composer.json b/composer.json
@@ -26,8 +26,7 @@
         "slim/slim": "^4",
         "symfony/uid": "^6",
         "symfony/validator": "^6",
-        "symfony/yaml": "^6",
-        "tuupola/slim-basic-auth": "^3.3"
+        "symfony/yaml": "^6"
     },
     "require-dev": {
         "friendsofphp/php-cs-fixer": "^3",

diff --git a/config/routes.php b/config/routes.php
@@ -4,7 +4,6 @@
 
 use Slim\App;
 use Slim\Routing\RouteCollectorProxy;
-use Tuupola\Middleware\HttpBasicAuthentication;
 
 return function (App $app) {
     // Redirect to Swagger documentation
@@ -13,7 +12,7 @@
     // Swagger API documentation
     $app->get('/docs/v1', \App\Action\OpenApi\Version1DocAction::class)->setName('docs');
 
-    // Password protected area
+    // API
     $app->group(
         '/api',
         function (RouteCollectorProxy $app) {
@@ -23,5 +22,5 @@ function (RouteCollectorProxy $app) {
             $app->put('/customers/{customer_id}', \App\Action\Customer\CustomerUpdaterAction::class);
             $app->delete('/customers/{customer_id}', \App\Action\Customer\CustomerDeleterAction::class);
         }
-    )->add(HttpBasicAuthentication::class);
+    );
 };
diff --git a/docs/security.md b/docs/security.md
@@ -8,30 +8,23 @@ nav_order: 5
 
 ## Basic Authentication
 
-This API skeleton uses [Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
-
-BasicAuth is an authentication scheme built into the HTTP protocol. 
+[BasicAuth](https://en.wikipedia.org/wiki/Basic_access_authentication) 
+is an authentication scheme built into the HTTP protocol. 
 As long as the client transmits its data over **HTTPS**, 
 it's a secure **authentication** mechanism.  
 
 ```
 Authorization: Basic YXBpLXVzZXI6c2VjcmV0
 ```
 
-The default API credentials are: `api-admin / secret` and `api-user / secret`.
-To set up the users, copy the example file from `config/env.example.php` to `config/env.php`
-and change the user credentials as desired. Read more: [Installation](installation.md)
-
-Please note that the API credentials are not the same as the users 
-in the example "users" database table.
-
-**Read more:**
-
-* [Swagger - Basic authentication](https://swagger.io/docs/specification/authentication/basic-authentication/)
+The [tuupola/slim-basic-auth](https://github.com/tuupola/slim-basic-auth) package
+implements HTTP Basic Authentication. It was originally developed 
+for Slim but can be used with all frameworks using 
+PSR-7 or PSR-15 style middlewares.
 
 ## OAuth 2.0
 
-For **authorization** you could consider to use [OAuth 2.0](https://oauth.net/2/) in combination with a signed [JSON Web Token](https://oauth.net/2/jwt/).
+For **authorization**, you could consider to use [OAuth 2.0](https://oauth.net/2/) in combination with a signed [JSON Web Token](https://oauth.net/2/jwt/).
 
 The JWTs can be used as OAuth 2.0 [Bearer-Tokens](https://oauth.net/2/bearer-tokens/) to encode all relevant parts of an access token into the access token itself instead of having to store them in a database.
 
@@ -58,14 +51,14 @@ are a very good tools to work with JSON Web Tokens.
 * [Stop using JWT for sessions](http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/)
 * [Swagger - OAuth 2.0](https://swagger.io/docs/specification/authentication/oauth2/)
 
-## CSRF protection
-
-* [Slim Framework CSRF Protection](https://github.com/slimphp/Slim-Csrf)
-
 ## SameSite Cookies
 
 * [selective/samesite-cookie](https://github.com/selective-php/samesite-cookie)
 
+## CSRF protection
+
+* [Slim Framework CSRF Protection](https://github.com/slimphp/Slim-Csrf)
+
 ## Cross-Origin Resource Sharing (CORS)
 
 * [Setting up CORS](https://www.slimframework.com/docs/v4/cookbook/enable-cors.html)

diff --git a/tests/TestCase/Action/Customer/CustomerCreatorActionTest.php b/tests/TestCase/Action/Customer/CustomerCreatorActionTest.php
@@ -35,7 +35,6 @@ public function testCreateCustomer(): void
                 'email' => 'im.glynn@example.net',
             ]
         );
-        $request = $this->withHttpBasicAuth($request);
 
         $response = $this->app->handle($request);
 
@@ -84,7 +83,6 @@ public function testCreateCustomerValidation(): void
             ]
         );
 
-        $request = $this->withHttpBasicAuth($request);
         $response = $this->app->handle($request);
 
         // Check response

diff --git a/tests/TestCase/Action/Customer/CustomerDeleteActionTest.php b/tests/TestCase/Action/Customer/CustomerDeleteActionTest.php
@@ -23,7 +23,6 @@ public function testDeleteCustomer(): void
         $this->insertFixtures([CustomerFixture::class]);
 
         $request = $this->createJsonRequest('DELETE', '/api/customers/1');
-        $request = $this->withHttpBasicAuth($request);
 
         $response = $this->app->handle($request);
 

diff --git a/tests/TestCase/Action/Customer/CustomerFinderActionTest.php b/tests/TestCase/Action/Customer/CustomerFinderActionTest.php
@@ -23,7 +23,6 @@ public function testListCustomers(): void
         $this->insertFixtures([CustomerFixture::class]);
 
         $request = $this->createRequest('GET', '/api/customers');
-        $request = $this->withHttpBasicAuth($request);
         $response = $this->app->handle($request);
 
         $this->assertSame(StatusCodeInterface::STATUS_OK, $response->getStatusCode());
@@ -55,13 +54,4 @@ public function testListCustomers(): void
             $response
         );
     }
-
-    public function testListCustomersWithoutLogin(): void
-    {
-        $request = $this->createRequest('GET', '/api/customers');
-        $request = $this->withHttpBasicAuth($request)->withoutHeader('Authorization');
-        $response = $this->app->handle($request);
-
-        $this->assertSame(StatusCodeInterface::STATUS_UNAUTHORIZED, $response->getStatusCode());
-    }
 }
diff --git a/tests/TestCase/Action/Customer/CustomerReaderActionTest.php b/tests/TestCase/Action/Customer/CustomerReaderActionTest.php
@@ -23,7 +23,6 @@ public function testValidId(): void
         $this->insertFixtures([CustomerFixture::class]);
 
         $request = $this->createRequest('GET', '/api/customers/1');
-        $request = $this->withHttpBasicAuth($request);
         $response = $this->app->handle($request);
 
         $this->assertSame(StatusCodeInterface::STATUS_OK, $response->getStatusCode());
@@ -46,7 +45,6 @@ public function testValidId(): void
     public function testInvalidId(): void
     {
         $request = $this->createRequest('GET', '/api/customers/99');
-        $request = $this->withHttpBasicAuth($request);
         $response = $this->app->handle($request);
 
         $this->assertSame(StatusCodeInterface::STATUS_BAD_REQUEST, $response->getStatusCode());

diff --git a/tests/TestCase/Action/Customer/CustomerUpdaterActionTest.php b/tests/TestCase/Action/Customer/CustomerUpdaterActionTest.php
@@ -39,7 +39,6 @@ public function testUpdateCustomer(): void
             ]
         );
 
-        $request = $this->withHttpBasicAuth($request);
         $response = $this->app->handle($request);
 
         // Check response
@@ -82,7 +81,6 @@ public function testCreateCustomerValidation(): void
             ]
         );
 
-        $request = $this->withHttpBasicAuth($request);
         $response = $this->app->handle($request);
 
         // Check response

diff --git a/tests/Traits/AppTestTrait.php b/tests/Traits/AppTestTrait.php
@@ -17,7 +17,6 @@ trait AppTestTrait
 {
     use ArrayTestTrait;
     use ContainerTestTrait;
-    use HttpBasicAuthTestTrait;
     use HttpTestTrait;
     use HttpJsonTestTrait;
     use LoggerTestTrait;

diff --git a/tests/Traits/HttpBasicAuthTestTrait.php b/tests/Traits/HttpBasicAuthTestTrait.php