Is there a built-in way to skip authorization completely while testing the controllers?
Sample controller:
public function changePassword(Request $request, LdapInterface $ldap)
{
$this->authorize('change-password');
$this->validate($request, [
'pass' => 'min:8|confirmed|weakpass|required',
]);
$success = $ldap->updatePassword($request->get('pass'));
$message = $success ?
'Your e-mail password has been successfully changed' :
'An error occured while trying to change your alumni e-mail password.';
return response()->json(['message' => $message]);
}
I want to skip change-password rule, which is defined inside the AuthServiceProvider like:
public function boot(GateContract $gate)
{
$gate->define('change-password', function ($user) {
// Some complex logic here
});
}
I don't want to add smt. like if (env('APP_ENV') == 'testing') return; inside the code.
I'm not aware of one, but you could move that check to a dedicated middleware and use the withoutMiddleware trait to disable it in tests.
Or you could mock the application's gate instance using Mockery. Mockery is well documented so I'd suggest reading the docs for more details, but setting it up would look something like this:
$mock = Mockery::mock('Illuminate\Contracts\Auth\Access\Gate');
$mock->shouldReceive('authorize')->with('change-password')->once()->andReturn(true);
$this->app->instance('Illuminate\Contracts\Auth\Access\Gate', $mock);
This sets up a mock of the gate contract, sets up what it expects to receive and how it should respond, and then injects it into the application.