Add a non regression test

Author: alanpoulain

features/main/content_negotiation.feature

@@ -22,7 +22,7 @@ Feature: Content Negotiation support
     <response><description/><dummy/><dummyBoolean/><dummyDate/><dummyFloat/><dummyPrice/><relatedDummy/><relatedDummies/><jsonData/><arrayData/><name_converted/><relatedOwnedDummy/><relatedOwningDummy/><id>1</id><name>XML!</name><alias/><foo/></response>
     """
 
-  Scenario:  Retrieve a collection in XML
+  Scenario: Retrieve a collection in XML
     When I add "Accept" header equal to "text/xml"
     And I send a "GET" request to "/dummies"
     Then the response status code should be 200
@@ -34,7 +34,7 @@ Feature: Content Negotiation support
     <response><item key="0"><description/><dummy/><dummyBoolean/><dummyDate/><dummyFloat/><dummyPrice/><relatedDummy/><relatedDummies/><jsonData/><arrayData/><name_converted/><relatedOwnedDummy/><relatedOwningDummy/><id>1</id><name>XML!</name><alias/><foo/></item></response>
     """
 
-  Scenario:  Retrieve a collection in XML using the .xml URL
+  Scenario: Retrieve a collection in XML using the .xml URL
     When I send a "GET" request to "/dummies.xml"
     Then the response status code should be 200
     And the header "Content-Type" should be equal to "application/xml; charset=utf-8"
@@ -45,7 +45,7 @@ Feature: Content Negotiation support
     <response><item key="0"><description/><dummy/><dummyBoolean/><dummyDate/><dummyFloat/><dummyPrice/><relatedDummy/><relatedDummies/><jsonData/><arrayData/><name_converted/><relatedOwnedDummy/><relatedOwningDummy/><id>1</id><name>XML!</name><alias/><foo/></item></response>
     """
 
-  Scenario:  Retrieve a collection in JSON
+  Scenario: Retrieve a collection in JSON
     When I add "Accept" header equal to "application/json"
     And I send a "GET" request to "/dummies"
     Then the response status code should be 200
@@ -155,3 +155,17 @@ Feature: Content Negotiation support
     id,name
     1,Kevin
     """
+
+  Scenario: Get a security response in JSON
+    Given there are 1 SecuredDummy objects
+    And I add "Accept" header equal to "application/json"
+    When I send a "GET" request to "/secured_dummies"
+    Then the response status code should be 401
+    And the header "Content-Type" should be equal to "application/json"
+    And the response should be in JSON
+    And the JSON should be equal to:
+    """
+    {
+      "message": "Authentication Required"
+    }
+    """

tests/Fixtures/TestBundle/Security/AuthenticationEntryPoint.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Core\Tests\Fixtures\TestBundle\Security;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+
+final class AuthenticationEntryPoint implements AuthenticationEntryPointInterface
+{
+    private $router;
+
+    public function __construct(RouterInterface $router)
+    {
+        $this->router = $router;
+    }
+
+    public function start(Request $request, AuthenticationException $authException = null): Response
+    {
+        if ('html' === $request->getRequestFormat()) {
+            return new RedirectResponse($this->router->generate('api_doc', [], UrlGeneratorInterface::ABSOLUTE_URL));
+        }
+        if ('json' === $request->getRequestFormat()) {
+            return new JsonResponse(
+                ['message' => 'Authentication Required'],
+                Response::HTTP_UNAUTHORIZED,
+                ['WWW-Authenticate' => 'Bearer realm="example"']
+            );
+        }
+
+        return new Response('', Response::HTTP_UNAUTHORIZED);
+    }
+}

tests/Fixtures/app/AppKernel.php

@@ -14,6 +14,7 @@
 use ApiPlatform\Core\Bridge\Symfony\Bundle\ApiPlatformBundle;
 use ApiPlatform\Core\Tests\Fixtures\TestBundle\Document\User as UserDocument;
 use ApiPlatform\Core\Tests\Fixtures\TestBundle\Entity\User;
+use ApiPlatform\Core\Tests\Fixtures\TestBundle\Security\AuthenticationEntryPoint;
 use ApiPlatform\Core\Tests\Fixtures\TestBundle\TestBundle;
 use Doctrine\Bundle\DoctrineBundle\DoctrineBundle;
 use Doctrine\Bundle\MongoDBBundle\DoctrineMongoDBBundle;
@@ -168,6 +169,7 @@ protected function configureContainer(ContainerBuilder $c, LoaderInterface $load
                     'http_basic' => null,
                     'anonymous' => null,
                     'stateless' => true,
+                    'entry_point' => 'app.security.authentication_entrypoint',
                 ],
             ],
             'access_control' => [

tests/Fixtures/app/config/config_common.yml

@@ -359,3 +359,7 @@ services:
         tags:
             -  { name: 'api_platform.data_transformer' }
 
+    app.security.authentication_entrypoint:
+        class: 'ApiPlatform\Core\Tests\Fixtures\TestBundle\Security\AuthenticationEntryPoint'
+        arguments:
+            $router: '@router'