code-wheel
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎composer.json‎
Lines changed: 2 additions & 1 deletion b/‎composer.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎tests/ApiKey/ApiKeyManagerTest.php‎
Lines changed: 121 additions & 0 deletions b/‎tests/ApiKey/ApiKeyManagerTest.php‎
Lines changed: 121 additions & 0 deletions
diff --git a/‎tests/ApiKey/ApiKeyTest.php‎
Lines changed: 130 additions & 0 deletions b/‎tests/ApiKey/ApiKeyTest.php‎
Lines changed: 130 additions & 0 deletions
diff --git a/‎tests/ApiKey/Storage/ArrayStorageTest.php‎
Lines changed: 100 additions & 0 deletions b/‎tests/ApiKey/Storage/ArrayStorageTest.php‎
Lines changed: 100 additions & 0 deletions
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: ['8.1', '8.2', '8.3']
+        php: ['8.1', '8.2', '8.3', '8.4']
 
     steps:
       - uses: actions/checkout@v4
@@ -42,7 +42,7 @@ jobs:
         run: vendor/bin/phpunit --coverage-clover coverage.xml
 
       - name: Upload coverage to Codecov
-        if: matrix.php == '8.3'
+        if: matrix.php == '8.4'
         uses: codecov/codecov-action@v4
         with:
           files: coverage.xml
@@ -58,7 +58,7 @@ jobs:
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.3'
+          php-version: '8.4'
 
       - name: Install dependencies
         run: composer install --prefer-dist --no-progress
 
@@ -26,7 +26,8 @@
     },
     "require-dev": {
         "phpunit/phpunit": "^10.0 || ^11.0",
-        "phpstan/phpstan": "^1.10"
+        "phpstan/phpstan": "^1.10",
+        "psr/http-factory": "^1.0"
     },
     "autoload": {
         "psr-4": {
 
@@ -136,6 +136,127 @@ public function testApiKeyHasAllScopes(): void
         $this->assertTrue($apiKey->hasAllScopes(['read', 'write']));
         $this->assertFalse($apiKey->hasAllScopes(['read', 'admin']));
     }
+
+    public function testCreateKeyWithEmptyLabelUsesDefault(): void
+    {
+        $result = $this->manager->createKey('', ['read']);
+        $apiKey = $this->manager->getKey($result['key_id']);
+
+        $this->assertSame('Unnamed key', $apiKey->label);
+    }
+
+    public function testCreateKeyWithWhitespaceOnlyLabelUsesDefault(): void
+    {
+        $result = $this->manager->createKey('   ', ['read']);
+        $apiKey = $this->manager->getKey($result['key_id']);
+
+        $this->assertSame('Unnamed key', $apiKey->label);
+    }
+
+    public function testValidateReturnsNullForWrongPrefix(): void
+    {
+        $result = $this->manager->createKey('Test', ['read']);
+        $apiKey = $result['api_key'];
+
+        // Change prefix from 'mcp' to 'wrong'
+        $wrongPrefix = str_replace('mcp.', 'wrong.', $apiKey);
+
+        $this->assertNull($this->manager->validate($wrongPrefix));
+    }
+
+    public function testValidateReturnsNullForEmptyKeyId(): void
+    {
+        $this->assertNull($this->manager->validate('mcp..secret'));
+    }
+
+    public function testValidateReturnsNullForEmptySecret(): void
+    {
+        $this->assertNull($this->manager->validate('mcp.keyid.'));
+    }
+
+    public function testValidateReturnsNullForWrongSecret(): void
+    {
+        $result = $this->manager->createKey('Test', ['read']);
+        $keyId = $result['key_id'];
+
+        // Use correct prefix and keyId but wrong secret
+        $wrongSecret = "mcp.{$keyId}.wrongsecret";
+
+        $this->assertNull($this->manager->validate($wrongSecret));
+    }
+
+    public function testValidateReturnsNullForMissingHash(): void
+    {
+        // Manually add a record without hash
+        $this->storage->set('nohash', [
+            'label' => 'No Hash',
+            'scopes' => ['read'],
+            'created' => time(),
+        ]);
+
+        $this->assertNull($this->manager->validate('mcp.nohash.anysecret'));
+    }
+
+    public function testListKeysSortsById(): void
+    {
+        // Create keys - they will have random IDs
+        $this->manager->createKey('Key A', ['read']);
+        $this->manager->createKey('Key B', ['write']);
+        $this->manager->createKey('Key C', ['admin']);
+
+        $keys = $this->manager->listKeys();
+
+        // Verify keys are sorted by ID
+        $keyIds = array_keys($keys);
+        $sortedKeyIds = $keyIds;
+        sort($sortedKeyIds);
+
+        $this->assertSame($sortedKeyIds, $keyIds);
+    }
+
+    public function testGetKeyReturnsNullForNonexistentKey(): void
+    {
+        $this->assertNull($this->manager->getKey('nonexistent'));
+    }
+
+    public function testCreateKeyDeduplicatesScopes(): void
+    {
+        $result = $this->manager->createKey('Test', ['read', 'write', 'read', 'admin', 'write']);
+        $apiKey = $this->manager->getKey($result['key_id']);
+
+        $this->assertCount(3, $apiKey->scopes);
+        $this->assertTrue($apiKey->hasScope('read'));
+        $this->assertTrue($apiKey->hasScope('write'));
+        $this->assertTrue($apiKey->hasScope('admin'));
+    }
+
+    public function testCustomPrefixIsUsed(): void
+    {
+        $manager = new ApiKeyManager(
+            storage: $this->storage,
+            clock: $this->clock,
+            pepper: 'test',
+            keyPrefix: 'custom',
+        );
+
+        $result = $manager->createKey('Test', ['read']);
+
+        $this->assertStringStartsWith('custom.', $result['api_key']);
+
+        // Should validate with the custom prefix
+        $apiKey = $manager->validate($result['api_key']);
+        $this->assertNotNull($apiKey);
+    }
+
+    public function testValidateTrimsWhitespace(): void
+    {
+        $result = $this->manager->createKey('Test', ['read']);
+
+        // Add whitespace around the key
+        $apiKey = $this->manager->validate("  {$result['api_key']}  ");
+
+        $this->assertNotNull($apiKey);
+    }
 }
 
 /**
 
@@ -0,0 +1,130 @@
+<?php
+
+declare(strict_types=1);
+
+namespace CodeWheel\McpSecurity\Tests\ApiKey;
+
+use CodeWheel\McpSecurity\ApiKey\ApiKey;
+use PHPUnit\Framework\TestCase;
+
+final class ApiKeyTest extends TestCase
+{
+    public function testConstructorSetsAllProperties(): void
+    {
+        $apiKey = new ApiKey(
+            keyId: 'abc123',
+            label: 'Test Key',
+            scopes: ['read', 'write'],
+            created: 1000000,
+            lastUsed: 2000000,
+            expires: 3000000,
+        );
+
+        $this->assertSame('abc123', $apiKey->keyId);
+        $this->assertSame('Test Key', $apiKey->label);
+        $this->assertSame(['read', 'write'], $apiKey->scopes);
+        $this->assertSame(1000000, $apiKey->created);
+        $this->assertSame(2000000, $apiKey->lastUsed);
+        $this->assertSame(3000000, $apiKey->expires);
+    }
+
+    public function testConstructorWithOptionalDefaults(): void
+    {
+        $apiKey = new ApiKey(
+            keyId: 'abc123',
+            label: 'Test Key',
+            scopes: ['read'],
+            created: 1000000,
+        );
+
+        $this->assertNull($apiKey->lastUsed);
+        $this->assertNull($apiKey->expires);
+    }
+
+    public function testHasScopeReturnsTrueForExistingScope(): void
+    {
+        $apiKey = new ApiKey('id', 'label', ['read', 'write', 'admin'], 0);
+
+        $this->assertTrue($apiKey->hasScope('read'));
+        $this->assertTrue($apiKey->hasScope('write'));
+        $this->assertTrue($apiKey->hasScope('admin'));
+    }
+
+    public function testHasScopeReturnsFalseForMissingScope(): void
+    {
+        $apiKey = new ApiKey('id', 'label', ['read'], 0);
+
+        $this->assertFalse($apiKey->hasScope('write'));
+        $this->assertFalse($apiKey->hasScope('admin'));
+        $this->assertFalse($apiKey->hasScope(''));
+    }
+
+    public function testHasAnyScopeReturnsTrueWhenAnyMatch(): void
+    {
+        $apiKey = new ApiKey('id', 'label', ['read', 'write'], 0);
+
+        $this->assertTrue($apiKey->hasAnyScope(['read']));
+        $this->assertTrue($apiKey->hasAnyScope(['write']));
+        $this->assertTrue($apiKey->hasAnyScope(['read', 'admin']));
+        $this->assertTrue($apiKey->hasAnyScope(['admin', 'write', 'other']));
+    }
+
+    public function testHasAnyScopeReturnsFalseWhenNoneMatch(): void
+    {
+        $apiKey = new ApiKey('id', 'label', ['read'], 0);
+
+        $this->assertFalse($apiKey->hasAnyScope(['write', 'admin']));
+        $this->assertFalse($apiKey->hasAnyScope([]));
+    }
+
+    public function testHasAllScopesReturnsTrueWhenAllPresent(): void
+    {
+        $apiKey = new ApiKey('id', 'label', ['read', 'write', 'admin'], 0);
+
+        $this->assertTrue($apiKey->hasAllScopes(['read']));
+        $this->assertTrue($apiKey->hasAllScopes(['read', 'write']));
+        $this->assertTrue($apiKey->hasAllScopes(['read', 'write', 'admin']));
+        $this->assertTrue($apiKey->hasAllScopes([]));
+    }
+
+    public function testHasAllScopesReturnsFalseWhenSomeMissing(): void
+    {
+        $apiKey = new ApiKey('id', 'label', ['read', 'write'], 0);
+
+        $this->assertFalse($apiKey->hasAllScopes(['admin']));
+        $this->assertFalse($apiKey->hasAllScopes(['read', 'admin']));
+        $this->assertFalse($apiKey->hasAllScopes(['read', 'write', 'admin']));
+    }
+
+    public function testIsExpiredReturnsFalseWhenNoExpiry(): void
+    {
+        $apiKey = new ApiKey('id', 'label', [], 0, expires: null);
+
+        $this->assertFalse($apiKey->isExpired(PHP_INT_MAX));
+        $this->assertFalse($apiKey->isExpired(0));
+    }
+
+    public function testIsExpiredReturnsFalseWhenNotExpired(): void
+    {
+        $apiKey = new ApiKey('id', 'label', [], 0, expires: 1000);
+
+        $this->assertFalse($apiKey->isExpired(999));
+        $this->assertFalse($apiKey->isExpired(0));
+    }
+
+    public function testIsExpiredReturnsTrueWhenExpired(): void
+    {
+        $apiKey = new ApiKey('id', 'label', [], 0, expires: 1000);
+
+        $this->assertTrue($apiKey->isExpired(1001));
+        $this->assertTrue($apiKey->isExpired(2000));
+    }
+
+    public function testIsExpiredReturnsTrueWhenExactlyExpired(): void
+    {
+        $apiKey = new ApiKey('id', 'label', [], 0, expires: 1000);
+
+        // Expires at 1000, so at time 1000 it's expired (< not <=)
+        $this->assertFalse($apiKey->isExpired(1000));
+    }
+}
@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+
+namespace CodeWheel\McpSecurity\Tests\ApiKey\Storage;
+
+use CodeWheel\McpSecurity\ApiKey\Storage\ArrayStorage;
+use PHPUnit\Framework\TestCase;
+
+final class ArrayStorageTest extends TestCase
+{
+    public function testGetAllReturnsEmptyArrayByDefault(): void
+    {
+        $storage = new ArrayStorage();
+
+        $this->assertSame([], $storage->getAll());
+    }
+
+    public function testGetAllReturnsInitialKeys(): void
+    {
+        $initial = [
+            'key1' => ['label' => 'Key 1'],
+            'key2' => ['label' => 'Key 2'],
+        ];
+        $storage = new ArrayStorage($initial);
+
+        $this->assertSame($initial, $storage->getAll());
+    }
+
+    public function testSetAllReplacesAllKeys(): void
+    {
+        $storage = new ArrayStorage(['old' => ['label' => 'Old']]);
+
+        $new = ['new' => ['label' => 'New']];
+        $storage->setAll($new);
+
+        $this->assertSame($new, $storage->getAll());
+    }
+
+    public function testGetReturnsNullForMissingKey(): void
+    {
+        $storage = new ArrayStorage();
+
+        $this->assertNull($storage->get('nonexistent'));
+    }
+
+    public function testGetReturnsKeyData(): void
+    {
+        $storage = new ArrayStorage([
+            'test' => ['label' => 'Test', 'scopes' => ['read']],
+        ]);
+
+        $this->assertSame(['label' => 'Test', 'scopes' => ['read']], $storage->get('test'));
+    }
+
+    public function testSetAddsNewKey(): void
+    {
+        $storage = new ArrayStorage();
+
+        $storage->set('new', ['label' => 'New Key']);
+
+        $this->assertSame(['label' => 'New Key'], $storage->get('new'));
+    }
+
+    public function testSetUpdatesExistingKey(): void
+    {
+        $storage = new ArrayStorage(['existing' => ['label' => 'Old']]);
+
+        $storage->set('existing', ['label' => 'Updated']);
+
+        $this->assertSame(['label' => 'Updated'], $storage->get('existing'));
+    }
+
+    public function testDeleteReturnsFalseForMissingKey(): void
+    {
+        $storage = new ArrayStorage();
+
+        $this->assertFalse($storage->delete('nonexistent'));
+    }
+
+    public function testDeleteReturnsTrueAndRemovesKey(): void
+    {
+        $storage = new ArrayStorage(['test' => ['label' => 'Test']]);
+
+        $this->assertTrue($storage->delete('test'));
+        $this->assertNull($storage->get('test'));
+    }
+
+    public function testDeleteDoesNotAffectOtherKeys(): void
+    {
+        $storage = new ArrayStorage([
+            'keep' => ['label' => 'Keep'],
+            'delete' => ['label' => 'Delete'],
+        ]);
+
+        $storage->delete('delete');
+
+        $this->assertSame(['label' => 'Keep'], $storage->get('keep'));
+    }
+}