Introduction
There may be times when you want to check whether a URL in your Laravel application is a valid signed URL. Most of the time, this is something you'd need to do in your application code where you can reach for the \Illuminate\Routing\Middleware\ValidateSignature middleware class, or the $request->hasValidSignature() method on the Illuminate\Http\Request class.
However, in the past, I've needed to write some tests to ensure that a signed URL is correctly generated and stored in the database. Admittedly, it's not something I need to do often, but I thought it might be useful to share how to do this in case you find yourself in a similar situation.
In this Quickfire article, I'm going to show you how to check whether a signed URL is valid in your tests.
If you're not familiar with signed URLs, you might be interested in my existing article which explains what they are: How to Assert Redirects to Signed URLs in Laravel Tests
Checking if a Signed URL is Valid in Laravel Tests
Let's imagine we're building a Laravel application that allows users to invite other users to join their team. When a user invites another user, we'll assume a new team_invitation_url field is created on an App\Models\Invitation model, which contains a signed URL that the invitee can use to join the team.
Note: You'd likely use a different approach than storing the hardcoded URL in the database. But this example is purely to demonstrate how to check if a signed URL is valid.
To check if the team_invitation_url is a valid signed URL, we need to create an instance of the Illuminate\Http\Request class using the URL stored in the team_invitation_url field. Then, we can use the hasValidSignature method to check if the URL is valid:
use Illuminate\Http\Request;
$isValid = Request::create($invitation->team_invitation_url)->hasValidSignature();
If the URL is in fact a valid signed URL, the $isValid variable will be true. Otherwise, if the URL is not a valid signed URL or has expired, it will be false.
Let's take a look at how we could use this in an example test case:
use App\Actions\InviteUserToTeamAction;
use App\Models\User;
use Illuminate\Http\Request;
use PHPUnit\Framework\Attributes\Test;
use Tests\TestCase;
class UserTest extends TestCase
{
#[Test]
public function user_can_be_invited(): void
{
// Create a user and another user to invite.
$user = User::factory()->create();
$userToInvite = User::factory()->create();
// Call the action to invite the user.
// The action will return an instance of `App\Models\Invitation`.
$invitation = new InviteUserToTeamAction()->execute(
user: $user,
userToInvite: $userToInvite
);
// Other assertions to check the user was invited correctly...
// Assert the `team_invitation_url` is a valid signed URL.
$this->assertTrue(
Request::create($invitation->team_invitation_url)->hasValidSignature(),
);
}
}
As we can see in the example test above, we're inviting a user to a team using an App\Actions\InviteUserToTeamAction action. After the user is invited, we're then asserting that the team_invitation_url is a valid signed URL using the hasValidSignature method on the Illuminate\Http\Request instance created from the URL.
As a result of this assertion, we can have confidence that we're generating valid signed URLs in our application.
Conclusion
In this Quickfire article, we've taken a quick look at how to check whether a signed URL is valid in your Laravel tests.
If you enjoyed reading this post, you might be interested in checking out my 220+ page ebook "Battle Ready Laravel" which covers similar topics in more depth.
Or, you might want to check out my other 440+ page ebook "Consuming APIs in Laravel" which teaches you how to use Laravel to consume APIs from other services.
If you're interested in getting updated each time I publish a new post, feel free to sign up for my newsletter.
Keep on building awesome stuff! 🚀
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.