In this article
Introduction
There may be times when you want to check whether a URL in your Laravel application is a valid signed URL. Most of the time, this is something you'd need to do in your application code where you can reach for the \Illuminate\Routing\Middleware\ValidateSignature middleware class, or the $request->hasValidSignature() method on the Illuminate\Http\Request class.
However, in the past, I've needed to write some tests to ensure that a signed URL is correctly generated and stored in the database. Admittedly, it's not something I need to do often, but I thought it might be useful to share how to do this in case you find yourself in a similar situation.
In this Quickfire article, I'm going to show you how to check whether a signed URL is valid in your tests.
If you're not familiar with signed URLs, you might be interested in my existing article which explains what they are: How to Assert Redirects to Signed URLs in Laravel Tests
Checking if a Signed URL is Valid in Laravel Tests
Let's imagine we're building a Laravel application that allows users to invite other users to join their team. When a user invites another user, we'll assume a new team_invitation_url field is created on an App\Models\Invitation model, which contains a signed URL that the invitee can use to join the team.
Note: You'd likely use a different approach than storing the hardcoded URL in the database. But this example is purely to demonstrate how to check if a signed URL is valid.
To check if the team_invitation_url is a valid signed URL, we need to create an instance of the Illuminate\Http\Request class using the URL stored in the team_invitation_url field. Then, we can use the hasValidSignature method to check if the URL is valid:
1use Illuminate\Http\Request;2 3$isValid = Request::create($invitation->team_invitation_url)->hasValidSignature();
If the URL is in fact a valid signed URL, the $isValid variable will be true. Otherwise, if the URL is not a valid signed URL or has expired, it will be false.
Let's take a look at how we could use this in an example test case:
1use App\Actions\InviteUserToTeamAction; 2use App\Models\User; 3use Illuminate\Http\Request; 4use PHPUnit\Framework\Attributes\Test; 5use Tests\TestCase; 6 7class UserTest extends TestCase 8{ 9 #[Test]10 public function user_can_be_invited(): void11 {12 // Create a user and another user to invite.13 $user = User::factory()->create();14 $userToInvite = User::factory()->create();15 16 // Call the action to invite the user.17 // The action will return an instance of `App\Models\Invitation`.18 $invitation = new InviteUserToTeamAction()->execute(19 user: $user,20 userToInvite: $userToInvite21 );22 23 // Other assertions to check the user was invited correctly...24 25 // Assert the `team_invitation_url` is a valid signed URL.26 $this->assertTrue(27 Request::create($invitation->team_invitation_url)->hasValidSignature(),28 );29 }30}
As we can see in the example test above, we're inviting a user to a team using an App\Actions\InviteUserToTeamAction action. After the user is invited, we're then asserting that the team_invitation_url is a valid signed URL using the hasValidSignature method on the Illuminate\Http\Request instance created from the URL.
As a result of this assertion, we can have confidence that we're generating valid signed URLs in our application.
Conclusion
In this Quickfire article, we've taken a quick look at how to check whether a signed URL is valid in your Laravel tests.
If you enjoyed reading this post, you might be interested in checking out my 220+ page ebook "Battle Ready Laravel" which covers similar topics in more depth.
Or, you might want to check out my other 440+ page ebook "Consuming APIs in Laravel" which teaches you how to use Laravel to consume APIs from other services.
If you're interested in getting updated each time I publish a new post, feel free to sign up for my newsletter below.
Keep on building awesome stuff! 🚀