mirror of
https://github.com/shlinkio/shlink.git
synced 2026-03-11 09:43:13 +08:00
Created system of authentication plugins
This commit is contained in:
Alejandro Celaya
@@ -3,19 +3,31 @@ declare(strict_types=1);
|
||||
|
||||
namespace ShlinkioTest\Shlink\Rest\Middleware;
|
||||
|
||||
use Exception;
|
||||
use Fig\Http\Message\RequestMethodInterface;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Prophecy\Prophecy\MethodProphecy;
|
||||
use Prophecy\Argument;
|
||||
use Prophecy\Prophecy\ObjectProphecy;
|
||||
use Psr\Container\ContainerExceptionInterface;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Server\MiddlewareInterface;
|
||||
use Psr\Http\Server\RequestHandlerInterface;
|
||||
use Shlinkio\Shlink\Rest\Action\AuthenticateAction;
|
||||
use Shlinkio\Shlink\Rest\Authentication\JWTService;
|
||||
use Shlinkio\Shlink\Rest\Authentication\AuthenticationPluginManager;
|
||||
use Shlinkio\Shlink\Rest\Authentication\AuthenticationPluginManagerInterface;
|
||||
use Shlinkio\Shlink\Rest\Authentication\Plugin\AuthenticationPluginInterface;
|
||||
use Shlinkio\Shlink\Rest\Exception\NoAuthenticationException;
|
||||
use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException;
|
||||
use Shlinkio\Shlink\Rest\Middleware\AuthenticationMiddleware;
|
||||
use ShlinkioTest\Shlink\Common\Util\TestUtils;
|
||||
use Shlinkio\Shlink\Rest\Util\RestUtils;
|
||||
use Zend\Diactoros\Response;
|
||||
use Zend\Diactoros\ServerRequestFactory;
|
||||
use Zend\Expressive\Router\Route;
|
||||
use Zend\Expressive\Router\RouteResult;
|
||||
use Zend\I18n\Translator\Translator;
|
||||
use function implode;
|
||||
use function sprintf;
|
||||
use function Zend\Stratigility\middleware;
|
||||
|
||||
class AuthenticationMiddlewareTest extends TestCase
|
||||
@@ -27,7 +39,7 @@ class AuthenticationMiddlewareTest extends TestCase
|
||||
/**
|
||||
* @var ObjectProphecy
|
||||
*/
|
||||
protected $jwtService;
|
||||
protected $pluginManager;
|
||||
|
||||
/**
|
||||
* @var callable
|
||||
@@ -36,148 +48,147 @@ class AuthenticationMiddlewareTest extends TestCase
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
$this->jwtService = $this->prophesize(JWTService::class);
|
||||
$this->middleware = new AuthenticationMiddleware($this->jwtService->reveal(), Translator::factory([]), [
|
||||
$this->pluginManager = $this->prophesize(AuthenticationPluginManagerInterface::class);
|
||||
$this->middleware = new AuthenticationMiddleware($this->pluginManager->reveal(), Translator::factory([]), [
|
||||
AuthenticateAction::class,
|
||||
]);
|
||||
$this->dummyMiddleware = middleware(function () {
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @dataProvider provideWhitelistedRequests
|
||||
*/
|
||||
public function someWhiteListedSituationsFallbackToNextMiddleware(ServerRequestInterface $request)
|
||||
{
|
||||
$handler = $this->prophesize(RequestHandlerInterface::class);
|
||||
$handle = $handler->handle($request)->willReturn(new Response());
|
||||
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn(
|
||||
$this->prophesize(AuthenticationPluginInterface::class)->reveal()
|
||||
);
|
||||
|
||||
$this->middleware->process($request, $handler->reveal());
|
||||
|
||||
$handle->shouldHaveBeenCalledTimes(1);
|
||||
$fromRequest->shouldNotHaveBeenCalled();
|
||||
}
|
||||
|
||||
public function provideWhitelistedRequests(): array
|
||||
{
|
||||
$dummyMiddleware = $this->getDummyMiddleware();
|
||||
|
||||
return [
|
||||
'with no route result' => [ServerRequestFactory::fromGlobals()],
|
||||
'with failure route result' => [ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRouteFailure([RequestMethodInterface::METHOD_GET])
|
||||
)],
|
||||
'with whitelisted route' => [ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(
|
||||
new Route('foo', $dummyMiddleware, Route::HTTP_METHOD_ANY, AuthenticateAction::class)
|
||||
)
|
||||
)],
|
||||
'with OPTIONS method' => [ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $dummyMiddleware), [])
|
||||
)->withMethod(RequestMethodInterface::METHOD_OPTIONS)],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @dataProvider provideExceptions
|
||||
*/
|
||||
public function errorIsReturnedWhenNoValidAuthIsProvided($e)
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
|
||||
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willThrow($e);
|
||||
|
||||
/** @var Response\JsonResponse $response */
|
||||
$response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal());
|
||||
$payload = $response->getPayload();
|
||||
|
||||
$this->assertEquals(RestUtils::INVALID_AUTHORIZATION_ERROR, $payload['error']);
|
||||
$this->assertEquals(sprintf(
|
||||
'Expected one of the following authentication headers, but none were provided, ["%s"]',
|
||||
implode('", "', AuthenticationPluginManager::SUPPORTED_AUTH_HEADERS)
|
||||
), $payload['message']);
|
||||
$fromRequest->shouldHaveBeenCalledTimes(1);
|
||||
}
|
||||
|
||||
public function provideExceptions(): array
|
||||
{
|
||||
return [
|
||||
[new class extends Exception implements ContainerExceptionInterface {
|
||||
}],
|
||||
[NoAuthenticationException::fromExpectedTypes([])],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function errorIsReturnedWhenVerificationFails()
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
|
||||
$plugin = $this->prophesize(AuthenticationPluginInterface::class);
|
||||
|
||||
$verify = $plugin->verify($request)->willThrow(
|
||||
VerifyAuthenticationException::withError('the_error', 'the_message')
|
||||
);
|
||||
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn($plugin->reveal());
|
||||
|
||||
/** @var Response\JsonResponse $response */
|
||||
$response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal());
|
||||
$payload = $response->getPayload();
|
||||
|
||||
$this->assertEquals('the_error', $payload['error']);
|
||||
$this->assertEquals('the_message', $payload['message']);
|
||||
$verify->shouldHaveBeenCalledTimes(1);
|
||||
$fromRequest->shouldHaveBeenCalledTimes(1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function updatedResponseIsReturnedWhenVerificationPasses()
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$newResponse = new Response();
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
|
||||
$plugin = $this->prophesize(AuthenticationPluginInterface::class);
|
||||
|
||||
$verify = $plugin->verify($request)->will(function () {
|
||||
});
|
||||
$update = $plugin->update($request, Argument::type(ResponseInterface::class))->willReturn($newResponse);
|
||||
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn($plugin->reveal());
|
||||
|
||||
$handler = $this->prophesize(RequestHandlerInterface::class);
|
||||
$handle = $handler->handle($request)->willReturn(new Response());
|
||||
$response = $this->middleware->process($request, $handler->reveal());
|
||||
|
||||
$this->assertSame($response, $newResponse);
|
||||
$verify->shouldHaveBeenCalledTimes(1);
|
||||
$update->shouldHaveBeenCalledTimes(1);
|
||||
$handle->shouldHaveBeenCalledTimes(1);
|
||||
$fromRequest->shouldHaveBeenCalledTimes(1);
|
||||
}
|
||||
|
||||
private function getDummyMiddleware(): MiddlewareInterface
|
||||
{
|
||||
return middleware(function () {
|
||||
return new Response\EmptyResponse();
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function someWhiteListedSituationsFallbackToNextMiddleware()
|
||||
{
|
||||
$request = ServerRequestFactory::fromGlobals();
|
||||
$delegate = $this->prophesize(RequestHandlerInterface::class);
|
||||
/** @var MethodProphecy $process */
|
||||
$process = $delegate->handle($request)->willReturn(new Response());
|
||||
|
||||
$this->middleware->process($request, $delegate->reveal());
|
||||
$process->shouldHaveBeenCalledTimes(1);
|
||||
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRouteFailure(['GET'])
|
||||
);
|
||||
$delegate = $this->prophesize(RequestHandlerInterface::class);
|
||||
/** @var MethodProphecy $process */
|
||||
$process = $delegate->handle($request)->willReturn(new Response());
|
||||
$this->middleware->process($request, $delegate->reveal());
|
||||
$process->shouldHaveBeenCalledTimes(1);
|
||||
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route(
|
||||
'foo',
|
||||
$this->dummyMiddleware,
|
||||
Route::HTTP_METHOD_ANY,
|
||||
AuthenticateAction::class
|
||||
))
|
||||
);
|
||||
$delegate = $this->prophesize(RequestHandlerInterface::class);
|
||||
/** @var MethodProphecy $process */
|
||||
$process = $delegate->handle($request)->willReturn(new Response());
|
||||
$this->middleware->process($request, $delegate->reveal());
|
||||
$process->shouldHaveBeenCalledTimes(1);
|
||||
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
|
||||
)->withMethod('OPTIONS');
|
||||
$delegate = $this->prophesize(RequestHandlerInterface::class);
|
||||
/** @var MethodProphecy $process */
|
||||
$process = $delegate->handle($request)->willReturn(new Response());
|
||||
$this->middleware->process($request, $delegate->reveal());
|
||||
$process->shouldHaveBeenCalledTimes(1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function noHeaderReturnsError()
|
||||
{
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
|
||||
);
|
||||
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function provideAnAuthorizationWithoutTypeReturnsError()
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
|
||||
|
||||
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
|
||||
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
$this->assertTrue(strpos($response->getBody()->getContents(), 'You need to provide the Bearer type') > 0);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function provideAnAuthorizationWithWrongTypeReturnsError()
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, 'Basic ' . $authToken);
|
||||
|
||||
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
|
||||
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
$this->assertTrue(
|
||||
strpos($response->getBody()->getContents(), 'Provided authorization type Basic is not supported') > 0
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function provideAnExpiredTokenReturnsError()
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, 'Bearer ' . $authToken);
|
||||
$this->jwtService->verify($authToken)->willReturn(false)->shouldBeCalledTimes(1);
|
||||
|
||||
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function provideCorrectTokenUpdatesExpirationAndFallsBackToNextMiddleware()
|
||||
{
|
||||
$authToken = 'ABC-abc';
|
||||
$request = ServerRequestFactory::fromGlobals()->withAttribute(
|
||||
RouteResult::class,
|
||||
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
|
||||
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, 'bearer ' . $authToken);
|
||||
$this->jwtService->verify($authToken)->willReturn(true)->shouldBeCalledTimes(1);
|
||||
$this->jwtService->refresh($authToken)->willReturn($authToken)->shouldBeCalledTimes(1);
|
||||
|
||||
$delegate = $this->prophesize(RequestHandlerInterface::class);
|
||||
/** @var MethodProphecy $process */
|
||||
$process = $delegate->handle($request)->willReturn(new Response());
|
||||
$resp = $this->middleware->process($request, $delegate->reveal());
|
||||
|
||||
$process->shouldHaveBeenCalledTimes(1);
|
||||
$this->assertArrayHasKey(AuthenticationMiddleware::AUTHORIZATION_HEADER, $resp->getHeaders());
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user