Implemented ApiKeyHeaderPlugin

This commit is contained in:
Alejandro Celaya 2018-09-29 08:34:47 +02:00
parent 0f5fb066d1
commit 5ecfe9f0f0
3 changed files with 106 additions and 1 deletions

View File

@ -39,6 +39,7 @@ return [
ConfigAbstractFactory::class => [
Authentication\Plugin\AuthorizationHeaderPlugin::class => [Authentication\JWTService::class, 'translator'],
Authentication\Plugin\ApiKeyHeaderPlugin::class => [Service\ApiKeyService::class, 'translator'],
Authentication\RequestToHttpAuthPlugin::class => [Authentication\AuthenticationPluginManager::class],

View File

@ -6,17 +6,43 @@ namespace Shlinkio\Shlink\Rest\Authentication\Plugin;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException;
use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface;
use Shlinkio\Shlink\Rest\Util\RestUtils;
use Zend\I18n\Translator\TranslatorInterface;
class ApiKeyHeaderPlugin implements AuthenticationPluginInterface
{
public const HEADER_NAME = 'X-Api-Key';
/**
* @var ApiKeyServiceInterface
*/
private $apiKeyService;
/**
* @var TranslatorInterface
*/
private $translator;
public function __construct(ApiKeyServiceInterface $apiKeyService, TranslatorInterface $translator)
{
$this->apiKeyService = $apiKeyService;
$this->translator = $translator;
}
/**
* @throws VerifyAuthenticationException
*/
public function verify(ServerRequestInterface $request): void
{
// TODO: Implement check() method.
$apiKey = $request->getHeaderLine(self::HEADER_NAME);
if ($this->apiKeyService->check($apiKey)) {
return;
}
throw VerifyAuthenticationException::withError(
RestUtils::INVALID_API_KEY_ERROR,
$this->translator->translate('Provided API key does not exist or is invalid.')
);
}
public function update(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface

View File

@ -0,0 +1,78 @@
<?php
declare(strict_types=1);
namespace ShlinkioTest\Shlink\Rest\Authentication\Plugin;
use PHPUnit\Framework\TestCase;
use Prophecy\Prophecy\ObjectProphecy;
use Psr\Http\Message\ServerRequestInterface;
use Shlinkio\Shlink\Rest\Authentication\Plugin\ApiKeyHeaderPlugin;
use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException;
use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequestFactory;
use Zend\I18n\Translator\Translator;
class ApiKeyHeaderPluginTest extends TestCase
{
/**
* @var ApiKeyHeaderPlugin
*/
private $plugin;
/**
* @var ObjectProphecy
*/
private $apiKeyService;
public function setUp()
{
$this->apiKeyService = $this->prophesize(ApiKeyServiceInterface::class);
$this->plugin = new ApiKeyHeaderPlugin($this->apiKeyService->reveal(), Translator::factory([]));
}
/**
* @test
*/
public function verifyThrowsExceptionWhenApiKeyIsNotValid()
{
$apiKey = 'abc-ABC';
$check = $this->apiKeyService->check($apiKey)->willReturn(false);
$check->shouldBeCalledTimes(1);
$this->expectException(VerifyAuthenticationException::class);
$this->expectExceptionMessage('Provided API key does not exist or is invalid');
$this->plugin->verify($this->createRequest($apiKey));
}
/**
* @test
*/
public function verifyDoesNotThrowExceptionWhenApiKeyIsValid()
{
$apiKey = 'abc-ABC';
$check = $this->apiKeyService->check($apiKey)->willReturn(true);
$this->plugin->verify($this->createRequest($apiKey));
$check->shouldHaveBeenCalledTimes(1);
}
/**
* @test
*/
public function updateReturnsResponseAsIs()
{
$apiKey = 'abc-ABC';
$response = new Response();
$returnedResponse = $this->plugin->update($this->createRequest($apiKey), $response);
$this->assertSame($response, $returnedResponse);
}
private function createRequest(string $apiKey): ServerRequestInterface
{
return ServerRequestFactory::fromGlobals()->withHeader(ApiKeyHeaderPlugin::HEADER_NAME, $apiKey);
}
}