OilfieldToolsNet/shlink
4
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Created system of authentication plugins

Browse Source
This commit is contained in:
Alejandro Celaya
2018-09-28 22:08:01 +02:00
parent e88468d867
commit 8e61639598
18 changed files with 675 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
module/Rest/test/Action/ShortUrl/SingleStepCreateShortUrlActionTest.php
View File

@@ -11,7 +11,6 @@ use Psr\Http\Message\UriInterface;
use Shlinkio\Shlink\Core\Entity\ShortUrl;
use Shlinkio\Shlink\Core\Service\UrlShortenerInterface;
use Shlinkio\Shlink\Rest\Action\ShortUrl\SingleStepCreateShortUrlAction;
use Shlinkio\Shlink\Rest\Entity\ApiKey;
use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface;
use Zend\Diactoros\Response\JsonResponse;
use Zend\Diactoros\ServerRequestFactory;
@@ -50,12 +49,11 @@ class SingleStepCreateShortUrlActionTest extends TestCase
/**
* @test
* @dataProvider provideInvalidApiKeys
*/
public function errorResponseIsReturnedIfInvalidApiKeyIsProvided(?ApiKey $apiKey)
public function errorResponseIsReturnedIfInvalidApiKeyIsProvided()
{
$request = ServerRequestFactory::fromGlobals()->withQueryParams(['apiKey' => 'abc123']);
$findApiKey = $this->apiKeyService->getByKey('abc123')->willReturn($apiKey);
$findApiKey = $this->apiKeyService->check('abc123')->willReturn(false);
/** @var JsonResponse $resp */
$resp = $this->action->handle($request);
@@ -67,21 +65,13 @@ class SingleStepCreateShortUrlActionTest extends TestCase
$findApiKey->shouldHaveBeenCalled();
}
public function provideInvalidApiKeys(): array
{
return [
[null],
[(new ApiKey())->disable()],
];
}
/**
* @test
*/
public function errorResponseIsReturnedIfNoUrlIsProvided()
{
$request = ServerRequestFactory::fromGlobals()->withQueryParams(['apiKey' => 'abc123']);
$findApiKey = $this->apiKeyService->getByKey('abc123')->willReturn(new ApiKey());
$findApiKey = $this->apiKeyService->check('abc123')->willReturn(true);
/** @var JsonResponse $resp */
$resp = $this->action->handle($request);
@@ -102,7 +92,7 @@ class SingleStepCreateShortUrlActionTest extends TestCase
'apiKey' => 'abc123',
'longUrl' => 'http://foobar.com',
]);
$findApiKey = $this->apiKeyService->getByKey('abc123')->willReturn(new ApiKey());
$findApiKey = $this->apiKeyService->check('abc123')->willReturn(true);
$generateShortCode = $this->urlShortener->urlToShortCode(
Argument::that(function (UriInterface $argument) {
Assert::assertEquals('http://foobar.com', (string) $argument);

130
module/Rest/test/Authentication/AuthorizationHeaderPluginTest.php Normal file
View File

@@ -0,0 +1,130 @@
<?php
declare(strict_types=1);
namespace ShlinkioTest\Shlink\Rest\Authentication;
use PHPUnit\Framework\TestCase;
use Prophecy\Prophecy\ObjectProphecy;
use Shlinkio\Shlink\Rest\Authentication\JWTServiceInterface;
use Shlinkio\Shlink\Rest\Authentication\Plugin\AuthorizationHeaderPlugin;
use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequestFactory;
use Zend\I18n\Translator\Translator;
class AuthorizationHeaderPluginTest extends TestCase
{
/**
* @var AuthorizationHeaderPlugin
*/
private $plugin;
/**
* @var ObjectProphecy
*/
protected $jwtService;
public function setUp()
{
$this->jwtService = $this->prophesize(JWTServiceInterface::class);
$this->plugin = new AuthorizationHeaderPlugin($this->jwtService->reveal(), Translator::factory([]));
}
/**
* @test
*/
public function verifyAnAuthorizationWithoutBearerTypeThrowsException()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withHeader(
AuthorizationHeaderPlugin::HEADER_NAME,
$authToken
);
$this->expectException(VerifyAuthenticationException::class);
$this->expectExceptionMessage(sprintf(
'You need to provide the Bearer type in the %s header.',
AuthorizationHeaderPlugin::HEADER_NAME
));
$this->plugin->verify($request);
}
/**
* @test
*/
public function verifyAnAuthorizationWithWrongTypeThrowsException()
{
$authToken = 'Basic ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withHeader(
AuthorizationHeaderPlugin::HEADER_NAME,
$authToken
);
$this->expectException(VerifyAuthenticationException::class);
$this->expectExceptionMessage(
'Provided authorization type Basic is not supported. Use Bearer instead.'
);
$this->plugin->verify($request);
}
/**
* @test
*/
public function verifyAnExpiredTokenThrowsException()
{
$authToken = 'Bearer ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withHeader(
AuthorizationHeaderPlugin::HEADER_NAME,
$authToken
);
$jwtVerify = $this->jwtService->verify('ABC-abc')->willReturn(false);
$this->expectException(VerifyAuthenticationException::class);
$this->expectExceptionMessage(sprintf(
'Missing or invalid auth token provided. Perform a new authentication request and send provided '
. 'token on every new request on the %s header',
AuthorizationHeaderPlugin::HEADER_NAME
));
$this->plugin->verify($request);
$jwtVerify->shouldHaveBeenCalledTimes(1);
}
/**
* @test
*/
public function verifyValidTokenDoesNotThrowException()
{
$authToken = 'Bearer ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withHeader(
AuthorizationHeaderPlugin::HEADER_NAME,
$authToken
);
$jwtVerify = $this->jwtService->verify('ABC-abc')->willReturn(true);
$this->plugin->verify($request);
$jwtVerify->shouldHaveBeenCalledTimes(1);
}
/**
* @test
*/
public function updateReturnsAnUpdatedResponseWithNewJwt()
{
$authToken = 'Bearer ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withHeader(
AuthorizationHeaderPlugin::HEADER_NAME,
$authToken
);
$jwtRefresh = $this->jwtService->refresh('ABC-abc')->willReturn('DEF-def');
$response = $this->plugin->update($request, new Response());
$this->assertTrue($response->hasHeader(AuthorizationHeaderPlugin::HEADER_NAME));
$this->assertEquals('Bearer DEF-def', $response->getHeaderLine(AuthorizationHeaderPlugin::HEADER_NAME));
$jwtRefresh->shouldHaveBeenCalledTimes(1);
}
}

297
module/Rest/test/Middleware/AuthenticationMiddlewareTest.php
View File

@@ -3,19 +3,31 @@ declare(strict_types=1);
namespace ShlinkioTest\Shlink\Rest\Middleware;
use Exception;
use Fig\Http\Message\RequestMethodInterface;
use PHPUnit\Framework\TestCase;
use Prophecy\Prophecy\MethodProphecy;
use Prophecy\Argument;
use Prophecy\Prophecy\ObjectProphecy;
use Psr\Container\ContainerExceptionInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Shlinkio\Shlink\Rest\Action\AuthenticateAction;
use Shlinkio\Shlink\Rest\Authentication\JWTService;
use Shlinkio\Shlink\Rest\Authentication\AuthenticationPluginManager;
use Shlinkio\Shlink\Rest\Authentication\AuthenticationPluginManagerInterface;
use Shlinkio\Shlink\Rest\Authentication\Plugin\AuthenticationPluginInterface;
use Shlinkio\Shlink\Rest\Exception\NoAuthenticationException;
use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException;
use Shlinkio\Shlink\Rest\Middleware\AuthenticationMiddleware;
use ShlinkioTest\Shlink\Common\Util\TestUtils;
use Shlinkio\Shlink\Rest\Util\RestUtils;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequestFactory;
use Zend\Expressive\Router\Route;
use Zend\Expressive\Router\RouteResult;
use Zend\I18n\Translator\Translator;
use function implode;
use function sprintf;
use function Zend\Stratigility\middleware;
class AuthenticationMiddlewareTest extends TestCase
@@ -27,7 +39,7 @@ class AuthenticationMiddlewareTest extends TestCase
/**
* @var ObjectProphecy
*/
protected $jwtService;
protected $pluginManager;
/**
* @var callable
@@ -36,148 +48,147 @@ class AuthenticationMiddlewareTest extends TestCase
public function setUp()
{
$this->jwtService = $this->prophesize(JWTService::class);
$this->middleware = new AuthenticationMiddleware($this->jwtService->reveal(), Translator::factory([]), [
$this->pluginManager = $this->prophesize(AuthenticationPluginManagerInterface::class);
$this->middleware = new AuthenticationMiddleware($this->pluginManager->reveal(), Translator::factory([]), [
AuthenticateAction::class,
]);
$this->dummyMiddleware = middleware(function () {
}
/**
* @test
* @dataProvider provideWhitelistedRequests
*/
public function someWhiteListedSituationsFallbackToNextMiddleware(ServerRequestInterface $request)
{
$handler = $this->prophesize(RequestHandlerInterface::class);
$handle = $handler->handle($request)->willReturn(new Response());
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn(
$this->prophesize(AuthenticationPluginInterface::class)->reveal()
);
$this->middleware->process($request, $handler->reveal());
$handle->shouldHaveBeenCalledTimes(1);
$fromRequest->shouldNotHaveBeenCalled();
}
public function provideWhitelistedRequests(): array
{
$dummyMiddleware = $this->getDummyMiddleware();
return [
'with no route result' => [ServerRequestFactory::fromGlobals()],
'with failure route result' => [ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRouteFailure([RequestMethodInterface::METHOD_GET])
)],
'with whitelisted route' => [ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(
new Route('foo', $dummyMiddleware, Route::HTTP_METHOD_ANY, AuthenticateAction::class)
)
)],
'with OPTIONS method' => [ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $dummyMiddleware), [])
)->withMethod(RequestMethodInterface::METHOD_OPTIONS)],
];
}
/**
* @test
* @dataProvider provideExceptions
*/
public function errorIsReturnedWhenNoValidAuthIsProvided($e)
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willThrow($e);
/** @var Response\JsonResponse $response */
$response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal());
$payload = $response->getPayload();
$this->assertEquals(RestUtils::INVALID_AUTHORIZATION_ERROR, $payload['error']);
$this->assertEquals(sprintf(
'Expected one of the following authentication headers, but none were provided, ["%s"]',
implode('", "', AuthenticationPluginManager::SUPPORTED_AUTH_HEADERS)
), $payload['message']);
$fromRequest->shouldHaveBeenCalledTimes(1);
}
public function provideExceptions(): array
{
return [
[new class extends Exception implements ContainerExceptionInterface {
}],
[NoAuthenticationException::fromExpectedTypes([])],
];
}
/**
* @test
*/
public function errorIsReturnedWhenVerificationFails()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
$plugin = $this->prophesize(AuthenticationPluginInterface::class);
$verify = $plugin->verify($request)->willThrow(
VerifyAuthenticationException::withError('the_error', 'the_message')
);
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn($plugin->reveal());
/** @var Response\JsonResponse $response */
$response = $this->middleware->process($request, $this->prophesize(RequestHandlerInterface::class)->reveal());
$payload = $response->getPayload();
$this->assertEquals('the_error', $payload['error']);
$this->assertEquals('the_message', $payload['message']);
$verify->shouldHaveBeenCalledTimes(1);
$fromRequest->shouldHaveBeenCalledTimes(1);
}
/**
* @test
*/
public function updatedResponseIsReturnedWhenVerificationPasses()
{
$authToken = 'ABC-abc';
$newResponse = new Response();
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
$plugin = $this->prophesize(AuthenticationPluginInterface::class);
$verify = $plugin->verify($request)->will(function () {
});
$update = $plugin->update($request, Argument::type(ResponseInterface::class))->willReturn($newResponse);
$fromRequest = $this->pluginManager->fromRequest(Argument::any())->willReturn($plugin->reveal());
$handler = $this->prophesize(RequestHandlerInterface::class);
$handle = $handler->handle($request)->willReturn(new Response());
$response = $this->middleware->process($request, $handler->reveal());
$this->assertSame($response, $newResponse);
$verify->shouldHaveBeenCalledTimes(1);
$update->shouldHaveBeenCalledTimes(1);
$handle->shouldHaveBeenCalledTimes(1);
$fromRequest->shouldHaveBeenCalledTimes(1);
}
private function getDummyMiddleware(): MiddlewareInterface
{
return middleware(function () {
return new Response\EmptyResponse();
});
}
/**
* @test
*/
public function someWhiteListedSituationsFallbackToNextMiddleware()
{
$request = ServerRequestFactory::fromGlobals();
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRouteFailure(['GET'])
);
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route(
'foo',
$this->dummyMiddleware,
Route::HTTP_METHOD_ANY,
AuthenticateAction::class
))
);
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withMethod('OPTIONS');
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
$process = $delegate->handle($request)->willReturn(new Response());
$this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
}
/**
* @test
*/
public function noHeaderReturnsError()
{
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
);
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
}
/**
* @test
*/
public function provideAnAuthorizationWithoutTypeReturnsError()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, $authToken);
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
$this->assertTrue(strpos($response->getBody()->getContents(), 'You need to provide the Bearer type') > 0);
}
/**
* @test
*/
public function provideAnAuthorizationWithWrongTypeReturnsError()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, 'Basic ' . $authToken);
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
$this->assertTrue(
strpos($response->getBody()->getContents(), 'Provided authorization type Basic is not supported') > 0
);
}
/**
* @test
*/
public function provideAnExpiredTokenReturnsError()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, 'Bearer ' . $authToken);
$this->jwtService->verify($authToken)->willReturn(false)->shouldBeCalledTimes(1);
$response = $this->middleware->process($request, TestUtils::createReqHandlerMock()->reveal());
$this->assertEquals(401, $response->getStatusCode());
}
/**
* @test
*/
public function provideCorrectTokenUpdatesExpirationAndFallsBackToNextMiddleware()
{
$authToken = 'ABC-abc';
$request = ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->dummyMiddleware), [])
)->withHeader(AuthenticationMiddleware::AUTHORIZATION_HEADER, 'bearer ' . $authToken);
$this->jwtService->verify($authToken)->willReturn(true)->shouldBeCalledTimes(1);
$this->jwtService->refresh($authToken)->willReturn($authToken)->shouldBeCalledTimes(1);
$delegate = $this->prophesize(RequestHandlerInterface::class);
/** @var MethodProphecy $process */
$process = $delegate->handle($request)->willReturn(new Response());
$resp = $this->middleware->process($request, $delegate->reveal());
$process->shouldHaveBeenCalledTimes(1);
$this->assertArrayHasKey(AuthenticationMiddleware::AUTHORIZATION_HEADER, $resp->getHeaders());
}
}