mirror of
https://github.com/shlinkio/shlink.git
synced 2024-11-22 08:56:42 -06:00
Ensured API keys cannot be generated with domain-only roles linked to default domain
This commit is contained in:
Alejandro Celaya
parent
3e3d255edf
commit
c98ea6055b
@ -72,7 +72,7 @@ return [
|
||||
TrackingOptions::class,
|
||||
],
|
||||
Util\ProcessRunner::class => [SymfonyCli\Helper\ProcessHelper::class],
|
||||
ApiKey\RoleResolver::class => [DomainService::class],
|
||||
ApiKey\RoleResolver::class => [DomainService::class, 'config.url_shortener.domain.hostname'],
|
||||
|
||||
Command\ShortUrl\CreateShortUrlCommand::class => [
|
||||
Service\UrlShortener::class,
|
||||
|
||||
@ -4,6 +4,7 @@ declare(strict_types=1);
|
||||
|
||||
namespace Shlinkio\Shlink\CLI\ApiKey;
|
||||
|
||||
use Shlinkio\Shlink\CLI\Exception\InvalidRoleConfigException;
|
||||
use Shlinkio\Shlink\Core\Domain\DomainServiceInterface;
|
||||
use Shlinkio\Shlink\Rest\ApiKey\Model\RoleDefinition;
|
||||
use Symfony\Component\Console\Input\InputInterface;
|
||||
@ -12,24 +13,33 @@ use function is_string;
|
||||
|
||||
class RoleResolver implements RoleResolverInterface
|
||||
{
|
||||
public function __construct(private DomainServiceInterface $domainService)
|
||||
public function __construct(private DomainServiceInterface $domainService, private string $defaultDomain)
|
||||
{
|
||||
}
|
||||
|
||||
public function determineRoles(InputInterface $input): array
|
||||
{
|
||||
$domainAuthority = $input->getOption('domain-only');
|
||||
$author = $input->getOption('author-only');
|
||||
$domainAuthority = $input->getOption(self::DOMAIN_ONLY_PARAM);
|
||||
$author = $input->getOption(self::AUTHOR_ONLY_PARAM);
|
||||
|
||||
$roleDefinitions = [];
|
||||
if ($author) {
|
||||
$roleDefinitions[] = RoleDefinition::forAuthoredShortUrls();
|
||||
}
|
||||
if (is_string($domainAuthority)) {
|
||||
$domain = $this->domainService->getOrCreate($domainAuthority);
|
||||
$roleDefinitions[] = RoleDefinition::forDomain($domain);
|
||||
$roleDefinitions[] = $this->resolveRoleForAuthority($domainAuthority);
|
||||
}
|
||||
|
||||
return $roleDefinitions;
|
||||
}
|
||||
|
||||
private function resolveRoleForAuthority(string $domainAuthority): RoleDefinition
|
||||
{
|
||||
if ($domainAuthority === $this->defaultDomain) {
|
||||
throw InvalidRoleConfigException::forDomainOnlyWithDefaultDomain();
|
||||
}
|
||||
|
||||
$domain = $this->domainService->getOrCreate($domainAuthority);
|
||||
return RoleDefinition::forDomain($domain);
|
||||
}
|
||||
}
|
||||
|
||||
22
module/CLI/src/Exception/InvalidRoleConfigException.php
Normal file
22
module/CLI/src/Exception/InvalidRoleConfigException.php
Normal file
@ -0,0 +1,22 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Shlinkio\Shlink\CLI\Exception;
|
||||
|
||||
use InvalidArgumentException;
|
||||
use Shlinkio\Shlink\Rest\ApiKey\Role;
|
||||
|
||||
use function sprintf;
|
||||
|
||||
class InvalidRoleConfigException extends InvalidArgumentException implements ExceptionInterface
|
||||
{
|
||||
public static function forDomainOnlyWithDefaultDomain(): self
|
||||
{
|
||||
return new self(sprintf(
|
||||
'You cannot create an API key with the "%s" role attached to the default domain. '
|
||||
. 'The role is currently limited to non-default domains.',
|
||||
Role::DOMAIN_SPECIFIC,
|
||||
));
|
||||
}
|
||||
}
|
||||
@ -8,6 +8,7 @@ use PHPUnit\Framework\TestCase;
|
||||
use Prophecy\PhpUnit\ProphecyTrait;
|
||||
use Prophecy\Prophecy\ObjectProphecy;
|
||||
use Shlinkio\Shlink\CLI\ApiKey\RoleResolver;
|
||||
use Shlinkio\Shlink\CLI\Exception\InvalidRoleConfigException;
|
||||
use Shlinkio\Shlink\Core\Domain\DomainServiceInterface;
|
||||
use Shlinkio\Shlink\Core\Entity\Domain;
|
||||
use Shlinkio\Shlink\Rest\ApiKey\Model\RoleDefinition;
|
||||
@ -23,7 +24,7 @@ class RoleResolverTest extends TestCase
|
||||
protected function setUp(): void
|
||||
{
|
||||
$this->domainService = $this->prophesize(DomainServiceInterface::class);
|
||||
$this->resolver = new RoleResolver($this->domainService->reveal());
|
||||
$this->resolver = new RoleResolver($this->domainService->reveal(), 'default.com');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -94,4 +95,16 @@ class RoleResolverTest extends TestCase
|
||||
1,
|
||||
];
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function exceptionIsThrownWhenTryingToAddDomainOnlyLinkedToDefaultDomain(): void
|
||||
{
|
||||
$input = $this->prophesize(InputInterface::class);
|
||||
$input->getOption(RoleResolver::DOMAIN_ONLY_PARAM)->willReturn('default.com');
|
||||
$input->getOption(RoleResolver::AUTHOR_ONLY_PARAM)->willReturn(null);
|
||||
|
||||
$this->expectException(InvalidRoleConfigException::class);
|
||||
|
||||
$this->resolver->determineRoles($input->reveal());
|
||||
}
|
||||
}
|
||||
|
||||
26
module/CLI/test/Exception/InvalidRoleConfigExceptionTest.php
Normal file
26
module/CLI/test/Exception/InvalidRoleConfigExceptionTest.php
Normal file
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace ShlinkioTest\Shlink\CLI\Exception;
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Shlinkio\Shlink\CLI\Exception\InvalidRoleConfigException;
|
||||
use Shlinkio\Shlink\Rest\ApiKey\Role;
|
||||
|
||||
use function sprintf;
|
||||
|
||||
class InvalidRoleConfigExceptionTest extends TestCase
|
||||
{
|
||||
/** @test */
|
||||
public function forDomainOnlyWithDefaultDomainGeneratesExpectedException(): void
|
||||
{
|
||||
$e = InvalidRoleConfigException::forDomainOnlyWithDefaultDomain();
|
||||
|
||||
self::assertEquals(sprintf(
|
||||
'You cannot create an API key with the "%s" role attached to the default domain. '
|
||||
. 'The role is currently limited to non-default domains.',
|
||||
Role::DOMAIN_SPECIFIC,
|
||||
), $e->getMessage());
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user