OilfieldToolsNet/shlink
4
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ensured API keys cannot be generated with domain-only roles linked to default domain

Browse Source
This commit is contained in:
Alejandro Celaya 2022-02-19 19:23:36 +01:00
parent 3e3d255edf
commit c98ea6055b
5 changed files with 78 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
module/CLI/config/dependencies.config.php
View File

@ -72,7 +72,7 @@ return [
TrackingOptions::class, TrackingOptions::class,
], ],
Util\ProcessRunner::class => [SymfonyCli\Helper\ProcessHelper::class], Util\ProcessRunner::class => [SymfonyCli\Helper\ProcessHelper::class],
ApiKey\RoleResolver::class => [DomainService::class], ApiKey\RoleResolver::class => [DomainService::class, 'config.url_shortener.domain.hostname'],
Command\ShortUrl\CreateShortUrlCommand::class => [ Command\ShortUrl\CreateShortUrlCommand::class => [
Service\UrlShortener::class, Service\UrlShortener::class,

20
module/CLI/src/ApiKey/RoleResolver.php
View File

@ -4,6 +4,7 @@ declare(strict_types=1);
namespace Shlinkio\Shlink\CLI\ApiKey; namespace Shlinkio\Shlink\CLI\ApiKey;
use Shlinkio\Shlink\CLI\Exception\InvalidRoleConfigException;
use Shlinkio\Shlink\Core\Domain\DomainServiceInterface; use Shlinkio\Shlink\Core\Domain\DomainServiceInterface;
use Shlinkio\Shlink\Rest\ApiKey\Model\RoleDefinition; use Shlinkio\Shlink\Rest\ApiKey\Model\RoleDefinition;
use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputInterface;
@ -12,24 +13,33 @@ use function is_string;
class RoleResolver implements RoleResolverInterface class RoleResolver implements RoleResolverInterface
{ {
public function __construct(private DomainServiceInterface $domainService) public function __construct(private DomainServiceInterface $domainService, private string $defaultDomain)
{ {
} }
public function determineRoles(InputInterface $input): array public function determineRoles(InputInterface $input): array
{ {
$domainAuthority = $input->getOption('domain-only'); $domainAuthority = $input->getOption(self::DOMAIN_ONLY_PARAM);
$author = $input->getOption('author-only'); $author = $input->getOption(self::AUTHOR_ONLY_PARAM);
$roleDefinitions = []; $roleDefinitions = [];
if ($author) { if ($author) {
$roleDefinitions[] = RoleDefinition::forAuthoredShortUrls(); $roleDefinitions[] = RoleDefinition::forAuthoredShortUrls();
} }
if (is_string($domainAuthority)) { if (is_string($domainAuthority)) {
$domain = $this->domainService->getOrCreate($domainAuthority); $roleDefinitions[] = $this->resolveRoleForAuthority($domainAuthority);
$roleDefinitions[] = RoleDefinition::forDomain($domain);
} }
return $roleDefinitions; return $roleDefinitions;
} }
private function resolveRoleForAuthority(string $domainAuthority): RoleDefinition
{
if ($domainAuthority === $this->defaultDomain) {
throw InvalidRoleConfigException::forDomainOnlyWithDefaultDomain();
}
$domain = $this->domainService->getOrCreate($domainAuthority);
return RoleDefinition::forDomain($domain);
}
} }

22
module/CLI/src/Exception/InvalidRoleConfigException.php Normal file
View File

@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
namespace Shlinkio\Shlink\CLI\Exception;
use InvalidArgumentException;
use Shlinkio\Shlink\Rest\ApiKey\Role;
use function sprintf;
class InvalidRoleConfigException extends InvalidArgumentException implements ExceptionInterface
{
public static function forDomainOnlyWithDefaultDomain(): self
{
return new self(sprintf(
'You cannot create an API key with the "%s" role attached to the default domain. '
. 'The role is currently limited to non-default domains.',
Role::DOMAIN_SPECIFIC,
));
}
}

15
module/CLI/test/ApiKey/RoleResolverTest.php
View File

@ -8,6 +8,7 @@ use PHPUnit\Framework\TestCase;
use Prophecy\PhpUnit\ProphecyTrait; use Prophecy\PhpUnit\ProphecyTrait;
use Prophecy\Prophecy\ObjectProphecy; use Prophecy\Prophecy\ObjectProphecy;
use Shlinkio\Shlink\CLI\ApiKey\RoleResolver; use Shlinkio\Shlink\CLI\ApiKey\RoleResolver;
use Shlinkio\Shlink\CLI\Exception\InvalidRoleConfigException;
use Shlinkio\Shlink\Core\Domain\DomainServiceInterface; use Shlinkio\Shlink\Core\Domain\DomainServiceInterface;
use Shlinkio\Shlink\Core\Entity\Domain; use Shlinkio\Shlink\Core\Entity\Domain;
use Shlinkio\Shlink\Rest\ApiKey\Model\RoleDefinition; use Shlinkio\Shlink\Rest\ApiKey\Model\RoleDefinition;
@ -23,7 +24,7 @@ class RoleResolverTest extends TestCase
protected function setUp(): void protected function setUp(): void
{ {
$this->domainService = $this->prophesize(DomainServiceInterface::class); $this->domainService = $this->prophesize(DomainServiceInterface::class);
$this->resolver = new RoleResolver($this->domainService->reveal()); $this->resolver = new RoleResolver($this->domainService->reveal(), 'default.com');
} }
/** /**
@ -94,4 +95,16 @@ class RoleResolverTest extends TestCase
1, 1,
]; ];
} }
/** @test */
public function exceptionIsThrownWhenTryingToAddDomainOnlyLinkedToDefaultDomain(): void
{
$input = $this->prophesize(InputInterface::class);
$input->getOption(RoleResolver::DOMAIN_ONLY_PARAM)->willReturn('default.com');
$input->getOption(RoleResolver::AUTHOR_ONLY_PARAM)->willReturn(null);
$this->expectException(InvalidRoleConfigException::class);
$this->resolver->determineRoles($input->reveal());
}
} }

26
module/CLI/test/Exception/InvalidRoleConfigExceptionTest.php Normal file
View File

@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace ShlinkioTest\Shlink\CLI\Exception;
use PHPUnit\Framework\TestCase;
use Shlinkio\Shlink\CLI\Exception\InvalidRoleConfigException;
use Shlinkio\Shlink\Rest\ApiKey\Role;
use function sprintf;
class InvalidRoleConfigExceptionTest extends TestCase
{
/** @test */
public function forDomainOnlyWithDefaultDomainGeneratesExpectedException(): void
{
$e = InvalidRoleConfigException::forDomainOnlyWithDefaultDomain();
self::assertEquals(sprintf(
'You cannot create an API key with the "%s" role attached to the default domain. '
. 'The role is currently limited to non-default domains.',
Role::DOMAIN_SPECIFIC,
), $e->getMessage());
}
}