OilfieldToolsNet/shlink
4
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed single step shortening endpoint

Browse Source
This commit is contained in:
Alejandro Celaya 2021-01-21 19:26:19 +01:00
parent b5b3a50bb2
commit da9896a28b
8 changed files with 121 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
module/Rest/config/auth.config.php
View File

@ -11,9 +11,12 @@ return [
'auth' => [ 'auth' => [
'routes_whitelist' => [ 'routes_whitelist' => [
Action\HealthAction::class, Action\HealthAction::class,
Action\ShortUrl\SingleStepCreateShortUrlAction::class,
ConfigProvider::UNVERSIONED_HEALTH_ENDPOINT_NAME, ConfigProvider::UNVERSIONED_HEALTH_ENDPOINT_NAME,
], ],
'routes_with_query_api_key' => [
Action\ShortUrl\SingleStepCreateShortUrlAction::class,
],
], ],
'dependencies' => [ 'dependencies' => [
@ -23,7 +26,11 @@ return [
], ],
ConfigAbstractFactory::class => [ ConfigAbstractFactory::class => [
Middleware\AuthenticationMiddleware::class => [Service\ApiKeyService::class, 'config.auth.routes_whitelist'], Middleware\AuthenticationMiddleware::class => [
Service\ApiKeyService::class,
'config.auth.routes_whitelist',
'config.auth.routes_with_query_api_key',
],
], ],
]; ];

1
module/Rest/config/dependencies.config.php
View File

@ -57,7 +57,6 @@ return [
Action\ShortUrl\CreateShortUrlAction::class => [Service\UrlShortener::class, 'config.url_shortener.domain'], Action\ShortUrl\CreateShortUrlAction::class => [Service\UrlShortener::class, 'config.url_shortener.domain'],
Action\ShortUrl\SingleStepCreateShortUrlAction::class => [ Action\ShortUrl\SingleStepCreateShortUrlAction::class => [
Service\UrlShortener::class, Service\UrlShortener::class,
ApiKeyService::class,
'config.url_shortener.domain', 'config.url_shortener.domain',
], ],
Action\ShortUrl\EditShortUrlAction::class => [Service\ShortUrlService::class], Action\ShortUrl\EditShortUrlAction::class => [Service\ShortUrlService::class],

27
module/Rest/src/Action/ShortUrl/SingleStepCreateShortUrlAction.php
View File

@ -8,49 +8,28 @@ use Psr\Http\Message\ServerRequestInterface as Request;
use Shlinkio\Shlink\Core\Exception\ValidationException; use Shlinkio\Shlink\Core\Exception\ValidationException;
use Shlinkio\Shlink\Core\Model\CreateShortUrlData; use Shlinkio\Shlink\Core\Model\CreateShortUrlData;
use Shlinkio\Shlink\Core\Model\ShortUrlMeta; use Shlinkio\Shlink\Core\Model\ShortUrlMeta;
use Shlinkio\Shlink\Core\Service\UrlShortenerInterface;
use Shlinkio\Shlink\Core\Validation\ShortUrlMetaInputFilter; use Shlinkio\Shlink\Core\Validation\ShortUrlMetaInputFilter;
use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface; use Shlinkio\Shlink\Rest\Middleware\AuthenticationMiddleware;
class SingleStepCreateShortUrlAction extends AbstractCreateShortUrlAction class SingleStepCreateShortUrlAction extends AbstractCreateShortUrlAction
{ {
protected const ROUTE_PATH = '/short-urls/shorten'; protected const ROUTE_PATH = '/short-urls/shorten';
protected const ROUTE_ALLOWED_METHODS = [self::METHOD_GET]; protected const ROUTE_ALLOWED_METHODS = [self::METHOD_GET];
private ApiKeyServiceInterface $apiKeyService;
public function __construct(
UrlShortenerInterface $urlShortener,
ApiKeyServiceInterface $apiKeyService,
array $domainConfig
) {
parent::__construct($urlShortener, $domainConfig);
$this->apiKeyService = $apiKeyService;
}
/**
* @throws ValidationException
*/
protected function buildShortUrlData(Request $request): CreateShortUrlData protected function buildShortUrlData(Request $request): CreateShortUrlData
{ {
$query = $request->getQueryParams(); $query = $request->getQueryParams();
$longUrl = $query['longUrl'] ?? null; $longUrl = $query['longUrl'] ?? null;
$apiKeyResult = $this->apiKeyService->check($query['apiKey'] ?? '');
if (! $apiKeyResult->isValid()) {
throw ValidationException::fromArray([
'apiKey' => 'No API key was provided or it is not valid',
]);
}
if ($longUrl === null) { if ($longUrl === null) {
throw ValidationException::fromArray([ throw ValidationException::fromArray([
'longUrl' => 'A URL was not provided', 'longUrl' => 'A URL was not provided',
]); ]);
} }
$apiKey = AuthenticationMiddleware::apiKeyFromRequest($request);
return new CreateShortUrlData($longUrl, [], ShortUrlMeta::fromRawData([ return new CreateShortUrlData($longUrl, [], ShortUrlMeta::fromRawData([
ShortUrlMetaInputFilter::API_KEY => $apiKeyResult->apiKey(), ShortUrlMetaInputFilter::API_KEY => $apiKey,
// This will usually be null, unless this API key enforces one specific domain // This will usually be null, unless this API key enforces one specific domain
ShortUrlMetaInputFilter::DOMAIN => $request->getAttribute(ShortUrlMetaInputFilter::DOMAIN), ShortUrlMetaInputFilter::DOMAIN => $request->getAttribute(ShortUrlMetaInputFilter::DOMAIN),
])); ]));

28
module/Rest/src/Exception/MissingAuthenticationException.php
View File

@ -18,18 +18,36 @@ class MissingAuthenticationException extends RuntimeException implements Problem
private const TITLE = 'Invalid authorization'; private const TITLE = 'Invalid authorization';
private const TYPE = 'INVALID_AUTHORIZATION'; private const TYPE = 'INVALID_AUTHORIZATION';
public static function fromExpectedTypes(array $expectedTypes): self public static function forHeaders(array $expectedHeaders): self
{ {
$e = new self(sprintf( $e = self::withMessage(sprintf(
'Expected one of the following authentication headers, ["%s"], but none were provided', 'Expected one of the following authentication headers, ["%s"], but none were provided',
implode('", "', $expectedTypes), implode('", "', $expectedHeaders),
)); ));
$e->additional = [
'expectedTypes' => $expectedHeaders, // Deprecated
'expectedHeaders' => $expectedHeaders,
];
$e->detail = $e->getMessage(); return $e;
}
public static function forQueryParam(string $param): self
{
$e = self::withMessage(sprintf('Expected authentication to be provided in "%s" query param', $param));
$e->additional = ['param' => $param];
return $e;
}
private static function withMessage(string $message): self
{
$e = new self($message);
$e->detail = $message;
$e->title = self::TITLE; $e->title = self::TITLE;
$e->type = self::TYPE; $e->type = self::TYPE;
$e->status = StatusCodeInterface::STATUS_UNAUTHORIZED; $e->status = StatusCodeInterface::STATUS_UNAUTHORIZED;
$e->additional = ['expectedTypes' => $expectedTypes];
return $e; return $e;
} }

32
module/Rest/src/Middleware/AuthenticationMiddleware.php
View File

@ -8,6 +8,7 @@ use Fig\Http\Message\RequestMethodInterface;
use Fig\Http\Message\StatusCodeInterface; use Fig\Http\Message\StatusCodeInterface;
use Mezzio\Router\RouteResult; use Mezzio\Router\RouteResult;
use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface; use Psr\Http\Server\RequestHandlerInterface;
@ -24,11 +25,16 @@ class AuthenticationMiddleware implements MiddlewareInterface, StatusCodeInterfa
private ApiKeyServiceInterface $apiKeyService; private ApiKeyServiceInterface $apiKeyService;
private array $routesWhitelist; private array $routesWhitelist;
private array $routesWithQueryApiKey;
public function __construct(ApiKeyServiceInterface $apiKeyService, array $routesWhitelist) public function __construct(
{ ApiKeyServiceInterface $apiKeyService,
array $routesWhitelist,
array $routesWithQueryApiKey
) {
$this->apiKeyService = $apiKeyService; $this->apiKeyService = $apiKeyService;
$this->routesWhitelist = $routesWhitelist; $this->routesWhitelist = $routesWhitelist;
$this->routesWithQueryApiKey = $routesWithQueryApiKey;
} }
public function process(Request $request, RequestHandlerInterface $handler): Response public function process(Request $request, RequestHandlerInterface $handler): Response
@ -44,11 +50,7 @@ class AuthenticationMiddleware implements MiddlewareInterface, StatusCodeInterfa
return $handler->handle($request); return $handler->handle($request);
} }
$apiKey = $request->getHeaderLine(self::API_KEY_HEADER); $apiKey = $this->getApiKeyFromRequest($request, $routeResult);
if (empty($apiKey)) {
throw MissingAuthenticationException::fromExpectedTypes([self::API_KEY_HEADER]);
}
$result = $this->apiKeyService->check($apiKey); $result = $this->apiKeyService->check($apiKey);
if (! $result->isValid()) { if (! $result->isValid()) {
throw VerifyAuthenticationException::forInvalidApiKey(); throw VerifyAuthenticationException::forInvalidApiKey();
@ -61,4 +63,20 @@ class AuthenticationMiddleware implements MiddlewareInterface, StatusCodeInterfa
{ {
return $request->getAttribute(ApiKey::class); return $request->getAttribute(ApiKey::class);
} }
private function getApiKeyFromRequest(ServerRequestInterface $request, RouteResult $routeResult): string
{
$routeName = $routeResult->getMatchedRouteName();
$query = $request->getQueryParams();
$isRouteWithApiKeyInQuery = contains($this->routesWithQueryApiKey, $routeName);
$apiKey = $isRouteWithApiKeyInQuery ? ($query['apiKey'] ?? '') : $request->getHeaderLine(self::API_KEY_HEADER);
if (empty($apiKey)) {
throw $isRouteWithApiKeyInQuery
? MissingAuthenticationException::forQueryParam('apiKey')
: MissingAuthenticationException::forHeaders([self::API_KEY_HEADER]);
}
return $apiKey;
}
} }

26
module/Rest/test/Action/ShortUrl/SingleStepCreateShortUrlActionTest.php
View File

@ -16,8 +16,6 @@ use Shlinkio\Shlink\Core\Model\ShortUrlMeta;
use Shlinkio\Shlink\Core\Service\UrlShortenerInterface; use Shlinkio\Shlink\Core\Service\UrlShortenerInterface;
use Shlinkio\Shlink\Rest\Action\ShortUrl\SingleStepCreateShortUrlAction; use Shlinkio\Shlink\Rest\Action\ShortUrl\SingleStepCreateShortUrlAction;
use Shlinkio\Shlink\Rest\Entity\ApiKey; use Shlinkio\Shlink\Rest\Entity\ApiKey;
use Shlinkio\Shlink\Rest\Service\ApiKeyCheckResult;
use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface;
class SingleStepCreateShortUrlActionTest extends TestCase class SingleStepCreateShortUrlActionTest extends TestCase
{ {
@ -30,11 +28,9 @@ class SingleStepCreateShortUrlActionTest extends TestCase
public function setUp(): void public function setUp(): void
{ {
$this->urlShortener = $this->prophesize(UrlShortenerInterface::class); $this->urlShortener = $this->prophesize(UrlShortenerInterface::class);
$this->apiKeyService = $this->prophesize(ApiKeyServiceInterface::class);
$this->action = new SingleStepCreateShortUrlAction( $this->action = new SingleStepCreateShortUrlAction(
$this->urlShortener->reveal(), $this->urlShortener->reveal(),
$this->apiKeyService->reveal(),
[ [
'schema' => 'http', 'schema' => 'http',
'hostname' => 'foo.com', 'hostname' => 'foo.com',
@ -42,26 +38,12 @@ class SingleStepCreateShortUrlActionTest extends TestCase
); );
} }
/** @test */
public function errorResponseIsReturnedIfInvalidApiKeyIsProvided(): void
{
$request = (new ServerRequest())->withQueryParams(['apiKey' => 'abc123']);
$findApiKey = $this->apiKeyService->check('abc123')->willReturn(new ApiKeyCheckResult());
$this->expectException(ValidationException::class);
$findApiKey->shouldBeCalledOnce();
$this->action->handle($request);
}
/** @test */ /** @test */
public function errorResponseIsReturnedIfNoUrlIsProvided(): void public function errorResponseIsReturnedIfNoUrlIsProvided(): void
{ {
$request = (new ServerRequest())->withQueryParams(['apiKey' => 'abc123']); $request = new ServerRequest();
$findApiKey = $this->apiKeyService->check('abc123')->willReturn(new ApiKeyCheckResult(new ApiKey()));
$this->expectException(ValidationException::class); $this->expectException(ValidationException::class);
$findApiKey->shouldBeCalledOnce();
$this->action->handle($request); $this->action->handle($request);
} }
@ -70,13 +52,10 @@ class SingleStepCreateShortUrlActionTest extends TestCase
public function properDataIsPassedWhenGeneratingShortCode(): void public function properDataIsPassedWhenGeneratingShortCode(): void
{ {
$apiKey = new ApiKey(); $apiKey = new ApiKey();
$key = $apiKey->toString();
$request = (new ServerRequest())->withQueryParams([ $request = (new ServerRequest())->withQueryParams([
'apiKey' => $key,
'longUrl' => 'http://foobar.com', 'longUrl' => 'http://foobar.com',
]); ])->withAttribute(ApiKey::class, $apiKey);
$findApiKey = $this->apiKeyService->check($key)->willReturn(new ApiKeyCheckResult($apiKey));
$generateShortCode = $this->urlShortener->shorten( $generateShortCode = $this->urlShortener->shorten(
Argument::that(function (string $argument): bool { Argument::that(function (string $argument): bool {
Assert::assertEquals('http://foobar.com', $argument); Assert::assertEquals('http://foobar.com', $argument);
@ -89,7 +68,6 @@ class SingleStepCreateShortUrlActionTest extends TestCase
$resp = $this->action->handle($request); $resp = $this->action->handle($request);
self::assertEquals(200, $resp->getStatusCode()); self::assertEquals(200, $resp->getStatusCode());
$findApiKey->shouldHaveBeenCalled();
$generateShortCode->shouldHaveBeenCalled(); $generateShortCode->shouldHaveBeenCalled();
} }
} }

45
module/Rest/test/Exception/MissingAuthenticationExceptionTest.php
View File

@ -16,21 +16,22 @@ class MissingAuthenticationExceptionTest extends TestCase
* @test * @test
* @dataProvider provideExpectedTypes * @dataProvider provideExpectedTypes
*/ */
public function exceptionIsProperlyCreatedFromExpectedTypes(array $expectedTypes): void public function exceptionIsProperlyCreatedFromExpectedHeaders(array $expectedHeaders): void
{ {
$expectedMessage = sprintf( $expectedMessage = sprintf(
'Expected one of the following authentication headers, ["%s"], but none were provided', 'Expected one of the following authentication headers, ["%s"], but none were provided',
implode('", "', $expectedTypes), implode('", "', $expectedHeaders),
); );
$e = MissingAuthenticationException::fromExpectedTypes($expectedTypes); $e = MissingAuthenticationException::forHeaders($expectedHeaders);
$this->assertCommonExceptionShape($e);
self::assertEquals($expectedMessage, $e->getMessage()); self::assertEquals($expectedMessage, $e->getMessage());
self::assertEquals($expectedMessage, $e->getDetail()); self::assertEquals($expectedMessage, $e->getDetail());
self::assertEquals('Invalid authorization', $e->getTitle()); self::assertEquals([
self::assertEquals('INVALID_AUTHORIZATION', $e->getType()); 'expectedTypes' => $expectedHeaders,
self::assertEquals(401, $e->getStatus()); 'expectedHeaders' => $expectedHeaders,
self::assertEquals(['expectedTypes' => $expectedTypes], $e->getAdditionalData()); ], $e->getAdditionalData());
} }
public function provideExpectedTypes(): iterable public function provideExpectedTypes(): iterable
@ -40,4 +41,34 @@ class MissingAuthenticationExceptionTest extends TestCase
yield [[]]; yield [[]];
yield [['foo', 'bar', 'baz']]; yield [['foo', 'bar', 'baz']];
} }
/**
* @test
* @dataProvider provideExpectedParam
*/
public function exceptionIsProperlyCreatedFromExpectedQueryParam(string $param): void
{
$expectedMessage = sprintf('Expected authentication to be provided in "%s" query param', $param);
$e = MissingAuthenticationException::forQueryParam($param);
$this->assertCommonExceptionShape($e);
self::assertEquals($expectedMessage, $e->getMessage());
self::assertEquals($expectedMessage, $e->getDetail());
self::assertEquals(['param' => $param], $e->getAdditionalData());
}
public function provideExpectedParam(): iterable
{
yield ['foo'];
yield ['bar'];
yield ['something'];
}
private function assertCommonExceptionShape(MissingAuthenticationException $e): void
{
self::assertEquals('Invalid authorization', $e->getTitle());
self::assertEquals('INVALID_AUTHORIZATION', $e->getType());
self::assertEquals(401, $e->getStatus());
}
} }

31
module/Rest/test/Middleware/AuthenticationMiddlewareTest.php
View File

@ -38,7 +38,11 @@ class AuthenticationMiddlewareTest extends TestCase
public function setUp(): void public function setUp(): void
{ {
$this->apiKeyService = $this->prophesize(ApiKeyServiceInterface::class); $this->apiKeyService = $this->prophesize(ApiKeyServiceInterface::class);
$this->middleware = new AuthenticationMiddleware($this->apiKeyService->reveal(), [HealthAction::class]); $this->middleware = new AuthenticationMiddleware(
$this->apiKeyService->reveal(),
[HealthAction::class],
['with_query_api_key'],
);
$this->handler = $this->prophesize(RequestHandlerInterface::class); $this->handler = $this->prophesize(RequestHandlerInterface::class);
} }
@ -82,27 +86,34 @@ class AuthenticationMiddlewareTest extends TestCase
* @test * @test
* @dataProvider provideRequestsWithoutApiKey * @dataProvider provideRequestsWithoutApiKey
*/ */
public function throwsExceptionWhenNoApiKeyIsProvided(ServerRequestInterface $request): void public function throwsExceptionWhenNoApiKeyIsProvided(
{ ServerRequestInterface $request,
string $expectedMessage
): void {
$this->apiKeyService->check(Argument::any())->shouldNotBeCalled(); $this->apiKeyService->check(Argument::any())->shouldNotBeCalled();
$this->handler->handle($request)->shouldNotBeCalled(); $this->handler->handle($request)->shouldNotBeCalled();
$this->expectException(MissingAuthenticationException::class); $this->expectException(MissingAuthenticationException::class);
$this->expectExceptionMessage( $this->expectExceptionMessage($expectedMessage);
'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided',
);
$this->middleware->process($request, $this->handler->reveal()); $this->middleware->process($request, $this->handler->reveal());
} }
public function provideRequestsWithoutApiKey(): iterable public function provideRequestsWithoutApiKey(): iterable
{ {
$baseRequest = ServerRequestFactory::fromGlobals()->withAttribute( $baseRequest = fn (string $routeName) => ServerRequestFactory::fromGlobals()->withAttribute(
RouteResult::class, RouteResult::class,
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []), RouteResult::fromRoute(new Route($routeName, $this->getDummyMiddleware()), []),
); );
$apiKeyMessage = 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided';
$queryMessage = 'Expected authentication to be provided in "apiKey" query param';
yield 'no api key' => [$baseRequest]; yield 'no api key in header' => [$baseRequest('bar'), $apiKeyMessage];
yield 'empty api key' => [$baseRequest->withHeader('X-Api-Key', '')]; yield 'empty api key in header' => [$baseRequest('bar')->withHeader('X-Api-Key', ''), $apiKeyMessage];
yield 'no api key in query' => [$baseRequest('with_query_api_key'), $queryMessage];
yield 'empty api key in query' => [
$baseRequest('with_query_api_key')->withQueryParams(['apiKey' => '']),
$queryMessage,
];
} }
/** @test */ /** @test */