2016-07-31 00:26:49 +03:00
|
|
|
<?php
|
2019-10-05 18:26:10 +03:00
|
|
|
|
2017-10-12 11:13:20 +03:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
2016-07-31 00:26:49 +03:00
|
|
|
namespace ShlinkioTest\Shlink\Rest\Middleware;
|
|
|
|
|
|
2018-09-28 23:08:01 +03:00
|
|
|
use Fig\Http\Message\RequestMethodInterface;
|
2020-01-01 23:11:53 +03:00
|
|
|
use Laminas\Diactoros\Response;
|
|
|
|
|
use Laminas\Diactoros\ServerRequest;
|
2020-11-07 14:53:14 +03:00
|
|
|
use Laminas\Diactoros\ServerRequestFactory;
|
2020-01-01 23:11:53 +03:00
|
|
|
use Mezzio\Router\Route;
|
|
|
|
|
use Mezzio\Router\RouteResult;
|
2017-03-24 22:34:18 +03:00
|
|
|
use PHPUnit\Framework\TestCase;
|
2018-09-28 23:08:01 +03:00
|
|
|
use Prophecy\Argument;
|
2020-11-02 13:50:19 +03:00
|
|
|
use Prophecy\PhpUnit\ProphecyTrait;
|
2016-07-31 00:26:49 +03:00
|
|
|
use Prophecy\Prophecy\ObjectProphecy;
|
2018-09-28 23:08:01 +03:00
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
|
|
|
use Psr\Http\Server\MiddlewareInterface;
|
2018-03-26 20:02:41 +03:00
|
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
2019-12-31 17:38:37 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Action\HealthAction;
|
2020-11-07 14:53:14 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Exception\MissingAuthenticationException;
|
|
|
|
|
use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException;
|
2018-09-24 20:24:23 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Middleware\AuthenticationMiddleware;
|
2020-11-07 14:53:14 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface;
|
2019-02-27 00:56:43 +03:00
|
|
|
|
2020-01-01 23:11:53 +03:00
|
|
|
use function Laminas\Stratigility\middleware;
|
2018-03-21 03:05:55 +03:00
|
|
|
|
2018-09-24 20:24:23 +03:00
|
|
|
class AuthenticationMiddlewareTest extends TestCase
|
2016-07-31 00:26:49 +03:00
|
|
|
{
|
2020-11-02 13:50:19 +03:00
|
|
|
use ProphecyTrait;
|
|
|
|
|
|
2019-12-30 00:48:40 +03:00
|
|
|
private AuthenticationMiddleware $middleware;
|
2020-11-07 14:53:14 +03:00
|
|
|
private ObjectProphecy $apiKeyService;
|
|
|
|
|
private ObjectProphecy $handler;
|
2018-03-21 13:13:03 +03:00
|
|
|
|
2019-02-16 12:53:45 +03:00
|
|
|
public function setUp(): void
|
2016-07-31 00:26:49 +03:00
|
|
|
{
|
2020-11-07 14:53:14 +03:00
|
|
|
$this->apiKeyService = $this->prophesize(ApiKeyServiceInterface::class);
|
|
|
|
|
$this->middleware = new AuthenticationMiddleware($this->apiKeyService->reveal(), [HealthAction::class]);
|
|
|
|
|
$this->handler = $this->prophesize(RequestHandlerInterface::class);
|
2016-07-31 00:26:49 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @test
|
2018-09-28 23:08:01 +03:00
|
|
|
* @dataProvider provideWhitelistedRequests
|
2016-07-31 00:26:49 +03:00
|
|
|
*/
|
2019-02-17 22:28:34 +03:00
|
|
|
public function someWhiteListedSituationsFallbackToNextMiddleware(ServerRequestInterface $request): void
|
2016-07-31 00:26:49 +03:00
|
|
|
{
|
2020-11-07 14:53:14 +03:00
|
|
|
$handle = $this->handler->handle($request)->willReturn(new Response());
|
|
|
|
|
$checkApiKey = $this->apiKeyService->check(Argument::any());
|
2016-07-31 00:26:49 +03:00
|
|
|
|
2020-11-07 14:53:14 +03:00
|
|
|
$this->middleware->process($request, $this->handler->reveal());
|
2016-07-31 00:26:49 +03:00
|
|
|
|
2018-11-11 15:18:21 +03:00
|
|
|
$handle->shouldHaveBeenCalledOnce();
|
2020-11-07 14:53:14 +03:00
|
|
|
$checkApiKey->shouldNotHaveBeenCalled();
|
2016-07-31 00:26:49 +03:00
|
|
|
}
|
2016-07-31 14:01:08 +03:00
|
|
|
|
2019-02-17 22:28:34 +03:00
|
|
|
public function provideWhitelistedRequests(): iterable
|
2016-07-31 14:01:08 +03:00
|
|
|
{
|
2018-09-28 23:08:01 +03:00
|
|
|
$dummyMiddleware = $this->getDummyMiddleware();
|
|
|
|
|
|
2019-02-17 22:28:34 +03:00
|
|
|
yield 'with no route result' => [new ServerRequest()];
|
|
|
|
|
yield 'with failure route result' => [(new ServerRequest())->withAttribute(
|
|
|
|
|
RouteResult::class,
|
2020-01-01 22:48:31 +03:00
|
|
|
RouteResult::fromRouteFailure([RequestMethodInterface::METHOD_GET]),
|
2019-02-17 22:28:34 +03:00
|
|
|
)];
|
|
|
|
|
yield 'with whitelisted route' => [(new ServerRequest())->withAttribute(
|
|
|
|
|
RouteResult::class,
|
|
|
|
|
RouteResult::fromRoute(
|
2020-01-01 22:48:31 +03:00
|
|
|
new Route('foo', $dummyMiddleware, Route::HTTP_METHOD_ANY, HealthAction::class),
|
|
|
|
|
),
|
2019-02-17 22:28:34 +03:00
|
|
|
)];
|
|
|
|
|
yield 'with OPTIONS method' => [(new ServerRequest())->withAttribute(
|
|
|
|
|
RouteResult::class,
|
2020-01-01 22:48:31 +03:00
|
|
|
RouteResult::fromRoute(new Route('bar', $dummyMiddleware), []),
|
2019-02-17 22:28:34 +03:00
|
|
|
)->withMethod(RequestMethodInterface::METHOD_OPTIONS)];
|
2016-07-31 14:01:08 +03:00
|
|
|
}
|
|
|
|
|
|
2020-11-07 14:53:14 +03:00
|
|
|
/**
|
|
|
|
|
* @test
|
|
|
|
|
* @dataProvider provideRequestsWithoutApiKey
|
|
|
|
|
*/
|
|
|
|
|
public function throwsExceptionWhenNoApiKeyIsProvided(ServerRequestInterface $request): void
|
|
|
|
|
{
|
|
|
|
|
$this->apiKeyService->check(Argument::any())->shouldNotBeCalled();
|
|
|
|
|
$this->handler->handle($request)->shouldNotBeCalled();
|
|
|
|
|
$this->expectException(MissingAuthenticationException::class);
|
|
|
|
|
$this->expectExceptionMessage(
|
|
|
|
|
'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided',
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->middleware->process($request, $this->handler->reveal());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideRequestsWithoutApiKey(): iterable
|
2016-07-31 14:01:08 +03:00
|
|
|
{
|
2020-11-07 14:53:14 +03:00
|
|
|
$baseRequest = ServerRequestFactory::fromGlobals()->withAttribute(
|
2016-07-31 14:01:08 +03:00
|
|
|
RouteResult::class,
|
2020-01-01 22:48:31 +03:00
|
|
|
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []),
|
2018-09-29 09:16:40 +03:00
|
|
|
);
|
2016-07-31 14:01:08 +03:00
|
|
|
|
2020-11-07 14:53:14 +03:00
|
|
|
yield 'no api key' => [$baseRequest];
|
|
|
|
|
yield 'empty api key' => [$baseRequest->withHeader('X-Api-Key', '')];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** @test */
|
|
|
|
|
public function throwsExceptionWhenProvidedApiKeyIsInvalid(): void
|
|
|
|
|
{
|
|
|
|
|
$apiKey = 'abc123';
|
|
|
|
|
$request = ServerRequestFactory::fromGlobals()
|
|
|
|
|
->withAttribute(
|
|
|
|
|
RouteResult::class,
|
|
|
|
|
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []),
|
|
|
|
|
)
|
|
|
|
|
->withHeader('X-Api-Key', $apiKey);
|
|
|
|
|
|
|
|
|
|
$this->apiKeyService->check($apiKey)->willReturn(false)->shouldBeCalledOnce();
|
|
|
|
|
$this->handler->handle($request)->shouldNotBeCalled();
|
|
|
|
|
$this->expectException(VerifyAuthenticationException::class);
|
|
|
|
|
$this->expectExceptionMessage('Provided API key does not exist or is invalid');
|
|
|
|
|
|
|
|
|
|
$this->middleware->process($request, $this->handler->reveal());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** @test */
|
|
|
|
|
public function validApiKeyFallsBackToNextMiddleware(): void
|
|
|
|
|
{
|
|
|
|
|
$apiKey = 'abc123';
|
|
|
|
|
$request = ServerRequestFactory::fromGlobals()
|
|
|
|
|
->withAttribute(
|
|
|
|
|
RouteResult::class,
|
|
|
|
|
RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []),
|
|
|
|
|
)
|
|
|
|
|
->withHeader('X-Api-Key', $apiKey);
|
|
|
|
|
|
|
|
|
|
$handle = $this->handler->handle($request)->willReturn(new Response());
|
|
|
|
|
$checkApiKey = $this->apiKeyService->check($apiKey)->willReturn(true);
|
2018-09-28 23:08:01 +03:00
|
|
|
|
2020-11-07 14:53:14 +03:00
|
|
|
$this->middleware->process($request, $this->handler->reveal());
|
2018-09-28 23:08:01 +03:00
|
|
|
|
2018-11-11 15:18:21 +03:00
|
|
|
$handle->shouldHaveBeenCalledOnce();
|
2020-11-07 14:53:14 +03:00
|
|
|
$checkApiKey->shouldHaveBeenCalledOnce();
|
2016-07-31 14:01:08 +03:00
|
|
|
}
|
|
|
|
|
|
2018-09-28 23:08:01 +03:00
|
|
|
private function getDummyMiddleware(): MiddlewareInterface
|
2016-07-31 14:01:08 +03:00
|
|
|
{
|
2019-12-30 01:16:55 +03:00
|
|
|
return middleware(fn () => new Response\EmptyResponse());
|
2016-07-31 14:01:08 +03:00
|
|
|
}
|
2016-07-31 00:26:49 +03:00
|
|
|
}
|
