diff --git a/module/Rest/config/auth.config.php b/module/Rest/config/auth.config.php new file mode 100644 index 00000000..ab3e1319 --- /dev/null +++ b/module/Rest/config/auth.config.php @@ -0,0 +1,14 @@ + [ + 'routes_whitelist' => [ + Action\AuthenticateAction::class, + ], + ], + +]; diff --git a/module/Rest/config/dependencies.config.php b/module/Rest/config/dependencies.config.php index bfd1a774..9fa488c5 100644 --- a/module/Rest/config/dependencies.config.php +++ b/module/Rest/config/dependencies.config.php @@ -59,7 +59,12 @@ return [ Action\Tag\CreateTagsAction::class => [Service\Tag\TagService::class, LoggerInterface::class], Action\Tag\UpdateTagAction::class => [Service\Tag\TagService::class, Translator::class, LoggerInterface::class], - Middleware\CheckAuthenticationMiddleware::class => [JWTService::class, 'translator', 'Logger_Shlink'], + Middleware\CheckAuthenticationMiddleware::class => [ + JWTService::class, + 'translator', + 'config.auth.routes_whitelist', + 'Logger_Shlink', + ], ], ]; diff --git a/module/Rest/src/Middleware/CheckAuthenticationMiddleware.php b/module/Rest/src/Middleware/CheckAuthenticationMiddleware.php index 32e10ed8..dd0adf3b 100644 --- a/module/Rest/src/Middleware/CheckAuthenticationMiddleware.php +++ b/module/Rest/src/Middleware/CheckAuthenticationMiddleware.php @@ -10,7 +10,6 @@ use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; use Psr\Log\LoggerInterface; use Psr\Log\NullLogger; -use Shlinkio\Shlink\Rest\Action\AuthenticateAction; use Shlinkio\Shlink\Rest\Authentication\JWTServiceInterface; use Shlinkio\Shlink\Rest\Exception\AuthenticationException; use Shlinkio\Shlink\Rest\Util\RestUtils; @@ -35,14 +34,20 @@ class CheckAuthenticationMiddleware implements MiddlewareInterface, StatusCodeIn * @var LoggerInterface */ private $logger; + /** + * @var array + */ + private $routesWhitelist; public function __construct( JWTServiceInterface $jwtService, TranslatorInterface $translator, + array $routesWhitelist, LoggerInterface $logger = null ) { $this->translator = $translator; $this->jwtService = $jwtService; + $this->routesWhitelist = $routesWhitelist; $this->logger = $logger ?: new NullLogger(); } @@ -64,8 +69,8 @@ class CheckAuthenticationMiddleware implements MiddlewareInterface, StatusCodeIn $routeResult = $request->getAttribute(RouteResult::class); if ($routeResult === null || $routeResult->isFailure() - || $routeResult->getMatchedRouteName() === AuthenticateAction::class || $request->getMethod() === 'OPTIONS' + || \in_array($routeResult->getMatchedRouteName(), $this->routesWhitelist, true) ) { return $handler->handle($request); } diff --git a/module/Rest/test/Middleware/CheckAuthenticationMiddlewareTest.php b/module/Rest/test/Middleware/CheckAuthenticationMiddlewareTest.php index fa7f7d06..7c74a6aa 100644 --- a/module/Rest/test/Middleware/CheckAuthenticationMiddlewareTest.php +++ b/module/Rest/test/Middleware/CheckAuthenticationMiddlewareTest.php @@ -37,9 +37,11 @@ class CheckAuthenticationMiddlewareTest extends TestCase public function setUp() { $this->jwtService = $this->prophesize(JWTService::class); - $this->middleware = new CheckAuthenticationMiddleware($this->jwtService->reveal(), Translator::factory([])); - $this->dummyMiddleware = middleware(function ($request, $handler) { - return new Response\EmptyResponse; + $this->middleware = new CheckAuthenticationMiddleware($this->jwtService->reveal(), Translator::factory([]), [ + AuthenticateAction::class, + ]); + $this->dummyMiddleware = middleware(function () { + return new Response\EmptyResponse(); }); }