Skip to content

Commit

Permalink
Merge pull request #2 from danskernesdigitalebibliotek/feature/config…
Browse files Browse the repository at this point in the history
…_fixes

DDBTEAM-538: Changed config option for allowed clients to allow .env …
  • Loading branch information
turegjorup authored Jun 26, 2020
2 parents 5160040 + df50eab commit b11c9a4
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 22 deletions.
2 changes: 1 addition & 1 deletion src/DependencyInjection/Configuration.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public function getConfigTreeBuilder()
->scalarNode('openplatform_id')->defaultValue('my_id')->end()
->scalarNode('openplatform_secret')->defaultValue('my_secret')->end()
->scalarNode('openplatform_introspection_url')->defaultValue('https://login.bib.dk/oauth/introspection')->end()
->arrayNode('openplatform_allowed_clients')->scalarPrototype()->end()->end()
->scalarNode('openplatform_allowed_clients')->defaultValue('')->end()
->scalarNode('http_client')->defaultValue('Symfony\Contracts\HttpClient\HttpClientInterface')->end()
->scalarNode('auth_token_cache')->defaultNull()->end()
->scalarNode('auth_logger')->defaultNull()->end()
Expand Down
7 changes: 4 additions & 3 deletions src/Security/TokenAuthenticator.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ class TokenAuthenticator extends AbstractGuardAuthenticator
* Open Platform secret
* @param string $openplatformIntrospectionUrl
* Open Platform introspection URL
* @param array $openplatformAllowedClients
* @param string $openplatformAllowedClients
* An allow list of client id's. Supply an empty array to allow all.
* @param HttpClientInterface $httpClient
* Http client for calls to Open Platform
Expand All @@ -53,12 +53,13 @@ class TokenAuthenticator extends AbstractGuardAuthenticator
* @param LoggerInterface|null $logger
* Logger for error logging
*/
public function __construct(string $openplatformId, string $openplatformSecret, string $openplatformIntrospectionUrl, array $openplatformAllowedClients, HttpClientInterface $httpClient, AdapterInterface $tokenCache = null, LoggerInterface $logger = null)
public function __construct(string $openplatformId, string $openplatformSecret, string $openplatformIntrospectionUrl, string $openplatformAllowedClients, HttpClientInterface $httpClient, AdapterInterface $tokenCache = null, LoggerInterface $logger = null)
{
$this->clientId = $openplatformId;
$this->clientSecret = $openplatformSecret;
$this->endPoint = $openplatformIntrospectionUrl;
$this->allowedClients = $openplatformAllowedClients;

$this->allowedClients = empty($openplatformAllowedClients) ? [] : array_map('trim', explode(',', $openplatformAllowedClients));

$this->client = $httpClient;
$this->cache = $tokenCache;
Expand Down
36 changes: 18 additions & 18 deletions tests/TokenAuthenticatorTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public function setUp(): void
*/
public function testTokenAuthenticatorFunctions(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$request = new Request();
$this->assertFalse($this->tokenAuthenticator->supports($request), 'Token authenticator should not support requests without authorization');
Expand All @@ -64,7 +64,7 @@ public function testTokenAuthenticatorFunctions(): void
*/
public function testCachedTokensAreReturnedFromCache(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->cache->expects($this->once())->method('getItem')->with('12345678');
Expand All @@ -85,7 +85,7 @@ public function testCachedTokensAreReturnedFromCache(): void
*/
public function testTokenCallToOpenPlatform(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -104,7 +104,7 @@ public function testTokenCallToOpenPlatform(): void
*/
public function testAccessDeniedIfRequestNot200(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -121,7 +121,7 @@ public function testAccessDeniedIfRequestNot200(): void
*/
public function testAccessDeniedIfRequestException(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -139,7 +139,7 @@ public function testAccessDeniedIfRequestException(): void
*/
public function testNonActiveUserDenied(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -158,7 +158,7 @@ public function testNonActiveUserDenied(): void
*/
public function testNonAnonymousTokenTypeDenied(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -177,7 +177,7 @@ public function testNonAnonymousTokenTypeDenied(): void
*/
public function testExpiredTokenIsDenied(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -196,7 +196,7 @@ public function testExpiredTokenIsDenied(): void
*/
public function testErrorTokenIsDenied(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -221,7 +221,7 @@ public function testErrorTokenIsDenied(): void
*/
public function testInvalidJsonTokenIsDenied(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand Down Expand Up @@ -266,7 +266,7 @@ public function testInvalidJsonTokenIsDenied(): void
*/
public function testActiveUSerAllowed(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator([]);
$this->tokenAuthenticator = $this->getTokenAuthenticator('');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -287,14 +287,14 @@ public function testActiveUSerAllowed(): void
*/
public function testCachedTokensClientIsAllowed(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator(['allowed-client-id']);
$this->tokenAuthenticator = $this->getTokenAuthenticator('allowed-client-id-1, allowed-client-id-2, allowed-client-id-3');

$this->cache->method('getItem')->willReturn($this->item);
$this->cache->expects($this->once())->method('getItem')->with('12345678');

$this->item->method('isHit')->willReturn(true);
$user = new User();
$user->setClientId('allowed-client-id');
$user->setClientId('allowed-client-id-2');
$expires = new \DateTime('now + 2 days', new \DateTimeZone('UTC'));
$user->setExpires($expires);
$this->item->method('get')->willReturn($user);
Expand All @@ -309,7 +309,7 @@ public function testCachedTokensClientIsAllowed(): void
*/
public function testCachedTokensClientIsNotAllowed(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator(['allowed-client-id']);
$this->tokenAuthenticator = $this->getTokenAuthenticator('allowed-client-id');

$this->cache->method('getItem')->willReturn($this->item);
$this->cache->expects($this->once())->method('getItem')->with('12345678');
Expand All @@ -332,7 +332,7 @@ public function testCachedTokensClientIsNotAllowed(): void
*/
public function testAgencyShouldBeAllowed(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator(['allowed-client-id']);
$this->tokenAuthenticator = $this->getTokenAuthenticator('allowed-client-id');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -351,7 +351,7 @@ public function testAgencyShouldBeAllowed(): void
*/
public function testAgencyShouldNotBeAllowed(): void
{
$this->tokenAuthenticator = $this->getTokenAuthenticator(['allowed-client-id']);
$this->tokenAuthenticator = $this->getTokenAuthenticator('allowed-client-id');

$this->cache->method('getItem')->willReturn($this->item);
$this->item->method('isHit')->willReturn(false);
Expand All @@ -366,13 +366,13 @@ public function testAgencyShouldNotBeAllowed(): void
/**
* Helper function to setup TokenAuthenticator with/without allowed clients.
*
* @param array $allowedClients
* @param string $allowedClients
* An allow list of client id's. Supply an empty array to allow all.
*
* @return TokenAuthenticator
* A configured TokenAuthenticator
*/
private function getTokenAuthenticator(array $allowedClients)
private function getTokenAuthenticator(string $allowedClients)
{
return new TokenAuthenticator('id', 'secret', 'https://auth.test', $allowedClients, $this->httpClient, $this->cache, $this->logger);
}
Expand Down

0 comments on commit b11c9a4

Please sign in to comment.