Skip to content

Commit

Permalink
fixes after rebase
Browse files Browse the repository at this point in the history
  • Loading branch information
@konradoboza
konradoboza committed Jun 20, 2024
1 parent c7df328 commit e94ba89
Show file tree
Hide file tree
Showing 9 changed files with 45 additions and 40 deletions.
4 changes: 0 additions & 4 deletions dependencies.json
View file

This file was deleted.

3 changes: 3 additions & 0 deletions src/bundle/EventListener/CsrfListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;

/**
* @internal
*/
final class CsrfListener implements EventSubscriberInterface
{
/**
Expand Down
16 changes: 10 additions & 6 deletions src/lib/Security/Authenticator/RestAuthenticator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;

/**
* @internal
*
* This is mandatory for proper REST API authentication, it's used within security.firewalls.ibexa_rest.custom_authenticators configuration key.
*/
final class RestAuthenticator extends AbstractAuthenticator implements InteractiveAuthenticatorInterface
{
private const string LOGIN_ROUTE = 'ibexa.rest.create_session';
Expand All @@ -41,7 +46,6 @@ public function authenticate(Request $request): Passport
{
$existingUserToken = $this->fetchExistingToken($request);
if ($this->canUserFromSessionBeAuthenticated($existingUserToken)) {
/** @phpstan-ignore-next-line */
$existingUser = $existingUserToken->getUser();

return $this->createAuthorizationPassport(
Expand Down Expand Up @@ -82,7 +86,7 @@ public function onAuthenticationSuccess(
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
{
throw new UnauthorizedException($exception->getMessage());
throw new UnauthorizedException($exception->getMessageKey());
}

public function isInteractive(): bool
Expand All @@ -107,18 +111,18 @@ private function fetchExistingToken(Request $request): ?TokenInterface
return $previousToken;
}

/**
* @phpstan-assert-if-true !null $existingUserToken
*/
private function canUserFromSessionBeAuthenticated(?TokenInterface $existingUserToken): bool
{
if ($existingUserToken === null) {
return false;
}

$user = $existingUserToken->getUser();
if ($user === null || $user->getPassword() === null) {
return false;
}

return true;
return !($user === null || $user->getPassword() === null);
}

private function createAuthorizationPassport(string $login, string $password): Passport
Expand Down
12 changes: 4 additions & 8 deletions src/lib/Server/Controller/SessionController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,14 +96,12 @@ public function checkSessionAction(Request $request)
/**
* Refresh given session.
*
* @deprecated 4.6.7 The "SessionController::refreshSessionAction()" method is deprecated, will be removed in the next API version. Use SessionController::checkSessionAction() instead.
*
* @return \Ibexa\Rest\Server\Values\UserSession|\Symfony\Component\HttpFoundation\Response
* @deprecated 5.0.0 The "SessionController::refreshSessionAction()" method is deprecated, will be removed in the next API version. Use SessionController::checkSessionAction() instead.
*
* @throws \Ibexa\Core\Base\Exceptions\UnauthorizedException
* @throws \Ibexa\Contracts\Core\Repository\Exceptions\NotFoundException
*/
public function refreshSessionAction(string $sessionId, Request $request)
public function refreshSessionAction(string $sessionId, Request $request): Values\UserSession|Response
{
trigger_deprecation(
'ibexa/rest',
Expand Down Expand Up @@ -132,11 +130,9 @@ public function refreshSessionAction(string $sessionId, Request $request)
}

/**
* @return \Ibexa\Rest\Server\Values\DeletedUserSession|\Symfony\Component\HttpFoundation\Response
*
* @throws \Ibexa\Core\Base\Exceptions\UnauthorizedException
* @throws \Ibexa\Contracts\Core\Repository\Exceptions\UnauthorizedException
*/
public function deleteSessionAction(string $sessionId, Request $request)
public function deleteSessionAction(string $sessionId, Request $request): Values\DeletedUserSession|Response
{
/** @var \Symfony\Component\HttpFoundation\Session\Session $session */
$session = $request->getSession();
Expand Down
2 changes: 1 addition & 1 deletion tests/bundle/EventListener/EventListenerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

abstract class EventListenerTest extends TestCase
{
/** @var \Symfony\Component\HttpFoundation\ParameterBag|\PHPUnit\Framework\MockObject\MockObject */
/** @var \Symfony\Component\HttpFoundation\ParameterBag&\PHPUnit\Framework\MockObject\MockObject */
protected ParameterBag $requestAttributesMock;

protected bool $isRestRequest = true;
Expand Down
2 changes: 1 addition & 1 deletion tests/bundle/EventListener/ResponseListenerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ final class ResponseListenerTest extends EventListenerTest

protected EventDispatcherInterface $event;

/** @var \Symfony\Component\HttpKernel\KernelInterface|\PHPUnit\Framework\MockObject\MockObject */
/** @var \Symfony\Component\HttpKernel\KernelInterface&\PHPUnit\Framework\MockObject\MockObject */
protected KernelInterface $kernelMock;

public function setUp(): void
Expand Down
20 changes: 13 additions & 7 deletions tests/bundle/Functional/BinaryContentTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,8 @@ public function testCreateContentWithImageData(): string

$response = $this->sendHttpRequest($request);

self::assertHttpResponseCodeEquals($response, Response::HTTP_CREATED);
self::assertHttpResponseHasHeader($response, 'Location');
$this->assertHttpResponseCodeEquals($response, Response::HTTP_CREATED);
$this->assertHttpResponseHasHeader($response, 'Location');

$href = $response->getHeader('Location')[0];
$this->addCreatedElement($href);
Expand All @@ -89,7 +89,13 @@ public function testGetImageVariation(string $hrefToImage): void
)
);

$jsonResponse = json_decode($imageResponse->getBody()->getContents());
$jsonResponse = json_decode(
$imageResponse->getBody()->getContents(),
false,
512,
JSON_THROW_ON_ERROR
);

$imageField = $jsonResponse->Version->Fields->field[2];

self::assertObjectHasProperty('variations', $imageField->fieldValue);
Expand All @@ -101,7 +107,7 @@ public function testGetImageVariation(string $hrefToImage): void
)
);

self::assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK);
$this->assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK);
}

/**
Expand Down Expand Up @@ -158,7 +164,7 @@ public function testGetImageAssetVariations(string $hrefToImage): void
$imageField['fieldValue']['variations']['medium']['href'],
)
);
self::assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK);
$this->assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK);
}

private function createContentTypeWithImageAsset(): string
Expand Down Expand Up @@ -222,8 +228,8 @@ private function createContentTypeWithImageAsset(): string
);
$response = $this->sendHttpRequest($request);

self::assertHttpResponseCodeEquals($response, 201);
self::assertHttpResponseHasHeader($response, 'Location');
$this->assertHttpResponseCodeEquals($response, 201);
$this->assertHttpResponseHasHeader($response, 'Location');

$this->addCreatedElement($response->getHeader('Location')[0]);

Expand Down
24 changes: 12 additions & 12 deletions tests/bundle/Functional/SessionTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ public function testCreateSessionBadCredentials(): void
$request = $this->createAuthenticationHttpRequest('admin', 'bad_password');
$response = $this->sendHttpRequest($request);

self::assertHttpResponseCodeEquals($response, 401);
$this->assertHttpResponseCodeEquals($response, 401);
}

/**
Expand All @@ -38,18 +38,18 @@ public function testRefreshSession(stdClass $session): void
{
$response = $this->sendHttpRequest($this->createRefreshRequest($session));

self::assertHttpResponseCodeEquals($response, 200);
$this->assertHttpResponseCodeEquals($response, 200);
}

public function testRefreshSessionExpired(): void
{
$session = $this->login();

$response = $this->sendHttpRequest($this->createDeleteRequest($session));
self::assertHttpResponseCodeEquals($response, 204);
$this->assertHttpResponseCodeEquals($response, 204);

$response = $this->sendHttpRequest($this->createRefreshRequest($session));
self::assertHttpResponseCodeEquals($response, 404);
$this->assertHttpResponseCodeEquals($response, 404);

self::assertHttpResponseDeletesSessionCookie($session, $response);
}
Expand All @@ -63,7 +63,7 @@ public function testRefreshSessionMissingCsrfToken(): void
->withoutHeader('X-CSRF-Token');
$response = $this->sendHttpRequest($refreshRequest);

self::assertHttpResponseCodeEquals($response, 401);
$this->assertHttpResponseCodeEquals($response, 401);
}

public function testCreateSession(): stdClass
Expand All @@ -76,7 +76,7 @@ public function testDeleteSession(): void
$session = $this->login();
$response = $this->sendHttpRequest($this->createDeleteRequest($session));

self::assertHttpResponseCodeEquals($response, 204);
$this->assertHttpResponseCodeEquals($response, 204);
self::assertHttpResponseDeletesSessionCookie($session, $response);
}

Expand All @@ -91,7 +91,7 @@ public function testDeleteSessionMissingCsrfToken(): void
->withoutHeader('X-CSRF-Token');
$response = $this->sendHttpRequest($request);

self::assertHttpResponseCodeEquals($response, 401);
$this->assertHttpResponseCodeEquals($response, 401);
}

public function testLoginWithExistingFrontendSession(): void
Expand Down Expand Up @@ -134,7 +134,7 @@ public function testLoginWithExistingFrontendSession(): void
$response = $this->sendHttpRequest($request);

// Session is recreated when using CSRF, expect 201 instead of 200
self::assertHttpResponseCodeEquals($response, 201);
$this->assertHttpResponseCodeEquals($response, 201);
}

public function testDeleteSessionExpired(): void
Expand All @@ -144,13 +144,13 @@ public function testDeleteSessionExpired(): void

$response = $this->sendHttpRequest($deleteSessionRequest);

self::assertHttpResponseCodeEquals($response, 204);
$this->assertHttpResponseCodeEquals($response, 204);
self::assertHttpResponseDeletesSessionCookie($session, $response);

//triggered again to make sure deleting already deleted session results in 404
$response = $this->sendHttpRequest($deleteSessionRequest);

self::assertHttpResponseCodeEquals($response, 404);
$this->assertHttpResponseCodeEquals($response, 404);
}

protected function createRefreshRequest(stdClass $session): RequestInterface
Expand Down Expand Up @@ -187,7 +187,7 @@ public function testCheckSession(): void
);

$response = $this->sendHttpRequest($request);
self::assertHttpResponseCodeEquals($response, 200);
$this->assertHttpResponseCodeEquals($response, 200);

$contents = $response->getBody()->getContents();
$data = json_decode($contents, true, JSON_THROW_ON_ERROR);
Expand All @@ -207,7 +207,7 @@ public function testCheckSessionWithoutOne(): void
);

$response = $this->sendHttpRequest($request);
self::assertHttpResponseCodeEquals($response, 404);
$this->assertHttpResponseCodeEquals($response, 404);

$contents = $response->getBody()->getContents();
self::assertEmpty($contents);
Expand Down
2 changes: 1 addition & 1 deletion tests/bundle/Functional/UserTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public function testCreateUserGroup(): string
}

/**
* $groupId covers GET /user/groups/{groupId}.
* Covers GET /user/groups/{groupId}.
*
* @depends testCreateUserGroup
*/
Expand Down

0 comments on commit e94ba89

Please sign in to comment.