From e94ba89455ff2b04c81e8b4b2c487b04e05df2c5 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Thu, 20 Jun 2024 15:42:26 +0200 Subject: [PATCH] fixes after rebase --- dependencies.json | 4 ---- src/bundle/EventListener/CsrfListener.php | 3 +++ .../Authenticator/RestAuthenticator.php | 16 ++++++++----- .../Server/Controller/SessionController.php | 12 ++++------ .../EventListener/EventListenerTest.php | 2 +- .../EventListener/ResponseListenerTest.php | 2 +- tests/bundle/Functional/BinaryContentTest.php | 20 ++++++++++------ tests/bundle/Functional/SessionTest.php | 24 +++++++++---------- tests/bundle/Functional/UserTest.php | 2 +- 9 files changed, 45 insertions(+), 40 deletions(-) delete mode 100644 dependencies.json diff --git a/dependencies.json b/dependencies.json deleted file mode 100644 index 91fe917f..00000000 --- a/dependencies.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "recipesEndpoint": "https://api.github.com/repos/ibexa/recipes-dev/contents/index.json?ref=flex/pull-121", - "packages": [] -} diff --git a/src/bundle/EventListener/CsrfListener.php b/src/bundle/EventListener/CsrfListener.php index 057ca5ac..94b66e07 100644 --- a/src/bundle/EventListener/CsrfListener.php +++ b/src/bundle/EventListener/CsrfListener.php @@ -18,6 +18,9 @@ use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; +/** + * @internal + */ final class CsrfListener implements EventSubscriberInterface { /** diff --git a/src/lib/Security/Authenticator/RestAuthenticator.php b/src/lib/Security/Authenticator/RestAuthenticator.php index 98044906..6aa1decc 100644 --- a/src/lib/Security/Authenticator/RestAuthenticator.php +++ b/src/lib/Security/Authenticator/RestAuthenticator.php @@ -22,6 +22,11 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials; use Symfony\Component\Security\Http\Authenticator\Passport\Passport; +/** + * @internal + * + * This is mandatory for proper REST API authentication, it's used within security.firewalls.ibexa_rest.custom_authenticators configuration key. + */ final class RestAuthenticator extends AbstractAuthenticator implements InteractiveAuthenticatorInterface { private const string LOGIN_ROUTE = 'ibexa.rest.create_session'; @@ -41,7 +46,6 @@ public function authenticate(Request $request): Passport { $existingUserToken = $this->fetchExistingToken($request); if ($this->canUserFromSessionBeAuthenticated($existingUserToken)) { - /** @phpstan-ignore-next-line */ $existingUser = $existingUserToken->getUser(); return $this->createAuthorizationPassport( @@ -82,7 +86,7 @@ public function onAuthenticationSuccess( */ public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { - throw new UnauthorizedException($exception->getMessage()); + throw new UnauthorizedException($exception->getMessageKey()); } public function isInteractive(): bool @@ -107,6 +111,9 @@ private function fetchExistingToken(Request $request): ?TokenInterface return $previousToken; } + /** + * @phpstan-assert-if-true !null $existingUserToken + */ private function canUserFromSessionBeAuthenticated(?TokenInterface $existingUserToken): bool { if ($existingUserToken === null) { @@ -114,11 +121,8 @@ private function canUserFromSessionBeAuthenticated(?TokenInterface $existingUser } $user = $existingUserToken->getUser(); - if ($user === null || $user->getPassword() === null) { - return false; - } - return true; + return !($user === null || $user->getPassword() === null); } private function createAuthorizationPassport(string $login, string $password): Passport diff --git a/src/lib/Server/Controller/SessionController.php b/src/lib/Server/Controller/SessionController.php index 588ff22c..c32bc5d7 100644 --- a/src/lib/Server/Controller/SessionController.php +++ b/src/lib/Server/Controller/SessionController.php @@ -96,14 +96,12 @@ public function checkSessionAction(Request $request) /** * Refresh given session. * - * @deprecated 4.6.7 The "SessionController::refreshSessionAction()" method is deprecated, will be removed in the next API version. Use SessionController::checkSessionAction() instead. - * - * @return \Ibexa\Rest\Server\Values\UserSession|\Symfony\Component\HttpFoundation\Response + * @deprecated 5.0.0 The "SessionController::refreshSessionAction()" method is deprecated, will be removed in the next API version. Use SessionController::checkSessionAction() instead. * * @throws \Ibexa\Core\Base\Exceptions\UnauthorizedException * @throws \Ibexa\Contracts\Core\Repository\Exceptions\NotFoundException */ - public function refreshSessionAction(string $sessionId, Request $request) + public function refreshSessionAction(string $sessionId, Request $request): Values\UserSession|Response { trigger_deprecation( 'ibexa/rest', @@ -132,11 +130,9 @@ public function refreshSessionAction(string $sessionId, Request $request) } /** - * @return \Ibexa\Rest\Server\Values\DeletedUserSession|\Symfony\Component\HttpFoundation\Response - * - * @throws \Ibexa\Core\Base\Exceptions\UnauthorizedException + * @throws \Ibexa\Contracts\Core\Repository\Exceptions\UnauthorizedException */ - public function deleteSessionAction(string $sessionId, Request $request) + public function deleteSessionAction(string $sessionId, Request $request): Values\DeletedUserSession|Response { /** @var \Symfony\Component\HttpFoundation\Session\Session $session */ $session = $request->getSession(); diff --git a/tests/bundle/EventListener/EventListenerTest.php b/tests/bundle/EventListener/EventListenerTest.php index 2912846f..38edb10b 100644 --- a/tests/bundle/EventListener/EventListenerTest.php +++ b/tests/bundle/EventListener/EventListenerTest.php @@ -15,7 +15,7 @@ abstract class EventListenerTest extends TestCase { - /** @var \Symfony\Component\HttpFoundation\ParameterBag|\PHPUnit\Framework\MockObject\MockObject */ + /** @var \Symfony\Component\HttpFoundation\ParameterBag&\PHPUnit\Framework\MockObject\MockObject */ protected ParameterBag $requestAttributesMock; protected bool $isRestRequest = true; diff --git a/tests/bundle/EventListener/ResponseListenerTest.php b/tests/bundle/EventListener/ResponseListenerTest.php index 8f85453f..ab1c2f80 100644 --- a/tests/bundle/EventListener/ResponseListenerTest.php +++ b/tests/bundle/EventListener/ResponseListenerTest.php @@ -36,7 +36,7 @@ final class ResponseListenerTest extends EventListenerTest protected EventDispatcherInterface $event; - /** @var \Symfony\Component\HttpKernel\KernelInterface|\PHPUnit\Framework\MockObject\MockObject */ + /** @var \Symfony\Component\HttpKernel\KernelInterface&\PHPUnit\Framework\MockObject\MockObject */ protected KernelInterface $kernelMock; public function setUp(): void diff --git a/tests/bundle/Functional/BinaryContentTest.php b/tests/bundle/Functional/BinaryContentTest.php index bb8f9a39..f0f54616 100644 --- a/tests/bundle/Functional/BinaryContentTest.php +++ b/tests/bundle/Functional/BinaryContentTest.php @@ -66,8 +66,8 @@ public function testCreateContentWithImageData(): string $response = $this->sendHttpRequest($request); - self::assertHttpResponseCodeEquals($response, Response::HTTP_CREATED); - self::assertHttpResponseHasHeader($response, 'Location'); + $this->assertHttpResponseCodeEquals($response, Response::HTTP_CREATED); + $this->assertHttpResponseHasHeader($response, 'Location'); $href = $response->getHeader('Location')[0]; $this->addCreatedElement($href); @@ -89,7 +89,13 @@ public function testGetImageVariation(string $hrefToImage): void ) ); - $jsonResponse = json_decode($imageResponse->getBody()->getContents()); + $jsonResponse = json_decode( + $imageResponse->getBody()->getContents(), + false, + 512, + JSON_THROW_ON_ERROR + ); + $imageField = $jsonResponse->Version->Fields->field[2]; self::assertObjectHasProperty('variations', $imageField->fieldValue); @@ -101,7 +107,7 @@ public function testGetImageVariation(string $hrefToImage): void ) ); - self::assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK); + $this->assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK); } /** @@ -158,7 +164,7 @@ public function testGetImageAssetVariations(string $hrefToImage): void $imageField['fieldValue']['variations']['medium']['href'], ) ); - self::assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK); + $this->assertHttpResponseCodeEquals($variationResponse, Response::HTTP_OK); } private function createContentTypeWithImageAsset(): string @@ -222,8 +228,8 @@ private function createContentTypeWithImageAsset(): string ); $response = $this->sendHttpRequest($request); - self::assertHttpResponseCodeEquals($response, 201); - self::assertHttpResponseHasHeader($response, 'Location'); + $this->assertHttpResponseCodeEquals($response, 201); + $this->assertHttpResponseHasHeader($response, 'Location'); $this->addCreatedElement($response->getHeader('Location')[0]); diff --git a/tests/bundle/Functional/SessionTest.php b/tests/bundle/Functional/SessionTest.php index 47bd5b64..90fb4989 100644 --- a/tests/bundle/Functional/SessionTest.php +++ b/tests/bundle/Functional/SessionTest.php @@ -28,7 +28,7 @@ public function testCreateSessionBadCredentials(): void $request = $this->createAuthenticationHttpRequest('admin', 'bad_password'); $response = $this->sendHttpRequest($request); - self::assertHttpResponseCodeEquals($response, 401); + $this->assertHttpResponseCodeEquals($response, 401); } /** @@ -38,7 +38,7 @@ public function testRefreshSession(stdClass $session): void { $response = $this->sendHttpRequest($this->createRefreshRequest($session)); - self::assertHttpResponseCodeEquals($response, 200); + $this->assertHttpResponseCodeEquals($response, 200); } public function testRefreshSessionExpired(): void @@ -46,10 +46,10 @@ public function testRefreshSessionExpired(): void $session = $this->login(); $response = $this->sendHttpRequest($this->createDeleteRequest($session)); - self::assertHttpResponseCodeEquals($response, 204); + $this->assertHttpResponseCodeEquals($response, 204); $response = $this->sendHttpRequest($this->createRefreshRequest($session)); - self::assertHttpResponseCodeEquals($response, 404); + $this->assertHttpResponseCodeEquals($response, 404); self::assertHttpResponseDeletesSessionCookie($session, $response); } @@ -63,7 +63,7 @@ public function testRefreshSessionMissingCsrfToken(): void ->withoutHeader('X-CSRF-Token'); $response = $this->sendHttpRequest($refreshRequest); - self::assertHttpResponseCodeEquals($response, 401); + $this->assertHttpResponseCodeEquals($response, 401); } public function testCreateSession(): stdClass @@ -76,7 +76,7 @@ public function testDeleteSession(): void $session = $this->login(); $response = $this->sendHttpRequest($this->createDeleteRequest($session)); - self::assertHttpResponseCodeEquals($response, 204); + $this->assertHttpResponseCodeEquals($response, 204); self::assertHttpResponseDeletesSessionCookie($session, $response); } @@ -91,7 +91,7 @@ public function testDeleteSessionMissingCsrfToken(): void ->withoutHeader('X-CSRF-Token'); $response = $this->sendHttpRequest($request); - self::assertHttpResponseCodeEquals($response, 401); + $this->assertHttpResponseCodeEquals($response, 401); } public function testLoginWithExistingFrontendSession(): void @@ -134,7 +134,7 @@ public function testLoginWithExistingFrontendSession(): void $response = $this->sendHttpRequest($request); // Session is recreated when using CSRF, expect 201 instead of 200 - self::assertHttpResponseCodeEquals($response, 201); + $this->assertHttpResponseCodeEquals($response, 201); } public function testDeleteSessionExpired(): void @@ -144,13 +144,13 @@ public function testDeleteSessionExpired(): void $response = $this->sendHttpRequest($deleteSessionRequest); - self::assertHttpResponseCodeEquals($response, 204); + $this->assertHttpResponseCodeEquals($response, 204); self::assertHttpResponseDeletesSessionCookie($session, $response); //triggered again to make sure deleting already deleted session results in 404 $response = $this->sendHttpRequest($deleteSessionRequest); - self::assertHttpResponseCodeEquals($response, 404); + $this->assertHttpResponseCodeEquals($response, 404); } protected function createRefreshRequest(stdClass $session): RequestInterface @@ -187,7 +187,7 @@ public function testCheckSession(): void ); $response = $this->sendHttpRequest($request); - self::assertHttpResponseCodeEquals($response, 200); + $this->assertHttpResponseCodeEquals($response, 200); $contents = $response->getBody()->getContents(); $data = json_decode($contents, true, JSON_THROW_ON_ERROR); @@ -207,7 +207,7 @@ public function testCheckSessionWithoutOne(): void ); $response = $this->sendHttpRequest($request); - self::assertHttpResponseCodeEquals($response, 404); + $this->assertHttpResponseCodeEquals($response, 404); $contents = $response->getBody()->getContents(); self::assertEmpty($contents); diff --git a/tests/bundle/Functional/UserTest.php b/tests/bundle/Functional/UserTest.php index 54fd1902..3f101063 100644 --- a/tests/bundle/Functional/UserTest.php +++ b/tests/bundle/Functional/UserTest.php @@ -72,7 +72,7 @@ public function testCreateUserGroup(): string } /** - * $groupId covers GET /user/groups/{groupId}. + * Covers GET /user/groups/{groupId}. * * @depends testCreateUserGroup */