Conditions | 1 |
Paths | 1 |
Total Lines | 217 |
Code Lines | 157 |
Lines | 0 |
Ratio | 0 % |
Changes | 6 | ||
Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
1 | <?php |
||
55 | public static function dataProviderQuery(): iterable |
||
56 | { |
||
57 | $key1 = 'my-secret-1'; |
||
58 | $key2 = 'my-secret-2'; |
||
59 | |||
60 | yield 'simple' => [ |
||
61 | [$key1], |
||
62 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
63 | null, |
||
64 | 'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7', |
||
65 | 0, |
||
66 | ]; |
||
67 | |||
68 | yield 'simple with key name' => [ |
||
69 | ['my custom key name' => $key1], |
||
70 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
71 | null, |
||
72 | 'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7', |
||
73 | 'my custom key name', |
||
74 | ]; |
||
75 | |||
76 | yield 'simple but wrong key' => [ |
||
77 | [$key2], |
||
78 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
79 | null, |
||
80 | 'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7', |
||
81 | null, |
||
82 | 'Invalid signed query', |
||
83 | ]; |
||
84 | |||
85 | yield 'simple with all keys' => [ |
||
86 | [$key2, $key1], |
||
87 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
88 | null, |
||
89 | 'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7', |
||
90 | 1, |
||
91 | ]; |
||
92 | |||
93 | yield 'simple but slightly in the past' => [ |
||
94 | [$key1], |
||
95 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
96 | null, |
||
97 | 'v1.1577951100.7d3b639703584e3ea4c68b30a37b56bcf94d19ccdc11c7f05a737c4e7e663a6c', |
||
98 | 0, |
||
99 | ]; |
||
100 | |||
101 | yield 'simple but too much in the past' => [ |
||
102 | [$key1], |
||
103 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
104 | null, |
||
105 | 'v1.1577951099.' . str_repeat('a', 64), |
||
106 | null, |
||
107 | 'Signed query is expired', |
||
108 | ]; |
||
109 | |||
110 | yield 'simple but slightly in the future' => [ |
||
111 | [$key1], |
||
112 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
113 | null, |
||
114 | 'v1.1577978100.b6fb50cd1aa3974ec9df0c320bf32ff58a28f6fc2040aa13e529a7ef57212e49', |
||
115 | 0, |
||
116 | ]; |
||
117 | |||
118 | yield 'simple but too much in the future' => [ |
||
119 | [$key1], |
||
120 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
121 | null, |
||
122 | 'v1.1577978101.' . str_repeat('a', 64), |
||
123 | null, |
||
124 | 'Signed query is expired', |
||
125 | ]; |
||
126 | |||
127 | yield 'batching' => [ |
||
128 | [$key1], |
||
129 | '[{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }},{"operationName":"Configuration","variables":{"key":"announcement-active"},"query":"query Configuration($key: String!) { configuration(key: $key)}"}]', |
||
130 | null, |
||
131 | 'v1.1577964600.566fafed794d956d662662b0df3d88e5c0a1e52e19111c08cc122f64a54bd8ec', |
||
132 | 0, |
||
133 | ]; |
||
134 | |||
135 | yield 'file upload' => [ |
||
136 | [$key1], |
||
137 | '', |
||
138 | [ |
||
139 | 'operations' => '{"operationName":"CreateImage","variables":{"input":{"file":null}},"query":"mutation CreateImage($input: ImageInput!) { createImage(input: $input) { id }}"}', |
||
140 | 'map' => '{"1":["variables.input.file"]}', |
||
141 | ], |
||
142 | 'v1.1577964600.69dd1f396016e284afb221966ae5e61323a23222f2ad2a5086e4ba2354f99e58', |
||
143 | 0, |
||
144 | ]; |
||
145 | |||
146 | yield 'file upload will ignore map and uploaded file to sign' => [ |
||
147 | [$key1], |
||
148 | '', |
||
149 | [ |
||
150 | 'operations' => '{"operationName":"CreateImage","variables":{"input":{"file":null}},"query":"mutation CreateImage($input: ImageInput!) { createImage(input: $input) { id }}"}', |
||
151 | 'map' => 'different map', |
||
152 | 1 => 'fake file', |
||
153 | ], |
||
154 | 'v1.1577964600.69dd1f396016e284afb221966ae5e61323a23222f2ad2a5086e4ba2354f99e58', |
||
155 | 0, |
||
156 | ]; |
||
157 | |||
158 | yield 'no header' => [ |
||
159 | [$key1], |
||
160 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
161 | null, |
||
162 | '', |
||
163 | null, |
||
164 | 'Missing `X-Signature` HTTP header in signed query', |
||
165 | ]; |
||
166 | |||
167 | yield 'invalid header' => [ |
||
168 | [$key1], |
||
169 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
170 | null, |
||
171 | 'foo', |
||
172 | null, |
||
173 | 'Invalid `X-Signature` HTTP header in signed query', |
||
174 | ]; |
||
175 | |||
176 | yield 'no graphql operations with invalid signature is rejected' => [ |
||
177 | [$key1], |
||
178 | '', |
||
179 | null, |
||
180 | 'v1.1577964600.' . str_repeat('a', 64), |
||
181 | null, |
||
182 | 'Invalid signed query', |
||
183 | ]; |
||
184 | |||
185 | yield 'no graphql operations with correct signature is OK (but will be rejected later by GraphQL own validation mechanism)' => [ |
||
186 | [$key1], |
||
187 | '', |
||
188 | null, |
||
189 | 'v1.1577964600.ff8a9f2bc8090207b824d88251ed8e9d39434607d86e0f0b2837c597d6642c26', |
||
190 | 0, |
||
191 | '', |
||
192 | ]; |
||
193 | |||
194 | yield 'no header, but allowed IPv4' => [ |
||
195 | [$key1], |
||
196 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
197 | null, |
||
198 | '', |
||
199 | 'no-attribute-at-all', |
||
200 | '', |
||
201 | '1.2.3.4', |
||
202 | ]; |
||
203 | |||
204 | yield 'simple but wrong key will still error even if IP is allowed, because we want to be able to test signature even when allowed' => [ |
||
205 | [$key2], |
||
206 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
207 | null, |
||
208 | 'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7', |
||
209 | null, |
||
210 | 'Invalid signed query', |
||
211 | '1.2.3.4', |
||
212 | ]; |
||
213 | |||
214 | yield 'no header, even GoogleBot is rejected, because GoogleBot should not forge new requests but only (re)play existing ones' => [ |
||
215 | [$key1], |
||
216 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
217 | null, |
||
218 | '', |
||
219 | null, |
||
220 | 'Missing `X-Signature` HTTP header in signed query', |
||
221 | '66.249.70.134', |
||
222 | ]; |
||
223 | |||
224 | yield 'too much in the past, but GoogleBot is allowed to replay old requests' => [ |
||
225 | [$key1], |
||
226 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
227 | null, |
||
228 | 'v1.1577951099.20177a7face4e05a75c4b2e41bc97a8225f420f5b7bb1709dd5499821dba0807', |
||
229 | 0, |
||
230 | '', |
||
231 | '66.249.70.134', |
||
232 | ]; |
||
233 | |||
234 | yield 'too much in the past and invalid signature, even GoogleBot is rejected, because GoogleBot should not modify queries and their signatures' => [ |
||
235 | [$key1], |
||
236 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
237 | null, |
||
238 | 'v1.1577951099' . str_repeat('a', 64), |
||
239 | null, |
||
240 | 'Invalid `X-Signature` HTTP header in signed query', |
||
241 | '66.249.70.134', |
||
242 | ]; |
||
243 | |||
244 | yield 'no header, BingBot is allowed, because BingBot does not seem to include our custom header in his request' => [ |
||
245 | [$key1], |
||
246 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
247 | null, |
||
248 | '', |
||
249 | 'no-attribute-at-all', |
||
250 | '', |
||
251 | '40.77.188.165', |
||
252 | ]; |
||
253 | |||
254 | yield 'too much in the past, even BingBot is rejected, because BingBot should not have any header at all' => [ |
||
255 | [$key1], |
||
256 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
257 | null, |
||
258 | 'v1.1577951099.20177a7face4e05a75c4b2e41bc97a8225f420f5b7bb1709dd5499821dba0807', |
||
259 | null, |
||
260 | 'Signed query is expired', |
||
261 | '40.77.188.165', |
||
262 | ]; |
||
263 | |||
264 | yield 'too much in the past and invalid signature, even BingBot is rejected, because BingBot should not have any header at all' => [ |
||
265 | [$key1], |
||
266 | '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}', |
||
267 | null, |
||
268 | 'v1.1577951099' . str_repeat('a', 64), |
||
269 | null, |
||
270 | 'Invalid `X-Signature` HTTP header in signed query', |
||
271 | '40.77.188.165', |
||
272 | ]; |
||
319 |