SignedQueryMiddlewareTest - Code Metrics - Inspection of "Requires at least Chronos 3.0.3 #9967" - Ecodev/felix - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( e75200...fab761 )

by Adrien

created 2023-11-15 02:59 UTC

SignedQueryMiddlewareTest A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	189
Duplicated Lines	0 %

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
wmc	10
eloc	113
c	4
b	0
f	0
dl	0
loc	189
rs	10

7 Methods

Rating	Name	Size	Complexity
A	setUp()	3	1
A	testThrowIfNoKeys()	5	1
B	dataProviderQuery()	126	1
A	testNonRequiredSignedQuery()	3	1
A	process()	26	4
A	testRequiredSignedQuery()	3	1
A	tearDown()	3	1

<?php

declare(strict_types=1);

namespace EcodevTests\Felix\Middleware;

use Cake\Chronos\Chronos;
filter:
    dependency_paths: ["lib/*"]
use Ecodev\Felix\Middleware\SignedQueryMiddleware;
use Laminas\Diactoros\CallbackStream;
use Laminas\Diactoros\Response;
use Laminas\Diactoros\ServerRequest;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;

class SignedQueryMiddlewareTest extends TestCase
{
    protected function setUp(): void
    {
        Chronos::setTestNow((new Chronos('2020-01-02T12:30', 'Europe/Zurich')));
    }

    protected function tearDown(): void
    {
        Chronos::setTestNow();
    }

    /**
     * @dataProvider dataProviderQuery
     */
    public function testRequiredSignedQuery(array $keys, string $body, null|array $parsedBody, string $signature, string $expectExceptionMessage = '', string $ip = ''): void
    {
        $this->process($keys, true, $ip, $body, $parsedBody, $signature, $expectExceptionMessage);
    }

    /**
     * @dataProvider dataProviderQuery
     */
    public function testNonRequiredSignedQuery(array $keys, string $body, null|array $parsedBody, string $signature): void
    {
        $this->process($keys, false, '', $body, $parsedBody, $signature, '');
    }

    public function testThrowIfNoKeys(): void
    {
        $this->expectExceptionMessage('Signed queries are required, but no keys are configured');
        $this->expectExceptionCode(0);
        new SignedQueryMiddleware([], []);
    }

    private function process(array $keys, bool $required, string $ip, string $body, null|array $parsedBody, string $signature, string $expectExceptionMessage): void
    {
        $request = new ServerRequest(['REMOTE_ADDR' => $ip]);
        $request = $request->withBody(new CallbackStream(fn () => $body))->withParsedBody($parsedBody);

        if ($signature) {
            $request = $request->withHeader('X-Signature', $signature);
        }

        $handler = $this->createMock(RequestHandlerInterface::class);
        $handler->expects($expectExceptionMessage ? self::never() : self::once())
            ->method('handle')
            ->willReturnCallback(function (ServerRequestInterface $incomingRequest) use ($body) {
                self::assertSame($body, $incomingRequest->getBody()->getContents(), 'the original body content is still available for next middlewares');

                return new Response();
            });

        $middleware = new SignedQueryMiddleware($keys, ['1.2.3.4', '2a01:198:603:0::/65'], $required);

        if ($expectExceptionMessage) {
            $this->expectExceptionMessage($expectExceptionMessage);
            $this->expectExceptionCode(403);
        }

        $middleware->process($request, $handler);
    }

    public static function dataProviderQuery(): iterable
    {
        $key1 = 'my-secret-1';
        $key2 = 'my-secret-2';

        yield 'simple' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
        ];

        yield 'simple but wrong key' => [
            [$key2],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
            'Invalid signed query',
        ];

        yield 'simple with all keys' => [
            [$key2, $key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
        ];

        yield 'simple but slightly in the past' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577951100.7d3b639703584e3ea4c68b30a37b56bcf94d19ccdc11c7f05a737c4e7e663a6c',
        ];

        yield 'simple but too much in the past' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577951099.' . str_repeat('a', 64),
            'Signed query is expired',
        ];

        yield 'simple but slightly in the future' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577978100.b6fb50cd1aa3974ec9df0c320bf32ff58a28f6fc2040aa13e529a7ef57212e49',
        ];

        yield 'simple but too much in the future' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577978101.' . str_repeat('a', 64),
            'Signed query is expired',
        ];

        yield 'batching' => [
            [$key1],
            '[{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }},{"operationName":"Configuration","variables":{"key":"announcement-active"},"query":"query Configuration($key: String!) { configuration(key: $key)}"}]',
            null,
            'v1.1577964600.566fafed794d956d662662b0df3d88e5c0a1e52e19111c08cc122f64a54bd8ec',

        ];

        yield 'file upload' => [
            [$key1],
            '',
            [
                'operations' => '{"operationName":"CreateImage","variables":{"input":{"file":null}},"query":"mutation CreateImage($input: ImageInput!) { createImage(input: $input) { id }}"}',
                'map' => '{"1":["variables.input.file"]}',
            ],
            'v1.1577964600.69dd1f396016e284afb221966ae5e61323a23222f2ad2a5086e4ba2354f99e58',
        ];

        yield 'file upload will ignore map and uploaded file to sign' => [
            [$key1],
            '',
            [
                'operations' => '{"operationName":"CreateImage","variables":{"input":{"file":null}},"query":"mutation CreateImage($input: ImageInput!) { createImage(input: $input) { id }}"}',
                'map' => 'different map',
                1 => 'fake file',
            ],
            'v1.1577964600.69dd1f396016e284afb221966ae5e61323a23222f2ad2a5086e4ba2354f99e58',
        ];

        yield 'no header' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            '',
            'Missing `X-Signature` HTTP header in signed query',
        ];

        yield 'invalid header' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'foo',
            'Invalid `X-Signature` HTTP header in signed query',
        ];

        yield 'no graphql operations' => [
            [$key1],
            '',
            null,
            'v1.1577964600.' . str_repeat('a', 64),
            'Could not find GraphQL operations in request',
        ];

        yield 'no header, but allowed IPv4' => [
            [$key1],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            '',
            '',
            '1.2.3.4',
        ];

        yield 'simple but wrong key will still error even if IP is allowed, because we want to be able to test signature even when allowed' => [
            [$key2],
            '{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
            null,
            'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
            'Invalid signed query',
            '1.2.3.4',
        ];
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace EcodevTests\Felix\Middleware;
6
7			use Cake\Chronos\Chronos;
			1 ignored issue – show Bug introduced 2023-11-10 11:09 UTC by Report Bug Copy Issue Report The type `Cake\Chronos\Chronos` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
8			use Ecodev\Felix\Middleware\SignedQueryMiddleware;
9			use Laminas\Diactoros\CallbackStream;
10			use Laminas\Diactoros\Response;
11			use Laminas\Diactoros\ServerRequest;
12			use PHPUnit\Framework\TestCase;
13			use Psr\Http\Message\ServerRequestInterface;
14			use Psr\Http\Server\RequestHandlerInterface;
15
16			class SignedQueryMiddlewareTest extends TestCase
17			{
18			protected function setUp(): void
19			{
20			Chronos::setTestNow((new Chronos('2020-01-02T12:30', 'Europe/Zurich')));
21			}
22
23			protected function tearDown(): void
24			{
25			Chronos::setTestNow();
26			}
27
28			/**
29			* @dataProvider dataProviderQuery
30			*/
31			public function testRequiredSignedQuery(array $keys, string $body, null\|array $parsedBody, string $signature, string $expectExceptionMessage = '', string $ip = ''): void
32			{
33			$this->process($keys, true, $ip, $body, $parsedBody, $signature, $expectExceptionMessage);
34			}
35
36			/**
37			* @dataProvider dataProviderQuery
38			*/
39			public function testNonRequiredSignedQuery(array $keys, string $body, null\|array $parsedBody, string $signature): void
40			{
41			$this->process($keys, false, '', $body, $parsedBody, $signature, '');
42			}
43
44			public function testThrowIfNoKeys(): void
45			{
46			$this->expectExceptionMessage('Signed queries are required, but no keys are configured');
47			$this->expectExceptionCode(0);
48			new SignedQueryMiddleware([], []);
49			}
50
51			private function process(array $keys, bool $required, string $ip, string $body, null\|array $parsedBody, string $signature, string $expectExceptionMessage): void
52			{
53			$request = new ServerRequest(['REMOTE_ADDR' => $ip]);
54			$request = $request->withBody(new CallbackStream(fn () => $body))->withParsedBody($parsedBody);
55
56			if ($signature) {
57			$request = $request->withHeader('X-Signature', $signature);
58			}
59
60			$handler = $this->createMock(RequestHandlerInterface::class);
61			$handler->expects($expectExceptionMessage ? self::never() : self::once())
62			->method('handle')
63			->willReturnCallback(function (ServerRequestInterface $incomingRequest) use ($body) {
64			self::assertSame($body, $incomingRequest->getBody()->getContents(), 'the original body content is still available for next middlewares');
65
66			return new Response();
67			});
68
69			$middleware = new SignedQueryMiddleware($keys, ['1.2.3.4', '2a01:198:603:0::/65'], $required);
70
71			if ($expectExceptionMessage) {
72			$this->expectExceptionMessage($expectExceptionMessage);
73			$this->expectExceptionCode(403);
74			}
75
76			$middleware->process($request, $handler);
77			}
78
79			public static function dataProviderQuery(): iterable
80			{
81			$key1 = 'my-secret-1';
82			$key2 = 'my-secret-2';
83
84			yield 'simple' => [
85			[$key1],
86			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
87			null,
88			'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
89			];
90
91			yield 'simple but wrong key' => [
92			[$key2],
93			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
94			null,
95			'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
96			'Invalid signed query',
97			];
98
99			yield 'simple with all keys' => [
100			[$key2, $key1],
101			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
102			null,
103			'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
104			];
105
106			yield 'simple but slightly in the past' => [
107			[$key1],
108			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
109			null,
110			'v1.1577951100.7d3b639703584e3ea4c68b30a37b56bcf94d19ccdc11c7f05a737c4e7e663a6c',
111			];
112
113			yield 'simple but too much in the past' => [
114			[$key1],
115			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
116			null,
117			'v1.1577951099.' . str_repeat('a', 64),
118			'Signed query is expired',
119			];
120
121			yield 'simple but slightly in the future' => [
122			[$key1],
123			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
124			null,
125			'v1.1577978100.b6fb50cd1aa3974ec9df0c320bf32ff58a28f6fc2040aa13e529a7ef57212e49',
126			];
127
128			yield 'simple but too much in the future' => [
129			[$key1],
130			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
131			null,
132			'v1.1577978101.' . str_repeat('a', 64),
133			'Signed query is expired',
134			];
135
136			yield 'batching' => [
137			[$key1],
138			'[{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }},{"operationName":"Configuration","variables":{"key":"announcement-active"},"query":"query Configuration($key: String!) { configuration(key: $key)}"}]',
139			null,
140			'v1.1577964600.566fafed794d956d662662b0df3d88e5c0a1e52e19111c08cc122f64a54bd8ec',
141
142			];
143
144			yield 'file upload' => [
145			[$key1],
146			'',
147			[
148			'operations' => '{"operationName":"CreateImage","variables":{"input":{"file":null}},"query":"mutation CreateImage($input: ImageInput!) { createImage(input: $input) { id }}"}',
149			'map' => '{"1":["variables.input.file"]}',
150			],
151			'v1.1577964600.69dd1f396016e284afb221966ae5e61323a23222f2ad2a5086e4ba2354f99e58',
152			];
153
154			yield 'file upload will ignore map and uploaded file to sign' => [
155			[$key1],
156			'',
157			[
158			'operations' => '{"operationName":"CreateImage","variables":{"input":{"file":null}},"query":"mutation CreateImage($input: ImageInput!) { createImage(input: $input) { id }}"}',
159			'map' => 'different map',
160			1 => 'fake file',
161			],
162			'v1.1577964600.69dd1f396016e284afb221966ae5e61323a23222f2ad2a5086e4ba2354f99e58',
163			];
164
165			yield 'no header' => [
166			[$key1],
167			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
168			null,
169			'',
170			'Missing `X-Signature` HTTP header in signed query',
171			];
172
173			yield 'invalid header' => [
174			[$key1],
175			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
176			null,
177			'foo',
178			'Invalid `X-Signature` HTTP header in signed query',
179			];
180
181			yield 'no graphql operations' => [
182			[$key1],
183			'',
184			null,
185			'v1.1577964600.' . str_repeat('a', 64),
186			'Could not find GraphQL operations in request',
187			];
188
189			yield 'no header, but allowed IPv4' => [
190			[$key1],
191			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
192			null,
193			'',
194			'',
195			'1.2.3.4',
196			];
197
198			yield 'simple but wrong key will still error even if IP is allowed, because we want to be able to test signature even when allowed' => [
199			[$key2],
200			'{"operationName":"CurrentUser","variables":{},"query":"query CurrentUser { viewer { id }}',
201			null,
202			'v1.1577964600.a4d664cd3d9903e4fecf6f9f671ad953586a7faeb16e67c306fd9f29999dfdd7',
203			'Invalid signed query',
204			'1.2.3.4',
205			];
206			}
207			}
208

Ecodev / felix

Push — master ( e75200...fab761 )

SignedQueryMiddlewareTest A

Complexity

Size/Duplication

Importance

7 Methods

Duplication Side-by-Side

Filter issues like