|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace AbterPhp\Admin\Http\Middleware; |
|
6
|
|
|
|
|
7
|
|
|
use AbterPhp\Admin\Config\Routes as RoutesConfig; |
|
8
|
|
|
use AbterPhp\Framework\Config\EnvReader; |
|
9
|
|
|
use AbterPhp\Framework\Constant\Env; |
|
10
|
|
|
use AbterPhp\Framework\Exception\Security as SecurityException; |
|
11
|
|
|
use Opulence\Cache\ICacheBridge; |
|
12
|
|
|
use Opulence\Environments\Environment; |
|
13
|
|
|
use Opulence\Http\Requests\Request; |
|
14
|
|
|
use Opulence\Http\Responses\Response; |
|
15
|
|
|
use PHPUnit\Framework\MockObject\MockObject; |
|
16
|
|
|
use PHPUnit\Framework\TestCase; |
|
17
|
|
|
|
|
18
|
|
|
class SecurityTest extends TestCase |
|
19
|
|
|
{ |
|
20
|
|
|
/** @var Security - System Under Test */ |
|
21
|
|
|
protected $sut; |
|
22
|
|
|
|
|
23
|
|
|
/** @var MockObject|ICacheBridge */ |
|
24
|
|
|
protected $cacheBridgeMock; |
|
25
|
|
|
|
|
26
|
|
|
public function setUp(): void |
|
27
|
|
|
{ |
|
28
|
|
|
$this->cacheBridgeMock = $this->createMock(ICacheBridge::class); |
|
29
|
|
|
|
|
30
|
|
|
$this->sut = new Security($this->cacheBridgeMock); |
|
31
|
|
|
} |
|
32
|
|
|
|
|
33
|
|
|
public function testHandleRunsChecksIfNoEnvironmentNameIsSet() |
|
34
|
|
|
{ |
|
35
|
|
|
(new EnvReader())->clear(Env::ENV_NAME); |
|
|
|
|
|
|
36
|
|
|
|
|
37
|
|
|
$this->cacheBridgeMock->expects($this->once())->method('has')->willReturn(true); |
|
38
|
|
|
|
|
39
|
|
|
$requestStub = new Request([], [], [], [], [], [], null); |
|
40
|
|
|
$responseStub = new Response(); |
|
41
|
|
|
|
|
42
|
|
|
$next = function () use ($responseStub) { |
|
43
|
|
|
return $responseStub; |
|
44
|
|
|
}; |
|
45
|
|
|
|
|
46
|
|
|
$actualResult = $this->sut->handle($requestStub, $next); |
|
47
|
|
|
|
|
48
|
|
|
$this->assertSame($responseStub, $actualResult); |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
public function testHandleSkipsChecksIfNotInProduction() |
|
52
|
|
|
{ |
|
53
|
|
|
(new EnvReader())->set(Env::ENV_NAME, Environment::STAGING); |
|
|
|
|
|
|
54
|
|
|
|
|
55
|
|
|
$this->cacheBridgeMock->expects($this->never())->method('has'); |
|
56
|
|
|
|
|
57
|
|
|
$env = [ |
|
58
|
|
|
Env::ENV_NAME => Environment::STAGING, |
|
59
|
|
|
]; |
|
60
|
|
|
$requestStub = new Request([], [], [], [], [], $env, null); |
|
61
|
|
|
$responseStub = new Response(); |
|
62
|
|
|
|
|
63
|
|
|
|
|
64
|
|
|
$next = function () use ($responseStub) { |
|
65
|
|
|
return $responseStub; |
|
66
|
|
|
}; |
|
67
|
|
|
|
|
68
|
|
|
$actualResult = $this->sut->handle($requestStub, $next); |
|
69
|
|
|
|
|
70
|
|
|
$this->assertSame($responseStub, $actualResult); |
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
public function testHandleRunsChecksIfInProduction() |
|
74
|
|
|
{ |
|
75
|
|
|
(new EnvReader())->set(Env::ENV_NAME, Environment::PRODUCTION); |
|
|
|
|
|
|
76
|
|
|
|
|
77
|
|
|
$this->cacheBridgeMock->expects($this->once())->method('has')->willReturn(true); |
|
78
|
|
|
|
|
79
|
|
|
$env = [ |
|
80
|
|
|
Env::ENV_NAME => Environment::PRODUCTION, |
|
81
|
|
|
]; |
|
82
|
|
|
$requestStub = new Request([], [], [], [], [], $env, null); |
|
83
|
|
|
$responseStub = new Response(); |
|
84
|
|
|
|
|
85
|
|
|
$next = function () use ($responseStub) { |
|
86
|
|
|
return $responseStub; |
|
87
|
|
|
}; |
|
88
|
|
|
|
|
89
|
|
|
$actualResult = $this->sut->handle($requestStub, $next); |
|
90
|
|
|
|
|
91
|
|
|
$this->assertSame($responseStub, $actualResult); |
|
92
|
|
|
} |
|
93
|
|
|
|
|
94
|
|
|
/** |
|
95
|
|
|
* @return string[][] |
|
96
|
|
|
*/ |
|
97
|
|
|
public function checksThrowSecurityExceptionProvider(): array |
|
98
|
|
|
{ |
|
99
|
|
|
return [ |
|
100
|
|
|
[Security::TEST_LOGIN_PATH, '/bar', '/baz', 'quix'], |
|
101
|
|
|
['/foo', Security::TEST_ADMIN_BASE_PATH, '/baz', 'quix'], |
|
102
|
|
|
['/foo', '/bar', Security::TEST_API_BASE_PATH, 'quix'], |
|
103
|
|
|
['/foo', '/bar', '/baz', Security::TEST_OAUTH2_PRIVATE_KEY_PASSWORD], |
|
104
|
|
|
]; |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* @dataProvider checksThrowSecurityExceptionProvider |
|
109
|
|
|
* |
|
110
|
|
|
* @param string $loginPath |
|
111
|
|
|
* @param string $adminBasePath |
|
112
|
|
|
* @param string $apiBasePath |
|
113
|
|
|
* @param string $oauth2PrivateKeyPassword |
|
114
|
|
|
*/ |
|
115
|
|
|
public function testHandleChecksThrowSecurityExceptionOnFailure( |
|
116
|
|
|
string $loginPath, |
|
117
|
|
|
string $adminBasePath, |
|
118
|
|
|
string $apiBasePath, |
|
119
|
|
|
string $oauth2PrivateKeyPassword |
|
120
|
|
|
) { |
|
121
|
|
|
(new EnvReader())->set(Env::ENV_NAME, Environment::PRODUCTION); |
|
|
|
|
|
|
122
|
|
|
|
|
123
|
|
|
$this->expectException(SecurityException::class); |
|
124
|
|
|
|
|
125
|
|
|
RoutesConfig::setLoginPath($loginPath); |
|
126
|
|
|
RoutesConfig::setAdminBasePath($adminBasePath); |
|
127
|
|
|
RoutesConfig::setApiBasePath($apiBasePath); |
|
128
|
|
|
|
|
129
|
|
|
$this->cacheBridgeMock->expects($this->once())->method('has')->willReturn(false); |
|
130
|
|
|
|
|
131
|
|
|
$env = [ |
|
132
|
|
|
Env::ENV_NAME => Environment::PRODUCTION, |
|
133
|
|
|
Env::OAUTH2_PRIVATE_KEY_PASSWORD => $oauth2PrivateKeyPassword, |
|
134
|
|
|
]; |
|
135
|
|
|
$requestStub = new Request([], [], [], [], [], $env, null); |
|
136
|
|
|
$responseStub = new Response(); |
|
137
|
|
|
|
|
138
|
|
|
$next = function () use ($responseStub) { |
|
139
|
|
|
return $responseStub; |
|
140
|
|
|
}; |
|
141
|
|
|
|
|
142
|
|
|
$this->sut->handle($requestStub, $next); |
|
143
|
|
|
} |
|
144
|
|
|
|
|
145
|
|
|
public function testHandleSetsSessionIfChecksWereRun() |
|
146
|
|
|
{ |
|
147
|
|
|
$loginPath = '/foo'; |
|
148
|
|
|
$adminBasePath = '/bar'; |
|
149
|
|
|
$apiBasePath = '/baz'; |
|
150
|
|
|
$oauth2PrivateKeyPassword = 'quix'; |
|
151
|
|
|
|
|
152
|
|
|
RoutesConfig::setLoginPath($loginPath); |
|
153
|
|
|
RoutesConfig::setAdminBasePath($adminBasePath); |
|
154
|
|
|
RoutesConfig::setApiBasePath($apiBasePath); |
|
155
|
|
|
|
|
156
|
|
|
$this->cacheBridgeMock->expects($this->any())->method('has')->willReturn(false); |
|
157
|
|
|
$this->cacheBridgeMock->expects($this->once())->method('set')->willReturn(true); |
|
158
|
|
|
|
|
159
|
|
|
$env = [ |
|
160
|
|
|
Env::ENV_NAME => Environment::PRODUCTION, |
|
161
|
|
|
Env::OAUTH2_PRIVATE_KEY_PASSWORD => $oauth2PrivateKeyPassword, |
|
162
|
|
|
]; |
|
163
|
|
|
$requestStub = new Request([], [], [], [], [], $env, null); |
|
164
|
|
|
$responseStub = new Response(); |
|
165
|
|
|
|
|
166
|
|
|
$next = function () use ($responseStub) { |
|
167
|
|
|
return $responseStub; |
|
168
|
|
|
}; |
|
169
|
|
|
|
|
170
|
|
|
$actualResult = $this->sut->handle($requestStub, $next); |
|
171
|
|
|
|
|
172
|
|
|
$this->assertSame($responseStub, $actualResult); |
|
173
|
|
|
} |
|
174
|
|
|
} |
|
175
|
|
|
|
abterphp /
admin
Loading history...
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.