1
|
|
|
<?php declare(strict_types = 1); |
2
|
|
|
/* |
3
|
|
|
* This file is part of the KleijnWeb\SwaggerBundle package. |
4
|
|
|
* |
5
|
|
|
* For the full copyright and license information, please view the LICENSE |
6
|
|
|
* file that was distributed with this source code. |
7
|
|
|
*/ |
8
|
|
|
|
9
|
|
|
namespace KleijnWeb\SwaggerBundle\Tests\Security; |
10
|
|
|
|
11
|
|
|
use KleijnWeb\PhpApi\Descriptions\Description\Description; |
12
|
|
|
use KleijnWeb\PhpApi\Descriptions\Description\Operation; |
13
|
|
|
use KleijnWeb\PhpApi\Descriptions\Description\Repository; |
14
|
|
|
use KleijnWeb\SwaggerBundle\EventListener\Request\RequestMeta; |
15
|
|
|
use KleijnWeb\SwaggerBundle\Security\RbacRequestVoter; |
16
|
|
|
use KleijnWeb\SwaggerBundle\Security\RequestAuthorizationListener; |
17
|
|
|
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag; |
18
|
|
|
use Symfony\Component\HttpFoundation\Request; |
19
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
20
|
|
|
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; |
21
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* @author John Kleijn <[email protected]> |
25
|
|
|
*/ |
26
|
|
|
class RbacRequestVoterTestTest extends \PHPUnit_Framework_TestCase |
27
|
|
|
{ |
28
|
|
|
/** |
29
|
|
|
* @var AccessDecisionManagerInterface |
30
|
|
|
*/ |
31
|
|
|
private $accessDecisionManager; |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* @var \PHPUnit_Framework_MockObject_MockObject |
35
|
|
|
*/ |
36
|
|
|
private $repositoryMock; |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* @var RbacRequestVoter |
40
|
|
|
*/ |
41
|
|
|
private $voter; |
42
|
|
|
|
43
|
|
|
protected function setUp() |
44
|
|
|
{ |
45
|
|
|
$this->accessDecisionManager = $this->getMockForAbstractClass(AccessDecisionManagerInterface::class); |
|
|
|
|
46
|
|
|
|
47
|
|
|
/** @var Repository $repository */ |
48
|
|
|
$this->repositoryMock = $repository = $this |
|
|
|
|
49
|
|
|
->getMockBuilder(Repository::class) |
50
|
|
|
->disableOriginalConstructor() |
51
|
|
|
->getMock(); |
52
|
|
|
|
53
|
|
|
$this->voter = new RbacRequestVoter($this->repositoryMock, $this->accessDecisionManager); |
54
|
|
|
} |
55
|
|
|
|
56
|
|
|
/** |
57
|
|
|
* @test |
58
|
|
|
*/ |
59
|
|
|
public function legacySupportsClassMethodReturnsFalse() |
60
|
|
|
{ |
61
|
|
|
$this->assertFalse($this->voter->supportsClass('Foo')); |
62
|
|
|
} |
63
|
|
|
|
64
|
|
|
/** |
65
|
|
|
* @test |
66
|
|
|
*/ |
67
|
|
|
public function willAbstainWhenNotPassedRequest() |
68
|
|
|
{ |
69
|
|
|
/** @var TokenInterface $token */ |
70
|
|
|
$token = $this->getMockForAbstractClass(TokenInterface::class); |
71
|
|
|
|
72
|
|
|
$this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($token, new \stdClass(), [])); |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
/** |
76
|
|
|
* @test |
77
|
|
|
*/ |
78
|
|
View Code Duplication |
public function willAbstainWhenRequestHasNoSwaggerPath() |
|
|
|
|
79
|
|
|
{ |
80
|
|
|
/** @var TokenInterface $token */ |
81
|
|
|
$token = $this->getMockForAbstractClass(TokenInterface::class); |
82
|
|
|
|
83
|
|
|
$this->assertEquals( |
84
|
|
|
VoterInterface::ACCESS_ABSTAIN, |
85
|
|
|
$this->voter->vote($token, $this->createRequest([]), [RequestAuthorizationListener::ATTRIBUTE]) |
86
|
|
|
); |
87
|
|
|
} |
88
|
|
|
|
89
|
|
|
/** |
90
|
|
|
* @test |
91
|
|
|
*/ |
92
|
|
View Code Duplication |
public function willAbstainWhenAttributesNotFromListener() |
|
|
|
|
93
|
|
|
{ |
94
|
|
|
/** @var TokenInterface $token */ |
95
|
|
|
$token = $this->getMockForAbstractClass(TokenInterface::class); |
96
|
|
|
|
97
|
|
|
$this->assertEquals( |
98
|
|
|
VoterInterface::ACCESS_ABSTAIN, |
99
|
|
|
$this->voter->vote($token, $this->createRequest([]), ['something else']) |
100
|
|
|
); |
101
|
|
|
} |
102
|
|
|
|
103
|
|
|
/** |
104
|
|
|
* @test |
105
|
|
|
*/ |
106
|
|
|
public function willNotAbstainOneAttributesFromListener() |
107
|
|
|
{ |
108
|
|
|
/** @var TokenInterface $token */ |
109
|
|
|
$token = $this->getMockForAbstractClass(TokenInterface::class); |
110
|
|
|
|
111
|
|
|
$this->repositoryMock->expects($this->once())->method('get'); |
112
|
|
|
|
113
|
|
|
$this->voter->vote( |
114
|
|
|
$token, |
115
|
|
|
$this->createRequest([ |
116
|
|
|
RequestMeta::ATTRIBUTE_URI => '/', |
117
|
|
|
RequestMeta::ATTRIBUTE_PATH => '/', |
118
|
|
|
]), |
119
|
|
|
['something else', RequestAuthorizationListener::ATTRIBUTE] |
120
|
|
|
); |
121
|
|
|
} |
122
|
|
|
|
123
|
|
|
/** |
124
|
|
|
* @test |
125
|
|
|
*/ |
126
|
|
|
public function willRequireIsAuthenticatedFullyWhenOperationSecured() |
127
|
|
|
{ |
128
|
|
|
/** @var TokenInterface $token */ |
129
|
|
|
$token = $this->getMockForAbstractClass(TokenInterface::class); |
130
|
|
|
|
131
|
|
|
/** @var Operation $operation */ |
132
|
|
|
$operationMock = $operation = $this->getMockBuilder(Operation::class)->disableOriginalConstructor()->getMock(); |
133
|
|
|
|
134
|
|
|
/** @var Description $description */ |
135
|
|
|
$description = $this->getMockBuilder(Description::class)->disableOriginalConstructor()->getMock(); |
136
|
|
|
|
137
|
|
|
$request = $this->createRequest([RequestMeta::ATTRIBUTE => new RequestMeta($description, $operation)]); |
138
|
|
|
|
139
|
|
|
$this->assertEquals( |
140
|
|
|
VoterInterface::ACCESS_DENIED, |
141
|
|
|
$this->voter->vote($token, $request, [RequestAuthorizationListener::ATTRIBUTE]) |
142
|
|
|
); |
143
|
|
|
|
144
|
|
|
$operationMock->expects($this->once())->method('isSecured')->willReturn(true); |
145
|
|
|
|
146
|
|
|
/** @var \PHPUnit_Framework_MockObject_MockObject $mock */ |
147
|
|
|
$mock = $this->accessDecisionManager; |
148
|
|
|
$mock |
149
|
|
|
->expects($this->once()) |
150
|
|
|
->method('decide') |
151
|
|
|
->with($token, ['IS_AUTHENTICATED_FULLY']) |
152
|
|
|
->willReturn(true); |
153
|
|
|
|
154
|
|
|
$this->assertEquals( |
155
|
|
|
VoterInterface::ACCESS_GRANTED, |
156
|
|
|
$this->voter->vote($token, $request, [RequestAuthorizationListener::ATTRIBUTE]) |
157
|
|
|
); |
158
|
|
|
} |
159
|
|
|
|
160
|
|
|
/** |
161
|
|
|
* @test |
162
|
|
|
*/ |
163
|
|
|
public function willPassTokenToAccessDecisionManager() |
164
|
|
|
{ |
165
|
|
|
/** @var TokenInterface $token */ |
166
|
|
|
$token = $this->getMockForAbstractClass(TokenInterface::class); |
167
|
|
|
|
168
|
|
|
$this->voter->vote($token, $this->createRequest([]), []); |
169
|
|
|
} |
170
|
|
|
|
171
|
|
|
/** |
172
|
|
|
* @param array $attributes |
173
|
|
|
* |
174
|
|
|
* @param string $content |
|
|
|
|
175
|
|
|
* |
176
|
|
|
* @return Request |
177
|
|
|
*/ |
178
|
|
|
private function createRequest(array $attributes): Request |
179
|
|
|
{ |
180
|
|
|
return new class($attributes) extends Request |
181
|
|
|
{ |
182
|
|
|
/** |
183
|
|
|
* @param array $attributes |
184
|
|
|
* @param array $content |
|
|
|
|
185
|
|
|
*/ |
186
|
|
|
public function __construct(array $attributes) |
187
|
|
|
{ |
188
|
|
|
parent::__construct(); |
189
|
|
|
$this->attributes = new ParameterBag($attributes); |
|
|
|
|
190
|
|
|
} |
191
|
|
|
}; |
192
|
|
|
} |
193
|
|
|
} |
194
|
|
|
|
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.
Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..