|
1
|
|
|
<?php declare(strict_types = 1); |
|
2
|
|
|
|
|
3
|
|
|
namespace AtlassianConnectBundle\Tests\Security; |
|
4
|
|
|
|
|
5
|
|
|
use AtlassianConnectBundle\Entity\Tenant; |
|
6
|
|
|
use AtlassianConnectBundle\Security\JWTAuthenticator; |
|
7
|
|
|
use AtlassianConnectBundle\Security\JWTSecurityHelperInterface; |
|
8
|
|
|
use AtlassianConnectBundle\Security\JWTUserProvider; |
|
9
|
|
|
use AtlassianConnectBundle\Security\JWTUserProviderInterface; |
|
10
|
|
|
use PHPUnit\Framework\MockObject\MockObject; |
|
11
|
|
|
use PHPUnit\Framework\TestCase; |
|
12
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
13
|
|
|
use Symfony\Component\HttpFoundation\Response; |
|
14
|
|
|
use Symfony\Component\HttpKernel\Kernel; |
|
15
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
16
|
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException; |
|
17
|
|
|
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; |
|
18
|
|
|
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; |
|
19
|
|
|
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* Class JWTAuthenticatorTest |
|
23
|
|
|
*/ |
|
24
|
|
|
final class JWTAuthenticatorTest extends TestCase |
|
25
|
|
|
{ |
|
26
|
|
|
/** |
|
27
|
|
|
* @var JWTUserProviderInterface|MockObject |
|
28
|
|
|
*/ |
|
29
|
|
|
private $userProvider; |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* @var JWTSecurityHelperInterface|MockObject |
|
33
|
|
|
*/ |
|
34
|
|
|
private $securityHelper; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @var JWTAuthenticator |
|
38
|
|
|
*/ |
|
39
|
|
|
private $jwtAuthenticator; |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* Setup function |
|
43
|
|
|
*/ |
|
44
|
|
|
protected function setUp(): void |
|
45
|
|
|
{ |
|
46
|
|
|
if (Kernel::VERSION_ID < 50200) { |
|
47
|
|
|
$this->markTestSkipped('This test only works with the new authenticator mechanism'); |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
$this->userProvider = $this->createMock(JWTUserProvider::class); |
|
51
|
|
|
$this->securityHelper = $this->createMock(JWTSecurityHelperInterface::class); |
|
52
|
|
|
$this->jwtAuthenticator = new JWTAuthenticator( |
|
53
|
|
|
$this->userProvider, |
|
54
|
|
|
$this->securityHelper |
|
55
|
|
|
); |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
/** |
|
59
|
|
|
* Tests if the request is supported |
|
60
|
|
|
*/ |
|
61
|
|
|
public function testSupportsRequest(): void |
|
62
|
|
|
{ |
|
63
|
|
|
$this->securityHelper |
|
64
|
|
|
->expects($this->once()) |
|
65
|
|
|
->method('supportsRequest') |
|
66
|
|
|
->with($request = new Request()) |
|
67
|
|
|
->willReturn(true); |
|
68
|
|
|
|
|
69
|
|
|
$this->assertTrue($this->jwtAuthenticator->supports($request)); |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
/** |
|
73
|
|
|
* Test the authenticate method |
|
74
|
|
|
*/ |
|
75
|
|
|
public function testAuthenticate(): void |
|
76
|
|
|
{ |
|
77
|
|
|
$token = [ |
|
78
|
|
|
'sub' => 'username', |
|
79
|
|
|
'iss' => 'key', |
|
80
|
|
|
]; |
|
81
|
|
|
|
|
82
|
|
|
$this->securityHelper |
|
83
|
|
|
->expects($this->once()) |
|
84
|
|
|
->method('getJWTToken') |
|
85
|
|
|
->with($request = new Request()) |
|
86
|
|
|
->willReturn('token'); |
|
87
|
|
|
|
|
88
|
|
|
$this->userProvider |
|
89
|
|
|
->expects($this->once()) |
|
90
|
|
|
->method('getDecodedToken') |
|
91
|
|
|
->with('token') |
|
92
|
|
|
->willReturn((object) $token); |
|
93
|
|
|
|
|
94
|
|
|
$this->userProvider |
|
95
|
|
|
->expects($this->once()) |
|
96
|
|
|
->method('loadUserByIdentifier') |
|
97
|
|
|
->with('key') |
|
98
|
|
|
->willReturn(new Tenant()); |
|
99
|
|
|
|
|
100
|
|
|
$result = $this->jwtAuthenticator->authenticate($request); |
|
101
|
|
|
$this->assertEquals( |
|
102
|
|
|
new SelfValidatingPassport(new UserBadge('key')), |
|
103
|
|
|
$result |
|
104
|
|
|
); |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* Test if an exception is thrown when no jwt token is present |
|
109
|
|
|
*/ |
|
110
|
|
|
public function testAuthenticateHasNoJWTToken(): void |
|
111
|
|
|
{ |
|
112
|
|
|
$this->expectException(CustomUserMessageAuthenticationException::class); |
|
113
|
|
|
$this->expectExceptionMessage('JWT Token not provided'); |
|
114
|
|
|
|
|
115
|
|
|
$this->securityHelper |
|
116
|
|
|
->expects($this->once()) |
|
117
|
|
|
->method('getJWTToken') |
|
118
|
|
|
->with($request = new Request()) |
|
119
|
|
|
->willReturn(null); |
|
120
|
|
|
|
|
121
|
|
|
$this->jwtAuthenticator->authenticate($request); |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
/** |
|
125
|
|
|
* Test if an exception is thrown when no client key is present |
|
126
|
|
|
*/ |
|
127
|
|
|
public function testAuthenticateHasNoClientKey(): void |
|
128
|
|
|
{ |
|
129
|
|
|
$this->expectException(CustomUserMessageAuthenticationException::class); |
|
130
|
|
|
$this->expectExceptionMessage('API Key token does not exist'); |
|
131
|
|
|
|
|
132
|
|
|
$token = [ |
|
133
|
|
|
'sub' => 'username', |
|
134
|
|
|
'iss' => null, |
|
135
|
|
|
]; |
|
136
|
|
|
|
|
137
|
|
|
$this->securityHelper |
|
138
|
|
|
->expects($this->once()) |
|
139
|
|
|
->method('getJWTToken') |
|
140
|
|
|
->with($request = new Request()) |
|
141
|
|
|
->willReturn('token'); |
|
142
|
|
|
|
|
143
|
|
|
$this->userProvider |
|
144
|
|
|
->expects($this->once()) |
|
145
|
|
|
->method('getDecodedToken') |
|
146
|
|
|
->with('token') |
|
147
|
|
|
->willReturn((object) $token); |
|
148
|
|
|
|
|
149
|
|
|
$this->jwtAuthenticator->authenticate($request); |
|
150
|
|
|
} |
|
151
|
|
|
|
|
152
|
|
|
/** |
|
153
|
|
|
* test onAuthenticationFailure Method |
|
154
|
|
|
*/ |
|
155
|
|
|
public function testItSendsAResponseOnAuthenticationFailure(): void |
|
156
|
|
|
{ |
|
157
|
|
|
$response = $this->jwtAuthenticator->onAuthenticationFailure(new Request(), new AuthenticationException('Error')); |
|
158
|
|
|
|
|
159
|
|
|
$this->assertEquals('Authentication Failed: Error', $response->getContent()); |
|
160
|
|
|
$this->assertEquals(403, $response->getStatusCode()); |
|
161
|
|
|
} |
|
162
|
|
|
|
|
163
|
|
|
/** |
|
164
|
|
|
* test onAuthenticationSuccess method |
|
165
|
|
|
*/ |
|
166
|
|
|
public function testItDoesNotSendAResponseOnAuthenticationSuccess(): void |
|
167
|
|
|
{ |
|
168
|
|
|
$this->assertNull($this->jwtAuthenticator->onAuthenticationSuccess(new Request(), $this->createMock(TokenInterface::class), 'main')); |
|
|
|
|
|
|
169
|
|
|
} |
|
170
|
|
|
|
|
171
|
|
|
/** |
|
172
|
|
|
* test start method |
|
173
|
|
|
*/ |
|
174
|
|
|
public function testStartMethod(): void |
|
175
|
|
|
{ |
|
176
|
|
|
$this->assertEquals( |
|
177
|
|
|
new Response('Authentication header required', 401), |
|
178
|
|
|
$this->jwtAuthenticator->start(new Request()) |
|
179
|
|
|
); |
|
180
|
|
|
} |
|
181
|
|
|
} |
|
182
|
|
|
|
thecatontheflat /
atlassian-connect-bundle
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.