10697340359

Committed 04 Sep 2024 07:45AM UTC coverage: 98.328% (-1.0%) from 99.323%

Build # 10697340359

Build Type

push

github

Committed by

web-flow

Commit Message

feat: Update Symfony for Scoring and Reports applications (#72)

* feat: Update Symfony for Scoring and Reports applications

---------

Co-authored-by: Makar Sichevoi <makar.sichevoy@taotesting.com>

Run Details

155 of 161 new or added lines in 14 files covered. (96.27%)

2 existing lines in 2 files now uncovered.

588 of 598 relevant lines covered (98.33%)

16.72 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.37

/Security/Firewall/Message/LtiPlatformMessageAuthenticator.php

<?php

/**
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; under version 2
 * of the License (non-upgradable).
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *
 * Copyright (c) 2024 (original work) Open Assessment Technologies SA;
 */

declare(strict_types=1);

namespace OAT\Bundle\Lti1p3Bundle\Security\Firewall\Message;

use OAT\Bundle\Lti1p3Bundle\Security\Authentication\Token\Message\LtiPlatformMessageSecurityToken;
use OAT\Library\Lti1p3Core\Exception\LtiException;
use OAT\Library\Lti1p3Core\Message\Launch\Validator\Platform\PlatformLaunchValidatorInterface;
use Symfony\Bridge\PsrHttpMessage\HttpMessageFactoryInterface;
use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PreAuthenticatedUserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;

class LtiPlatformMessageAuthenticator extends AbstractAuthenticator
{
    public function __construct(
        private FirewallMap $firewallMap,
        private HttpMessageFactoryInterface $factory,
        private PlatformLaunchValidatorInterface $validator,
        private string $firewallName,
        private array $types = []
    ) {
    }

    public function supports(Request $request): ?bool
    {
        $firewallConfig = $this->firewallMap->getFirewallConfig($request);

        return null !== $this->getJwtFromRequest($request) && $firewallConfig?->getName() === $this->firewallName;
    }

    public function authenticate(Request $request): Passport
    {
        $username = 'lti-platform';

        $passport = new SelfValidatingPassport(new UserBadge($username), [
            new PreAuthenticatedUserBadge()
        ]);

        $passport->setAttribute('request', $this->factory->createRequest($request));
        $passport->setAttribute('firewall_config', $this->firewallMap->getFirewallConfig($request));

        return $passport;
    }

    public function createToken(Passport $passport, string $firewallName): TokenInterface
    {
        try {
            $validationResult = $this->validator->validateToolOriginatingLaunch($passport->getAttribute('request'));

            if ($validationResult->hasError()) {
                throw new LtiException($validationResult->getError());
            }

            $messageType = $validationResult->getPayload()?->getMessageType();

            if (!empty($this->types) && !in_array($messageType, $this->types)) {
                throw new BadRequestHttpException(sprintf('Invalid LTI message type %s', $messageType));
            }

            $token = new LtiPlatformMessageSecurityToken($validationResult);
            $token->setAttribute('request', $passport->getAttribute('request'));
            $token->setAttribute('firewall_config', $passport->getAttribute('firewall_config'));

            return $token;
        } catch (BadRequestHttpException $exception) {
            throw $exception;
        } catch (\Throwable $exception) {
            throw new AuthenticationException(
                sprintf('LTI platform message request authentication failed: %s', $exception->getMessage()),
                (int) $exception->getCode(),
                $exception
            );
        }
    }

    private function getJwtFromRequest(Request $request): ?string
    {
        $jwtFromQuery = $request->query->get('JWT');
        if (null !== $jwtFromQuery) {
            return $jwtFromQuery;
        }

        return $request->request->get('JWT');
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
    {
        return null;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
    {
        return new JsonResponse([
            'error' => [
                'message' => strtr($exception->getMessage(), $exception->getMessageData()),
            ],
        ], Response::HTTP_UNAUTHORIZED);
    }
}

1	<?php
2
3	/**
4	* This program is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU Lesser General Public License
6	* as published by the Free Software Foundation; under version 2
7	* of the License (non-upgradable).
8	*
9	* This program is distributed in the hope that it will be useful,
10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	* GNU Lesser General Public License for more details.
13	*
14	* You should have received a copy of the GNU Lesser General Public License
15	* along with this program; if not, write to the Free Software
16	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17	*
18	* Copyright (c) 2024 (original work) Open Assessment Technologies SA;
19	*/
20
21	declare(strict_types=1);
22
23	namespace OAT\Bundle\Lti1p3Bundle\Security\Firewall\Message;
24
25	use OAT\Bundle\Lti1p3Bundle\Security\Authentication\Token\Message\LtiPlatformMessageSecurityToken;
26	use OAT\Library\Lti1p3Core\Exception\LtiException;
27	use OAT\Library\Lti1p3Core\Message\Launch\Validator\Platform\PlatformLaunchValidatorInterface;
28	use Symfony\Bridge\PsrHttpMessage\HttpMessageFactoryInterface;
29	use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
30	use Symfony\Component\HttpFoundation\JsonResponse;
31	use Symfony\Component\HttpFoundation\Request;
32	use Symfony\Component\HttpFoundation\Response;
33	use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
34	use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
35	use Symfony\Component\Security\Core\Exception\AuthenticationException;
36	use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
37	use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PreAuthenticatedUserBadge;
38	use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
39	use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
40	use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
41
42	class LtiPlatformMessageAuthenticator extends AbstractAuthenticator
43	{
44	public function __construct(
45	private FirewallMap $firewallMap,
46	private HttpMessageFactoryInterface $factory,
47	private PlatformLaunchValidatorInterface $validator,
48	private string $firewallName,
49	private array $types = []
50	) {
51	}	3✔
52
53	public function supports(Request $request): ?bool
54	{
55	$firewallConfig = $this->firewallMap->getFirewallConfig($request);	3✔
56
57	return null !== $this->getJwtFromRequest($request) && $firewallConfig?->getName() === $this->firewallName;	3✔
58	}
59
60	public function authenticate(Request $request): Passport
61	{
62	$username = 'lti-platform';	3✔
63
64	$passport = new SelfValidatingPassport(new UserBadge($username), [	3✔
65	new PreAuthenticatedUserBadge()	3✔
66	]);	3✔
67
68	$passport->setAttribute('request', $this->factory->createRequest($request));	3✔
69	$passport->setAttribute('firewall_config', $this->firewallMap->getFirewallConfig($request));	3✔
70
71	return $passport;	3✔
72	}
73
74	public function createToken(Passport $passport, string $firewallName): TokenInterface
75	{
76	try {
77	$validationResult = $this->validator->validateToolOriginatingLaunch($passport->getAttribute('request'));	3✔
78
79	if ($validationResult->hasError()) {	3✔
80	throw new LtiException($validationResult->getError());	1✔
81	}
82
83	$messageType = $validationResult->getPayload()?->getMessageType();	2✔
84
85	if (!empty($this->types) && !in_array($messageType, $this->types)) {	2✔
86	throw new BadRequestHttpException(sprintf('Invalid LTI message type %s', $messageType));	1✔
87	}
88
89	$token = new LtiPlatformMessageSecurityToken($validationResult);	1✔
90	$token->setAttribute('request', $passport->getAttribute('request'));	1✔
91	$token->setAttribute('firewall_config', $passport->getAttribute('firewall_config'));	1✔
92
93	return $token;	1✔
94	} catch (BadRequestHttpException $exception) {	2✔
95	throw $exception;	1✔
96	} catch (\Throwable $exception) {	1✔
97	throw new AuthenticationException(	1✔
98	sprintf('LTI platform message request authentication failed: %s', $exception->getMessage()),	1✔
99	(int) $exception->getCode(),	1✔
100	$exception	1✔
101	);	1✔
102	}
103	}
104
105	private function getJwtFromRequest(Request $request): ?string
106	{
107	$jwtFromQuery = $request->query->get('JWT');	3✔
108	if (null !== $jwtFromQuery) {	3✔
109	return $jwtFromQuery;	3✔
110	}
111
NEW 112	return $request->request->get('JWT');	×
113	}
114
115	public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
116	{
117	return null;	1✔
118	}
119
120	public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
121	{
122	return new JsonResponse([	1✔
123	'error' => [	1✔
124	'message' => strtr($exception->getMessage(), $exception->getMessageData()),	1✔
125	],	1✔
126	], Response::HTTP_UNAUTHORIZED);	1✔
127	}
128	}

oat-sa / bundle-lti1p3 / 10697340359

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous