zozlak / auth / #1

Committed 22 Oct 2024 03:40PM UTC coverage: 32.687%. First build

Build # #1

Build Type

push

php-coveralls

Committed by

zozlak

Commit Message

Major refactorization

* advertise() methods return psr-7 responses insted of changing the
  global state
* logout() method added to both auth method classes and AuthController
* tests added
* PHP bumped to 8

TODO - tests for HttpDigest, Google, GoogleToken, Shibboleth auth
methods

Run Details

44 of 108 new or added lines in 11 files covered. (40.74%)

118 of 361 relevant lines covered (32.69%)

1.25 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/zozlak/auth/authMethod/GoogleToken.php

<?php

/*
 * The MIT License
 *
 * Copyright 2018 zozlak.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

namespace zozlak\auth\authMethod;

use BadMethodCallException;
use GuzzleHttp\Client;
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Psr7\Response;
use GuzzleHttp\Exception\RequestException;
use zozlak\auth\usersDb\UsersDbInterface;
use zozlak\auth\UnauthorizedException;

/**
 * Simple Google access_token-based authentication provider.
 * 
 * It assumes client already has a valid token. No help is provided for 
 * obtaining the token nor refreshing an expired one.
 *
 * Amount of data provided by the getUserData() method solely depends on the 
 * token and this provider doesn't make any assumptions about it. Basically all 
 * the data returned for the provided token by the https://www.googleapis.com/oauth2/v3/tokeninfo
 * Google API endpoint are returned.
 * 
 * @author zozlak
 */
class GoogleToken implements AuthMethodInterface {

    const API_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo';

    private string $token;
    private string $usernameField;
    private object $data;

    /**
     * 
     * @param string $token Google access_token
     * @param string $usernameField field in the data returned for the token by
     *   the https://www.googleapis.com/oauth2/v3/tokeninfo Google API endpoint
     *   to be used as a user name, e.g. 'email' or 'userId'
     */
    public function __construct(string $token, string $usernameField = 'email') {
        $this->token         = $token;
        $this->usernameField = $usernameField;
    }

    public function authenticate(UsersDbInterface $db, bool $strict): bool {
        $client = new Client();
        $req    = new Request('GET', self::API_URL . '?access_token=' . $this->token);
        try {
            $resp  = $client->send($req);
            $data  = json_decode($resp->getBody());
            $field = $this->usernameField;
            if ($data === null || isset($data->err) || !isset($data->$field)) {
                return false;
            }
            $this->data = $data;
            return true;
        } catch (RequestException $ex) {
            
        }
        if ($strict) {
            throw new UnauthorizedException();
        }
        return false;
    }

    public function logout(UsersDbInterface $db, string $redirectUrl = ''): Response | null {
        throw new BadMethodCallException('logout not supported');
    }

    public function getUserData(): object {
        return $this->data;
    }

    public function getUserName(): string {
        $field = $this->usernameField;
        return $this->data->$field;
    }

    public function advertise(bool $onFailure): Response | null {
        throw new BadMethodCallException('advertising not supported');
    }
}

1	<?php
2
3	/*
4	* The MIT License
5	*
6	* Copyright 2018 zozlak.
7	*
8	* Permission is hereby granted, free of charge, to any person obtaining a copy
9	* of this software and associated documentation files (the "Software"), to deal
10	* in the Software without restriction, including without limitation the rights
11	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12	* copies of the Software, and to permit persons to whom the Software is
13	* furnished to do so, subject to the following conditions:
14	*
15	* The above copyright notice and this permission notice shall be included in
16	* all copies or substantial portions of the Software.
17	*
18	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24	* THE SOFTWARE.
25	*/
26
27	namespace zozlak\auth\authMethod;
28
29	use BadMethodCallException;
30	use GuzzleHttp\Client;
31	use GuzzleHttp\Psr7\Request;
32	use GuzzleHttp\Psr7\Response;
33	use GuzzleHttp\Exception\RequestException;
34	use zozlak\auth\usersDb\UsersDbInterface;
35	use zozlak\auth\UnauthorizedException;
36
37	/**
38	* Simple Google access_token-based authentication provider.
39	*
40	* It assumes client already has a valid token. No help is provided for
41	* obtaining the token nor refreshing an expired one.
42	*
43	* Amount of data provided by the getUserData() method solely depends on the
44	* token and this provider doesn't make any assumptions about it. Basically all
45	* the data returned for the provided token by the https://www.googleapis.com/oauth2/v3/tokeninfo
46	* Google API endpoint are returned.
47	*
48	* @author zozlak
49	*/
50	class GoogleToken implements AuthMethodInterface {
51
52	const API_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo';
53
54	private string $token;
55	private string $usernameField;
56	private object $data;
57
58	/**
59	*
60	* @param string $token Google access_token
61	* @param string $usernameField field in the data returned for the token by
62	* the https://www.googleapis.com/oauth2/v3/tokeninfo Google API endpoint
63	* to be used as a user name, e.g. 'email' or 'userId'
64	*/
65	public function __construct(string $token, string $usernameField = 'email') {
66	$this->token = $token;	×
67	$this->usernameField = $usernameField;	×
68	}
69
70	public function authenticate(UsersDbInterface $db, bool $strict): bool {
71	$client = new Client();	×
72	$req = new Request('GET', self::API_URL . '?access_token=' . $this->token);	×
73	try {
74	$resp = $client->send($req);	×
75	$data = json_decode($resp->getBody());	×
76	$field = $this->usernameField;	×
77	if ($data === null \|\| isset($data->err) \|\| !isset($data->$field)) {	×
78	return false;	×
79	}
80	$this->data = $data;	×
81	return true;	×
82	} catch (RequestException $ex) {	×
83
84	}
NEW 85	if ($strict) {	×
NEW 86	throw new UnauthorizedException();	×
87	}
NEW 88	return false;	×
89	}
90
91	public function logout(UsersDbInterface $db, string $redirectUrl = ''): Response \| null {
NEW 92	throw new BadMethodCallException('logout not supported');	×
93	}
94
95	public function getUserData(): object {
96	return $this->data;	×
97	}
98
99	public function getUserName(): string {
100	$field = $this->usernameField;	×
101	return $this->data->$field;	×
102	}
103
104	public function advertise(bool $onFailure): Response \| null {
105	throw new BadMethodCallException('advertising not supported');	×
106	}
107	}

zozlak / auth / #1

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous