Merge pull request #4 from clearbooks/support-many-app-ids

Support many app ids
clearbooks · Sep 24, 2015 · 1781f19 · 1781f19
2 parents 774b4fb + e0196d9
commit 1781f19
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 9 deletions.
diff --git a/src/JwtGuard/AppIdProvider.php b/src/JwtGuard/AppIdProvider.php
@@ -0,0 +1,10 @@
+<?php
+
+
+namespace Clearbooks\Dilex\JwtGuard;
+
+
+interface AppIdProvider
+{
+    public function getAppIds();
+}
diff --git a/src/JwtGuard/JwtTokenAuthenticator.php b/src/JwtGuard/JwtTokenAuthenticator.php
@@ -28,16 +28,21 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
      * @var Token
      */
     private $token;
+    /**
+     * @var AppIdProvider
+     */
+    private $appIdProvider;
 
     /**
      * @param Jwt $jwt
      * @param AlgorithmInterface $algorithm
-=     */
-    public function __construct( Jwt $jwt, AlgorithmInterface $algorithm )
+     */
+    public function __construct( Jwt $jwt, AlgorithmInterface $algorithm, AppIdProvider $appIdProvider )
     {
         $this->jwt = $jwt;
         $this->algorithm = $algorithm;
         $this->token = new Token;
+        $this->appIdProvider = $appIdProvider;
     }
 
     /**
@@ -74,9 +79,9 @@ private function hasUserId()
      * Is this token for labs
      * @return bool
      */
-    private function isLabsToken()
+    private function isAllowedAppId()
     {
-        return $this->getClaimOrNull( self::APP_ID ) === 'labs';
+        return in_array( $this->getClaimOrNull( self::APP_ID ), $this->appIdProvider->getAppIds() );
     }
 
     /**
@@ -97,7 +102,7 @@ public function isAuthorised( Request $request )
             return false;
         }
 
-        if( $this->isExpired() || !$this->hasUserId() || !$this->isLabsToken() ) {
+        if( $this->isExpired() || !$this->hasUserId() || !$this->isAllowedAppId() ) {
             return false;
         }
 

diff --git a/src/JwtGuard/StaticAppIdProvider.php b/src/JwtGuard/StaticAppIdProvider.php
@@ -0,0 +1,26 @@
+<?php
+
+
+namespace Clearbooks\Dilex\JwtGuard;
+
+
+class StaticAppIdProvider implements AppIdProvider
+{
+    /**
+     * @var string[]
+     */
+    private $appIds;
+
+    /**
+     * @param string[] $appIds
+     */
+    public function __construct( array $appIds )
+    {
+        $this->appIds = $appIds;
+    }
+
+    public function getAppIds()
+    {
+        return $this->appIds;
+    }
+}
diff --git a/test/JwtTokenAuthenticatorTest.php b/test/JwtTokenAuthenticatorTest.php
@@ -20,6 +20,7 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
 {
     const USER_ID = '1';
     const GROUP_ID = '1';
+    const APP_ID = 'test';
     const IS_ADMIN = true;
 
     const WITH = 0;
@@ -52,6 +53,11 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
      */
     private $token;
 
+    /**
+     * @var AppIdProvider
+     */
+    private $appIds;
+
     /**
      * @return string
      */
@@ -81,7 +87,7 @@ private function getTokenWithout( array $spec )
         $mappings = [
             self::VALID_USER_ID => new PublicClaim( 'userId', self::USER_ID ),
             self::VALID_GROUP_ID => new PublicClaim( 'groupId', self::GROUP_ID ),
-            self::VALID_APP_ID => new PublicClaim( 'appId', 'labs' ),
+            self::VALID_APP_ID => new PublicClaim( 'appId', self::APP_ID ),
             self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()),
             self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN)
         ];
@@ -162,8 +168,9 @@ private function authoriseToken( Token $token )
      */
     public function setUp()
     {
+        $this->appIds = new StaticAppIdProvider( [self::APP_ID] );
         $this->algorithm = new Hs512( "shhh... it's a secret" );
-        $this->auth = new JwtTokenAuthenticator( new Jwt, $this->algorithm );
+        $this->auth = new JwtTokenAuthenticator( new Jwt, $this->algorithm, $this->appIds );
         $this->token = new Token();
     }
 
@@ -172,7 +179,7 @@ public function setUp()
      */
     public function givenNoneAlgorithm_returnFalse()
     {
-        $auth = new JwtTokenAuthenticator( $jwt = new Jwt, new None );
+        $auth = new JwtTokenAuthenticator( $jwt = new Jwt, new None, $this->appIds );
         $this->assertFalse( $auth->isAuthorised( new MockTokenRequest( $jwt->serialize( new Token, EncryptionFactory::create( new None ) ) ) ) );
     }
 
@@ -256,7 +263,7 @@ public function givenTokenWithNoAppId_whenVerifyingToken_returnFalse()
      */
     public function givenTokenWithInvalidSignature_whenValidatingToken_returnFalse()
     {
-        $this->auth = new JwtTokenAuthenticator( new Jwt, new Hs512( 'Nope' ) );
+        $this->auth = new JwtTokenAuthenticator( new Jwt, new Hs512( 'Nope' ), $this->appIds );
         $this->assertFalse( $this->authoriseToken( $this->getValidToken() ) );
     }