Merge pull request #6 from clearbooks/ryan-ADHOC-458-handle-bearer

AQ-458 - Handle Auth headers with "Bearer " preceding the token
clearbooks · Jan 12, 2017 · 56d9abc · 56d9abc
2 parents ab1056d + 6411831
commit 56d9abc
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 3 deletions.
diff --git a/src/JwtGuard/JwtTokenAuthenticator.php b/src/JwtGuard/JwtTokenAuthenticator.php
@@ -19,6 +19,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
     const EXPIRY = 'exp';
     const IS_ADMIN = 'isAdmin';
     const SEGMENTS = 'segments';
+    const BEARER = 'Bearer ';
 
     /**
      * @var AlgorithmInterface
@@ -98,7 +99,11 @@ public function isAuthorised( Request $request )
         $context = new Context( EncryptionFactory::create( $this->algorithm ) );
 
         if ( $header ) {
-            $this->token = $this->jwt->deserialize( $header );
+            try{
+                $this->token = $this->jwt->deserialize( $this->extractJwtFromHeader($header) );
+            } catch ( \Exception $e ){
+                return false;
+            }
         }
 
         if ( $this->algorithm instanceof None ) {
@@ -150,4 +155,12 @@ public function getSegments()
         $segments = $this->getClaimOrNull( self::SEGMENTS );
         return is_array( $segments ) ? $segments : [ ];
     }
+
+    private function extractJwtFromHeader( $header )
+    {
+        if( strpos( $header, self::BEARER ) === 0 ){
+            return substr( $header, strlen( self::BEARER ) );
+        }
+        return $header;
+    }
 }
diff --git a/test/JwtTokenAuthenticatorTest.php b/test/JwtTokenAuthenticatorTest.php
@@ -176,8 +176,16 @@ private function getExpiredToken()
      */
     private function authoriseToken( Token $token )
     {
-        $serialised = ( new Jwt )->serialize( $token, EncryptionFactory::create( $this->algorithm ) );
-        return $this->auth->isAuthorised( new MockTokenRequest( $serialised ) );
+        return $this->auth->isAuthorised( new MockTokenRequest( $this->serialiseToken( $token ) ) );
+    }
+
+    /**
+     * @param $token
+     * @return string
+     */
+    private function serialiseToken( $token )
+    {
+        return ( new Jwt )->serialize( $token, EncryptionFactory::create( $this->algorithm ) );
     }
 
     /**
@@ -322,4 +330,20 @@ public function givenValidToken_whenSettingToken_getCorrectUserAndGroupIdAndIsAd
         $this->assertEquals(self::IS_ADMIN, $this->auth->getIsAdmin());
         $this->assertEquals($this->testSegments, $this->auth->getSegments());
     }
+
+    /**
+     * @test
+     */
+    public function givenValidTokenAndBearerStringPresentInRequestHeader_WhenCallingIsAuthorised_ThenAuthorisationPasses()
+    {
+        $this->assertTrue( $this->auth->isAuthorised( new MockTokenRequest( "Bearer ". $this->serialiseToken( $this->getValidToken() ) ) ) );
+    }
+
+    /**
+     * @test
+     */
+    public function givenValidTokenButHeaderIsInvalid_WhenCallingIsAuthorised_ThenAuthorisationFails()
+    {
+        $this->assertFalse( $this->auth->isAuthorised( new MockTokenRequest( " 🐟 should be broken ". $this->serialiseToken( $this->getValidToken() ) ) ) );
+    }
 }