Skip to content

Commit

Permalink
read segments from JWT
Browse files Browse the repository at this point in the history
  • Loading branch information
peter-horvath committed Mar 8, 2016
1 parent 174941a commit 648d96c
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 5 deletions.
16 changes: 15 additions & 1 deletion src/JwtGuard/IdentityProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,23 @@

interface IdentityProvider
{
/**
* @return string
*/
public function getUserId();

/**
* @return string
*/
public function getGroupId();

/**
* @return bool
*/
public function getIsAdmin();
}

/**
* @return array
*/
public function getSegments();
}
21 changes: 18 additions & 3 deletions src/JwtGuard/JwtTokenAuthenticator.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
const APP_ID = 'appId';
const EXPIRY = 'exp';
const IS_ADMIN = 'isAdmin';
const SEGMENTS = 'segments';

/**
* @var AlgorithmInterface
Expand All @@ -28,6 +29,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
* @var Token
*/
private $token;

/**
* @var AppIdProvider
*/
Expand All @@ -36,6 +38,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
/**
* @param Jwt $jwt
* @param AlgorithmInterface $algorithm
* @param AppIdProvider $appIdProvider
*/
public function __construct( Jwt $jwt, AlgorithmInterface $algorithm, AppIdProvider $appIdProvider )
{
Expand All @@ -48,7 +51,7 @@ public function __construct( Jwt $jwt, AlgorithmInterface $algorithm, AppIdProvi
/**
* Get a claim if we have one or return null
* @param string $claim the name of the claim
* @return string|null
* @return mixed
*/
private function getClaimOrNull( $claim )
{
Expand Down Expand Up @@ -131,8 +134,20 @@ public function getGroupId()
return $this->getClaimOrNull( self::GROUP_ID );
}

/**
* @return bool
*/
public function getIsAdmin()
{
return (bool)$this->getClaimOrNull( self::IS_ADMIN);
return (bool)$this->getClaimOrNull( self::IS_ADMIN );
}

/**
* @return array
*/
public function getSegments()
{
$segments = $this->getClaimOrNull( self::SEGMENTS );
return is_array( $segments ) ? $segments : [ ];
}
}
}
38 changes: 37 additions & 1 deletion test/JwtTokenAuthenticatorTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*/

namespace Clearbooks\Dilex\JwtGuard;

use DateTime;
use Emarref\Jwt\Algorithm\Hs512;
use Emarref\Jwt\Algorithm\None;
Expand Down Expand Up @@ -37,6 +38,8 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase

const VALID_IS_ADMIN = 4;

const VALID_SEGMENTS = 5;


/**
* @var Hs512
Expand All @@ -58,6 +61,11 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
*/
private $appIds;

/**
* @var array
*/
private $testSegments;

/**
* @return string
*/
Expand Down Expand Up @@ -89,7 +97,8 @@ private function getTokenWithout( array $spec )
self::VALID_GROUP_ID => new PublicClaim( 'groupId', self::GROUP_ID ),
self::VALID_APP_ID => new PublicClaim( 'appId', self::APP_ID ),
self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()),
self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN)
self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN),
self::VALID_SEGMENTS => new PublicClaim('segments', $this->testSegments)
];

$spec = array_diff( array_keys( $mappings ), $spec );
Expand Down Expand Up @@ -125,6 +134,14 @@ private function getTokenWithNoGroupId()
return $this->getTokenWithout( [self::VALID_GROUP_ID] );
}

/**
* @return Token
*/
private function getTokenWithoutSegments()
{
return $this->getTokenWithout( [self::VALID_SEGMENTS] );
}

/**
* @return Token
*/
Expand Down Expand Up @@ -172,6 +189,7 @@ public function setUp()
$this->algorithm = new Hs512( "shhh... it's a secret" );
$this->auth = new JwtTokenAuthenticator( new Jwt, $this->algorithm, $this->appIds );
$this->token = new Token();
$this->testSegments = [ [ 'segmentId' => 1, 'isLocked' => false, 'priority' => 10 ] ];
}

/**
Expand Down Expand Up @@ -226,6 +244,14 @@ public function givenTokenWithoutGroupId_whenVerifyingToken_returnTrue()
$this->assertTrue( $this->authoriseToken( $this->getTokenWithNoGroupId() ) );
}

/**
* @test
*/
public function givenTokenWithoutSegments_whenVerifyingToken_returnTrue()
{
$this->assertTrue( $this->authoriseToken( $this->getTokenWithoutSegments() ) );
}

/**
* @test
*/
Expand Down Expand Up @@ -276,6 +302,15 @@ public function givenTokenWithoutIsAdmin_whenGettingIsAdmin_returnFalse()
$this->assertFalse($this->auth->getIsAdmin());
}

/**
* @test
*/
public function givenTokenWithoutSegments_whenGettingSegments_returnsEmptyArray()
{
$this->authoriseToken($this->getTokenWithout([self::VALID_SEGMENTS]));
$this->assertEmpty($this->auth->getSegments());
}

/**
* @test
*/
Expand All @@ -285,5 +320,6 @@ public function givenValidToken_whenSettingToken_getCorrectUserAndGroupIdAndIsAd
$this->assertEquals(self::GROUP_ID, $this->auth->getGroupId());
$this->assertEquals(self::USER_ID, $this->auth->getUserId());
$this->assertEquals(self::IS_ADMIN, $this->auth->getIsAdmin());
$this->assertEquals($this->testSegments, $this->auth->getSegments());
}
}

0 comments on commit 648d96c

Please sign in to comment.