From fb22e8e2005a04e4cb5f4adbb216df05df6fc870 Mon Sep 17 00:00:00 2001
From: danielburnley <daniel@clearbooks.co.uk>
Date: Mon, 21 Sep 2015 11:25:10 +0100
Subject: [PATCH 1/2] add checks for isAdmin

---
 src/JwtGuard/IdentityProvider.php      |  2 ++
 src/JwtGuard/JwtTokenAuthenticator.php |  6 ++++++
 test/JwtTokenAuthenticatorTest.php     | 15 ++++++++++++---
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/JwtGuard/IdentityProvider.php b/src/JwtGuard/IdentityProvider.php
index 66cafd6..97f54be 100644
--- a/src/JwtGuard/IdentityProvider.php
+++ b/src/JwtGuard/IdentityProvider.php
@@ -6,4 +6,6 @@ interface IdentityProvider
     public function getUserId();
 
     public function getGroupId();
+
+    public function getIsAdmin();
 }
\ No newline at end of file
diff --git a/src/JwtGuard/JwtTokenAuthenticator.php b/src/JwtGuard/JwtTokenAuthenticator.php
index 6ae460c..672a594 100644
--- a/src/JwtGuard/JwtTokenAuthenticator.php
+++ b/src/JwtGuard/JwtTokenAuthenticator.php
@@ -17,6 +17,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
     const GROUP_ID = 'groupId';
     const APP_ID = 'appId';
     const EXPIRY = 'exp';
+    const IS_ADMIN = 'isAdmin';
 
     /**
      * @var AlgorithmInterface
@@ -124,4 +125,9 @@ public function getGroupId()
     {
         return $this->getClaimOrNull( self::GROUP_ID );
     }
+
+    public function getIsAdmin()
+    {
+        return $this->getClaimOrNull( self::IS_ADMIN);
+    }
 }
\ No newline at end of file
diff --git a/test/JwtTokenAuthenticatorTest.php b/test/JwtTokenAuthenticatorTest.php
index 635a11a..3ff2d51 100644
--- a/test/JwtTokenAuthenticatorTest.php
+++ b/test/JwtTokenAuthenticatorTest.php
@@ -20,6 +20,7 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
 {
     const USER_ID = '1';
     const GROUP_ID = '1';
+    const IS_ADMIN = true;
 
     const WITH = 0;
 
@@ -33,6 +34,8 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
 
     const VALID_EXPIRY_DATE = 3;
 
+    const VALID_IS_ADMIN = 4;
+
 
     /**
      * @var Hs512
@@ -44,6 +47,11 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
      */
     private $auth;
 
+    /**
+     * @var Token
+     */
+    private $token;
+
     /**
      * @return string
      */
@@ -65,7 +73,6 @@ private function getExpiredDate()
     }
 
     /**
-     * @param $withOrWithout
      * @param array $spec
      * @return Token
      */
@@ -75,7 +82,8 @@ private function getTokenWithout( array $spec )
             self::VALID_USER_ID => new PublicClaim( 'userId', self::USER_ID ),
             self::VALID_GROUP_ID => new PublicClaim( 'groupId', self::GROUP_ID ),
             self::VALID_APP_ID => new PublicClaim( 'appId', 'labs' ),
-            self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate())
+            self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()),
+            self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN)
         ];
 
         $spec = array_diff( array_keys( $mappings ), $spec );
@@ -255,10 +263,11 @@ public function givenTokenWithInvalidSignature_whenValidatingToken_returnFalse()
     /**
      * @test
      */
-    public function givenValidToken_whenSettingToken_getCorrectUserAndGroupId()
+    public function givenValidToken_whenSettingToken_getCorrectUserAndGroupIdAndIsAdmin()
     {
         $this->authoriseToken( $this->getValidToken() );
         $this->assertEquals(self::GROUP_ID, $this->auth->getGroupId());
         $this->assertEquals(self::USER_ID, $this->auth->getUserId());
+        $this->assertEquals(self::IS_ADMIN, $this->auth->getIsAdmin());
     }
 }

From 7ef09baf63de5c26bd67638ab2ef3d4ec8f8a1c5 Mon Sep 17 00:00:00 2001
From: danielburnley <daniel@clearbooks.co.uk>
Date: Mon, 21 Sep 2015 12:10:23 +0100
Subject: [PATCH 2/2] return false if is_admin is unset

---
 src/JwtGuard/JwtTokenAuthenticator.php | 2 +-
 test/JwtTokenAuthenticatorTest.php     | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/JwtGuard/JwtTokenAuthenticator.php b/src/JwtGuard/JwtTokenAuthenticator.php
index 672a594..a60b37a 100644
--- a/src/JwtGuard/JwtTokenAuthenticator.php
+++ b/src/JwtGuard/JwtTokenAuthenticator.php
@@ -128,6 +128,6 @@ public function getGroupId()
 
     public function getIsAdmin()
     {
-        return $this->getClaimOrNull( self::IS_ADMIN);
+        return (bool)$this->getClaimOrNull( self::IS_ADMIN);
     }
 }
\ No newline at end of file
diff --git a/test/JwtTokenAuthenticatorTest.php b/test/JwtTokenAuthenticatorTest.php
index 3ff2d51..53cbd29 100644
--- a/test/JwtTokenAuthenticatorTest.php
+++ b/test/JwtTokenAuthenticatorTest.php
@@ -260,6 +260,15 @@ public function givenTokenWithInvalidSignature_whenValidatingToken_returnFalse()
         $this->assertFalse( $this->authoriseToken( $this->getValidToken() ) );
     }
 
+    /**
+     * @test
+     */
+    public function givenTokenWithoutIsAdmin_whenGettingIsAdmin_returnFalse()
+    {
+        $this->authoriseToken($this->getTokenWithout([self::VALID_IS_ADMIN]));
+        $this->assertFalse($this->auth->getIsAdmin());
+    }
+
     /**
      * @test
      */