read segments from JWT (DEV-7295)

src/JwtGuard/IdentityProvider.php

@@ -3,9 +3,23 @@
 
 interface IdentityProvider
 {
+    /**
+     * @return string
+     */
     public function getUserId();
 
+    /**
+     * @return string
+     */
     public function getGroupId();
 
+    /**
+     * @return bool
+     */
     public function getIsAdmin();
-}
+
+    /**
+     * @return array
+     */
+    public function getSegments();
+}

src/JwtGuard/JwtTokenAuthenticator.php

@@ -18,6 +18,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
     const APP_ID = 'appId';
     const EXPIRY = 'exp';
     const IS_ADMIN = 'isAdmin';
+    const SEGMENTS = 'segments';
 
     /**
      * @var AlgorithmInterface
@@ -28,6 +29,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
      * @var Token
      */
     private $token;
+
     /**
      * @var AppIdProvider
      */
@@ -36,6 +38,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider
     /**
      * @param Jwt $jwt
      * @param AlgorithmInterface $algorithm
+     * @param AppIdProvider $appIdProvider
      */
     public function __construct( Jwt $jwt, AlgorithmInterface $algorithm, AppIdProvider $appIdProvider )
     {
@@ -48,7 +51,7 @@ public function __construct( Jwt $jwt, AlgorithmInterface $algorithm, AppIdProvi
     /**
      * Get a claim if we have one or return null
      * @param string $claim the name of the claim
-     * @return string|null
+     * @return mixed
      */
     private function getClaimOrNull( $claim )
     {
@@ -131,8 +134,20 @@ public function getGroupId()
         return $this->getClaimOrNull( self::GROUP_ID );
     }
 
+    /**
+     * @return bool
+     */
     public function getIsAdmin()
     {
-        return (bool)$this->getClaimOrNull( self::IS_ADMIN);
+        return (bool)$this->getClaimOrNull( self::IS_ADMIN );
+    }
+
+    /**
+     * @return array
+     */
+    public function getSegments()
+    {
+        $segments = $this->getClaimOrNull( self::SEGMENTS );
+        return is_array( $segments ) ? $segments : [ ];
     }
-}
+}

test/JwtTokenAuthenticatorTest.php

@@ -7,6 +7,7 @@
  */
 
 namespace Clearbooks\Dilex\JwtGuard;
+
 use DateTime;
 use Emarref\Jwt\Algorithm\Hs512;
 use Emarref\Jwt\Algorithm\None;
@@ -37,6 +38,8 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
 
     const VALID_IS_ADMIN = 4;
 
+    const VALID_SEGMENTS = 5;
+
 
     /**
      * @var Hs512
@@ -58,6 +61,11 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase
      */
     private $appIds;
 
+    /**
+     * @var array
+     */
+    private $testSegments;
+
     /**
      * @return string
      */
@@ -89,7 +97,8 @@ private function getTokenWithout( array $spec )
             self::VALID_GROUP_ID => new PublicClaim( 'groupId', self::GROUP_ID ),
             self::VALID_APP_ID => new PublicClaim( 'appId', self::APP_ID ),
             self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()),
-            self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN)
+            self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN),
+            self::VALID_SEGMENTS => new PublicClaim('segments', $this->testSegments)
         ];
 
         $spec = array_diff( array_keys( $mappings ), $spec );
@@ -125,6 +134,14 @@ private function getTokenWithNoGroupId()
         return $this->getTokenWithout( [self::VALID_GROUP_ID] );
     }
 
+    /**
+     * @return Token
+     */
+    private function getTokenWithoutSegments()
+    {
+        return $this->getTokenWithout( [self::VALID_SEGMENTS] );
+    }
+
     /**
      * @return Token
      */
@@ -172,6 +189,7 @@ public function setUp()
         $this->algorithm = new Hs512( "shhh... it's a secret" );
         $this->auth = new JwtTokenAuthenticator( new Jwt, $this->algorithm, $this->appIds );
         $this->token = new Token();
+        $this->testSegments = [ [ 'segmentId' => 1, 'isLocked' => false, 'priority' => 10 ] ];
     }
 
     /**
@@ -226,6 +244,14 @@ public function givenTokenWithoutGroupId_whenVerifyingToken_returnTrue()
         $this->assertTrue( $this->authoriseToken( $this->getTokenWithNoGroupId() ) );
     }
 
+    /**
+     * @test
+     */
+    public function givenTokenWithoutSegments_whenVerifyingToken_returnTrue()
+    {
+        $this->assertTrue( $this->authoriseToken( $this->getTokenWithoutSegments() ) );
+    }
+
     /**
      * @test
      */
@@ -276,6 +302,15 @@ public function givenTokenWithoutIsAdmin_whenGettingIsAdmin_returnFalse()
         $this->assertFalse($this->auth->getIsAdmin());
     }
 
+    /**
+     * @test
+     */
+    public function givenTokenWithoutSegments_whenGettingSegments_returnsEmptyArray()
+    {
+        $this->authoriseToken($this->getTokenWithout([self::VALID_SEGMENTS]));
+        $this->assertEmpty($this->auth->getSegments());
+    }
+
     /**
      * @test
      */
@@ -285,5 +320,6 @@ public function givenValidToken_whenSettingToken_getCorrectUserAndGroupIdAndIsAd
         $this->assertEquals(self::GROUP_ID, $this->auth->getGroupId());
         $this->assertEquals(self::USER_ID, $this->auth->getUserId());
         $this->assertEquals(self::IS_ADMIN, $this->auth->getIsAdmin());
+        $this->assertEquals($this->testSegments, $this->auth->getSegments());
     }
 }