Add authentication

Move authentication behavior to its proper place

Author: sagikazarmark

composer.json

@@ -24,6 +24,11 @@
             "Http\\Message\\": "src/"
         }
     },
+    "autoload-dev": {
+        "psr-4": {
+            "spec\\Http\\Message\\": "spec/"
+        }
+    },
     "scripts": {
         "test": "vendor/bin/phpspec run",
         "test-ci": "vendor/bin/phpspec run -c phpspec.yml.ci"

spec/Authentication/AuthenticationBehavior.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+trait AuthenticationBehavior
+{
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+}

spec/Authentication/BasicAuthSpec.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use Psr\Http\Message\RequestInterface;
+use PhpSpec\ObjectBehavior;
+
+class BasicAuthSpec extends ObjectBehavior
+{
+    use AuthenticationBehavior;
+
+    function let()
+    {
+        $this->beConstructedWith('john.doe', 'secret');
+    }
+
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\BasicAuth');
+    }
+
+    function it_has_a_username()
+    {
+        $this->getUsername()->shouldReturn('john.doe');
+    }
+
+    function it_accepts_a_username()
+    {
+        $this->setUsername('jane.doe');
+
+        $this->getUsername()->shouldReturn('jane.doe');
+    }
+
+    function it_has_a_password()
+    {
+        $this->getPassword()->shouldReturn('secret');
+    }
+
+    function it_accepts_a_password()
+    {
+        $this->setPassword('very_secret');
+
+        $this->getPassword()->shouldReturn('very_secret');
+    }
+
+    function it_authenticates_a_request(RequestInterface $request, RequestInterface $newRequest)
+    {
+        $request->withHeader('Authorization', 'Basic '.base64_encode('john.doe:secret'))->willReturn($newRequest);
+
+        $this->authenticate($request)->shouldReturn($newRequest);
+    }
+}

spec/Authentication/BearerSpec.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use Psr\Http\Message\RequestInterface;
+use PhpSpec\ObjectBehavior;
+
+class BearerSpec extends ObjectBehavior
+{
+    use AuthenticationBehavior;
+
+    function let()
+    {
+        $this->beConstructedWith('token');
+    }
+
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\Bearer');
+    }
+
+    function it_has_a_token()
+    {
+        $this->getToken()->shouldReturn('token');
+    }
+
+    function it_accepts_a_token()
+    {
+        $this->setToken('another_token');
+
+        $this->getToken()->shouldReturn('another_token');
+    }
+
+    function it_authenticates_a_request(RequestInterface $request, RequestInterface $newRequest)
+    {
+        $request->withHeader('Authorization', 'Bearer token')->willReturn($newRequest);
+
+        $this->authenticate($request)->shouldReturn($newRequest);
+    }
+}

spec/Authentication/ChainSpec.php

@@ -0,0 +1,81 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use Http\Message\Authentication;
+use Psr\Http\Message\RequestInterface;
+use PhpSpec\ObjectBehavior;
+
+class ChainSpec extends ObjectBehavior
+{
+    use AuthenticationBehavior;
+
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\Chain');
+    }
+
+    function it_accepts_an_authentication_chain_in_the_constructor(Authentication $auth1, Authentication $auth2)
+    {
+        $chain = [$auth1, $auth2];
+
+        $this->beConstructedWith($chain);
+
+        $this->getAuthenticationChain()->shouldReturn($chain);
+    }
+
+    function it_sets_the_authentication_chain(Authentication $auth1, Authentication $auth2)
+    {
+        // This SHOULD be replaced
+        $this->beConstructedWith([$auth1]);
+
+        $this->setAuthenticationChain([$auth2]);
+
+        $this->getAuthenticationChain()->shouldReturn([$auth2]);
+    }
+
+    function it_adds_an_authentication_method(Authentication $auth1, Authentication $auth2)
+    {
+        // This SHOULD NOT be replaced
+        $this->beConstructedWith([$auth1]);
+
+        $this->addAuthentication($auth2);
+
+        $this->getAuthenticationChain()->shouldReturn([$auth1, $auth2]);
+    }
+
+    function it_clears_the_authentication_chain(Authentication $auth1, Authentication $auth2)
+    {
+        // This SHOULD be replaced
+        $this->beConstructedWith([$auth1]);
+
+        $this->clearAuthenticationChain();
+
+        $this->addAuthentication($auth2);
+
+        $this->getAuthenticationChain()->shouldReturn([$auth2]);
+    }
+
+    function it_authenticates_a_request(
+        Authentication $auth1,
+        Authentication $auth2,
+        RequestInterface $originalRequest,
+        RequestInterface $request1,
+        RequestInterface $request2
+    ) {
+        $originalRequest->withHeader('AuthMethod1', 'AuthValue')->willReturn($request1);
+        $request1->withHeader('AuthMethod2', 'AuthValue')->willReturn($request2);
+
+        $auth1->authenticate($originalRequest)->will(function ($args) {
+            return $args[0]->withHeader('AuthMethod1', 'AuthValue');
+        });
+
+        $auth2->authenticate($request1)->will(function ($args) {
+            return $args[0]->withHeader('AuthMethod2', 'AuthValue');
+        });
+
+        $this->beConstructedWith([$auth1, $auth2]);
+
+        $this->authenticate($originalRequest)->shouldReturn($request2);
+    }
+}

spec/Authentication/MatchingSpec.php

@@ -0,0 +1,75 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use Http\Message\Authentication;
+use Psr\Http\Message\RequestInterface;
+use PhpSpec\ObjectBehavior;
+
+class MatchingSpec extends ObjectBehavior
+{
+    use AuthenticationBehavior;
+
+    private $matcher;
+
+    function let(Authentication $authentication)
+    {
+        $this->matcher = function($request) { return true; };
+
+        $this->beConstructedWith($authentication, $this->matcher);
+    }
+
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\Matching');
+    }
+
+    function it_has_an_authentication(Authentication $authentication)
+    {
+        $this->getAuthentication()->shouldReturn($authentication);
+    }
+
+    function it_accepts_an_authentication(Authentication $anotherAuthentication)
+    {
+        $this->setAuthentication($anotherAuthentication);
+
+        $this->getAuthentication()->shouldReturn($anotherAuthentication);
+    }
+
+    function it_has_a_matcher()
+    {
+        $this->getMatcher()->shouldReturn($this->matcher);
+    }
+
+    function it_accepts_a_matcher()
+    {
+        $matcher = function($request) { return false; };
+
+        $this->setMatcher($matcher);
+
+        $this->getMatcher()->shouldReturn($matcher);
+    }
+
+    function it_authenticates_a_request(Authentication $authentication, RequestInterface $request, RequestInterface $newRequest)
+    {
+        $authentication->authenticate($request)->willReturn($newRequest);
+
+        $this->authenticate($request)->shouldReturn($newRequest);
+    }
+
+    function it_does_not_authenticate_a_request(Authentication $authentication, RequestInterface $request)
+    {
+        $matcher = function($request) { return false; };
+
+        $this->setMatcher($matcher);
+
+        $authentication->authenticate($request)->shouldNotBeCalled();
+
+        $this->authenticate($request)->shouldReturn($request);
+    }
+
+    function it_creates_a_matcher_from_url(Authentication $authentication)
+    {
+        $this->createUrlMatcher($authentication, 'url')->shouldHaveType('Http\Message\Authentication\Matching');
+    }
+}

spec/Authentication/WsseSpec.php

@@ -0,0 +1,59 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use Psr\Http\Message\RequestInterface;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+
+class WsseSpec extends ObjectBehavior
+{
+    use AuthenticationBehavior;
+
+    function let()
+    {
+        $this->beConstructedWith('john.doe', 'secret');
+    }
+
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\Wsse');
+    }
+
+    function it_has_a_username()
+    {
+        $this->getUsername()->shouldReturn('john.doe');
+    }
+
+    function it_accepts_a_username()
+    {
+        $this->setUsername('jane.doe');
+
+        $this->getUsername()->shouldReturn('jane.doe');
+    }
+
+    function it_has_a_password()
+    {
+        $this->getPassword()->shouldReturn('secret');
+    }
+
+    function it_accepts_a_password()
+    {
+        $this->setPassword('very_secret');
+
+        $this->getPassword()->shouldReturn('very_secret');
+    }
+
+    function it_authenticates_a_request(
+        RequestInterface $request,
+        RequestInterface $newRequest,
+        RequestInterface $newerRequest
+    ) {
+        $request->withHeader('Authorization', 'WSSE profile="UsernameToken"')->willReturn($newRequest);
+        $newRequest->withHeader('X-WSSE', Argument::that(function($arg) {
+            return preg_match('/UsernameToken Username=".*", PasswordDigest=".*", Nonce=".*", Created=".*"/', $arg);
+        }))->willReturn($newerRequest);
+
+        $this->authenticate($request)->shouldReturn($newerRequest);
+    }
+}

src/Authentication.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace Http\Message;
+
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Authenticate a PSR-7 Request.
+ *
+ * @author Márk Sági-Kazár <mark.sagikazar@gmail.com>
+ */
+interface Authentication
+{
+    /**
+     * Authenticates a request.
+     *
+     * @param RequestInterface $request
+     *
+     * @return RequestInterface
+     */
+    public function authenticate(RequestInterface $request);
+}

src/Authentication/BasicAuth.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Http\Message\Authentication;
+
+use Http\Message\Authentication;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Authenticate a PSR-7 Request using Basic Auth.
+ *
+ * @author Márk Sági-Kazár <mark.sagikazar@gmail.com>
+ */
+final class BasicAuth implements Authentication
+{
+    use UserPasswordPair;
+
+    /**
+     * @param string $username
+     * @param string $password
+     */
+    public function __construct($username, $password)
+    {
+        $this->username = $username;
+        $this->password = $password;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function authenticate(RequestInterface $request)
+    {
+        $header = sprintf('Basic %s', base64_encode(sprintf('%s:%s', $this->username, $this->password)));
+
+        return $request->withHeader('Authorization', $header);
+    }
+}