Merge pull request #38 from php-http/auto_basic_auth

sagikazarmark · sagikazarmark · commit fad9552ddd37 · 2016-03-29T22:21:29.000+02:00
Add auto BasicAuth credential detection based on URL
diff --git a/spec/Authentication/AuthenticationBehavior.php b/spec/Authentication/AuthenticationBehavior.php
diff --git a/spec/Authentication/AutoBasicAuthSpec.php b/spec/Authentication/AutoBasicAuthSpec.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\UriInterface;
+
+class AutoBasicAuthSpec extends ObjectBehavior
+{
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\AutoBasicAuth');
+    }
+
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
+    function it_authenticates_a_request(
+        RequestInterface $request,
+        UriInterface $uri,
+        UriInterface $uriWithoutUserInfo,
+        RequestInterface $requestWithoutUserInfo,
+        RequestInterface $authenticatedRequest
+    ) {
+        $request->getUri()->willReturn($uri);
+        $uri->getUserInfo()->willReturn('username:password');
+        $uri->withUserInfo('', null)->willReturn($uriWithoutUserInfo);
+        $request->withUri($uriWithoutUserInfo)->willReturn($requestWithoutUserInfo);
+        $requestWithoutUserInfo
+            ->withHeader('Authorization', 'Basic '.base64_encode('username:password'))
+            ->willReturn($authenticatedRequest)
+        ;
+
+        $this->authenticate($request)->shouldReturn($authenticatedRequest);
+    }
+
+    function it_authenticates_a_request_without_password(
+        RequestInterface $request,
+        UriInterface $uri,
+        UriInterface $uriWithoutUserInfo,
+        RequestInterface $requestWithoutUserInfo,
+        RequestInterface $authenticatedRequest
+    ) {
+        $request->getUri()->willReturn($uri);
+        $uri->getUserInfo()->willReturn('username');
+        $uri->withUserInfo('', null)->willReturn($uriWithoutUserInfo);
+        $request->withUri($uriWithoutUserInfo)->willReturn($requestWithoutUserInfo);
+        $requestWithoutUserInfo
+            ->withHeader('Authorization', 'Basic '.base64_encode('username'))
+            ->willReturn($authenticatedRequest)
+        ;
+
+        $this->authenticate($request)->shouldReturn($authenticatedRequest);
+    }
+
+    function it_does_not_authenticate_a_request(RequestInterface $request, UriInterface $uri)
+    {
+        $request->getUri()->willReturn($uri);
+        $uri->getUserInfo()->willReturn('');
+
+        $this->authenticate($request)->shouldReturn($request);
+    }
+
+    function it_authenticates_a_request_without_user_info_removal(
+        RequestInterface $request,
+        UriInterface $uri,
+        RequestInterface $authenticatedRequest
+    ) {
+        $this->beConstructedWith(false);
+
+        $request->getUri()->willReturn($uri);
+        $uri->getUserInfo()->willReturn('username:password');
+        $request
+            ->withHeader('Authorization', 'Basic '.base64_encode('username:password'))
+            ->willReturn($authenticatedRequest)
+        ;
+
+        $this->authenticate($request)->shouldReturn($authenticatedRequest);
+    }
+}
diff --git a/spec/Authentication/BasicAuthSpec.php b/spec/Authentication/BasicAuthSpec.php
@@ -7,8 +7,6 @@
 
 class BasicAuthSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
     function let()
     {
         $this->beConstructedWith('john.doe', 'secret');
@@ -19,6 +17,11 @@ function it_is_initializable()
         $this->shouldHaveType('Http\Message\Authentication\BasicAuth');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_authenticates_a_request(RequestInterface $request, RequestInterface $newRequest)
     {
         $request->withHeader('Authorization', 'Basic '.base64_encode('john.doe:secret'))->willReturn($newRequest);
diff --git a/spec/Authentication/BearerSpec.php b/spec/Authentication/BearerSpec.php
@@ -7,8 +7,6 @@
 
 class BearerSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
     function let()
     {
         $this->beConstructedWith('token');
@@ -19,6 +17,11 @@ function it_is_initializable()
         $this->shouldHaveType('Http\Message\Authentication\Bearer');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_authenticates_a_request(RequestInterface $request, RequestInterface $newRequest)
     {
         $request->withHeader('Authorization', 'Bearer token')->willReturn($newRequest);
diff --git a/spec/Authentication/ChainSpec.php b/spec/Authentication/ChainSpec.php
@@ -8,13 +8,16 @@
 
 class ChainSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
     function it_is_initializable()
     {
         $this->shouldHaveType('Http\Message\Authentication\Chain');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_throws_an_exception_when_non_authentication_is_passed()
     {
         $this->beConstructedWith(['authentication']);
diff --git a/spec/Authentication/MatchingSpec.php b/spec/Authentication/MatchingSpec.php
@@ -8,22 +8,23 @@
 
 class MatchingSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
-    private $matcher;
-
     function let(Authentication $authentication)
     {
-        $this->matcher = function($request) { return true; };
+        $matcher = function($request) { return true; };
 
-        $this->beConstructedWith($authentication, $this->matcher);
+        $this->beConstructedWith($authentication, $matcher);
     }
 
     function it_is_initializable()
     {
         $this->shouldHaveType('Http\Message\Authentication\Matching');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_authenticates_a_request(Authentication $authentication, RequestInterface $request, RequestInterface $newRequest)
     {
         $authentication->authenticate($request)->willReturn($newRequest);
diff --git a/spec/Authentication/QueryParamSpec.php b/spec/Authentication/QueryParamSpec.php
@@ -8,8 +8,6 @@
 
 class QueryParamSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
     function let()
     {
         $this->beConstructedWith([
@@ -23,6 +21,11 @@ function it_is_initializable()
         $this->shouldHaveType('Http\Message\Authentication\QueryParam');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_authenticates_a_request(
         RequestInterface $request,
         UriInterface $uri,
diff --git a/spec/Authentication/RequestConditionalSpec.php b/spec/Authentication/RequestConditionalSpec.php
@@ -9,8 +9,6 @@
 
 class RequestConditionalSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
     function let(RequestMatcher $requestMatcher, Authentication $authentication)
     {
         $this->beConstructedWith($requestMatcher, $authentication);
@@ -21,6 +19,11 @@ function it_is_initializable()
         $this->shouldHaveType('Http\Message\Authentication\RequestConditional');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_authenticates_a_request(
         Authentication $authentication,
         RequestMatcher $requestMatcher,
diff --git a/spec/Authentication/WsseSpec.php b/spec/Authentication/WsseSpec.php
@@ -8,8 +8,6 @@
 
 class WsseSpec extends ObjectBehavior
 {
-    use AuthenticationBehavior;
-
     function let()
     {
         $this->beConstructedWith('john.doe', 'secret');
@@ -20,6 +18,11 @@ function it_is_initializable()
         $this->shouldHaveType('Http\Message\Authentication\Wsse');
     }
 
+    function it_is_an_authentication()
+    {
+        $this->shouldImplement('Http\Message\Authentication');
+    }
+
     function it_authenticates_a_request(
         RequestInterface $request,
         RequestInterface $newRequest,
diff --git a/src/Authentication/AutoBasicAuth.php b/src/Authentication/AutoBasicAuth.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Http\Message\Authentication;
+
+use Http\Message\Authentication;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Authenticate a PSR-7 Request using Basic Auth based on credentials in the URI.
+ *
+ * @author Márk Sági-Kazár <mark.sagikazar@gmail.com>
+ */
+final class AutoBasicAuth implements Authentication
+{
+    /**
+     * Whether user info should be removed from the URI.
+     *
+     * @var bool
+     */
+    private $shouldRemoveUserInfo;
+
+    /**
+     * @param bool|true $shouldRremoveUserInfo
+     */
+    public function __construct($shouldRremoveUserInfo = true)
+    {
+        $this->shouldRemoveUserInfo = (bool) $shouldRremoveUserInfo;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function authenticate(RequestInterface $request)
+    {
+        $uri = $request->getUri();
+        $userInfo = $uri->getUserInfo();
+
+        if (!empty($userInfo)) {
+            if ($this->shouldRemoveUserInfo) {
+                $request = $request->withUri($uri->withUserInfo(''));
+            }
+
+            $request = $request->withHeader('Authorization', sprintf('Basic %s', base64_encode($userInfo)));
+        }
+
+        return $request;
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,6 @@`
`7`	`7`
`8`	`8`	`class BasicAuthSpec extends ObjectBehavior`
`9`	`9`	`{`
`10`		`- use AuthenticationBehavior;`
`11`		`-`
`12`	`10`	`function let()`
`13`	`11`	`{`
`14`	`12`	`$this->beConstructedWith('john.doe', 'secret');`
`@@ -19,6 +17,11 @@ function it_is_initializable()`
`19`	`17`	`$this->shouldHaveType('Http\Message\Authentication\BasicAuth');`
`20`	`18`	`}`
`21`	`19`
	`20`	`+ function it_is_an_authentication()`
	`21`	`+ {`
	`22`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`23`	`+ }`
	`24`	`+`
`22`	`25`	`function it_authenticates_a_request(RequestInterface $request, RequestInterface $newRequest)`
`23`	`26`	`{`
`24`	`27`	`$request->withHeader('Authorization', 'Basic '.base64_encode('john.doe:secret'))->willReturn($newRequest);`
Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,6 @@`
`7`	`7`
`8`	`8`	`class BearerSpec extends ObjectBehavior`
`9`	`9`	`{`
`10`		`- use AuthenticationBehavior;`
`11`		`-`
`12`	`10`	`function let()`
`13`	`11`	`{`
`14`	`12`	`$this->beConstructedWith('token');`
`@@ -19,6 +17,11 @@ function it_is_initializable()`
`19`	`17`	`$this->shouldHaveType('Http\Message\Authentication\Bearer');`
`20`	`18`	`}`
`21`	`19`
	`20`	`+ function it_is_an_authentication()`
	`21`	`+ {`
	`22`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`23`	`+ }`
	`24`	`+`
`22`	`25`	`function it_authenticates_a_request(RequestInterface $request, RequestInterface $newRequest)`
`23`	`26`	`{`
`24`	`27`	`$request->withHeader('Authorization', 'Bearer token')->willReturn($newRequest);`
Original file line number	Diff line number	Diff line change
`@@ -8,13 +8,16 @@`
`8`	`8`
`9`	`9`	`class ChainSpec extends ObjectBehavior`
`10`	`10`	`{`
`11`		`- use AuthenticationBehavior;`
`12`		`-`
`13`	`11`	`function it_is_initializable()`
`14`	`12`	`{`
`15`	`13`	`$this->shouldHaveType('Http\Message\Authentication\Chain');`
`16`	`14`	`}`
`17`	`15`
	`16`	`+ function it_is_an_authentication()`
	`17`	`+ {`
	`18`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`19`	`+ }`
	`20`	`+`
`18`	`21`	`function it_throws_an_exception_when_non_authentication_is_passed()`
`19`	`22`	`{`
`20`	`23`	`$this->beConstructedWith(['authentication']);`
Original file line number	Diff line number	Diff line change
`@@ -8,22 +8,23 @@`
`8`	`8`
`9`	`9`	`class MatchingSpec extends ObjectBehavior`
`10`	`10`	`{`
`11`		`- use AuthenticationBehavior;`
`12`		`-`
`13`		`- private $matcher;`
`14`		`-`
`15`	`11`	`function let(Authentication $authentication)`
`16`	`12`	`{`
`17`		`- $this->matcher = function($request) { return true; };`
	`13`	`+ $matcher = function($request) { return true; };`
`18`	`14`
`19`		`- $this->beConstructedWith($authentication, $this->matcher);`
	`15`	`+ $this->beConstructedWith($authentication, $matcher);`
`20`	`16`	`}`
`21`	`17`
`22`	`18`	`function it_is_initializable()`
`23`	`19`	`{`
`24`	`20`	`$this->shouldHaveType('Http\Message\Authentication\Matching');`
`25`	`21`	`}`
`26`	`22`
	`23`	`+ function it_is_an_authentication()`
	`24`	`+ {`
	`25`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`26`	`+ }`
	`27`	`+`
`27`	`28`	`function it_authenticates_a_request(Authentication $authentication, RequestInterface $request, RequestInterface $newRequest)`
`28`	`29`	`{`
`29`	`30`	`$authentication->authenticate($request)->willReturn($newRequest);`
Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,6 @@`
`8`	`8`
`9`	`9`	`class QueryParamSpec extends ObjectBehavior`
`10`	`10`	`{`
`11`		`- use AuthenticationBehavior;`
`12`		`-`
`13`	`11`	`function let()`
`14`	`12`	`{`
`15`	`13`	`$this->beConstructedWith([`
`@@ -23,6 +21,11 @@ function it_is_initializable()`
`23`	`21`	`$this->shouldHaveType('Http\Message\Authentication\QueryParam');`
`24`	`22`	`}`
`25`	`23`
	`24`	`+ function it_is_an_authentication()`
	`25`	`+ {`
	`26`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`27`	`+ }`
	`28`	`+`
`26`	`29`	`function it_authenticates_a_request(`
`27`	`30`	`RequestInterface $request,`
`28`	`31`	`UriInterface $uri,`
Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,6 @@`
`9`	`9`
`10`	`10`	`class RequestConditionalSpec extends ObjectBehavior`
`11`	`11`	`{`
`12`		`- use AuthenticationBehavior;`
`13`		`-`
`14`	`12`	`function let(RequestMatcher $requestMatcher, Authentication $authentication)`
`15`	`13`	`{`
`16`	`14`	`$this->beConstructedWith($requestMatcher, $authentication);`
`@@ -21,6 +19,11 @@ function it_is_initializable()`
`21`	`19`	`$this->shouldHaveType('Http\Message\Authentication\RequestConditional');`
`22`	`20`	`}`
`23`	`21`
	`22`	`+ function it_is_an_authentication()`
	`23`	`+ {`
	`24`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`25`	`+ }`
	`26`	`+`
`24`	`27`	`function it_authenticates_a_request(`
`25`	`28`	`Authentication $authentication,`
`26`	`29`	`RequestMatcher $requestMatcher,`
Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,6 @@`
`8`	`8`
`9`	`9`	`class WsseSpec extends ObjectBehavior`
`10`	`10`	`{`
`11`		`- use AuthenticationBehavior;`
`12`		`-`
`13`	`11`	`function let()`
`14`	`12`	`{`
`15`	`13`	`$this->beConstructedWith('john.doe', 'secret');`
`@@ -20,6 +18,11 @@ function it_is_initializable()`
`20`	`18`	`$this->shouldHaveType('Http\Message\Authentication\Wsse');`
`21`	`19`	`}`
`22`	`20`
	`21`	`+ function it_is_an_authentication()`
	`22`	`+ {`
	`23`	`+ $this->shouldImplement('Http\Message\Authentication');`
	`24`	`+ }`
	`25`	`+`
`23`	`26`	`function it_authenticates_a_request(`
`24`	`27`	`RequestInterface $request,`
`25`	`28`	`RequestInterface $newRequest,`