Merge pull request #2 from FCMHUB/master

Fix - Wrong Jwt credentials being accepted.

Author: ericyzhu

src/Guards/JwtGuard.php

@@ -312,7 +312,7 @@ public function getLastAttempted()
      */
     protected function hasValidCredentials(?AuthenticatableInterface $user, array $credentials): bool
     {
-        $validated = $user !== null and $this->provider->validateCredentials($user, $credentials);
+        $validated = ($user !== null and $this->provider->validateCredentials($user, $credentials));
 
         if ($validated) {
             $this->dispatchValidatedEvent($user);

tests/AuthGuardTest.php

@@ -8,10 +8,12 @@
  * @contact  eric@zhu.email
  * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
  */
+
 namespace HyperfTest;
 
 use Hyperf\Contract\SessionInterface;
 use Hyperf\HttpMessage\Cookie\Cookie;
+use HyperfExt\Cookie\Contract\CookieJarInterface;
 use Hyperf\HttpMessage\Uri\Uri;
 use Hyperf\HttpServer\Request;
 use Hyperf\Utils\Context;
@@ -559,17 +561,15 @@ protected function getMocks()
             new Request(),
             m::mock(SessionInterface::class),
             m::mock(EventDispatcherInterface::class),
-            m::mock(CookieJar::class),
+            m::mock(CookieJarInterface::class),
             m::mock(UserProviderInterface::class),
-            [
-                'name' => 'foo',
-            ],
+            'foo',
         ];
     }
 
     protected function getCookieJar()
     {
         return new CookieJar();
-//        return new CookieJar(Request::create('/foo', 'GET'), m::mock(Encrypter::class), ['domain' => 'foo.com', 'path' => '/', 'secure' => false, 'httpOnly' => false]);
+        //        return new CookieJar(Request::create('/foo', 'GET'), m::mock(Encrypter::class), ['domain' => 'foo.com', 'path' => '/', 'secure' => false, 'httpOnly' => false]);
     }
 }

tests/AuthJwtGuardTest.php

@@ -0,0 +1,105 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of hyperf-ext/auth.
+ *
+ * @link     https://github.com/hyperf-ext/auth
+ * @contact  eric@zhu.email
+ * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
+ */
+
+namespace HyperfTest;
+
+use Hyperf\HttpServer\Request;
+use Hyperf\Utils\Context;
+use HyperfExt\Auth\Contracts\UserProviderInterface;
+use HyperfExt\Auth\Guards\JwtGuard;
+use HyperfExt\Auth\Guards\TokenGuard;
+use Mockery as m;
+use PHPUnit\Framework\TestCase;
+use Psr\Container\ContainerInterface;
+use HyperfExt\Jwt\JwtFactory;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\EventDispatcher\EventDispatcherInterface;
+
+/**
+ * @internal
+ * @coversNothing
+ */
+class AuthJwtGuardTest extends TestCase
+{
+    protected function tearDown(): void
+    {
+        m::close();
+    }
+
+    public function testFailValidateCredentials()
+    {
+        $provider = m::mock(UserProviderInterface::class);
+        $container = m::mock(ContainerInterface::class);
+        $jwtFactory = m::mock(JwtFactory::class);
+        $jwt = m::mock(Jwt::class);
+        $dispatcher = m::mock(EventDispatcherInterface::class);
+
+        $user = new AuthTokenGuardTestUser();
+        $user->id = 1;
+        $user->password = 'hash';
+        $request = $this->createRequest(['id' => '1', 'password' => '123456']);
+        $provider->shouldReceive('retrieveByCredentials')->once()->with(['id' => '1', 'password' => '123456'])->andReturn($user);
+        $provider->shouldReceive('validateCredentials')->once()->andReturn(false);
+        $jwt->shouldReceive('fromUser')->andReturn('token');
+        $jwt->shouldReceive('setToken');
+        $jwtFactory->shouldReceive('make')->once()->andReturn($jwt);
+        $dispatcher->shouldReceive('dispatch');
+
+        $guard = new JwtGuard($container, $request, $jwtFactory, $dispatcher, $provider, 'foo');
+
+        $result = $guard->attempt(['id' => '1', 'password' => '123456']);
+
+        $this->assertEquals(false, $result);
+    }
+
+    public function testSuccessValidateCredentials()
+    {
+        $provider = m::mock(UserProviderInterface::class);
+        $container = m::mock(ContainerInterface::class);
+        $jwtFactory = m::mock(JwtFactory::class);
+        $jwt = m::mock(Jwt::class);
+        $dispatcher = m::mock(EventDispatcherInterface::class);
+
+        $user = new AuthTokenGuardTestUser();
+        $user->id = 1;
+        $user->password = 'hash';
+        $request = $this->createRequest(['id' => '1', 'password' => '123456']);
+        $provider->shouldReceive('retrieveByCredentials')->once()->with(['id' => '1', 'password' => '123456'])->andReturn($user);
+        $provider->shouldReceive('validateCredentials')->once()->andReturn(true);
+        $jwt->shouldReceive('fromUser')->once()->andReturn('token');
+        $jwt->shouldReceive('setToken')->once();
+        $jwtFactory->shouldReceive('make')->once()->andReturn($jwt);
+        $dispatcher->shouldReceive('dispatch');
+
+        $guard = new JwtGuard($container, $request, $jwtFactory, $dispatcher, $provider, 'foo');
+
+        $result = $guard->attempt(['id' => '1', 'password' => '123456']);
+
+        $this->assertEquals('token', $result);
+    }
+
+    protected function createRequest(array $params = [], array $headers = [])
+    {
+        $request = new \Hyperf\HttpMessage\Server\Request('GET', '/');
+        Context::set(ServerRequestInterface::class, $request->withQueryParams($params)->withHeaders($headers));
+        return new Request();
+    }
+}
+
+class AuthJwtGuardTestUser extends User
+{
+    public $id;
+
+    public function getAuthIdentifier()
+    {
+        return $this->id;
+    }
+}

tests/AuthTokenGuardTest.php

@@ -8,6 +8,7 @@
  * @contact  eric@zhu.email
  * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
  */
+
 namespace HyperfTest;
 
 use Hyperf\HttpServer\Request;
@@ -37,7 +38,7 @@ public function testUserCanBeRetrievedByQueryStringVariable()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => 'foo'])->andReturn($user);
         $request = $this->createRequest(['api_token' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
 
         $user = $guard->user();
 
@@ -55,7 +56,7 @@ public function testTokenCanBeHashed()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => hash('sha256', 'foo')])->andReturn($user);
         $request = $this->createRequest(['api_token' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'api_token',
             'storage_key' => 'api_token',
             'hash' => true,
@@ -75,7 +76,7 @@ public function testUserCanBeRetrievedByAuthHeaders()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => 'foo'])->andReturn(new AuthTokenGuardTestUser());
         $request = $this->createRequest([], ['Authorization' => 'Basic ' . base64_encode('foo:foo')]);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
 
         $user = $guard->user();
 
@@ -88,7 +89,7 @@ public function testUserCanBeRetrievedByBearerToken()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => 'foo'])->andReturn(new AuthTokenGuardTestUser());
         $request = $this->createRequest([], ['Authorization' => 'Bearer foo']);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
 
         $user = $guard->user();
 
@@ -103,7 +104,7 @@ public function testValidateCanDetermineIfCredentialsAreValid()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => 'foo'])->andReturn($user);
         $request = $this->createRequest(['api_token' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
 
         $this->assertTrue($guard->validate(['api_token' => 'foo']));
     }
@@ -114,7 +115,7 @@ public function testValidateCanDetermineIfCredentialsAreInvalid()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => 'foo'])->andReturn(null);
         $request = $this->createRequest(['api_token' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
 
         $this->assertFalse($guard->validate(['api_token' => 'foo']));
     }
@@ -124,7 +125,7 @@ public function testValidateIfApiTokenIsEmpty()
         $provider = m::mock(UserProviderInterface::class);
         $request = $this->createRequest(['api_token' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
 
         $this->assertFalse($guard->validate(['api_token' => '']));
     }
@@ -137,7 +138,7 @@ public function testItAllowsToPassCustomRequestInSetterAndUseItForValidation()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['api_token' => 'custom'])->andReturn($user);
         $request = $this->createRequest(['api_token' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider);
+        $guard = new TokenGuard($request, $provider, 'foo');
         $guard->setRequest($this->createRequest(['api_token' => 'custom']));
 
         $user = $guard->user();
@@ -151,7 +152,7 @@ public function testUserCanBeRetrievedByBearerTokenWithCustomKey()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['custom_token_field' => 'foo'])->andReturn(new AuthTokenGuardTestUser());
         $request = $this->createRequest([], ['Authorization' => 'Bearer foo']);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'custom_token_field',
             'storage_key' => 'custom_token_field',
         ]);
@@ -169,7 +170,7 @@ public function testUserCanBeRetrievedByQueryStringVariableWithCustomKey()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['custom_token_field' => 'foo'])->andReturn($user);
         $request = $this->createRequest(['custom_token_field' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'custom_token_field',
             'storage_key' => 'custom_token_field',
         ]);
@@ -188,7 +189,7 @@ public function testUserCanBeRetrievedByAuthHeadersWithCustomField()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['custom_token_field' => 'foo'])->andReturn(new AuthTokenGuardTestUser());
         $request = $this->createRequest([], ['Authorization' => 'Basic ' . base64_encode('foo:foo')]);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'custom_token_field',
             'storage_key' => 'custom_token_field',
         ]);
@@ -206,7 +207,7 @@ public function testValidateCanDetermineIfCredentialsAreValidWithCustomKey()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['custom_token_field' => 'foo'])->andReturn($user);
         $request = $this->createRequest(['custom_token_field' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'custom_token_field',
             'storage_key' => 'custom_token_field',
         ]);
@@ -220,7 +221,7 @@ public function testValidateCanDetermineIfCredentialsAreInvalidWithCustomKey()
         $provider->shouldReceive('retrieveByCredentials')->once()->with(['custom_token_field' => 'foo'])->andReturn(null);
         $request = $this->createRequest(['custom_token_field' => 'foo']);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'custom_token_field',
             'storage_key' => 'custom_token_field',
         ]);
@@ -233,7 +234,7 @@ public function testValidateIfApiTokenIsEmptyWithCustomKey()
         $provider = m::mock(UserProviderInterface::class);
         $request = $this->createRequest(['custom_token_field' => '']);
 
-        $guard = new TokenGuard($request, $provider, [
+        $guard = new TokenGuard($request, $provider, 'foo', [
             'input_key' => 'custom_token_field',
             'storage_key' => 'custom_token_field',
         ]);