Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core): Support check user scopes in middleware #32

Merged
merged 3 commits into from
Jul 22, 2024
Merged

feat(core): Support check user scopes in middleware #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4ec78d5
Check user scopes in middleware
mostafaaminflakes Jul 22, 2024
6eb73e6
Update OauthMiddleware.php
salkhwlani Jul 22, 2024
ce67e19
Update OauthMiddlewareTest.php
salkhwlani Jul 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions src/Http/OauthMiddleware.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,9 @@
abort(401, 'Unauthorized Access');
}

// todo :: implement check the scopes
// todo:: $this->user->getScope()
if(!is_null($scope) && !collect(explode(' ', $this->user->getScope()))->contains($scope)){

Check notice on line 47 in src/Http/OauthMiddleware.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/Http/OauthMiddleware.php#L47 

Expected "if (...) {\n"; found "if(...){\n"

Check notice on line 47 in src/Http/OauthMiddleware.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/Http/OauthMiddleware.php#L47 

Expected 1 space after IF keyword; 0 found

Check notice on line 47 in src/Http/OauthMiddleware.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/Http/OauthMiddleware.php#L47 

Operator ! prohibited; use === FALSE instead

Check warning on line 47 in src/Http/OauthMiddleware.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/Http/OauthMiddleware.php#L47 

The use of function is_null() is discouraged; use strict comparison "=== null" instead.

Check notice on line 47 in src/Http/OauthMiddleware.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/Http/OauthMiddleware.php#L47 

There must be a single space between the closing parenthesis and the opening brace of a multi-line IF statement; found 0 spaces
abort(401, 'Unauthorized Access (The scope not allowed)');
}

$exception_at = now()->diffInSeconds($this->user->getExpiredAt());

Expand Down
112 changes: 112 additions & 0 deletions test/OauthMiddlewareTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@
return 'hello '. auth()->guard('salla-oauth')->user()->getAuthIdentifier();
})->middleware(OauthMiddleware::class);

$app['router']->get('hello/user-order-read-scope')->uses(function () {

Check notice on line 18 in test/OauthMiddlewareTest.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

test/OauthMiddlewareTest.php#L18 

Opening parenthesis of a multi-line function call must be the last content on the line
return 'hello '. auth()->guard('salla-oauth')->user()->getAuthIdentifier();
})->middleware('salla.oauth:orders.read');

Check notice on line 20 in test/OauthMiddlewareTest.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

test/OauthMiddlewareTest.php#L20 

Closing parenthesis of a multi-line function call must be on a line by itself

$app['router']->get('hello/guest')->name('auth.guest')->uses(function () {
return 'hello guest';
});
Expand Down Expand Up @@ -89,4 +93,112 @@
$this->assertTrue($authGuard->check());
$this->assertSame($user['data']['id'], $authGuard->user()->getAuthIdentifier());
}

public function testCheckAllowedUserScope()

Check notice on line 97 in test/OauthMiddlewareTest.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

test/OauthMiddlewareTest.php#L97 

Missing doc comment for function testCheckAllowedUserScope()
{
$this->app->singleton(SallaOauth::class, function () {
return $this->getMockBuilder(Salla::class)
->disableOriginalConstructor()
->onlyMethods(['fetchResourceOwnerDetails'])
->getMock();
});

// Mock response
$user = [
'data' => [
'id' => '12345',
'name' => 'mock name',
'email' => '[email protected]',
'mobile' => '05000000',
'role' => 'user',
'created_at' => '2018-04-28 17:46:25',
'merchant' => [
'id' => '11111',
'owner_id' => '12345',
'owner_name' => 'mock name',
'username' => 'mock_name',
'name' => 'mock name',
'avatar' => 'mock_avatar',
'store_location' => 'mock_location',
'plan' => 'mock_plan',
'status' => 'mock_status',
'created_at' => '2018-04-28 17:46:25',
],

Check notice on line 126 in test/OauthMiddlewareTest.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

test/OauthMiddlewareTest.php#L126 

Closing parenthesis not aligned correctly; expected 30 spaces but found 16
'context' => [

Check notice on line 127 in test/OauthMiddlewareTest.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

test/OauthMiddlewareTest.php#L127 

Array key not aligned correctly; expected 23 spaces but found 16
'app' => '123',

Check notice on line 128 in test/OauthMiddlewareTest.php

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

test/OauthMiddlewareTest.php#L128 

Array key not aligned correctly; expected 30 spaces but found 20
'scope' => 'orders.read products.read',
'exp' => 1721326955
]
]
];

$token = new AccessToken([
'access_token' => 'foobar',
]);

// Set up the expectation for fetchResourceOwnerDetails method
$this->app->make(SallaOauth::class)->expects($this->once())
->method('fetchResourceOwnerDetails')
->with($this->equalTo($token))
->willReturn($user);

$response = $this->get('hello/user-order-read-scope', [
'Authorization' => 'Bearer foobar'
]);
$response->assertStatus(200)->assertSeeText('hello 12345');
}

public function testCheckNotAllowedUserScope()
{
$this->app->singleton(SallaOauth::class, function () {
return $this->getMockBuilder(Salla::class)
->disableOriginalConstructor()
->onlyMethods(['fetchResourceOwnerDetails'])
->getMock();
});

// Mock response
$user = [
'data' => [
'id' => '12345',
'name' => 'mock name',
'email' => '[email protected]',
'mobile' => '05000000',
'role' => 'user',
'created_at' => '2018-04-28 17:46:25',
'merchant' => [
'id' => '11111',
'owner_id' => '12345',
'owner_name' => 'mock name',
'username' => 'mock_name',
'name' => 'mock name',
'avatar' => 'mock_avatar',
'store_location' => 'mock_location',
'plan' => 'mock_plan',
'status' => 'mock_status',
'created_at' => '2018-04-28 17:46:25',
],
'context' => [
'app' => '123',
'scope' => 'customers.read products.read',
'exp' => 1721326955
]
]
];

$token = new AccessToken([
'access_token' => 'foobar',
]);

// Set up the expectation for fetchResourceOwnerDetails method
$this->app->make(SallaOauth::class)->expects($this->once())
->method('fetchResourceOwnerDetails')
->with($this->equalTo($token))
->willReturn($user);

$response = $this->get('hello/user-order-read-scope', [
'Authorization' => 'Bearer foobar'
]);
$response->assertStatus(401)->assertSeeText('Unauthorized');
}
}
Loading