From 5145b511b0786949daaf349008431b0dbd4511cb Mon Sep 17 00:00:00 2001 From: Ivan Date: Mon, 22 May 2017 13:51:02 +0300 Subject: [PATCH 1/2] added PathMethodRule --- .../RequestPathMethodRule.php | 73 +++++++++++++++++ tests/RequestPathMethodTest.php | 78 +++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 src/HttpBasicAuthentication/RequestPathMethodRule.php create mode 100644 tests/RequestPathMethodTest.php diff --git a/src/HttpBasicAuthentication/RequestPathMethodRule.php b/src/HttpBasicAuthentication/RequestPathMethodRule.php new file mode 100644 index 0000000..bf8f466 --- /dev/null +++ b/src/HttpBasicAuthentication/RequestPathMethodRule.php @@ -0,0 +1,73 @@ + ["/"], + "passthrough" => [] + ]; + + /** + * Create a new rule instance + * + * @param string[] $options + * + */ + public function __construct($options = []) + { + $this->options = array_merge($this->options, $options); + } + + /** + * @param \Psr\Http\Message\RequestInterface $request + * @return boolean + */ + public function __invoke(RequestInterface $request) + { + $uri = "/" . $request->getUri()->getPath(); + $uri = preg_replace("#/+#", "/", $uri); + + /** If request path is matches passthrough should not authenticate. */ + foreach ((array)$this->options["passthrough"] as $passthrough => $method) { + $passthrough = rtrim($passthrough, "/"); + + /** If path defined as string, we use this little hack */ + if($passthrough === '0') { + $passthrough = $method; + $method = null; + } + + if (preg_match("@^{$passthrough}(/.*)?$@", $uri)) { + if((in_array(strtolower($request->getMethod()), (array)$method)) || empty((array)$method)) { + return false; + } + } + } + + /** Otherwise check if path matches and we should authenticate. */ + foreach ((array)$this->options["path"] as $path => $method) { + $path = rtrim($path, "/"); + + /** If path defined as string, we use this little hack */ + if($path === '0') { + $path = $method; + $method = null; + } + if (preg_match("@^{$path}(/.*)?$@", $uri)) { + if((in_array(strtolower($request->getMethod()), (array)$method)) || empty((array)$method)) { + return true; + } + } + } + + return false; + } +} \ No newline at end of file diff --git a/tests/RequestPathMethodTest.php b/tests/RequestPathMethodTest.php new file mode 100644 index 0000000..3ec68c1 --- /dev/null +++ b/tests/RequestPathMethodTest.php @@ -0,0 +1,78 @@ +withUri(new Uri("https://example.com/api")) + ->withMethod("GET"); + + + $rule = new RequestPathMethodRule([ + 'path' => [ + '/api/*' => [ + 'post' + ] + ] + ]); + + $this->assertFalse($rule($request)); + } + + public function testShouldNotAuthenticatePost() + { + $request = (new Request()) + ->withUri(new Uri("https://example.com/api")) + ->withMethod("GET"); + + $rule = new RequestPathMethodRule([ + 'path' => [ + '/api/*' => [ + 'get' + ] + ] + ]); + + $this->assertTrue($rule($request)); + } + + public function testShouldNotAuthenticatePassthrough() + { + $requestOne = (new Request()) + ->withUri(new Uri("https://example.com/api")) + ->withMethod("GET"); + + $requestTwo = (new Request()) + ->withUri(new Uri("https://example.com/api/addlog")) + ->withMethod('POST'); + + $requestThree = (new Request()) + ->withUri(new Uri("https://example.com/api")) + ->withMethod("POST"); + + $rule = new RequestPathMethodRule([ + 'path' => [ + '/api/*' => [ + 'get', + 'post' + ] + ], + 'passthrough' => [ + '/api/addlog' => [ + 'post' + ] + ] + ]); + + $this->assertTrue($rule($requestOne)); + $this->assertFalse($rule($requestTwo)); + $this->assertTrue($rule($requestThree)); + } +} \ No newline at end of file From 1cff363d398ebb0fe802df8b3191be22b6d3896e Mon Sep 17 00:00:00 2001 From: Ivan Date: Mon, 22 May 2017 15:46:37 +0300 Subject: [PATCH 2/2] fix psr --- src/HttpBasicAuthentication/RequestPathMethodRule.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/HttpBasicAuthentication/RequestPathMethodRule.php b/src/HttpBasicAuthentication/RequestPathMethodRule.php index bf8f466..509bca9 100644 --- a/src/HttpBasicAuthentication/RequestPathMethodRule.php +++ b/src/HttpBasicAuthentication/RequestPathMethodRule.php @@ -2,7 +2,6 @@ namespace Slim\Middleware\HttpBasicAuthentication; - use Psr\Http\Message\RequestInterface; class RequestPathMethodRule @@ -40,13 +39,13 @@ public function __invoke(RequestInterface $request) $passthrough = rtrim($passthrough, "/"); /** If path defined as string, we use this little hack */ - if($passthrough === '0') { + if ($passthrough === '0') { $passthrough = $method; $method = null; } if (preg_match("@^{$passthrough}(/.*)?$@", $uri)) { - if((in_array(strtolower($request->getMethod()), (array)$method)) || empty((array)$method)) { + if ((in_array(strtolower($request->getMethod()), (array)$method)) || empty((array)$method)) { return false; } } @@ -57,12 +56,12 @@ public function __invoke(RequestInterface $request) $path = rtrim($path, "/"); /** If path defined as string, we use this little hack */ - if($path === '0') { + if ($path === '0') { $path = $method; $method = null; } if (preg_match("@^{$path}(/.*)?$@", $uri)) { - if((in_array(strtolower($request->getMethod()), (array)$method)) || empty((array)$method)) { + if ((in_array(strtolower($request->getMethod()), (array)$method)) || empty((array)$method)) { return true; } } @@ -70,4 +69,4 @@ public function __invoke(RequestInterface $request) return false; } -} \ No newline at end of file +}