Merge pull request #1 from SoapBox/bugfix/laravel-will-not-provide-a-signed-object

[Bugfix] Laravel Provides Request Objects, Not Signed Objects, to Middlewares

Author: Jaspaul

src/Middlewares/VerifySignature.php

@@ -3,8 +3,9 @@
 namespace SoapBox\SignedRequests\Middlewares;
 
 use Closure;
+use Illuminate\Http\Request;
 use Illuminate\Contracts\Config\Repository;
-use SoapBox\SignedRequests\Requests\Signed;
+use SoapBox\SignedRequests\Requests\Verifier;
 use SoapBox\SignedRequests\Exceptions\InvalidSignatureException;
 
 class VerifySignature
@@ -36,20 +37,22 @@ public function __construct(Repository $configurations)
      * @throws \SoapBox\SignedRequests\Exceptions\InvalidSignatureException
      *         Thrown when the signature of the request is not valid.
      *
-     * @param  \SoapBox\SignedRequests\Requests\Signed $request
-     *         An instance of the signed request.
+     * @param  \Illuminate\Http\Request $request
+     *         An instance of the request.
      * @param  \Closure $next
      *         A callback function of where to go next.
      *
      * @return mixed
      */
-    public function handle(Signed $request, Closure $next)
+    public function handle(Request $request, Closure $next)
     {
-        $request
+        $signed = new Verifier($request);
+
+        $signed
             ->setSignatureHeader($this->configurations->get('signed-requests.headers.signature'))
             ->setAlgorithmHeader($this->configurations->get('signed-requests.headers.algorithm'));
 
-        if (!$request->isValid($this->configurations->get('signed-requests.key'))) {
+        if (!$signed->isValid($this->configurations->get('signed-requests.key'))) {
             throw new InvalidSignatureException();
         }
 

src/Requests/Signed.php renamed to src/Requests/Verifier.php

@@ -5,7 +5,7 @@
 use Illuminate\Http\Request;
 use SoapBox\SignedRequests\Signature;
 
-class Signed extends Request
+class Verifier
 {
     /**
      * The header that holds the signature.
@@ -21,16 +21,23 @@ class Signed extends Request
      */
     protected $algorithmHeader;
 
+    /**
+     * The underlying request that has the signature to validate.
+     *
+     * @var \Illluminate\Http\Request
+     */
+    protected $request;
+
     /**
      * Sets the local header key for locating the signature to the provided key.
      *
      * @param string $header
      *        The header key where the signature is located.
      *
-     * @return \SoapBox\SignedRequests\Requests\Signed
+     * @return \SoapBox\SignedRequests\Requests\Verifier
      *         The updated instance to enable fluent access.
      */
-    public function setSignatureHeader(string $header) : Signed
+    public function setSignatureHeader(string $header) : Verifier
     {
         $this->signatureHeader = $header;
         return $this;
@@ -42,10 +49,10 @@ public function setSignatureHeader(string $header) : Signed
      * @param string $header
      *        The header key where the algorithm is located.
      *
-     * @return \SoapBox\SignedRequests\Requests\Signed
+     * @return \SoapBox\SignedRequests\Requests\Verifier
      *         The updated instance of to enable fluent access.
      */
-    public function setAlgorithmHeader(string $header) : Signed
+    public function setAlgorithmHeader(string $header) : Verifier
     {
         $this->algorithmHeader = $header;
         return $this;
@@ -73,6 +80,48 @@ protected function getSignature() : string
         return $this->header($this->signatureHeader);
     }
 
+    /**
+     * Used to wrap the existing request so we can verify the signature.
+     *
+     * @param \Illuminate\Http\Request $request
+     *        The request to be verified.
+     */
+    public function __construct(Request $request)
+    {
+        $this->request = $request;
+    }
+
+    /**
+     * Forward calls to the underlying request so we can use this object like a
+     * request.
+     *
+     * @param string $method
+     *        The method to call on the underlying request.
+     * @param mixed $parameters
+     *        The parameters to send to the method on the request.
+     *
+     * @return mixed
+     *         Returns the results of the calls on the parent.
+     */
+    public function __call($method, $parameters)
+    {
+        return $this->request->$method(...$parameters);
+    }
+
+    /**
+     * Forward calls to parameters to the request.
+     *
+     * @param string $key
+     *        The name of the property we're attempting to access.
+     *
+     * @return mixed
+     *         The value of the property on the request.
+     */
+    public function __get($key)
+    {
+        return $this->request->$key;
+    }
+
     /**
      * Returns the request body content, and handles unescaping slashes for
      * json content.
@@ -87,7 +136,7 @@ protected function getSignature() : string
      */
     public function getContent($asResource = false)
     {
-        $content = parent::getContent($asResource);
+        $content = $this->request->getContent($asResource);
 
         json_decode($content);
 

tests/Middlewares/VerifySignatureTest.php

@@ -4,6 +4,8 @@
 
 use Mockery;
 use Tests\TestCase;
+use Illuminate\Http\Request;
+use SoapBox\SignedRequests\Signature;
 use Illuminate\Contracts\Config\Repository;
 use SoapBox\SignedRequests\Requests\Signed;
 use SoapBox\SignedRequests\Middlewares\VerifySignature;
@@ -59,12 +61,7 @@ public function it_throws_an_invalid_signature_exception_if_the_request_is_not_v
             ->with('signed-requests.key')
             ->andReturn('key');
 
-        $request = new class() extends Signed {
-            public function isValid(string $key) : bool
-            {
-                return false;
-            }
-        };
+        $request = new Request();
 
         $this->middleware->handle($request, function () { });
     }
@@ -76,22 +73,27 @@ public function it_should_call_our_callback_if_the_request_is_valid()
     {
         $this->configurations->shouldReceive('get')
             ->with('signed-requests.headers.signature')
-            ->andReturn('HTTP_SIGNATURE');
+            ->andReturn('signature');
 
         $this->configurations->shouldReceive('get')
             ->with('signed-requests.headers.algorithm')
-            ->andReturn('HTTP_ALGORITHM');
+            ->andReturn('algorithm');
 
         $this->configurations->shouldReceive('get')
             ->with('signed-requests.key')
             ->andReturn('key');
 
-        $request = new class() extends Signed {
-            public function isValid(string $key) : bool
-            {
-                return true;
-            }
-        };
+        $query = [];
+        $request = [];
+        $attributes = [];
+        $cookies = [];
+        $files = [];
+        $server = [
+            'HTTP_SIGNATURE' => hash_hmac('sha256', 'a', 'key'),
+            'HTTP_ALGORITHM' => 'sha256'
+        ];
+
+        $request = new Request($query, $request, $attributes, $cookies, $files, $server, 'a');
 
         $this->middleware->handle($request, function () {
             // This should be called.

tests/Requests/SignedTest.php renamed to tests/Requests/VerifierTest.php

@@ -4,25 +4,25 @@
 
 use Tests\TestCase;
 use Illuminate\Http\Request;
-use SoapBox\SignedRequests\Requests\Signed;
+use SoapBox\SignedRequests\Requests\Verifier;
 
-class SignedTest extends TestCase
+class VerifierTest extends TestCase
 {
     /**
      * @test
      */
-    public function it_is_a_request()
+    public function it_can_be_constructed()
     {
-        $request = new Signed();
-        $this->assertInstanceOf(Request::class, $request);
+        $request = new Verifier(new Request());
+        $this->assertInstanceOf(Verifier::class, $request);
     }
 
     /**
      * @test
      */
     public function the_signature_header_key_can_be_set()
     {
-        $request = new class() extends Signed {
+        $request = new class(new Request()) extends Verifier {
             public function getSignatureHeader()
             {
                 return $this->signatureHeader;
@@ -42,7 +42,7 @@ public function getSignatureHeader()
      */
     public function the_algorithm_header_key_can_be_set()
     {
-        $request = new class() extends Signed {
+        $request = new class(new Request()) extends Verifier {
             public function getAlgorithmHeader()
             {
                 return $this->algorithmHeader;
@@ -58,17 +58,17 @@ public function getAlgorithmHeader()
     }
 
     /**
-     * A test helper to generate a signed request.
+     * A test helper to generate a Signed request.
      *
      * @param  array $headers
      *         The request headers we'd like to include.
      * @param  string $content
      *         The content of the request.
      *
-     * @return \SoapBox\SignedRequests\Requests\Signed
+     * @return \SoapBox\SignedRequests\Requests\Verifier
      *         A configured signed request.
      */
-    protected function makeSignedRequest(array $headers = [], string $content = null) : Signed
+    protected function makeSignedRequest(array $headers = [], string $content = null) : Verifier
     {
         $query = [];
         $request = [];
@@ -77,7 +77,9 @@ protected function makeSignedRequest(array $headers = [], string $content = null
         $files = [];
         $server = $headers;
 
-        return new Signed($query, $request, $attributes, $cookies, $files, $server, $content);
+        $request = new Request($query, $request, $attributes, $cookies, $files, $server, $content);
+
+        return new Verifier($request);
     }
 
     /**