Merge pull request #287 from cakephp/config-data

Move redirect configuration to the service

Author: markstory

src/AuthenticationService.php

@@ -79,6 +79,11 @@ class AuthenticationService implements AuthenticationServiceInterface
      *      ]
      *   ]);
      *   ```
+     * - `identityAttribute` - The request attribute to store the identity in.
+     * - `unauthenticatedRedirect` - The URL to redirect unauthenticated errors to. See
+     *    AuthenticationComponent::allowUnauthenticated()
+     * - `queryParam` - Set to a string to have unauthenticated redirects contain a `redirect` query string
+     *   parameter with the previously blocked URL.
      *
      * @var array
      */
@@ -87,6 +92,8 @@ class AuthenticationService implements AuthenticationServiceInterface
         'identifiers' => [],
         'identityClass' => Identity::class,
         'identityAttribute' => 'identity',
+        'queryParam' => null,
+        'unauthorizedRedirect' => null,
     ];
 
     /**
@@ -291,6 +298,16 @@ public function getIdentity()
         return $identity;
     }
 
+    /**
+     * Return the name of the identity attribute.
+     *
+     * @return string
+     */
+    public function getIdentityAttribute()
+    {
+        return $this->getConfig('identityAttribute');
+    }
+
     /**
      * Builds the identity object
      *
@@ -317,4 +334,48 @@ public function buildIdentity($identityData)
 
         return $identity;
     }
+
+    /**
+     * Return the URL to redirect unauthenticated users to.
+     *
+     * If the `unauthenticaedRedirect` option is not set,
+     * this method will return null.
+     *
+     * If the `queryParam` option is set a query parameter
+     * will be appended with the denied URL path.
+     *
+     * @param \Psr\Http\Message\ServerRequestInterface $request The request
+     * @return string|null
+     */
+    public function getUnauthenticatedRedirectUrl(ServerRequestInterface $request)
+    {
+        $param = $this->getConfig('queryParam');
+        $target = $this->getConfig('unauthenticatedRedirect');
+        if ($target === null) {
+            return null;
+        }
+        if ($param === null) {
+            return $target;
+        }
+
+        $uri = $request->getUri();
+        if (property_exists($uri, 'base')) {
+            $uri = $uri->withPath($uri->base . $uri->getPath());
+        }
+        $redirect = $uri->getPath();
+        if ($uri->getQuery()) {
+            $redirect .= '?' . $uri->getQuery();
+        }
+        $query = urlencode($param) . '=' . urlencode($redirect);
+
+        $url = parse_url($target);
+        if (isset($url['query']) && strlen($url['query'])) {
+            $url['query'] .= '&' . $query;
+        } else {
+            $url['query'] = $query;
+        }
+        $fragment = isset($url['fragment']) ? '#' . $url['fragment'] : '';
+
+        return $url['path'] . '?' . $url['query'] . $fragment;
+    }
 }

src/AuthenticationServiceInterface.php

@@ -69,4 +69,19 @@ public function getAuthenticationProvider();
      * @return \Authentication\Authenticator\ResultInterface|null Authentication result interface
      */
     public function getResult();
+
+    /**
+     * Return the name of the identity attribute.
+     *
+     * @return string
+     */
+    public function getIdentityAttribute();
+
+    /**
+     * Return the URL to redirect unauthenticated users to.
+     *
+     * @param \Psr\Http\Message\ServerRequestInterface $request The request
+     * @return string|null
+     */
+    public function getUnauthenticatedRedirectUrl(ServerRequestInterface $request);
 }

src/Middleware/AuthenticationMiddleware.php

@@ -14,6 +14,7 @@
  */
 namespace Authentication\Middleware;
 
+use Authentication\AuthenticationService;
 use Authentication\AuthenticationServiceInterface;
 use Authentication\AuthenticationServiceProviderInterface;
 use Authentication\Authenticator\UnauthenticatedException;
@@ -35,18 +36,18 @@ class AuthenticationMiddleware
     /**
      * Configuration options
      *
-     * - `identityAttribute` - The request attribute to store the identity in.
      * - `name` the application hook method to call. Will be prefixed with `authentication`
+     *
+     * The following keys are deprecated and should instead be set on the AuthenticationService
+     *
+     * - `identityAttribute` - The request attribute to store the identity in.
      * - `unauthenticatedRedirect` - The URL to redirect unauthenticated errors to. See
      *    AuthenticationComponent::allowUnauthenticated()
      * - `queryParam` - Set to true to have unauthenticated redirects contain a `redirect` query string
      *   parameter with the previously blocked URL.
      */
     protected $_defaultConfig = [
-        'identityAttribute' => 'identity',
         'name' => null,
-        'unauthenticatedRedirect' => null,
-        'queryParam' => null,
     ];
 
     /**
@@ -111,7 +112,7 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
         }
 
         $request = $result['request'];
-        $request = $request->withAttribute($this->getConfig('identityAttribute'), $service->getIdentity());
+        $request = $request->withAttribute($service->getIdentityAttribute(), $service->getIdentity());
         $request = $request->withAttribute('authentication', $service);
         $request = $request->withAttribute('authenticationResult', $result['result']);
 
@@ -120,10 +121,8 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
         try {
             return $next($request, $response);
         } catch (UnauthenticatedException $e) {
-            $target = $this->getConfig('unauthenticatedRedirect');
-            if ($target) {
-                $url = $this->getRedirectUrl($target, $request);
-
+            $url = $service->getUnauthenticatedRedirectUrl($request);
+            if ($url) {
                 return $response
                     ->withStatus(302)
                     ->withHeader('Location', $url);
@@ -132,41 +131,6 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
         }
     }
 
-    /**
-     * Returns redirect URL.
-     *
-     * @param string $target Redirect target.
-     * @param \Psr\Http\Message\ServerRequestInterface $request Request instance.
-     * @return string
-     */
-    protected function getRedirectUrl($target, ServerRequestInterface $request)
-    {
-        $param = $this->getConfig('queryParam');
-        if ($param === null) {
-            return $target;
-        }
-
-        $uri = $request->getUri();
-        if (property_exists($uri, 'base')) {
-            $uri = $uri->withPath($uri->base . $uri->getPath());
-        }
-        $redirect = $uri->getPath();
-        if ($uri->getQuery()) {
-            $redirect .= '?' . $uri->getQuery();
-        }
-        $query = urlencode($param) . '=' . urlencode($redirect);
-
-        $url = parse_url($target);
-        if (isset($url['query']) && strlen($url['query'])) {
-            $url['query'] .= '&' . $query;
-        } else {
-            $url['query'] = $query;
-        }
-        $fragment = isset($url['fragment']) ? '#' . $url['fragment'] : '';
-
-        return $url['path'] . '?' . $url['query'] . $fragment;
-    }
-
     /**
      * Returns AuthenticationServiceInterface instance.
      *
@@ -189,6 +153,24 @@ protected function getAuthenticationService($request, $response)
 
             throw new RuntimeException($message);
         }
+        $forwardKeys = ['identityAttribute', 'unauthenticatedRedirect', 'queryParam'];
+        foreach ($forwardKeys as $key) {
+            $value = $this->getConfig($key);
+            if ($value) {
+                deprecationWarning(
+                    "The `{$key}` configuration key on AuthenticationMiddleware is deprecated. " .
+                    "Instead set the `{$key}` on your AuthenticationService instance."
+                );
+                if ($subject instanceof AuthenticationService) {
+                    $subject->setConfig($key, $value);
+                } else {
+                    throw new RuntimeException(
+                        'Could not forward configuration to authentication service as ' .
+                        'it does not implement `getConfig()`'
+                    );
+                }
+            }
+        }
 
         return $subject;
     }

tests/TestCase/AuthenticationServiceTest.php

@@ -627,4 +627,65 @@ public function testGetIdentityInterface()
 
         $this->assertSame($identity, $service->getIdentity());
     }
+
+    public function testGetIdentityAttribute()
+    {
+        $service = new AuthenticationService(['identityAttribute' => 'user']);
+        $this->assertSame('user', $service->getIdentityAttribute());
+    }
+
+    public function testGetUnauthenticatedRedirectUrlNoValues()
+    {
+        $service = new AuthenticationService();
+        $request = new ServerRequest();
+
+        $this->assertNull($service->getUnauthenticatedRedirectUrl($request));
+    }
+
+    public function testGetUnauthenticatedRedirectUrl()
+    {
+        $service = new AuthenticationService();
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/secrets']
+        );
+        $service->setConfig('unauthenticatedRedirect', '/users/login');
+        $this->assertSame('/users/login', $service->getUnauthenticatedRedirectUrl($request));
+
+        $service->setConfig('queryParam', 'redirect');
+        $this->assertSame(
+            '/users/login?redirect=%2Fsecrets',
+            $service->getUnauthenticatedRedirectUrl($request)
+        );
+
+        $service->setConfig('unauthenticatedRedirect', '/users/login?foo=bar');
+        $this->assertSame(
+            '/users/login?foo=bar&redirect=%2Fsecrets',
+            $service->getUnauthenticatedRedirectUrl($request)
+        );
+
+        $service->setConfig('unauthenticatedRedirect', '/users/login?foo=bar#fragment');
+        $this->assertSame(
+            '/users/login?foo=bar&redirect=%2Fsecrets#fragment',
+            $service->getUnauthenticatedRedirectUrl($request)
+        );
+    }
+
+    public function testGetUnauthenticatedRedirectUrlWithBasePath()
+    {
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/secrets']
+        );
+        $uri = $request->getUri();
+        $uri->base = '/base';
+        $request = $request->withUri($uri);
+
+        $service = new AuthenticationService([
+            'unauthenticatedRedirect' => '/users/login',
+            'queryParam' => 'redirect',
+        ]);
+        $this->assertSame(
+            '/users/login?redirect=%2Fbase%2Fsecrets',
+            $service->getUnauthenticatedRedirectUrl($request)
+        );
+    }
 }