Extend AbstractListener (#23)

* Add test coverage for AutoLoginListener

* Bump symfony requirement

* Use symfony/phpunit-bridge instead of phpunit/phpunit

* Enable autoloading for Tests folder

* Use psr-4 and collapse directory

Co-authored-by: Rasmus Nilsson <rasmus.nilsson@lokalguiden.se>

Author: rasmustnilsson

.gitignore

@@ -1,2 +1,3 @@
 composer.lock
 vendor
+.phpunit.result.cache

Tests/Http/Firewall/AutoLoginListenerTest.php

@@ -0,0 +1,143 @@
+<?php declare(strict_types=1);
+
+namespace Jmikola\AutoLogin\Tests\Http\Firewall;
+
+use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Jmikola\AutoLogin\Http\Firewall\AutoLoginListener;
+use Jmikola\AutoLogin\Authentication\Token\AutoLoginToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+
+class AutoLoginListenerTest extends TestCase
+{
+    private const PROVIDER_KEY = 'test-provider-key';
+    private const TOKEN_KEY = 'test-token-param';
+    private const TOKEN = 'test-token';
+
+    /**
+     * @var MockObject|TokenStorageInterface
+     */
+    private $tokenStorageMock;
+
+    /**
+     * @var MockObject|AuthenticationManagerInterface
+     */
+    private $authenticationManagerMock;
+
+    protected function setUp(): void
+    {
+        $this->tokenStorageMock = $this->createMock(TokenStorageInterface::class);
+        $this->authenticationManagerMock = $this->createMock(AuthenticationManagerInterface::class);
+    }
+
+    public function testShouldDoNothingIfTokenIsNotInRequest(): void
+    {
+        $listener = $this->createListener([]);
+
+        $event = new RequestEvent(
+            $this->createMock(HttpKernelInterface::class),
+            new Request(),
+            HttpKernelInterface::MASTER_REQUEST
+        );
+
+        $this->expectTokenStorageGetTokenNotCalled();
+        $this->expectAuthenticationManagerAuthenticateNotCalled();
+
+        $listener->__invoke($event);
+    }
+
+    public function testShouldNotOverrideAlreadyAuthenticatedUser(): void
+    {
+        $listener = $this->createListener([]);
+
+        $event = new RequestEvent(
+            $this->createMock(HttpKernelInterface::class),
+            new Request([self::TOKEN_KEY => self::TOKEN]),
+            HttpKernelInterface::MASTER_REQUEST
+        );
+
+        $this->expectTokenStorageGetToken();
+        $this->expectAuthenticationManagerAuthenticateNotCalled();
+
+        $listener->__invoke($event);
+    }
+
+    public function testShouldOverrideAlreadyAuthenticatedUser(): void
+    {
+        $listener = $this->createListener([
+            'override_already_authenticated' => true,
+        ]);
+
+        $event = new RequestEvent(
+            $this->createMock(HttpKernelInterface::class),
+            new Request([self::TOKEN_KEY => self::TOKEN]),
+            HttpKernelInterface::MASTER_REQUEST
+        );
+
+        $this->expectTokenStorageGetToken();
+        $this->expectShouldAuthenticateUser();
+
+        $listener->__invoke($event);
+    }
+
+    private function createListener(array $options): AutoLoginListener
+    {
+        return new AutoLoginListener(
+            $this->tokenStorageMock,
+            $this->authenticationManagerMock,
+            self::PROVIDER_KEY,
+            self::TOKEN_KEY,
+            null,
+            null,
+            $options
+        );
+    }
+
+    private function expectTokenStorageGetTokenNotCalled(): void
+    {
+        $this->tokenStorageMock
+            ->expects(self::never())
+            ->method('getToken')
+        ;
+    }
+
+    private function expectTokenStorageGetToken(): void
+    {
+        $this->tokenStorageMock
+            ->expects(self::once())
+            ->method('getToken')
+            ->willReturn($this->createMock(TokenInterface::class))
+        ;
+    }
+
+    private function expectAuthenticationManagerAuthenticateNotCalled(): void
+    {
+        $this->authenticationManagerMock
+            ->expects(self::never())
+            ->method('authenticate')
+        ;
+    }
+
+    private function expectShouldAuthenticateUser(): void
+    {
+        $token = $this->createMock(TokenInterface::class);
+
+        $this->authenticationManagerMock
+            ->expects(self::once())
+            ->method('authenticate')
+            ->with(self::isInstanceOf(AutoLoginToken::class))
+            ->willReturn($token)
+        ;
+
+        $this->tokenStorageMock
+            ->expects(self::once())
+            ->method('setToken')
+            ->with($token)
+        ;
+    }
+}

composer.json

@@ -1,7 +1,7 @@
 {
     "name": "jmikola/auto-login",
     "type": "library",
-    "description": "Faciliates automatic login via a single token for Symfony's Security component.",
+    "description": "Facilitates automatic login via a single token for Symfony's Security component.",
     "keywords": ["authentication", "auto-login", "login", "security"],
     "homepage": "https://github.com/jmikola/AutoLogin",
     "license": "MIT",
@@ -12,16 +12,25 @@
     "require": {
         "php": ">=7.1",
         "psr/log": "^1.0",
-        "symfony/event-dispatcher": "^4.3 || ^5.0",
-        "symfony/http-kernel": "^4.3 || ^5.0",
-        "symfony/security": "^4.3 || ^5.0"
+        "symfony/event-dispatcher": "^4.4 || ^5.0",
+        "symfony/http-kernel": "^4.4 || ^5.0",
+        "symfony/security": "^4.4 || ^5.0"
     },
     "autoload": {
-        "psr-0": { "Jmikola\\AutoLogin": "src" }
+        "psr-4": { "Jmikola\\AutoLogin\\": "src/" }
+    },
+    "autoload-dev": {
+        "psr-4": { "Jmikola\\AutoLogin\\Tests\\": "Tests/" }
     },
     "extra": {
         "branch-alias": {
             "dev-master": "2.0.x-dev"
         }
+    },
+    "require-dev": {
+        "symfony/phpunit-bridge": "^5.2"
+    },
+    "scripts": {
+        "test": "./vendor/bin/simple-phpunit Tests/*"
     }
 }

phpunit.xml.dist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    backupGlobals="false"
+    backupStaticAttributes="false"
+    colors="true"
+    convertErrorsToExceptions="true"
+    convertNoticesToExceptions="true"
+    convertWarningsToExceptions="true"
+    processIsolation="false"
+    stopOnFailure="false"
+    bootstrap="vendor/autoload.php"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd"
+/>

…ntication/Provider/AutoLoginProvider.php …ntication/Provider/AutoLoginProvider.phpsrc/Jmikola/AutoLogin/Authentication/Provider/AutoLoginProvider.php renamed to src/Authentication/Provider/AutoLoginProvider.php src/Jmikola/AutoLogin/Authentication/Provider/AutoLoginProvider.php renamed to src/Authentication/Provider/AutoLoginProvider.php

@@ -14,60 +14,89 @@
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Http\SecurityEvents;
 use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
+use Symfony\Component\Security\Http\Firewall\AbstractListener;
 
-class AutoLoginListener
+class AutoLoginListener extends AbstractListener
 {
+    /**
+     * @var TokenStorageInterface
+     */
+    private $tokenStorage;
+
+    /**
+     * @var AuthenticationManagerInterface
+     */
     private $authenticationManager;
-    private $dispatcher;
-    private $logger;
+
+    /**
+     * @var string
+     */
     private $providerKey;
-    private $securityContext;
+
+    /**
+     * @var string
+     */
     private $tokenParam;
-    private $options;
 
     /**
-     * Constructor.
-     *
-     * @param TokenStorageInterface                          $securityContext
-     * @param AuthenticationManagerInterface                 $authenticationManager
-     * @param string                                         $providerKey
-     * @param string                                         $tokenParam
-     * @param LoggerInterface                                $logger
-     * @param EventDispatcherInterface                       $dispatcher
-     * @param array                                          $options
+     * @var LoggerInterface|null
      */
-    public function __construct(TokenStorageInterface $securityContext, AuthenticationManagerInterface $authenticationManager, string $providerKey, string $tokenParam, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, array $options = array())
-    {
-        $this->securityContext = $securityContext;
+    private $logger = null;
+
+    /**
+     * @var EventDispatcherInterface|null
+     */
+    private $dispatcher = null;
+
+    /**
+     * @var array
+     */
+    private $options;
+
+    public function __construct(
+        TokenStorageInterface $tokenStorage,
+        AuthenticationManagerInterface $authenticationManager,
+        string $providerKey,
+        string $tokenParam,
+        LoggerInterface $logger = null,
+        EventDispatcherInterface $dispatcher = null,
+        array $options = []
+    ) {
+        $this->tokenStorage = $tokenStorage;
         $this->authenticationManager = $authenticationManager;
         $this->providerKey = $providerKey;
         $this->tokenParam = $tokenParam;
         $this->logger = $logger;
         $this->dispatcher = $dispatcher;
 
-        $this->options = $options = array_merge(array(
+        $this->options = $options = array_merge([
             'override_already_authenticated' => false,
-        ), $options);
+        ], $options);
     }
 
     /**
-     * @param RequestEvent $event
+     * {@inheritDoc}
      */
-    public function __invoke(RequestEvent $event)
+    public function supports(Request $request): ?bool
     {
-        $request = $event->getRequest();
-
-        if ( ! ($this->isTokenInRequest($request))) {
-            return;
-        }
+        return $request->query->has($this->tokenParam) ||
+            $request->attributes->has($this->tokenParam) ||
+            $request->request->has($this->tokenParam);
+    }
 
+    /**
+     * {@inheritDoc}
+     */
+    public function authenticate(RequestEvent $event)
+    {
+        $request = $event->getRequest();
         $tokenParam = $request->get($this->tokenParam);
 
         /* If the security context has a token, a user is already authenticated.
          * We will dispatch an event with the token parameter so that a listener
          * may track its usage.
          */
-        if (null !== $this->securityContext->getToken()) {
+        if (null !== $this->tokenStorage->getToken()) {
             if (null !== $this->dispatcher) {
                 $this->dispatcher->dispatch(
                     new AlreadyAuthenticatedEvent($tokenParam),
@@ -95,7 +124,7 @@ public function __invoke(RequestEvent $event)
              * implement custom logic to respect our own token class.
              */
             if ($authenticatedToken = $this->authenticationManager->authenticate($token)) {
-                $this->securityContext->setToken($authenticatedToken);
+                $this->tokenStorage->setToken($authenticatedToken);
 
                 if (null !== $this->dispatcher) {
                     $this->dispatcher->dispatch(
@@ -107,24 +136,11 @@ public function __invoke(RequestEvent $event)
         } catch (AuthenticationException $e) {
             if (null !== $this->logger) {
                 $this->logger->warning(
-                    'SecurityContext not populated with auto-login token as the '.
+                    'TokenStorage not populated with auto-login token as the '.
                     'AuthenticationManager rejected the auto-login token created '.
                     'by AutoLoginListener: '.$e->getMessage()
                 );
             }
         }
     }
-
-    /**
-     * Check the ParameterBags consulted by Request::get() for the token.
-     *
-     * @param Request $request
-     * @return boolean
-     */
-    private function isTokenInRequest(Request $request) : bool
-    {
-        return $request->query->has($this->tokenParam) ||
-            $request->attributes->has($this->tokenParam) ||
-            $request->request->has($this->tokenParam);
-    }
 }