Merge pull request #502 from lucadegasperi/middleware

lucadegasperi · lucadegasperi · commit a0d7a2529bf1 · 2015-08-04T08:42:44.000+02:00
Added New Middleware
diff --git a/src/Middleware/OAuthClientOwnerMiddleware.php b/src/Middleware/OAuthClientOwnerMiddleware.php
@@ -16,11 +16,11 @@
 use LucaDegasperi\OAuth2Server\Authorizer;
 
 /**
- * This is the oauth owner middleware class.
+ * This is the oauth client middleware class.
  *
- * @author Luca Degasperi <packages@lucadegasperi.com>
+ * @author Vincent Klaiber <hello@vinkla.com>
  */
-class OAuthOwnerMiddleware
+class OAuthClientOwnerMiddleware
 {
     /**
      * The Authorizer instance.
@@ -30,7 +30,7 @@ class OAuthOwnerMiddleware
     protected $authorizer;
 
     /**
-     * Create a new oauth owner middleware instance.
+     * Create a new oauth client middleware instance.
      *
      * @param \LucaDegasperi\OAuth2Server\Authorizer $authorizer
      */
@@ -44,21 +44,14 @@ public function __construct(Authorizer $authorizer)
      *
      * @param \Illuminate\Http\Request $request
      * @param \Closure $next
-     * @param string|null $ownerTypesString
      *
      * @throws \League\OAuth2\Server\Exception\AccessDeniedException
      *
      * @return mixed
      */
-    public function handle($request, Closure $next, $ownerTypesString = null)
+    public function handle($request, Closure $next)
     {
-        $ownerTypes = [];
-
-        if (!is_null($ownerTypesString)) {
-            $ownerTypes = explode('+', $ownerTypesString);
-        }
-
-        if (!in_array($this->authorizer->getResourceOwnerType(), $ownerTypes)) {
+        if ($this->authorizer->getResourceOwnerType() !== 'client') {
             throw new AccessDeniedException();
         }
 
diff --git a/src/Middleware/OAuthUserOwnerMiddleware.php b/src/Middleware/OAuthUserOwnerMiddleware.php
@@ -0,0 +1,60 @@
+<?php
+
+/*
+ * This file is part of OAuth 2.0 Laravel.
+ *
+ * (c) Luca Degasperi <packages@lucadegasperi.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LucaDegasperi\OAuth2Server\Middleware;
+
+use Closure;
+use League\OAuth2\Server\Exception\AccessDeniedException;
+use LucaDegasperi\OAuth2Server\Authorizer;
+
+/**
+ * This is the oauth user middleware class.
+ *
+ * @author Vincent Klaiber <hello@vinkla.com>
+ */
+class OAuthUserOwnerMiddleware
+{
+    /**
+     * The Authorizer instance.
+     *
+     * @var \LucaDegasperi\OAuth2Server\Authorizer
+     */
+    protected $authorizer;
+
+    /**
+     * Create a new oauth user middleware instance.
+     *
+     * @param \LucaDegasperi\OAuth2Server\Authorizer $authorizer
+     */
+    public function __construct(Authorizer $authorizer)
+    {
+        $this->authorizer = $authorizer;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure $next
+     *
+     * @throws \League\OAuth2\Server\Exception\AccessDeniedException
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if ($this->authorizer->getResourceOwnerType() !== 'user') {
+            throw new AccessDeniedException();
+        }
+
+        return $next($request);
+    }
+}
diff --git a/tests/unit/LucaDegasperi/OAuth2Server/Middleware/OAuthClientOwnerMiddlewareSpec.php b/tests/unit/LucaDegasperi/OAuth2Server/Middleware/OAuthClientOwnerMiddlewareSpec.php
@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * This file is part of OAuth 2.0 Laravel.
+ *
+ * (c) Luca Degasperi <packages@lucadegasperi.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace unit\LucaDegasperi\OAuth2Server\Middleware;
+
+use Illuminate\Http\Request;
+use League\OAuth2\Server\Exception\AccessDeniedException;
+use LucaDegasperi\OAuth2Server\Authorizer;
+use PhpSpec\ObjectBehavior;
+
+/**
+ * This is the oauth client middleware spec class.
+ *
+ * @author Vincent Klaiber <hello@vinkla.com>
+ */
+class OAuthClientOwnerMiddlewareSpec extends ObjectBehavior
+{
+    private $next = null;
+
+    public function __construct()
+    {
+        $this->next = (function () {
+            throw new MiddlewareException('Called execution of $next');
+        });
+    }
+
+    public function let(Authorizer $authorizer)
+    {
+        $this->beConstructedWith($authorizer);
+    }
+
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType('LucaDegasperi\OAuth2Server\Middleware\OAuthClientOwnerMiddleware');
+    }
+
+    public function it_passes_if_resource_owners_are_allowed(Request $request, Authorizer $authorizer)
+    {
+        $authorizer->getResourceOwnerType()->willReturn('client')->shouldBeCalled();
+
+        $this->shouldThrow(new MiddlewareException('Called execution of $next'))
+            ->during('handle', [$request, $this->next]);
+    }
+
+    public function it_blocks_if_resource_owners_are_not_allowed(Request $request, Authorizer $authorizer)
+    {
+        $authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();
+
+        $this->shouldThrow(new AccessDeniedException())
+            ->during('handle', [$request, $this->next]);
+
+        $this->shouldNotThrow(new MiddlewareException('Called execution of $next'))
+            ->during('handle', [$request, $this->next]);
+    }
+}
diff --git a/tests/unit/LucaDegasperi/OAuth2Server/Middleware/OAuthUserOwnerMiddlewareSpec.php b/tests/unit/LucaDegasperi/OAuth2Server/Middleware/OAuthUserOwnerMiddlewareSpec.php
@@ -16,7 +16,12 @@
 use LucaDegasperi\OAuth2Server\Authorizer;
 use PhpSpec\ObjectBehavior;
 
-class OAuthOwnerMiddlewareSpec extends ObjectBehavior
+/**
+ * This is the oauth user middleware spec class.
+ *
+ * @author Vincent Klaiber <hello@vinkla.com>
+ */
+class OAuthUserOwnerMiddlewareSpec extends ObjectBehavior
 {
     private $next = null;
 
@@ -34,25 +39,25 @@ public function let(Authorizer $authorizer)
 
     public function it_is_initializable()
     {
-        $this->shouldHaveType('LucaDegasperi\OAuth2Server\Middleware\OAuthOwnerMiddleware');
+        $this->shouldHaveType('LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware');
     }
 
     public function it_passes_if_resource_owners_are_allowed(Request $request, Authorizer $authorizer)
     {
         $authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();
 
         $this->shouldThrow(new MiddlewareException('Called execution of $next'))
-                ->during('handle', [$request, $this->next, 'user']);
+            ->during('handle', [$request, $this->next]);
     }
 
     public function it_blocks_if_resource_owners_are_not_allowed(Request $request, Authorizer $authorizer)
     {
-        $authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();
+        $authorizer->getResourceOwnerType()->willReturn('client')->shouldBeCalled();
 
         $this->shouldThrow(new AccessDeniedException())
-                ->during('handle', [$request, $this->next, 'client']);
+            ->during('handle', [$request, $this->next]);
 
         $this->shouldNotThrow(new MiddlewareException('Called execution of $next'))
-                ->during('handle', [$request, $this->next, 'client']);
+            ->during('handle', [$request, $this->next]);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -16,11 +16,11 @@`
`16`	`16`	`use LucaDegasperi\OAuth2Server\Authorizer;`
`17`	`17`
`18`	`18`	`/**`
`19`		`- * This is the oauth owner middleware class.`
	`19`	`+ * This is the oauth client middleware class.`
`20`	`20`	`*`
`21`		`- * @author Luca Degasperi <packages@lucadegasperi.com>`
	`21`	`+ * @author Vincent Klaiber <hello@vinkla.com>`
`22`	`22`	`*/`
`23`		`-class OAuthOwnerMiddleware`
	`23`	`+class OAuthClientOwnerMiddleware`
`24`	`24`	`{`
`25`	`25`	`/**`
`26`	`26`	`* The Authorizer instance.`
`@@ -30,7 +30,7 @@ class OAuthOwnerMiddleware`
`30`	`30`	`protected $authorizer;`
`31`	`31`
`32`	`32`	`/**`
`33`		`- * Create a new oauth owner middleware instance.`
	`33`	`+ * Create a new oauth client middleware instance.`
`34`	`34`	`*`
`35`	`35`	`* @param \LucaDegasperi\OAuth2Server\Authorizer $authorizer`
`36`	`36`	`*/`
`@@ -44,21 +44,14 @@ public function __construct(Authorizer $authorizer)`
`44`	`44`	`*`
`45`	`45`	`* @param \Illuminate\Http\Request $request`
`46`	`46`	`* @param \Closure $next`
`47`		`- * @param string\|null $ownerTypesString`
`48`	`47`	`*`
`49`	`48`	`* @throws \League\OAuth2\Server\Exception\AccessDeniedException`
`50`	`49`	`*`
`51`	`50`	`* @return mixed`
`52`	`51`	`*/`
`53`		`- public function handle($request, Closure $next, $ownerTypesString = null)`
	`52`	`+ public function handle($request, Closure $next)`
`54`	`53`	`{`
`55`		`- $ownerTypes = [];`
`56`		`-`
`57`		`- if (!is_null($ownerTypesString)) {`
`58`		`- $ownerTypes = explode('+', $ownerTypesString);`
`59`		`- }`
`60`		`-`
`61`		`- if (!in_array($this->authorizer->getResourceOwnerType(), $ownerTypes)) {`
	`54`	`+ if ($this->authorizer->getResourceOwnerType() !== 'client') {`
`62`	`55`	`throw new AccessDeniedException();`
`63`	`56`	`}`
`64`	`57`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,12 @@`
`16`	`16`	`use LucaDegasperi\OAuth2Server\Authorizer;`
`17`	`17`	`use PhpSpec\ObjectBehavior;`
`18`	`18`
`19`		`-class OAuthOwnerMiddlewareSpec extends ObjectBehavior`
	`19`	`+/**`
	`20`	`+ * This is the oauth user middleware spec class.`
	`21`	`+ *`
	`22`	`+ * @author Vincent Klaiber <[email protected]>`
	`23`	`+ */`
	`24`	`+class OAuthUserOwnerMiddlewareSpec extends ObjectBehavior`
`20`	`25`	`{`
`21`	`26`	`private $next = null;`
`22`	`27`
`@@ -34,25 +39,25 @@ public function let(Authorizer $authorizer)`
`34`	`39`
`35`	`40`	`public function it_is_initializable()`
`36`	`41`	`{`
`37`		`- $this->shouldHaveType('LucaDegasperi\OAuth2Server\Middleware\OAuthOwnerMiddleware');`
	`42`	`+ $this->shouldHaveType('LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware');`
`38`	`43`	`}`
`39`	`44`
`40`	`45`	`public function it_passes_if_resource_owners_are_allowed(Request $request, Authorizer $authorizer)`
`41`	`46`	`{`
`42`	`47`	`$authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();`
`43`	`48`
`44`	`49`	`$this->shouldThrow(new MiddlewareException('Called execution of $next'))`
`45`		`- ->during('handle', [$request, $this->next, 'user']);`
	`50`	`+ ->during('handle', [$request, $this->next]);`
`46`	`51`	`}`
`47`	`52`
`48`	`53`	`public function it_blocks_if_resource_owners_are_not_allowed(Request $request, Authorizer $authorizer)`
`49`	`54`	`{`
`50`		`- $authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();`
	`55`	`+ $authorizer->getResourceOwnerType()->willReturn('client')->shouldBeCalled();`
`51`	`56`
`52`	`57`	`$this->shouldThrow(new AccessDeniedException())`
`53`		`- ->during('handle', [$request, $this->next, 'client']);`
	`58`	`+ ->during('handle', [$request, $this->next]);`
`54`	`59`
`55`	`60`	`$this->shouldNotThrow(new MiddlewareException('Called execution of $next'))`
`56`		`- ->during('handle', [$request, $this->next, 'client']);`
	`61`	`+ ->during('handle', [$request, $this->next]);`
`57`	`62`	`}`
`58`	`63`	`}`