Extract code into TrustedDeviceTokenEncoder

scheb · scheb · commit b6f7a129a124 · 2020-05-02T19:09:21.000+02:00
(cherry picked from commit 0c35148e3651c63abfaecbfc2724e1a8da599e96)
diff --git a/Resources/config/trusted_device.xml b/Resources/config/trusted_device.xml
@@ -5,11 +5,15 @@
 			<argument>%kernel.secret%</argument>
 		</service>
 
+		<service id="scheb_two_factor.trusted_token_encoder" class="Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceTokenEncoder">
+			<argument type="service" id="scheb_two_factor.trusted_jwt_encoder" />
+			<argument>%scheb_two_factor.trusted_device.lifetime%</argument>
+		</service>
+
 		<service id="scheb_two_factor.trusted_token_storage" class="Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceTokenStorage" lazy="true">
 			<argument type="service" id="request_stack" />
-			<argument type="service" id="scheb_two_factor.trusted_jwt_encoder" />
+			<argument type="service" id="scheb_two_factor.trusted_token_encoder" />
 			<argument>%scheb_two_factor.trusted_device.cookie_name%</argument>
-			<argument>%scheb_two_factor.trusted_device.lifetime%</argument>
 		</service>
 
 		<service id="scheb_two_factor.trusted_cookie_response_listener" class="Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedCookieResponseListener" lazy="true">
diff --git a/Security/TwoFactor/Trusted/TrustedDeviceToken.php b/Security/TwoFactor/Trusted/TrustedDeviceToken.php
@@ -29,6 +29,11 @@ public function versionMatches(int $version): bool
         return $this->jwtToken->getClaim(JwtTokenEncoder::CLAIM_VERSION, false) === $version;
     }
 
+    public function isExpired(): bool
+    {
+        return $this->jwtToken->isExpired();
+    }
+
     public function serialize(): string
     {
         return (string) $this->jwtToken;
diff --git a/Security/TwoFactor/Trusted/TrustedDeviceTokenEncoder.php b/Security/TwoFactor/Trusted/TrustedDeviceTokenEncoder.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Scheb\TwoFactorBundle\Security\TwoFactor\Trusted;
+
+class TrustedDeviceTokenEncoder
+{
+    /**
+     * @var JwtTokenEncoder
+     */
+    private $jwtTokenEncoder;
+
+    /**
+     * @var int
+     */
+    private $trustedTokenLifetime;
+
+    public function __construct(JwtTokenEncoder $jwtTokenEncoder, int $trustedTokenLifetime)
+    {
+        $this->jwtTokenEncoder = $jwtTokenEncoder;
+        $this->trustedTokenLifetime = $trustedTokenLifetime;
+    }
+
+    public function generateToken(string $username, string $firewall, int $version): TrustedDeviceToken
+    {
+        $validUntil = $this->getValidUntil();
+        $jwtToken = $this->jwtTokenEncoder->generateToken($username, $firewall, $version, $validUntil);
+
+        return new TrustedDeviceToken($jwtToken);
+    }
+
+    public function decodeToken(string $trustedTokenEncoded): ?TrustedDeviceToken
+    {
+        $jwtToken = $this->jwtTokenEncoder->decodeToken($trustedTokenEncoded);
+        if (null === $jwtToken) {
+            return null;
+        }
+
+        return new TrustedDeviceToken($jwtToken);
+    }
+
+    private function getValidUntil(): \DateTimeInterface
+    {
+        return $this->getDateTimeNow()->add(new \DateInterval('PT'.$this->trustedTokenLifetime.'S'));
+    }
+
+    protected function getDateTimeNow(): \DateTimeImmutable
+    {
+        return new \DateTimeImmutable();
+    }
+}
diff --git a/Security/TwoFactor/Trusted/TrustedDeviceTokenStorage.php b/Security/TwoFactor/Trusted/TrustedDeviceTokenStorage.php
@@ -17,20 +17,15 @@ class TrustedDeviceTokenStorage
     private $requestStack;
 
     /**
-     * @var JwtTokenEncoder
+     * @var TrustedDeviceTokenEncoder
      */
-    private $jwtTokenEncoder;
+    private $tokenGenerator;
 
     /**
      * @var string
      */
     private $cookieName;
 
-    /**
-     * @var int
-     */
-    private $trustedTokenLifetime;
-
     /**
      * @var TrustedDeviceToken[]|null
      */
@@ -41,12 +36,11 @@ class TrustedDeviceTokenStorage
      */
     private $updateCookie = false;
 
-    public function __construct(RequestStack $requestStack, JwtTokenEncoder $jwtTokenEncoder, string $cookieName, int $trustedTokenLifetime)
+    public function __construct(RequestStack $requestStack, TrustedDeviceTokenEncoder $tokenGenerator, string $cookieName)
     {
-        $this->jwtTokenEncoder = $jwtTokenEncoder;
         $this->requestStack = $requestStack;
+        $this->tokenGenerator = $tokenGenerator;
         $this->cookieName = $cookieName;
-        $this->trustedTokenLifetime = $trustedTokenLifetime;
     }
 
     public function hasUpdatedCookie(): bool
@@ -89,22 +83,10 @@ public function addTrustedToken(string $username, string $firewall, int $version
             }
         }
 
-        $validUntil = $this->getValidUntil();
-        $jwtToken = $this->jwtTokenEncoder->generateToken($username, $firewall, $version, $validUntil);
-        $this->trustedTokenList[] = new TrustedDeviceToken($jwtToken);
+        $this->trustedTokenList[] = $this->tokenGenerator->generateToken($username, $firewall, $version);
         $this->updateCookie = true;
     }
 
-    private function getValidUntil(): \DateTimeInterface
-    {
-        return $this->getDateTimeNow()->add(new \DateInterval('PT'.$this->trustedTokenLifetime.'S'));
-    }
-
-    protected function getDateTimeNow(): \DateTimeImmutable
-    {
-        return new \DateTimeImmutable();
-    }
-
     /**
      * @return TrustedDeviceToken[]
      */
@@ -130,11 +112,11 @@ private function readTrustedTokenList(): array
         $trustedTokenList = [];
         $trustedTokenEncodedList = explode(self::TOKEN_DELIMITER, $cookie);
         foreach ($trustedTokenEncodedList as $trustedTokenEncoded) {
-            $trustedToken = $this->jwtTokenEncoder->decodeToken($trustedTokenEncoded);
+            $trustedToken = $this->tokenGenerator->decodeToken($trustedTokenEncoded);
             if (!$trustedToken || $trustedToken->isExpired()) {
                 $this->updateCookie = true; // When there are invalid token, update the cookie to remove them
             } else {
-                $trustedTokenList[] = new TrustedDeviceToken($trustedToken);
+                $trustedTokenList[] = $trustedToken;
             }
         }
 
diff --git a/Tests/Security/TwoFactor/Trusted/TrustedDeviceTokenEncoderTest.php b/Tests/Security/TwoFactor/Trusted/TrustedDeviceTokenEncoderTest.php
@@ -0,0 +1,85 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Scheb\TwoFactorBundle\Tests\Security\TwoFactor\Trusted;
+
+use Lcobucci\JWT\Token;
+use PHPUnit\Framework\MockObject\MockObject;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\JwtTokenEncoder;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceToken;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceTokenEncoder;
+use Scheb\TwoFactorBundle\Tests\TestCase;
+
+class TrustedDeviceTokenEncoderTest extends TestCase
+{
+    /**
+     * @var MockObject|JwtTokenEncoder
+     */
+    private $jwtEncoder;
+
+    /**
+     * @var TestableTrustedDeviceTokenEncoder
+     */
+    private $tokenEncoder;
+
+    protected function setUp(): void
+    {
+        $this->jwtEncoder = $this->createMock(JwtTokenEncoder::class);
+        $this->tokenEncoder = new TestableTrustedDeviceTokenEncoder($this->jwtEncoder, 3600);
+        $this->tokenEncoder->now = new \DateTimeImmutable('2018-01-01 00:00:00');
+    }
+
+    /**
+     * @test
+     */
+    public function generateToken_parametersGiven_returnTrustedDeviceToken(): void
+    {
+        $this->jwtEncoder
+            ->expects($this->once())
+            ->method('generateToken')
+            ->with('username', 'firewallName', 1, new \DateTime('2018-01-01 01:00:00'));
+
+        $token = $this->tokenEncoder->generateToken('username', 'firewallName', 1);
+        $this->assertInstanceOf(TrustedDeviceToken::class, $token);
+    }
+
+    /**
+     * @test
+     */
+    public function decodeToken_validToken_returnDecodedTrustedDeviceToken(): void
+    {
+        $this->jwtEncoder
+            ->expects($this->once())
+            ->method('decodeToken')
+            ->willReturn($this->createMock(Token::class));
+
+        $returnValue = $this->tokenEncoder->decodeToken('validToken');
+        $this->assertInstanceOf(TrustedDeviceToken::class, $returnValue);
+    }
+
+    /**
+     * @test
+     */
+    public function decodeToken_invalidToken_returnNull(): void
+    {
+        $this->jwtEncoder
+            ->expects($this->once())
+            ->method('decodeToken')
+            ->willReturn(null);
+
+        $returnValue = $this->tokenEncoder->decodeToken('invalidToken');
+        $this->assertNull($returnValue);
+    }
+}
+
+// Make the current DateTime testable
+class TestableTrustedDeviceTokenEncoder extends TrustedDeviceTokenEncoder
+{
+    public $now;
+
+    protected function getDateTimeNow(): \DateTimeImmutable
+    {
+        return $this->now;
+    }
+}
diff --git a/Tests/Security/TwoFactor/Trusted/TrustedDeviceTokenStorageTest.php b/Tests/Security/TwoFactor/Trusted/TrustedDeviceTokenStorageTest.php

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,11 @@ public function versionMatches(int $version): bool`
`29`	`29`	`return $this->jwtToken->getClaim(JwtTokenEncoder::CLAIM_VERSION, false) === $version;`
`30`	`30`	`}`
`31`	`31`
	`32`	`+ public function isExpired(): bool`
	`33`	`+ {`
	`34`	`+ return $this->jwtToken->isExpired();`
	`35`	`+ }`
	`36`	`+`
`32`	`37`	`public function serialize(): string`
`33`	`38`	`{`
`34`	`39`	`return (string) $this->jwtToken;`