From 2f458c04483b99e49b9d33f0e796c73777fcf442 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Sun, 20 Jan 2019 22:55:36 -0500 Subject: [PATCH] Test and debug AuthService --- src/Auth/AuthService.php | 40 +++++++-------- src/Controllers/GetObjectController.php | 2 +- src/Objects/CollectionsService.php | 4 +- test/Auth/AuthServiceTest.php | 65 ++++++++++++++++++++++++- 4 files changed, 84 insertions(+), 27 deletions(-) diff --git a/src/Auth/AuthService.php b/src/Auth/AuthService.php index 55ea5df..717ffba 100644 --- a/src/Auth/AuthService.php +++ b/src/Auth/AuthService.php @@ -6,8 +6,8 @@ use Symfony\Component\HttpFoundation\Request; class AuthService { - public function requestAuthorizedToView( Request $request, - ActivityPubObject $object ) + public function isAuthorized( Request $request, + ActivityPubObject $object ) { if ( ! $this->hasAudience( $object ) ) { return true; @@ -43,28 +43,24 @@ class AuthService // TODO do I need to traverse the inReplyTo chain here? $objectArr = $object->asArray( 0 ); $audience = array(); - if ( array_key_exists( 'to', $objectArr ) ) { - $audience = array_merge( $audience, $objectArr['to'] ); - } - if ( array_key_exists( 'bto', $objectArr ) ) { - $audience = array_merge( $audience, $objectArr['bto'] ); - } - if ( array_key_exists( 'cc', $objectArr ) ) { - $audience = array_merge( $audience, $objectArr['cc'] ); - } - if ( array_key_exists( 'bcc', $objectArr ) ) { - $audience = array_merge( $audience, $objectArr['bcc'] ); - } - if ( array_key_exists( 'audience', $objectArr ) ) { - $audience = array_merge( $audience, $objectArr['audience'] ); - } - if ( array_key_exists( 'attributedTo', $objectArr ) ) { - $audience[] = $objectArr['attributedTo']; - } - if ( array_key_exists( 'actor', $objectArr ) ) { - $audience[] = $objectArr['actor']; + foreach( array( 'to', 'bto', 'cc', 'bcc', 'audience', 'attributedTo', 'actor' ) + as $attribute ) { + $audience = $this->checkAudienceAttribute( $audience, $attribute, $objectArr ); } return $audience; } + + private function checkAudienceAttribute( $audience, $attribute, $objectArr ) + { + if ( array_key_exists( $attribute, $objectArr ) ) { + $audienceValue = $objectArr[$attribute]; + if ( ! is_array( $audienceValue ) ) { + $audienceValue = array( $audienceValue ); + } + return array_merge( $audience, $audienceValue ); + } else { + return $audience; + } + } } ?> diff --git a/src/Controllers/GetObjectController.php b/src/Controllers/GetObjectController.php index fab8a15..b8baf7f 100644 --- a/src/Controllers/GetObjectController.php +++ b/src/Controllers/GetObjectController.php @@ -57,7 +57,7 @@ class GetObjectController if ( ! $object ) { throw new NotFoundHttpException(); } - if ( ! $this->authService->requestAuthorizedToView( $request, $object ) ) { + if ( ! $this->authService->isAuthorized( $request, $object ) ) { throw new UnauthorizedHttpException( 'Signature realm="ActivityPub",headers="(request-target) host date"' ); diff --git a/src/Objects/CollectionsService.php b/src/Objects/CollectionsService.php index c0bc04f..113e6e5 100644 --- a/src/Objects/CollectionsService.php +++ b/src/Objects/CollectionsService.php @@ -92,7 +92,7 @@ class CollectionsService if ( is_string( $item ) ) { $pageItems[] = $item; $count++; - } else if ( $this->authService->requestAuthorizedToView( $request, $item ) ) { + } else if ( $this->authService->isAuthorized( $request, $item ) ) { $pageItems[] = $item->asArray( 1 ); $count++; } @@ -123,7 +123,7 @@ class CollectionsService $next = $collectionItems->getFieldValue( $idx ); while ( $next ) { if ( is_string( $next ) || - $this->authService->requestAuthorizedToView( $request, $next ) ) { + $this->authService->isAuthorized( $request, $next ) ) { return $idx; } $idx++; diff --git a/test/Auth/AuthServiceTest.php b/test/Auth/AuthServiceTest.php index 600807a..686ffd6 100644 --- a/test/Auth/AuthServiceTest.php +++ b/test/Auth/AuthServiceTest.php @@ -1,14 +1,75 @@ authService = new AuthService(); + } + public function testAuthService() { - // TODO implement me - $this->assertTrue( false ); + $testCases = array( + array( + 'id' => 'addressedTo', + 'actor' => 'https://example.com/actor/1', + 'object' => array( + 'to' => 'https://example.com/actor/1', + ), + 'expectedResult' => true, + ), + array( + 'id' => 'noAuth', + 'object' => array( + 'to' => 'https://example.com/actor/1', + ), + 'expectedResult' => false, + ), + array( + 'id' => 'noAudience', + 'object' => array( + 'type' => 'Note' + ), + 'expectedResult' => true, + ), + array( + 'id' => 'actor', + 'object' => array( + 'actor' => 'https://example.com/actor/1', + 'to' => 'https://example.com/actor/2', + ), + 'actor' => 'https://example.com/actor/1', + 'expectedResult' => true, + ), + array( + 'id' => 'attributedTo', + 'object' => array( + 'attributedTo' => 'https://example.com/actor/1', + 'to' => 'https://example.com/actor/2', + ), + 'actor' => 'https://example.com/actor/1', + 'expectedResult' => true, + ), + ); + foreach ( $testCases as $testCase ) { + $request = Request::create( 'https://example.com/objects/1' ); + if ( array_key_exists( 'actor', $testCase ) ) { + $request->attributes->set( 'actor', $testCase['actor'] ); + } + $object = TestUtils::objectFromArray( $testCase['object'] ); + $actual = $this->authService->isAuthorized( $request, $object ); + $this->assertEquals( + $testCase['expectedResult'], $actual, "Error on test $testCase[id]" + ); + } } } ?>