Skip to content

Commit 8a83ca4

Browse files
author
Greg Bowler
committed
getAuthUri implementation with HTTP/S localhost
1 parent 9e51c36 commit 8a83ca4

File tree

4 files changed

+77
-4
lines changed

4 files changed

+77
-4
lines changed

src/Authenticator.php

+21-4
Original file line numberDiff line numberDiff line change
@@ -6,16 +6,33 @@
66

77
class Authenticator {
88
private Cipher $cipher;
9-
private string $hostname;
9+
private string $httpsScheme = "https";
10+
private string $httpHost;
1011

1112
public function __construct(Token $token, string $hostname) {
1213
$this->cipher = $token->generateCipher();
13-
$this->hostname = $hostname;
14+
$this->httpHost = $hostname;
15+
}
16+
17+
public function useLocalhostHttps(bool $useHttps = true) {
18+
if(!$useHttps) {
19+
if($this->httpHost !== "localhost") {
20+
throw new InsecureProtocolException();
21+
}
22+
23+
$this->httpsScheme = "http";
24+
}
1425
}
1526

1627
public function getAuthUri():UriInterface {
17-
return (new Uri())
28+
$uri = (new Uri())
1829
->withScheme("https")
19-
->withHost($this->hostname);
30+
->withHost($this->httpHost);
31+
32+
if($this->httpHost === "localhost") {
33+
$uri = $uri->withScheme($this->httpsScheme);
34+
}
35+
36+
return $uri;
2037
}
2138
}

src/AuthwaveException.php

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
<?php
2+
namespace Authwave;
3+
4+
use RuntimeException;
5+
6+
class AuthwaveException extends RuntimeException {}

src/InsecureProtocolException.php

+4
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
<?php
2+
namespace Authwave;
3+
4+
class InsecureProtocolException extends AuthwaveException {}

test/phpunit/AuthenticatorTest.php

+46
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,9 @@
33

44
use Authwave\Authenticator;
55
use Authwave\Cipher;
6+
use Authwave\InsecureProtocolException;
67
use Authwave\Token;
8+
use PHPUnit\Framework\MockObject\MockObject;
79
use PHPUnit\Framework\TestCase;
810

911
class AuthenticatorTest extends TestCase {
@@ -20,4 +22,48 @@ public function testGetAuthUriHostname() {
2022
$authUri
2123
);
2224
}
25+
26+
// All AuthUris MUST be served over HTTPS, with the one exception of localhost.
27+
// But it should still default to HTTPS on localhost.
28+
public function testGetAuthUriHostnameLocalhostHttpsByDefault() {
29+
$cipher = self::createMock(Cipher::class);
30+
$token = self::createMock(Token::class);
31+
$token->method("generateCipher")
32+
->willReturn($cipher);
33+
34+
$sut = new Authenticator($token, "localhost");
35+
$authUri = $sut->getAuthUri();
36+
self::assertStringStartsWith(
37+
"https://localhost",
38+
$authUri
39+
);
40+
}
41+
42+
// We should be able to set the scheme to HTTP for localhost hostname only.
43+
public function testGetAuthUriHostnameLocalhostHttpAllowed() {
44+
$cipher = self::createMock(Cipher::class);
45+
$token = self::createMock(Token::class);
46+
$token->method("generateCipher")
47+
->willReturn($cipher);
48+
49+
$sut = new Authenticator($token, "localhost");
50+
$sut->useLocalhostHttps(false);
51+
$authUri = $sut->getAuthUri();
52+
self::assertStringStartsWith(
53+
"http://localhost",
54+
$authUri
55+
);
56+
}
57+
58+
// We should NOT be able to set the scheme to HTTP for other hostnames.
59+
public function testGetAuthUriHostnameNotLocalhostHttpNotAllowed() {
60+
$cipher = self::createMock(Cipher::class);
61+
$token = self::createMock(Token::class);
62+
$token->method("generateCipher")
63+
->willReturn($cipher);
64+
65+
$sut = new Authenticator($token, "localhost.com");
66+
self::expectException(InsecureProtocolException::class);
67+
$sut->useLocalhostHttps(false);
68+
}
2369
}

0 commit comments

Comments
 (0)