├── .gitignore
├── .php_cs
├── .travis.yml
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── build.properties
├── build.xml
├── composer.json
├── phpdoc.dist.xml
├── phpunit.xml.dist
├── src
    ├── Adapter
    │   └── Db
    │   │   └── PdoAdapter.php
    ├── Authenticator.php
    ├── IdentityInterface.php
    └── Middleware
    │   └── Authorization.php
├── tests
    ├── Adapter
    │   └── Db
    │   │   └── PdoAdapterTest.php
    ├── AuthenticatorTest.php
    ├── Middleware
    │   └── AuthorizationTest.php
    └── bootstrap.php
└── travis.xml


/.gitignore:
--------------------------------------------------------------------------------
1 | build
2 | composer.lock
3 | vendor/
4 | 


--------------------------------------------------------------------------------
/.php_cs:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | require_once './vendor/autoload.php';
 4 | 
 5 | $finder = \Symfony\CS\Finder\DefaultFinder::create()
 6 |     ->in('src/')
 7 |     ->in('tests/');
 8 | 
 9 | return \Symfony\CS\Config\Config::create()
10 |     ->setUsingCache(true)
11 |     ->fixers([
12 |         '-psr0', // Because it causes such grief with the Tests namespace in the tests folder
13 |         '-single_blank_line_before_namespace',
14 |         '-pre_increment',
15 |         '-concat_without_spaces',
16 |         '-phpdoc_inline_tag',
17 |         'concat_with_spaces',
18 |         'ordered_use',
19 |     ])
20 |     ->finder($finder);
21 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: php
 2 | 
 3 | php:
 4 |   - '5.5'
 5 |   - '5.6'
 6 |   - '7.0'
 7 |   - hhvm
 8 |   - nightly
 9 | 
10 | before_script:
11 |   - composer install --prefer-source
12 | 
13 | script: phpunit -c travis.xml
14 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # How to Contribute
 2 | 
 3 | ## Pull Requests
 4 | 
 5 | 1. Create your own [fork](https://help.github.com/articles/fork-a-repo) of the repo
 6 | 2. Create a new branch for each feature or improvement
 7 | 3. Send a pull request from each feature branch to the **develop** branch
 8 | 
 9 | It is very important to separate new features or improvements into separate
10 | feature branches, and to send a pull request for each branch. This allows me to
11 | review and pull in new features or improvements individually.
12 | 
13 | ## Style Guide
14 | 
15 | All pull requests must adhere to the [PSR-2 standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md).
16 | 
17 | ## Unit Testing
18 | 
19 | All pull requests must be accompanied by passing unit tests and complete code
20 | coverage. This library uses PHPUnit for testing.
21 | 
22 | [Learn about PHPUnit](https://github.com/sebastianbergmann/phpunit/)
23 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (C) 2013-2016 Jeremy Kendall
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 4 | this software and associated documentation files (the "Software"), to deal in
 5 | the Software without restriction, including without limitation the rights to
 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 7 | the Software, and to permit persons to whom the Software is furnished to do so,
 8 | subject to the following conditions:
 9 | 
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 | 
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
15 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
16 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
17 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
18 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Slim Auth [![Build Status](https://travis-ci.org/jeremykendall/slim-auth.png?branch=master)](https://travis-ci.org/jeremykendall/slim-auth) [![Coverage Status](https://coveralls.io/repos/jeremykendall/slim-auth/badge.png?branch=master)](https://coveralls.io/r/jeremykendall/slim-auth?branch=master) [![Dependencies Status](https://depending.in/jeremykendall/slim-auth.png)](http://depending.in/jeremykendall/slim-auth)
  2 | 
  3 | Slim Auth is an authorization and authentication library for the [Slim Framework][1].
  4 | Authentication is provided by the Zend Framework [Zend\Authentication][2] 
  5 | component, and authorization by the Zend Framework [Zend\Permissions\Acl][3] component.
  6 | 
  7 | ## Fair Warning: Documentation Mostly Complete 
  8 | 
  9 | Slim Auth is fully functional and production ready (I've used it in production
 10 | in multiple projects), but this documentation is incomplete. (Current status of
 11 | the documentation is ~90% complete.)
 12 | 
 13 | If you're familiar with [Zend\Authentication][2] and [Zend\Permissions\Acl][3], you'll be able to implement the library without any trouble. Otherwise, you might want to wait for the docs to be completed (no ETA) or open a GitHub issue with any questions or problems you encounter.
 14 | 
 15 | Caveat emptor and all that. 
 16 | 
 17 | ## Slim SessionCookie No Longer Recomended
 18 | 
 19 | **TL;DR**: You *will* experience unexpected behavior if you use 
 20 | `Zend\Authentication\Storage\Session` as your auth storage and 
 21 | `Slim\Middleware\SessionCookie` to provide encrypted cookies when your Slim
 22 | version is >= 2.6.  
 23 | 
 24 | Earlier versions of this documentation (and the [sample implementation][10])
 25 | demonstrated the use of Slim's [SessionCookie Middleware](http://docs.slimframework.com/#Cookie-Session-Store) as a way to handle session storage in concert with Zend Session. As of [Slim 2.6.0](https://github.com/slimphp/Slim/releases/tag/2.6.0), 
 26 | Zend Session and Slim's SessionCookie middleware no longer play well together,
 27 | and I've opted for a Zend Session only approach.
 28 | 
 29 | ## Requirements
 30 | 
 31 | Slim Auth works with all versions of Slim 2 >= 2.4.2. Slim Auth has not been
 32 | tested against the upcoming Slim 3 release.
 33 | 
 34 | ## Example Implementation
 35 | 
 36 | I've put together an example implementation to demonstrate the library in
 37 | action.  The example implementation can be found [here][10].
 38 | 
 39 | ## Installation
 40 | 
 41 | Installation is provided via [Composer][11].
 42 | 
 43 | First, install Composer.
 44 | 
 45 | ```
 46 | curl -s https://getcomposer.org/installer | php
 47 | ```
 48 | 
 49 | Then install Slim Auth with the following Composer command.
 50 | 
 51 | ```
 52 | composer require jeremykendall/slim-auth
 53 | ```
 54 | 
 55 | Finally, add this line at the top of your application’s index.php file:
 56 | 
 57 | ```
 58 | require 'vendor/autoload.php';
 59 | ```
 60 | 
 61 | ## Preparing Your App For Slim Auth
 62 | 
 63 | ### Database
 64 | 
 65 | Your database should have a user table, and that table must have a `role`
 66 | column.  The contents of the `role` column should be a string and correspond to
 67 | the roles in your ACL. The table name and all other column names are up to you.
 68 | 
 69 | Here's an example schema for a user table. If you don't already have a user
 70 | table, feel free to use this one:
 71 | 
 72 | ```
 73 | CREATE TABLE IF NOT EXISTS [users] (
 74 |     [id] INTEGER NOT NULL PRIMARY KEY,
 75 |     [username] VARCHAR(50) NOT NULL,
 76 |     [role] VARCHAR(50) NOT NULL,
 77 |     [password] VARCHAR(255) NULL
 78 | );
 79 | ```
 80 | 
 81 | ### ACL
 82 | 
 83 | An Access Control List, or ACL, defines the set of rules that determines which group
 84 | of users have access to which routes within your Slim application. Below is a very simple example ACL. Please pay special attention to the comments.
 85 | 
 86 | *Please refer to the [Zend\Permissions\Acl documentation][3] for complete details on using the Zend Framework ACL component.*
 87 | 
 88 | ```
 89 | namespace Example;
 90 | 
 91 | use Zend\Permissions\Acl\Acl as ZendAcl;
 92 | 
 93 | class Acl extends ZendAcl
 94 | {
 95 |     public function __construct()
 96 |     {
 97 |         // APPLICATION ROLES
 98 |         $this->addRole('guest');
 99 |         // member role "extends" guest, meaning the member role will get all of 
100 |         // the guest role permissions by default
101 |         $this->addRole('member', 'guest');
102 |         $this->addRole('admin');
103 | 
104 |         // APPLICATION RESOURCES
105 |         // Application resources == Slim route patterns
106 |         $this->addResource('/');
107 |         $this->addResource('/login');
108 |         $this->addResource('/logout');
109 |         $this->addResource('/member');
110 |         $this->addResource('/admin');
111 | 
112 |         // APPLICATION PERMISSIONS
113 |         // Now we allow or deny a role's access to resources. The third argument
114 |         // is 'privilege'. We're using HTTP method as 'privilege'.
115 |         $this->allow('guest', '/', 'GET');
116 |         $this->allow('guest', '/login', array('GET', 'POST'));
117 |         $this->allow('guest', '/logout', 'GET');
118 | 
119 |         $this->allow('member', '/member', 'GET');
120 | 
121 |         // This allows admin access to everything
122 |         $this->allow('admin');
123 |     }
124 | }
125 | ```
126 | 
127 | #### The Guest Role
128 | 
129 | Please note the `guest` role. **You must use the name** `guest` **as the role
130 | assigned to unauthenticated users**. The other role names are yours to choose.
131 | 
132 | #### Acl "Privileges"
133 | 
134 | **IMPORTANT**: The third argument to `Acl::allow()`, 'privileges', is either a
135 | string or an array, and should be an HTTP verb or HTTP verbs respectively. By
136 | adding the third argument, you are restricting route access by HTTP method.  If
137 | you do not provide an HTTP verb or verbs, you are allowing access to the
138 | specified route via *all* HTTP methods. **Be extremely vigilant here.** You
139 | wouldn't want to accidentally allow a 'guest' role access to an admin `DELETE`
140 | route simply because you forgot to explicitly deny the `DELETE` route.
141 | 
142 | ## Configuring Slim Auth: Defaults
143 | 
144 | Now that you have a user database table with a `role` column and an ACL, you're
145 | ready to configure Slim Auth and add it to your application.
146 | 
147 | First, add `use` statements for the PasswordValidator (from the 
148 | [Password Validator][9] library), the PDO adapter, and the Slim Auth Bootstrap.
149 | 
150 | ```
151 | use JeremyKendall\Password\PasswordValidator;
152 | use JeremyKendall\Slim\Auth\Adapter\Db\PdoAdapter;
153 | use JeremyKendall\Slim\Auth\Bootstrap;
154 | ```
155 | 
156 | Next, create your Slim application.
157 | 
158 | ```
159 | $app = new \Slim\Slim();
160 | ```
161 | 
162 | ### Authentication Adapter
163 | 
164 | From the Zend Authentication documentation:
165 | 
166 | > `Zend\Authentication` adapters are used to authenticate against a particular
167 | > type of authentication service, such as LDAP, RDBMS, or file-based storage.
168 | 
169 | Slim Auth provides an RDBMS authentication adapter for [PDO][12]. The constructor
170 | accepts five required arguments:
171 | 
172 | * A `\PDO` instance
173 | * The name of the user table
174 | * The name of the identity, or username, column
175 | * The name of the credential, or password, column
176 | * An instance of `JeremyKendall\Password\PasswordValidator`
177 | 
178 | ```
179 | $db = new \PDO(<database connection info>);
180 | $adapter = new PdoAdapter(
181 |     $db, 
182 |     <user table name>, 
183 |     <identity column name>, 
184 |     <credential column name>, 
185 |     new PasswordValidator()
186 | );
187 | ```
188 | 
189 | > **NOTE**: Please refer to the [Password Validator documentation][9] for more
190 | > information on the proper use of the library. If you choose not to use the 
191 | > Password Validator library, you will need to create your own authentication 
192 | > adapter.
193 | 
194 | ### Putting it all Together
195 | 
196 | Now it's time to instantiate your ACL and bootstrap Slim Auth.
197 | 
198 | ```
199 | $acl = new \Namespace\For\Your\Acl();
200 | $authBootstrap = new Bootstrap($app, $adapter, $acl);
201 | $authBootstrap->bootstrap();
202 | ```
203 | 
204 | ### Login Route
205 | 
206 | You'll need a login route, of course, and it's important that you name your
207 | route `login` using Slim's [Route Names][4] feature. 
208 | 
209 | ```
210 | $app->map('/login', function() {})->via('GET', 'POST')->name('login');
211 | ```
212 | 
213 | This allows you to use whatever route pattern you like for your login route.
214 | Slim Auth will redirect users to the correct route using Slim's `urlFor()`
215 | [Route Helper][5].
216 | 
217 | Here's a sample login route:
218 | 
219 | ```
220 | // Login route MUST be named 'login'
221 | $app->map('/login', function () use ($app) {
222 |     $username = null;
223 | 
224 |     if ($app->request()->isPost()) {
225 |         $username = $app->request->post('username');
226 |         $password = $app->request->post('password');
227 | 
228 |         $result = $app->authenticator->authenticate($username, $password);
229 | 
230 |         if ($result->isValid()) {
231 |             $app->redirect('/');
232 |         } else {
233 |             $messages = $result->getMessages();
234 |             $app->flashNow('error', $messages[0]);
235 |         }
236 |     }
237 | 
238 |     $app->render('login.twig', array('username' => $username));
239 | })->via('GET', 'POST')->name('login');
240 | ```
241 | 
242 | ### Logout Route
243 | 
244 | As authentication stores the authenticated user's identity, logging out
245 | consists of nothing more than clearing that identity. Clearing the identity is
246 | handled by `Authenticator::logout`.
247 | 
248 | ```
249 | $app->get('/logout', function () use ($app) {
250 |     $app->authenticator->logout();
251 |     $app->redirect('/');
252 | });
253 | ```
254 | 
255 | ## And Done
256 | 
257 | That should get you most of the way. I'll complete documentation as soon as I'm
258 | able, but can't currently commit to an ETA. Again, please feel free to open and
259 | issue with any questions you might have regarding implementation. 
260 | 
261 | Thanks for considering Slim Auth for your project.
262 | 
263 | [1]: http://slimframework.com/
264 | [2]: http://framework.zend.com/manual/current/en/modules/zend.authentication.intro.html
265 | [3]: http://framework.zend.com/manual/current/en/modules/zend.permissions.acl.intro.html
266 | [4]: http://docs.slimframework.com/#Route-Names
267 | [5]: http://docs.slimframework.com/#Route-Helpers
268 | [6]: https://packagist.org/packages/jeremykendall/slim-auth
269 | [8]: https://github.com/ircmaxell/password_compat
270 | [9]: https://github.com/jeremykendall/password-validator
271 | [10]: https://github.com/jeremykendall/slim-auth-impl
272 | [11]: http://getcomposer.org
273 | [12]: http://php.net/manual/en/book.pdo.php
274 | 


--------------------------------------------------------------------------------
/build.properties:
--------------------------------------------------------------------------------
1 | project.basedir = .
2 | passthru = true
3 | 


--------------------------------------------------------------------------------
/build.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | 
 3 | <project name="Slim Auth" default="build">
 4 | 
 5 |     <property file="build.properties" />
 6 | 
 7 |     <fileset id="src" dir="${project.basedir}/src">
 8 |         <include name="**/*.php" />
 9 |     </fileset>
10 | 
11 |     <target name="clean" description="Clean build path">
12 |         <delete dir="${project.basedir}/build" />
13 |         <mkdir dir="${project.basedir}/build" />
14 |         <mkdir dir="${project.basedir}/build/docs" />
15 |         <mkdir dir="${project.basedir}/build/cache" />
16 |         <mkdir dir="${project.basedir}/build/coverage" />
17 |         <mkdir dir="${project.basedir}/build/logs" />
18 |     </target>
19 | 
20 |     <target name="phplint" description="Running php lint check">
21 |         <phplint haltonfailure="true">
22 |             <fileset refid="src" />
23 |         </phplint>
24 |     </target>
25 | 
26 |     <target name="phpunit" description="Running unit tests">
27 |         <exec
28 |             passthru="${passthru}"
29 |             dir="${project.basedir}"
30 |             command="phpunit
31 |                 --log-junit=${project.basedir}/build/logs/junit.xml
32 |                 --coverage-clover=${project.basedir}/build/logs/clover.xml
33 |                 --coverage-html=${project.basedir}/build/coverage" />
34 |     </target>
35 | 
36 |     <target name="php-cs-fixer" description="Fix CS violations">
37 |         <exec
38 |             passthru="${passthru}"
39 |             dir="${project.basedir}"
40 |             command="php-cs-fixer fix --verbose" />
41 |     </target>
42 | 
43 |     <target name="phpdoc" description="Generate API documentation">
44 |         <exec passthru="${passthru}" command="phpdoc --force" />
45 |     </target>
46 | 
47 |     <target name="phpunit-gen-report">
48 |         <phpunitreport
49 |             infile="${project.basedir}/build/logs/junit.xml"
50 |             format="frames"
51 |             todir="${project.basedir}/build/logs"
52 |             />
53 |     </target>
54 | 
55 |     <target name="phpcpd" description="Copy/Paste detection">
56 |         <phpcpd>
57 |             <fileset refid="src" />
58 |             <formatter
59 |                 type="pmd"
60 |                 outfile="${project.basedir}/build/logs/pmd-cpd.xml" />
61 |         </phpcpd>
62 |     </target>
63 | 
64 |     <target name="phploc" description="Generate phploc.csv">
65 |         <phploc reportType="csv" reportName="phploc" reportDirectory="${project.basedir}/build/logs">
66 |             <fileset refid="src" />
67 |         </phploc>
68 |     </target>
69 | 
70 |     <target name="phpmd" description="Mess detection">
71 |         <exec
72 |             passthru="${passthru}"
73 |             dir="${project.basedir}/src"
74 |             command="phpmd ${project.basedir}/src xml cleancode,codesize,controversial,design,naming,unusedcode
75 |             --suffixes .php
76 |             --reportfile ${project.basedir}/build/logs/pmd.xml" />
77 |     </target>
78 | 
79 |     <target name="build" description="Build app">
80 |         <phingCall target="clean" />
81 |         <phingCall target="phplint" />
82 |         <phingCall target="php-cs-fixer" />
83 |         <phingCall target="phpunit" />
84 |         <phingCall target="phpunit-gen-report" />
85 |         <phingCall target="phpcpd" />
86 |         <phingCall target="phpmd" />
87 |         <phingCall target="phploc" />
88 |         <phingCall target="phpdoc" />
89 |     </target>
90 | </project>
91 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "jeremykendall/slim-auth",
 3 |     "description": "Authorization and authentication for the Slim Framework using ZF2 Authentication and Acl components",
 4 |     "homepage": "https://github.com/jeremykendall/slim-auth",
 5 |     "support": {
 6 |         "issues": "https://github.com/jeremykendall/slim-auth/issues",
 7 |         "source": "https://github.com/jeremykendall/slim-auth"
 8 |     },
 9 |     "license": "MIT",
10 |     "authors": [
11 |         {
12 |             "name": "Jeremy Kendall",
13 |             "homepage": "http://about.me/jeremykendall",
14 |             "role": "Developer"
15 |         }
16 |     ],
17 |     "keywords": [
18 |         "auth",
19 |         "authorization",
20 |         "authentication",
21 |         "slim",
22 |         "slim framework",
23 |         "zend",
24 |         "zend framework",
25 |         "zf2"
26 |     ],
27 |     "require": {
28 |         "php": ">=5.5.0",
29 |         "jeremykendall/password-validator": "3.*",
30 |         "zendframework/zend-authentication": "2.*",
31 |         "zendframework/zend-permissions-acl": "2.*",
32 |         "zendframework/zend-session": "2.*"
33 |     },
34 |     "require-dev": {
35 |         "phpunit/phpunit": "4.*",
36 |         "slim/slim": "^3.0",
37 |         "jeremykendall/debug-die": "0.0.1.*"
38 |     },
39 |     "autoload": {
40 |         "psr-4": {
41 |             "JeremyKendall\\Slim\\Auth\\": "src/"
42 |         }
43 |     },
44 |     "autoload-dev": {
45 |         "psr-4": {
46 |             "JeremyKendall\\Slim\\Auth\\Tests\\": "tests/"
47 |         }
48 |     },
49 |     "suggest": {
50 |         "zendframework/zend-db": "For the Zend\\Authentication\\Adapter\\DbTable adapters."
51 |     }
52 | }
53 | 


--------------------------------------------------------------------------------
/phpdoc.dist.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" ?>
 2 | <phpdoc>
 3 |     <title>Slim Auth</title>
 4 |     <parser>
 5 |         <target>./build/docs</target>
 6 |         <extensions>
 7 |             <extension>php</extension>
 8 |         </extensions>
 9 |     </parser>
10 |     <transformer>
11 |         <target>./build/docs</target>
12 |     </transformer>
13 |     <files>
14 |         <directory>./src</directory>
15 |     </files>
16 |     <transformations>
17 |         <template name="responsive"/>
18 |     </transformations>
19 |     <logging>
20 |         <level>quiet</level>
21 |     </logging>
22 | </phpdoc>
23 | 


--------------------------------------------------------------------------------
/phpunit.xml.dist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <phpunit bootstrap="tests/bootstrap.php" colors="true">
 3 |     <testsuite name="all-tests">
 4 |         <directory>tests</directory>
 5 |     </testsuite>
 6 |     <filter>
 7 |         <whitelist>
 8 |             <directory suffix=".php">src</directory>
 9 |         </whitelist>
10 |     </filter>
11 |     <logging>
12 |         <log type="coverage-html"
13 |             target="build/coverage"
14 |             charset="UTF-8"
15 |             yui="true"
16 |             highlight="true"
17 |             lowUpperBound="40"
18 |             highLowerBound="70" />
19 |     </logging>
20 | </phpunit>
21 | 


--------------------------------------------------------------------------------
/src/Adapter/Db/PdoAdapter.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | /**
  4 |  * Slim Auth.
  5 |  *
  6 |  * @link      http://github.com/jeremykendall/slim-auth Canonical source repo
  7 |  *
  8 |  * @copyright Copyright (c) 2016 Jeremy Kendall (http://about.me/jeremykendall)
  9 |  * @license   http://github.com/jeremykendall/slim-auth/blob/master/LICENSE MIT
 10 |  */
 11 | namespace JeremyKendall\Slim\Auth\Adapter\Db;
 12 | 
 13 | use JeremyKendall\Password\PasswordValidatorInterface;
 14 | use PDO;
 15 | use Zend\Authentication\Adapter\AbstractAdapter;
 16 | use Zend\Authentication\Result as AuthenticationResult;
 17 | 
 18 | /**
 19 |  * Authentication adapter.
 20 |  */
 21 | class PdoAdapter extends AbstractAdapter
 22 | {
 23 |     /**
 24 |      * @var PDO DB connection
 25 |      */
 26 |     private $db;
 27 | 
 28 |     /**
 29 |      * @var string the table name to check
 30 |      */
 31 |     private $tableName;
 32 | 
 33 |     /**
 34 |      * @var string the column to use as the identity
 35 |      */
 36 |     private $identityColumn;
 37 | 
 38 |     /**
 39 |      * @var string column to be used as the credential
 40 |      */
 41 |     private $credentialColumn;
 42 | 
 43 |     /**
 44 |      * @var PasswordValidatorInterface Handles password validation
 45 |      */
 46 |     protected $passwordValidator;
 47 | 
 48 |     /**
 49 |      * Public constructor.
 50 |      *
 51 |      * @param PDO                        $db
 52 |      * @param string                     $tableName
 53 |      * @param string                     $identityColumn
 54 |      * @param string                     $credentialColumn
 55 |      * @param PasswordValidatorInterface $passwordValidator Password validator
 56 |      */
 57 |     public function __construct(
 58 |         PDO $db,
 59 |         $tableName,
 60 |         $identityColumn,
 61 |         $credentialColumn,
 62 |         PasswordValidatorInterface $passwordValidator
 63 |     ) {
 64 |         $this->db = $db;
 65 |         $this->tableName = $tableName;
 66 |         $this->identityColumn = $identityColumn;
 67 |         $this->credentialColumn = $credentialColumn;
 68 |         $this->passwordValidator = $passwordValidator;
 69 |     }
 70 | 
 71 |     /**
 72 |      * Performs authentication.
 73 |      *
 74 |      * @return AuthenticationResult Authentication result
 75 |      */
 76 |     public function authenticate()
 77 |     {
 78 |         $user = $this->findUser();
 79 | 
 80 |         if ($user === false) {
 81 |             return new AuthenticationResult(
 82 |                 AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND,
 83 |                 array(),
 84 |                 array('User not found.')
 85 |             );
 86 |         }
 87 | 
 88 |         $validationResult = $this->passwordValidator->isValid(
 89 |             $this->credential, $user[$this->credentialColumn], $user[$this->identityColumn]
 90 |         );
 91 | 
 92 |         if ($validationResult->isValid()) {
 93 |             // Don't store password in identity
 94 |             unset($user[$this->getCredentialColumn()]);
 95 | 
 96 |             return new AuthenticationResult(AuthenticationResult::SUCCESS, $user, array());
 97 |         }
 98 | 
 99 |         return new AuthenticationResult(
100 |             AuthenticationResult::FAILURE_CREDENTIAL_INVALID,
101 |             array(),
102 |             array('Invalid username or password provided')
103 |         );
104 |     }
105 | 
106 |     /**
107 |      * Finds user to authenticate.
108 |      *
109 |      * @return array|null Array of user data, null if no user found
110 |      */
111 |     private function findUser()
112 |     {
113 |         $sql = sprintf(
114 |             'SELECT * FROM %s WHERE %s = :identity',
115 |             $this->getTableName(),
116 |             $this->getIdentityColumn()
117 |         );
118 |         $stmt = $this->db->prepare($sql);
119 |         $stmt->execute(array('identity' => $this->getIdentity()));
120 | 
121 |         // Explicitly setting fetch mode fixes
122 |         // https://github.com/jeremykendall/slim-auth/issues/13
123 |         return $stmt->fetch(PDO::FETCH_ASSOC);
124 |     }
125 | 
126 |     /**
127 |      * Get tableName.
128 |      *
129 |      * @return string tableName
130 |      */
131 |     public function getTableName()
132 |     {
133 |         return $this->tableName;
134 |     }
135 | 
136 |     /**
137 |      * Get identityColumn.
138 |      *
139 |      * @return string identityColumn
140 |      */
141 |     public function getIdentityColumn()
142 |     {
143 |         return $this->identityColumn;
144 |     }
145 | 
146 |     /**
147 |      * Get credentialColumn.
148 |      *
149 |      * @return string credentialColumn
150 |      */
151 |     public function getCredentialColumn()
152 |     {
153 |         return $this->credentialColumn;
154 |     }
155 | }
156 | 


--------------------------------------------------------------------------------
/src/Authenticator.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /**
 4 |  * Slim Auth.
 5 |  *
 6 |  * @link      http://github.com/jeremykendall/slim-auth Canonical source repo
 7 |  *
 8 |  * @copyright Copyright (c) 2016 Jeremy Kendall (http://about.me/jeremykendall)
 9 |  * @license   http://github.com/jeremykendall/slim-auth/blob/master/LICENSE MIT
10 |  */
11 | namespace JeremyKendall\Slim\Auth;
12 | 
13 | use Zend\Authentication\AuthenticationServiceInterface;
14 | 
15 | /**
16 |  * Authenticates users.
17 |  */
18 | class Authenticator
19 | {
20 |     /**
21 |      * @var AuthenticationServiceInterface ZF Authentication Service
22 |      */
23 |     private $auth;
24 | 
25 |     /**
26 |      * Public constructor.
27 |      *
28 |      * @param AuthenticationServiceInterface $auth
29 |      */
30 |     public function __construct(AuthenticationServiceInterface $auth)
31 |     {
32 |         $this->auth = $auth;
33 |     }
34 | 
35 |     /**
36 |      * Authenticates user.
37 |      *
38 |      * @param string $identity   User identifier (username, email, etc)
39 |      * @param string $credential User password
40 |      *
41 |      * @return Zend\Authentication\Result
42 |      *
43 |      * @throws Zend\Authentication\Exception\RuntimeException
44 |      */
45 |     public function authenticate($identity, $credential)
46 |     {
47 |         $adapter = $this->auth->getAdapter();
48 |         $adapter->setIdentity($identity);
49 |         $adapter->setCredential($credential);
50 | 
51 |         return $this->auth->authenticate();
52 |     }
53 | 
54 |     /**
55 |      * Clears the identity from persistent storage.
56 |      */
57 |     public function logout()
58 |     {
59 |         $this->auth->clearIdentity();
60 |     }
61 | }
62 | 


--------------------------------------------------------------------------------
/src/IdentityInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /**
 4 |  * Slim Auth.
 5 |  *
 6 |  * @link      http://github.com/jeremykendall/slim-auth Canonical source repo
 7 |  *
 8 |  * @copyright Copyright (c) 2016 Jeremy Kendall (http://about.me/jeremykendall)
 9 |  * @license   http://github.com/jeremykendall/slim-auth/blob/master/LICENSE MIT
10 |  */
11 | namespace JeremyKendall\Slim\Auth;
12 | 
13 | /**
14 |  * Interface for identity classes.
15 |  */
16 | interface IdentityInterface
17 | {
18 |     /**
19 |      * Gets user's role.
20 |      *
21 |      * @return string User's role in application
22 |      */
23 |     public function getRole();
24 | }
25 | 


--------------------------------------------------------------------------------
/src/Middleware/Authorization.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | /**
  4 |  * Slim Auth.
  5 |  *
  6 |  * @link      http://github.com/jeremykendall/slim-auth Canonical source repo
  7 |  *
  8 |  * @copyright Copyright (c) 2016 Jeremy Kendall (http://about.me/jeremykendall)
  9 |  * @license   http://github.com/jeremykendall/slim-auth/blob/master/LICENSE MIT
 10 |  */
 11 | namespace JeremyKendall\Slim\Auth\Middleware;
 12 | 
 13 | use Psr\Http\Message\ResponseInterface;
 14 | use Psr\Http\Message\ServerRequestInterface;
 15 | use Zend\Authentication\AuthenticationServiceInterface;
 16 | use Zend\Permissions\Acl\AclInterface;
 17 | 
 18 | /**
 19 |  * Authorization middleware: Checks user's authorization to access the
 20 |  * requested URI.
 21 |  */
 22 | final class Authorization
 23 | {
 24 |     /**
 25 |      * Authentication service.
 26 |      *
 27 |      * @var AuthenticationServiceInterface
 28 |      */
 29 |     private $auth;
 30 | 
 31 |     /**
 32 |      * AclInterface.
 33 |      *
 34 |      * @var AclInterface
 35 |      */
 36 |     private $acl;
 37 | 
 38 |     /**
 39 |      * Public constructor.
 40 |      *
 41 |      * @param AuthenticationServiceInterface $auth Authentication service
 42 |      * @param AclInterface                   $acl  Zend AclInterface
 43 |      */
 44 |     public function __construct(AuthenticationServiceInterface $auth, AclInterface $acl)
 45 |     {
 46 |         $this->auth = $auth;
 47 |         $this->acl = $acl;
 48 |     }
 49 | 
 50 |     /**
 51 |      * Determines whether or not user has access to requested resource.
 52 |      *
 53 |      * @param ServerRequestInterface $request
 54 |      * @param ResponseInterface      $response
 55 |      * @param callable               $next
 56 |      *
 57 |      * @return ResponseInterface Status 401 if not authenticated, 403 if not authorized
 58 |      */
 59 |     public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 60 |     {
 61 |         $route = $request->getAttribute('route', null);
 62 | 
 63 |         if ($route === null) {
 64 |             // User likely accessing a nonexistent route. Calling next middleware.
 65 |             return $next($request, $response);
 66 |         }
 67 | 
 68 |         $role = $this->getRole($this->auth->getIdentity());
 69 |         $resource = $route->getPattern();
 70 |         $privilege = $request->getMethod();
 71 |         $isAllowed = $this->acl->isAllowed($role, $resource, $privilege);
 72 |         $hasIdentity = $this->auth->hasIdentity();
 73 | 
 74 |         if ($hasIdentity && !$isAllowed) {
 75 |             // Authenticated but unauthorized for this resource
 76 |             return $response->withStatus(403);
 77 |         }
 78 | 
 79 |         if (!$hasIdentity && !$isAllowed) {
 80 |             // Not authenticated and must be authenticated to access this resource
 81 |             return $response->withStatus(401);
 82 |         }
 83 | 
 84 |         return $next($request, $response);
 85 |     }
 86 | 
 87 |     /**
 88 |      * Gets role from user's identity.
 89 |      *
 90 |      * @param mixed $identity User's identity. If null, returns role 'guest'
 91 |      *
 92 |      * @return string User's role
 93 |      */
 94 |     private function getRole($identity = null)
 95 |     {
 96 |         if (is_object($identity)) {
 97 |             return $identity->getRole();
 98 |         }
 99 | 
100 |         if (is_array($identity) && isset($identity['role'])) {
101 |             return $identity['role'];
102 |         }
103 | 
104 |         return 'guest';
105 |     }
106 | }
107 | 


--------------------------------------------------------------------------------
/tests/Adapter/Db/PdoAdapterTest.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace JeremyKendall\Slim\Auth\Tests\Adapter\Db;
  4 | 
  5 | use JeremyKendall\Password\PasswordValidatorInterface;
  6 | use JeremyKendall\Password\Result as ValidationResult;
  7 | use JeremyKendall\Slim\Auth\Adapter\Db\PdoAdapter;
  8 | use PDO;
  9 | use Zend\Authentication\Result;
 10 | 
 11 | class PdoAdapterTest extends \PHPUnit_Framework_TestCase
 12 | {
 13 |     /**
 14 |      * @var PDO
 15 |      */
 16 |     private $db;
 17 | 
 18 |     /**
 19 |      * @var PdoAdapter
 20 |      */
 21 |     private $adapter;
 22 | 
 23 |     /**
 24 |      * @var array User data
 25 |      */
 26 |     private $identity;
 27 | 
 28 |     /**
 29 |      * @var string User plain text password
 30 |      */
 31 |     private $plainTextPassword;
 32 | 
 33 |     /**
 34 |      * @var PasswordValidatorInterface
 35 |      */
 36 |     protected $passwordValidator;
 37 | 
 38 |     protected function setUp()
 39 |     {
 40 |         parent::setUp();
 41 | 
 42 |         $this->plainTextPassword = '00101010';
 43 | 
 44 |         $this->identity = array(
 45 |             'id' => 1,
 46 |             'email_address' => 'arthur.dent@example.com',
 47 |             'role' => 'hapless protagonist',
 48 |             'hashed_password' => password_hash('00101010', PASSWORD_DEFAULT),
 49 |         );
 50 | 
 51 |         $this->setUpDb();
 52 |         $this->setUpAdapter();
 53 |     }
 54 | 
 55 |     protected function tearDown()
 56 |     {
 57 |         parent::tearDown();
 58 |         $this->db = null;
 59 |     }
 60 | 
 61 |     public function testAuthenticationSuccess()
 62 |     {
 63 |         $this->passwordValidator->expects($this->once())
 64 |             ->method('isValid')
 65 |             ->with(
 66 |                 $this->plainTextPassword,
 67 |                 $this->identity['hashed_password'],
 68 |                 $this->identity['email_address']
 69 |             )
 70 |             ->will($this->returnValue(new ValidationResult(ValidationResult::SUCCESS)));
 71 | 
 72 |         $this->adapter->setIdentity($this->identity['email_address']);
 73 |         $this->adapter->setCredential($this->plainTextPassword);
 74 | 
 75 |         $result = $this->adapter->authenticate();
 76 |         $this->assertTrue($result->isValid());
 77 | 
 78 |         // Password must not be stored in identity
 79 |         unset($this->identity['hashed_password']);
 80 |         $this->assertEquals($this->identity, $result->getIdentity());
 81 |     }
 82 | 
 83 |     public function testAuthenticationFailsBadPassword()
 84 |     {
 85 |         $this->adapter->setIdentity($this->identity['email_address']);
 86 |         $this->adapter->setCredential('bad password');
 87 | 
 88 |         $this->passwordValidator->expects($this->once())
 89 |             ->method('isValid')
 90 |             ->with(
 91 |                 'bad password',
 92 |                 $this->identity['hashed_password'],
 93 |                 $this->identity['email_address']
 94 |             )
 95 |             ->will($this->returnValue(
 96 |                 new ValidationResult(ValidationResult::FAILURE_PASSWORD_INVALID)
 97 |             ));
 98 | 
 99 |         $result = $this->adapter->authenticate();
100 |         $messages = $result->getMessages();
101 | 
102 |         $this->assertFalse($result->isValid());
103 |         $this->assertEquals(Result::FAILURE_CREDENTIAL_INVALID, $result->getCode());
104 |         $this->assertEquals('Invalid username or password provided', $messages[0]);
105 |     }
106 | 
107 |     public function testAuthenticationFailsUserNotFound()
108 |     {
109 |         $this->adapter->setIdentity('zaphod.beeblebrox@example.com');
110 |         $this->adapter->setCredential('dumb password');
111 | 
112 |         $result = $this->adapter->authenticate();
113 |         $messages = $result->getMessages();
114 | 
115 |         $this->assertFalse($result->isValid());
116 |         $this->assertEquals(Result::FAILURE_IDENTITY_NOT_FOUND, $result->getCode());
117 |         $this->assertEquals('User not found.', $messages[0]);
118 |     }
119 | 
120 |     /**
121 |      * @link https://github.com/jeremykendall/slim-auth/issues/13
122 |      */
123 |     public function testIssue13()
124 |     {
125 |         $this->setUpDb(PDO::FETCH_OBJ);
126 |         $this->setUpAdapter();
127 | 
128 |         $this->passwordValidator->expects($this->once())
129 |             ->method('isValid')
130 |             ->with(
131 |                 $this->plainTextPassword,
132 |                 $this->identity['hashed_password'],
133 |                 $this->identity['email_address']
134 |             )
135 |             ->will($this->returnValue(new ValidationResult(ValidationResult::SUCCESS)));
136 | 
137 |         $this->adapter->setIdentity($this->identity['email_address']);
138 |         $this->adapter->setCredential($this->plainTextPassword);
139 | 
140 |         $result = $this->adapter->authenticate();
141 |         $this->assertTrue($result->isValid());
142 |     }
143 | 
144 |     private function setUpDb($fetchStyle = PDO::FETCH_ASSOC)
145 |     {
146 |         $dsn = 'sqlite::memory:';
147 |         $options = array(
148 |             PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
149 |             PDO::ATTR_DEFAULT_FETCH_MODE => $fetchStyle,
150 |         );
151 | 
152 |         try {
153 |             $this->db = new PDO($dsn, null, null, $options);
154 |         } catch (PDOException $e) {
155 |             die(sprintf('DB connection error: %s', $e->getMessage()));
156 |         }
157 | 
158 |         $create = 'CREATE TABLE IF NOT EXISTS [application_users] ( '
159 |             . '[id] INTEGER  NOT NULL PRIMARY KEY, '
160 |             . '[email_address] VARCHAR(50) NOT NULL, '
161 |             . '[role] VARCHAR(50) NOT NULL, '
162 |             . '[hashed_password] VARCHAR(255) NULL)';
163 | 
164 |         $delete = 'DELETE FROM application_users';
165 | 
166 |         $insert = 'INSERT INTO application_users (id, email_address, role, hashed_password) '
167 |             . 'VALUES (:id, :email_address, :role, :hashed_password)';
168 | 
169 |         try {
170 |             $this->db->exec($create);
171 |             $this->db->exec($delete);
172 |             $insert = $this->db->prepare($insert);
173 |             $insert->execute($this->identity);
174 |         } catch (PDOException $e) {
175 |             die(sprintf('DB setup error: %s', $e->getMessage()));
176 |         }
177 |     }
178 | 
179 |     private function setUpAdapter()
180 |     {
181 |         $this->passwordValidator =
182 |             $this->getMock('JeremyKendall\Password\PasswordValidatorInterface');
183 | 
184 |         $this->adapter = new PdoAdapter(
185 |             $this->db,
186 |             $tableName = 'application_users',
187 |             $identityColumn = 'email_address',
188 |             $credentialColumn = 'hashed_password',
189 |             $this->passwordValidator
190 |         );
191 |     }
192 | }
193 | 


--------------------------------------------------------------------------------
/tests/AuthenticatorTest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace JeremyKendall\Slim\Auth\Tests;
 4 | 
 5 | use JeremyKendall\Slim\Auth\Authenticator;
 6 | use Zend\Authentication\Result;
 7 | 
 8 | class AuthenticatorTest extends \PHPUnit_Framework_TestCase
 9 | {
10 |     /**
11 |      * @var Authenticator
12 |      */
13 |     private $authenticator;
14 | 
15 |     /**
16 |      * @var AuthenticationService
17 |      */
18 |     private $auth;
19 | 
20 |     /**
21 |      * @var AbstractAdapter
22 |      */
23 |     private $adapter;
24 | 
25 |     protected function setUp()
26 |     {
27 |         parent::setUp();
28 |         $this->auth = $this->getMockBuilder('Zend\Authentication\AuthenticationService')
29 |             ->disableOriginalConstructor()
30 |             ->getMock();
31 |         $this->adapter = $this->getMockBuilder('Zend\Authentication\Adapter\AbstractAdapter')
32 |             ->disableOriginalConstructor()
33 |             ->getMockForAbstractClass();
34 |         $this->authenticator = new Authenticator($this->auth);
35 |     }
36 | 
37 |     public function testAuthenticationSucceeds()
38 |     {
39 |         $email = 'user@example.com';
40 |         $password = 12345678;
41 | 
42 |         $this->auth->expects($this->once())
43 |             ->method('getAdapter')
44 |             ->will($this->returnValue($this->adapter));
45 | 
46 |         $this->auth->expects($this->once())
47 |             ->method('authenticate')
48 |             ->will($this->returnValue($this->getSuccessResult()));
49 | 
50 |         $result = $this->authenticator->authenticate($email, $password);
51 | 
52 |         // Ensures identity and credential were actually set on the mock adapter
53 |         $this->assertEquals($email, $this->adapter->getIdentity());
54 |         $this->assertEquals($password, $this->adapter->getCredential());
55 | 
56 |         $this->assertTrue($result->isValid());
57 |     }
58 | 
59 |     public function testAuthenticationFails()
60 |     {
61 |         $email = 'user@example.com';
62 |         $password = 12345678;
63 | 
64 |         $this->auth->expects($this->once())
65 |             ->method('getAdapter')
66 |             ->will($this->returnValue($this->adapter));
67 | 
68 |         $this->auth->expects($this->once())
69 |             ->method('authenticate')
70 |             ->will($this->returnValue($this->getFailureResult()));
71 | 
72 |         $result = $this->authenticator->authenticate($email, $password);
73 | 
74 |         // Ensures identity and credential were actually set on the mock adapter
75 |         $this->assertEquals($email, $this->adapter->getIdentity());
76 |         $this->assertEquals($password, $this->adapter->getCredential());
77 | 
78 |         $this->assertFalse($result->isValid());
79 |     }
80 | 
81 |     public function testLogout()
82 |     {
83 |         $this->auth->expects($this->once())
84 |             ->method('clearIdentity');
85 | 
86 |         $this->authenticator->logout();
87 |     }
88 | 
89 |     private function getFailureResult()
90 |     {
91 |         return new Result(Result::FAILURE, array(), array('FAILZORS'));
92 |     }
93 | 
94 |     private function getSuccessResult()
95 |     {
96 |         return new Result(Result::SUCCESS, array(), array('YOU DEEED EEET!'));
97 |     }
98 | }
99 | 


--------------------------------------------------------------------------------
/tests/Middleware/AuthorizationTest.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace JeremyKendall\Slim\Auth\Tests\Middleware;
  4 | 
  5 | use JeremyKendall\Slim\Auth\Middleware\Authorization;
  6 | use Slim\Http\Environment;
  7 | use Slim\Http\Request;
  8 | use Slim\Http\Response;
  9 | use Slim\Route;
 10 | use Zend\Permissions\Acl\Acl;
 11 | use Zend\Permissions\Acl\Role\GenericRole as Role;
 12 | 
 13 | class AuthorizationTest extends \PHPUnit_Framework_TestCase
 14 | {
 15 |     /**
 16 |      * @var Zend\Authentication\AuthenticationServiceInterface
 17 |      */
 18 |     private $auth;
 19 | 
 20 |     /**
 21 |      * @var Zend\Permissions\Acl\AclInterface
 22 |      */
 23 |     private $acl;
 24 | 
 25 |     /**
 26 |      * @var Authorization
 27 |      */
 28 |     private $middleware;
 29 | 
 30 |     protected function setUp()
 31 |     {
 32 |         parent::setUp();
 33 | 
 34 |         $this->auth = $this->getMock('Zend\Authentication\AuthenticationServiceInterface');
 35 |         $this->acl = $this->getConfiguredAcl();
 36 |     }
 37 | 
 38 |     protected function tearDown()
 39 |     {
 40 |         $this->middleware = null;
 41 |         $this->acl = null;
 42 |         parent::tearDown();
 43 |     }
 44 | 
 45 |     /**
 46 |      * @dataProvider authenticationDataProvider
 47 |      */
 48 |     public function testRouteAuthentication(
 49 |         $requestMethod,
 50 |         $path,
 51 |         $location,
 52 |         $hasIdentity,
 53 |         $identity,
 54 |         $httpStatus,
 55 |         $pattern
 56 |     ) {
 57 |         $env = Environment::mock([
 58 |             'REQUEST_METHOD' => $requestMethod,
 59 |             'REQUEST_URI' => $path,
 60 |         ]);
 61 | 
 62 |         $request = Request::createFromEnvironment($env);
 63 |         $response = new Response();
 64 |         $middleware = new Authorization($this->auth, $this->acl);
 65 | 
 66 |         $this->auth->expects($this->once())
 67 |             ->method('hasIdentity')
 68 |             ->will($this->returnValue($hasIdentity));
 69 | 
 70 |         $this->auth->expects($this->once())
 71 |             ->method('getIdentity')
 72 |             ->will($this->returnValue($identity));
 73 | 
 74 |         // ROUTE
 75 |         $route = new Route([$requestMethod], $pattern, function ($req, $res, $args) {});
 76 |         $request = $request->withAttribute('route', $route);
 77 | 
 78 |         $next = function ($req, $res) {
 79 |             return $res;
 80 |         };
 81 |         $response = $middleware($request, $response, $next);
 82 | 
 83 |         $this->assertEquals($httpStatus, $response->getStatusCode());
 84 |         $this->assertEquals($location, $response->getHeaderLine('Location'));
 85 |     }
 86 | 
 87 |     public function testNullRouteDoesNotAttemptAuth()
 88 |     {
 89 |         $env = Environment::mock([
 90 |             'REQUEST_METHOD' => 'GET',
 91 |             'REQUEST_URI' => '/does-not-exist-in-app',
 92 |         ]);
 93 | 
 94 |         $request = Request::createFromEnvironment($env);
 95 |         $response = new Response();
 96 |         $middleware = new Authorization($this->auth, $this->acl);
 97 | 
 98 |         $this->auth->expects($this->never())
 99 |             ->method('hasIdentity');
100 | 
101 |         $this->auth->expects($this->never())
102 |             ->method('getIdentity');
103 | 
104 |         $next = function ($req, $res) {
105 |             return $res;
106 |         };
107 |         $response = $middleware($request, $response, $next);
108 | 
109 |         $this->assertEquals(200, $response->getStatusCode());
110 |         $this->assertEquals('', $response->getHeaderLine('Location'));
111 |     }
112 | 
113 |     public function authenticationDataProvider()
114 |     {
115 |         /*
116 |         $requestMethod,
117 |         $path,
118 |         $location,
119 |         $hasIdentity,
120 |         $identity,
121 |         $httpStatus,
122 |         $pattern
123 |          */
124 |         return [
125 |             // Guest
126 |             ['GET', '/', null, false, null, 200, '/'],
127 |             ['GET', '/login', null, false, null, 200, '/login'],
128 |             ['POST', '/login', null, false, null, 200, '/login'],
129 |             ['GET', '/member', null, false, null, 401, '/member'],
130 |             // Member
131 |             ['GET', '/admin', null, true, new Identity('member'), 403, '/admin'],
132 |             ['DELETE', '/member/photo/992892', null, true, ['role' => 'member'], 200, '/member/photo/{id}'],
133 |             // Admin
134 |             ['GET', '/admin', null, true, ['role' => 'admin'], 200, '/admin'],
135 |         ];
136 |     }
137 | 
138 |     private function getConfiguredAcl()
139 |     {
140 |         $acl = new Acl();
141 | 
142 |         $acl->addRole(new Role('guest'));
143 |         $acl->addRole(new Role('member'), 'guest');
144 |         $acl->addRole(new Role('admin'));
145 | 
146 |         $acl->addResource('/');
147 |         $acl->addResource('/login');
148 |         $acl->addResource('/member');
149 |         $acl->addResource('/member/photo/{id}');
150 |         $acl->addResource('/admin');
151 | 
152 |         $acl->allow('guest', '/');
153 |         $acl->allow('guest', '/login', ['GET', 'POST']);
154 | 
155 |         $acl->allow('member', '/member');
156 |         $acl->allow('member', '/member/photo/{id}', 'DELETE');
157 | 
158 |         // admin gets everything
159 |         $acl->allow('admin');
160 | 
161 |         return $acl;
162 |     }
163 | }
164 | 
165 | final class Identity implements \JeremyKendall\Slim\Auth\IdentityInterface
166 | {
167 |     private $identity;
168 | 
169 |     public function __construct($identity)
170 |     {
171 |         $this->identity = $identity;
172 |     }
173 | 
174 |     public function getRole()
175 |     {
176 |         return $this->identity;
177 |     }
178 | }
179 | 


--------------------------------------------------------------------------------
/tests/bootstrap.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | error_reporting(-1);
 4 | ini_set('display_errors', 1);
 5 | ini_set('display_startup_errors', 1);
 6 | date_default_timezone_set('America/Chicago');
 7 | 
 8 | $loader = require dirname(__DIR__) . '/vendor/autoload.php';
 9 | $loader->add('JeremyKendall\\Slim\\Auth\\Tests\\', __DIR__);
10 | 
11 | define('SLIM_MODE', 'testing');
12 | 


--------------------------------------------------------------------------------
/travis.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <phpunit bootstrap="tests/bootstrap.php">
 3 |     <testsuite name="all-tests">
 4 |         <directory>tests</directory>
 5 |     </testsuite>
 6 |     <filter>
 7 |         <whitelist>
 8 |             <directory suffix=".php">src</directory>
 9 |         </whitelist>
10 |     </filter>
11 | </phpunit>
12 | 


--------------------------------------------------------------------------------