Merge branch 'hotfix/4'

weierophinney · weierophinney · commit d9971483056c · 2017-11-27T10:59:48.000-06:00
Close #4 Fixes #1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,36 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
+## 0.2.0 - 2017-11-27
+
+### Added
+
+- Nothing.
+
+### Changed
+
+- [#4](https://github.com/zendframework/zend-expressive-authentication/pull/4)
+  renames the method `UserInterface::getUserRole()` to
+  `UserInterface::getUserRoles()`. The method MUST return an array of string
+  role names.
+
+- [#4](https://github.com/zendframework/zend-expressive-authentication/pull/4)
+  renames the method `UserRepositoryInterface::getRoleFromUser()` to
+  `UserRepositoryInterface::getRolesFromUser()`. The method MUST return an array
+  of string role names.
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- Nothing.
+
 ## 0.1.0 - 2017-11-08
 
 Initial release.
diff --git a/src/UserInterface.php b/src/UserInterface.php
@@ -14,7 +14,9 @@ interface UserInterface
     public function getUsername() : string;
 
     /**
-     * Get the user role
+     * Get all user roles
+     *
+     * @return string[]
      */
-    public function getUserRole() : string;
+    public function getUserRoles() : array;
 }
diff --git a/src/UserRepository/Htpasswd.php b/src/UserRepository/Htpasswd.php
@@ -59,10 +59,18 @@ public function authenticate(string $credential, string $password = null) : ?Use
         fclose($handle);
 
         return $found && password_verify($password, $hash) ?
-               $this->generateUser($credential, '') :
+               $this->generateUser($credential) :
                null;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    public function getRolesFromUser(string $username) : array
+    {
+        return [];
+    }
+
     /**
      * Check bcrypt usage for security reason
      *
diff --git a/src/UserRepository/HtpasswdFactory.php b/src/UserRepository/HtpasswdFactory.php
@@ -17,12 +17,16 @@ class HtpasswdFactory
      */
     public function __invoke(ContainerInterface $container) : Htpasswd
     {
-        $htpasswd = $container->get('config')['authentication']['htpasswd'] ?? null;
+        $config = $container->has('config') ? $container->get('config') : [];
+        $htpasswd = $config['authentication']['htpasswd'] ?? null;
+
         if (null === $htpasswd) {
-            throw new Exception\InvalidConfigException(
-                'Htpasswd file name is not present in user_register config'
-            );
+            throw new Exception\InvalidConfigException(sprintf(
+                'Config key authentication.htpasswd is not present; cannot create %s user repository adapter',
+                Htpasswd::class
+            ));
         }
+
         return new Htpasswd($htpasswd);
     }
 }
diff --git a/src/UserRepository/PdoDatabase.php b/src/UserRepository/PdoDatabase.php
@@ -41,19 +41,52 @@ public function __construct(PDO $pdo, array $config)
     public function authenticate(string $credential, string $password = null) : ?UserInterface
     {
         $sql = sprintf(
-            'SELECT * FROM %s WHERE %s = :username',
+            "SELECT %s FROM %s WHERE %s = :username",
+            $this->config['field']['password'],
             $this->config['table'],
             $this->config['field']['username']
         );
+
         $stmt = $this->pdo->prepare($sql);
         $stmt->bindParam(':username', $credential);
+
         if (! $stmt->execute()) {
             return null;
         }
+
         $result = $stmt->fetchObject();
 
-        return password_verify($password, $result->{$this->config['field']['password']}) ?
-               $this->generateUser($credential, $this->config['field']['role'] ?? '') :
-               null;
+        return password_verify($password, $result->{$this->config['field']['password']})
+            ? $this->generateUser($credential, $this->getRolesFromUser($credential))
+            : null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function getRolesFromUser(string $username) : array
+    {
+        if (! isset($this->config['sql_get_roles'])) {
+            return [];
+        }
+
+        if (false === strpos($this->config['sql_get_roles'], ':username')) {
+            throw new Exception\InvalidConfigException(
+                'The sql_get_roles configuration setting must include a :username parameter'
+            );
+        }
+
+        $stmt = $this->pdo->prepare($this->config['sql_get_roles']);
+        $stmt->bindParam(':username', $username);
+
+        if (! $stmt->execute()) {
+            return [];
+        }
+
+        $roles = [];
+        foreach ($stmt->fetchAll(PDO::FETCH_NUM) as $role) {
+            $roles[] = $role[0];
+        }
+        return $roles;
     }
 }
diff --git a/src/UserRepository/UserTrait.php b/src/UserRepository/UserTrait.php
@@ -12,28 +12,28 @@
 trait UserTrait
 {
     /**
-     * Generate a user from $username and $role
+     * Generate a user from username and list of roles
      */
-    protected function generateUser(string $username, string $role) : UserInterface
+    protected function generateUser(string $username, ?array $roles = null) : UserInterface
     {
-        return new class($username, $role) implements UserInterface {
+        return new class($username, $roles) implements UserInterface {
             private $username;
-            private $role;
+            private $roles;
 
-            public function __construct($username, $role)
+            public function __construct(string $username, $roles)
             {
                 $this->username = $username;
-                $this->role = $role;
+                $this->roles = $roles ?: [];
             }
 
             public function getUsername() : string
             {
                 return $this->username;
             }
 
-            public function getUserRole() : string
+            public function getUserRoles() : array
             {
-                return $this->role;
+                return $this->roles;
             }
         };
     }
diff --git a/src/UserRepositoryInterface.php b/src/UserRepositoryInterface.php
@@ -16,4 +16,12 @@ interface UserRepositoryInterface
      * @param string $credential can be also a token
      */
     public function authenticate(string $credential, string $password = null) : ?UserInterface;
+
+    /**
+     * Get the user roles if present.
+     *
+     * @param string $username
+     * @return string[]
+     */
+    public function getRolesFromUser(string $username) : array;
 }
diff --git a/test/TestAssets/pdo_role.sqlite b/test/TestAssets/pdo_role.sqlite
diff --git a/test/TestAssets/pdo_roles.sqlite b/test/TestAssets/pdo_roles.sqlite
diff --git a/test/TestAssets/sqlite_with_role.sql b/test/TestAssets/sqlite_with_role.sql
@@ -0,0 +1,7 @@
+CREATE TABLE user(
+    username TEXT,
+    password TEXT,
+    role TEXT
+);
+
+INSERT INTO user (username, password, role) VALUES ('test', '$2y$10$C822kPutHb8S/An9pBzJHeaN2/uqytA88O5VtTaY9m9EzWCJPDF7e', 'admin');
diff --git a/test/TestAssets/sqlite_with_roles.sql b/test/TestAssets/sqlite_with_roles.sql
@@ -0,0 +1,24 @@
+CREATE TABLE user(
+    username TEXT,
+    password TEXT
+);
+
+CREATE TABLE role(
+    role TEXT
+);
+
+CREATE TABLE user_role(
+    username TEXT,
+    role TEXT
+);
+
+INSERT INTO user (username, password) VALUES
+('test', '$2y$10$C822kPutHb8S/An9pBzJHeaN2/uqytA88O5VtTaY9m9EzWCJPDF7e');
+
+INSERT INTO role (role) VALUES
+('user'),
+('admin');
+
+INSERT INTO user_role (username, role) VALUES
+('test', 'user'),
+('test', 'admin');
diff --git a/test/UserRepository/HtpasswdFactoryTest.php b/test/UserRepository/HtpasswdFactoryTest.php
@@ -8,6 +8,7 @@
 
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
+use Zend\Expressive\Authentication\Exception\InvalidConfigException;
 use Zend\Expressive\Authentication\UserRepository\Htpasswd;
 use Zend\Expressive\Authentication\UserRepository\HtpasswdFactory;
 
@@ -19,30 +20,40 @@ protected function setUp()
         $this->factory = new HtpasswdFactory();
     }
 
-    /**
-     * @expectedException Zend\Expressive\Authentication\Exception\InvalidConfigException
-     */
+    public function testInvokeWithMissingConfig()
+    {
+        $this->container->has('config')->willReturn(false);
+        $this->container->get('config')->shouldNotBeCalled();
+
+        $this->expectException(InvalidConfigException::class);
+        $htpasswd = ($this->factory)($this->container->reveal());
+    }
+
     public function testInvokeWithEmptyConfig()
     {
+        $this->container->has('config')->willReturn(true);
         $this->container->get('config')->willReturn([]);
+
+        $this->expectException(InvalidConfigException::class);
         $htpasswd = ($this->factory)($this->container->reveal());
     }
 
-    /**
-     * @expectedException Zend\Expressive\Authentication\Exception\InvalidConfigException
-     */
     public function testInvokeWithInvalidConfig()
     {
+        $this->container->has('config')->willReturn(true);
         $this->container->get('config')->willReturn([
             'authentication' => [
                 'htpasswd' => 'foo'
             ]
         ]);
+
+        $this->expectException(InvalidConfigException::class);
         $htpasswd = ($this->factory)($this->container->reveal());
     }
 
     public function testInvokeWithValidConfig()
     {
+        $this->container->has('config')->willReturn(true);
         $this->container->get('config')->willReturn([
             'authentication' => [
                 'htpasswd' => __DIR__ . '/../TestAssets/htpasswd'
diff --git a/test/UserRepository/PdoDatabaseTest.php b/test/UserRepository/PdoDatabaseTest.php
@@ -50,4 +50,40 @@ public function testAuthenticateInvalidUser()
         $user = $pdoDatabase->authenticate('test', 'foo');
         $this->assertNull($user);
     }
+
+    public function testAuthenticateWithRole()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_role.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ],
+            'sql_get_roles' => 'SELECT role FROM user WHERE username = :username'
+        ]);
+
+        $user = $pdoDatabase->authenticate('test', 'password');
+        $this->assertInstanceOf(UserInterface::class, $user);
+        $this->assertEquals('test', $user->getUsername());
+        $this->assertEquals(['admin'], $user->getUserRoles());
+    }
+
+    public function testAuthenticateWithRoles()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_roles.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ],
+            'sql_get_roles' => 'SELECT role FROM user_role WHERE username = :username'
+        ]);
+
+        $user = $pdoDatabase->authenticate('test', 'password');
+        $this->assertInstanceOf(UserInterface::class, $user);
+        $this->assertEquals('test', $user->getUsername());
+        $this->assertEquals(['user', 'admin'], $user->getUserRoles());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,12 +17,16 @@ class HtpasswdFactory`
`17`	`17`	`*/`
`18`	`18`	`public function __invoke(ContainerInterface $container) : Htpasswd`
`19`	`19`	`{`
`20`		`- $htpasswd = $container->get('config')['authentication']['htpasswd'] ?? null;`
	`20`	`+ $config = $container->has('config') ? $container->get('config') : [];`
	`21`	`+ $htpasswd = $config['authentication']['htpasswd'] ?? null;`
	`22`	`+`
`21`	`23`	`if (null === $htpasswd) {`
`22`		`- throw new Exception\InvalidConfigException(`
`23`		`- 'Htpasswd file name is not present in user_register config'`
`24`		`- );`
	`24`	`+ throw new Exception\InvalidConfigException(sprintf(`
	`25`	`+ 'Config key authentication.htpasswd is not present; cannot create %s user repository adapter',`
	`26`	`+ Htpasswd::class`
	`27`	`+ ));`
`25`	`28`	`}`
	`29`	`+`
`26`	`30`	`return new Htpasswd($htpasswd);`
`27`	`31`	`}`
`28`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,28 +12,28 @@`
`12`	`12`	`trait UserTrait`
`13`	`13`	`{`
`14`	`14`	`/**`
`15`		`- * Generate a user from $username and $role`
	`15`	`+ * Generate a user from username and list of roles`
`16`	`16`	`*/`
`17`		`- protected function generateUser(string $username, string $role) : UserInterface`
	`17`	`+ protected function generateUser(string $username, ?array $roles = null) : UserInterface`
`18`	`18`	`{`
`19`		`- return new class($username, $role) implements UserInterface {`
	`19`	`+ return new class($username, $roles) implements UserInterface {`
`20`	`20`	`private $username;`
`21`		`- private $role;`
	`21`	`+ private $roles;`
`22`	`22`
`23`		`- public function __construct($username, $role)`
	`23`	`+ public function __construct(string $username, $roles)`
`24`	`24`	`{`
`25`	`25`	`$this->username = $username;`
`26`		`- $this->role = $role;`
	`26`	`+ $this->roles = $roles ?: [];`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`public function getUsername() : string`
`30`	`30`	`{`
`31`	`31`	`return $this->username;`
`32`	`32`	`}`
`33`	`33`
`34`		`- public function getUserRole() : string`
	`34`	`+ public function getUserRoles() : array`
`35`	`35`	`{`
`36`		`- return $this->role;`
	`36`	`+ return $this->roles;`
`37`	`37`	`}`
`38`	`38`	`};`
`39`	`39`	`}`