Merge pull request #4 from ezimuel/feature/multiple-users

[BC break] Added the support of multiple users

Conflicts:
	src/UserInterface.php
	src/UserRepository/PdoDatabase.php
	src/UserRepository/UserTrait.php
	src/UserRepositoryInterface.php

Author: weierophinney

src/UserInterface.php

@@ -14,7 +14,9 @@ interface UserInterface
     public function getUsername() : string;
 
     /**
-     * Get the user role
+     * Get all user roles
+     *
+     * @return string[]|null
      */
-    public function getUserRole() : string;
+    public function getUserRoles() : ?array;
 }

src/UserRepository/Htpasswd.php

@@ -59,10 +59,18 @@ public function authenticate(string $credential, string $password = null) : ?Use
         fclose($handle);
 
         return $found && password_verify($password, $hash) ?
-               $this->generateUser($credential, '') :
+               $this->generateUser($credential) :
                null;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    public function getRolesFromUser(string $username): ?array
+    {
+        return null;
+    }
+
     /**
      * Check bcrypt usage for security reason
      *

src/UserRepository/PdoDatabase.php

@@ -41,7 +41,8 @@ public function __construct(PDO $pdo, array $config)
     public function authenticate(string $credential, string $password = null) : ?UserInterface
     {
         $sql = sprintf(
-            'SELECT * FROM %s WHERE %s = :username',
+            "SELECT %s FROM %s WHERE %s = :username",
+            $this->config['field']['password'],
             $this->config['table'],
             $this->config['field']['username']
         );
@@ -53,7 +54,32 @@ public function authenticate(string $credential, string $password = null) : ?Use
         $result = $stmt->fetchObject();
 
         return password_verify($password, $result->{$this->config['field']['password']}) ?
-               $this->generateUser($credential, $this->config['field']['role'] ?? '') :
+               $this->generateUser($credential, $this->getRolesFromUser($credential)) :
                null;
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function getRolesFromUser(string $username): ?array
+    {
+        if (! isset($this->config['sql_get_roles'])) {
+            return null;
+        }
+        if (false === strpos($this->config['sql_get_roles'], ':username')) {
+            throw new Exception\InvalidConfigException(
+                'The sql_get_roles must include a :username parameter'
+            );
+        }
+        $stmt = $this->pdo->prepare($this->config['sql_get_roles']);
+        $stmt->bindParam(':username', $username);
+        if (! $stmt->execute()) {
+            return null;
+        }
+        $roles = [];
+        foreach ($stmt->fetchAll(PDO::FETCH_NUM) as $role) {
+            $roles[] = $role[0];
+        }
+        return $roles;
+    }
 }

src/UserRepository/UserTrait.php

@@ -12,28 +12,28 @@
 trait UserTrait
 {
     /**
-     * Generate a user from $username and $role
+     * Generate a user from username and list of roles
      */
-    protected function generateUser(string $username, string $role) : UserInterface
+    protected function generateUser(string $username, ?array $roles = null) : UserInterface
     {
-        return new class($username, $role) implements UserInterface {
+        return new class($username, $roles) implements UserInterface {
             private $username;
-            private $role;
+            private $roles;
 
-            public function __construct($username, $role)
+            public function __construct(string $username, $roles)
             {
                 $this->username = $username;
-                $this->role = $role;
+                $this->roles = $roles;
             }
 
             public function getUsername() : string
             {
                 return $this->username;
             }
 
-            public function getUserRole() : string
+            public function getUserRoles() : ?array
             {
-                return $this->role;
+                return $this->roles;
             }
         };
     }

src/UserRepositoryInterface.php

@@ -16,4 +16,12 @@ interface UserRepositoryInterface
      * @param string $credential can be also a token
      */
     public function authenticate(string $credential, string $password = null) : ?UserInterface;
+
+    /**
+     * Get the user roles if present.
+     *
+     * @param string $username
+     * @return string[]|null
+     */
+    public function getRolesFromUser(string $username) : ?array;
 }

test/TestAssets/pdo_role.sqlite

@@ -0,0 +1,7 @@
+CREATE TABLE user(
+    username TEXT,
+    password TEXT,
+    role TEXT
+);
+
+INSERT INTO user (username, password, role) VALUES ('test', '$2y$10$C822kPutHb8S/An9pBzJHeaN2/uqytA88O5VtTaY9m9EzWCJPDF7e', 'admin');

test/TestAssets/pdo_roles.sqlite

@@ -0,0 +1,24 @@
+CREATE TABLE user(
+    username TEXT,
+    password TEXT
+);
+
+CREATE TABLE role(
+    role TEXT
+);
+
+CREATE TABLE user_role(
+    username TEXT,
+    role TEXT
+);
+
+INSERT INTO user (username, password) VALUES
+('test', '$2y$10$C822kPutHb8S/An9pBzJHeaN2/uqytA88O5VtTaY9m9EzWCJPDF7e');
+
+INSERT INTO role (role) VALUES
+('user'),
+('admin');
+
+INSERT INTO user_role (username, role) VALUES
+('test', 'user'),
+('test', 'admin');

test/TestAssets/sqlite_with_role.sql

@@ -50,4 +50,40 @@ public function testAuthenticateInvalidUser()
         $user = $pdoDatabase->authenticate('test', 'foo');
         $this->assertNull($user);
     }
+
+    public function testAuthenticateWithRole()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_role.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ],
+            'sql_get_roles' => 'SELECT role FROM user WHERE username = :username'
+        ]);
+
+        $user = $pdoDatabase->authenticate('test', 'password');
+        $this->assertInstanceOf(UserInterface::class, $user);
+        $this->assertEquals('test', $user->getUsername());
+        $this->assertEquals(['admin'], $user->getUserRoles());
+    }
+
+    public function testAuthenticateWithRoles()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_roles.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ],
+            'sql_get_roles' => 'SELECT role FROM user_role WHERE username = :username'
+        ]);
+
+        $user = $pdoDatabase->authenticate('test', 'password');
+        $this->assertInstanceOf(UserInterface::class, $user);
+        $this->assertEquals('test', $user->getUsername());
+        $this->assertEquals(['user', 'admin'], $user->getUserRoles());
+    }
 }