diff --git a/src/Authorize/AuthorizeMethodInterface.php b/src/Authorize/AuthorizeMethodInterface.php index f3ddc56..f1a3392 100644 --- a/src/Authorize/AuthorizeMethodInterface.php +++ b/src/Authorize/AuthorizeMethodInterface.php @@ -7,7 +7,7 @@ use Ulmus\User\Entity\UserInterface; interface AuthorizeMethodInterface { - public function connect(ServerRequestInterface $request, UserInterface $user) : bool; + public function connect(ServerRequestInterface $request) : ServerRequestInterface; public function catchRequest(ServerRequestInterface $request) : bool; } \ No newline at end of file diff --git a/src/Authorize/Header/BasicMethod.php b/src/Authorize/Header/BasicMethod.php index 954dde7..ecdbbb1 100644 --- a/src/Authorize/Header/BasicMethod.php +++ b/src/Authorize/Header/BasicMethod.php @@ -3,34 +3,31 @@ namespace Ulmus\User\Authorize\Header; use Psr\Http\Message\ServerRequestInterface; -use Ulmus\User\Entity\BasicAuthUserInterface; -use Ulmus\User\Entity\UserInterface; -use Ulmus\User\Lib\Authorize; +use Ulmus\User\Lib\AuthenticationMethodEnum; class BasicMethod implements MethodInterface { public function __construct( - protected BasicAuthUserInterface $user, protected string|array $arguments ) {} - public function execute(ServerRequestInterface $request) : bool + public function execute(ServerRequestInterface $request) : ServerRequestInterface { if ( false === $decoded = base64_decode($this->arguments) ) { throw new \RuntimeException("Base64 decoding of given username:password failed"); } - list($userName, $password) = explode(':', $decoded) + [ null, null ]; + list($username, $password) = explode(':', $decoded) + [ null, null ]; - if ( empty($userName) ) { + if ( empty($username) ) { throw new \RuntimeException("A username must be provided"); } elseif ( empty($password) ) { throw new \RuntimeException("A password must be provided"); } - ( new Authorize($this->user) )->authenticate([ $this->user->usernameField() => $userName ], $password); - - return $this->user->loggedIn(); + return $request->withAttribute('authentication_middleware:method', AuthenticationMethodEnum::UsernamePassword) + ->withAttribute('authentication_middleware:username', $username) + ->withAttribute('authentication_middleware:password', $password); } } \ No newline at end of file diff --git a/src/Authorize/Header/BearerMethod.php b/src/Authorize/Header/BearerMethod.php index ccd010c..f2b5f20 100644 --- a/src/Authorize/Header/BearerMethod.php +++ b/src/Authorize/Header/BearerMethod.php @@ -3,32 +3,30 @@ namespace Ulmus\User\Authorize\Header; use Psr\Http\Message\ServerRequestInterface; -use Ulmus\User\Authorize\Bearer\JsonWebToken; use Ulmus\User\Authorize\Bearer\JsonWebTokenDecoder; use Ulmus\User\Entity\UserInterface; -use Ulmus\User\Lib\Authorize; +use Ulmus\User\Lib\Authenticate; class BearerMethod implements MethodInterface { protected JsonWebTokenDecoder $jwt; public function __construct( - protected UserInterface $user, + # protected Authenticate $authorize, + # protected UserInterface $user, protected string $token ) {} - public function execute(ServerRequestInterface $request) : bool + public function execute(ServerRequestInterface $request) : ServerRequestInterface { + # $this->authorize->user = $this->user; + switch($this->autodetectTokenType()) { case BearerTokenTypeEnum::JsonWebToken: - $authorize = new Authorize($this->user); - $payload = $this->jwt->getPayload(); - if ($payload['sub'] ?? false) { - if ( ! $authorize->logUser((int) $payload['sub']) ) { - throw new \Exception("Given user id do not match with an existing/active user"); - } + if ( $payload['sub'] ?? false) { + $request = $request->withAttribute('authentication_middleware:user_id', $payload['sub']); } else { throw new \InvalidArgumentException("Given JsonWebToken is missing a 'sub' key (which concords to user id)"); @@ -41,8 +39,7 @@ class BearerMethod implements MethodInterface break; } - - return $this->user->loggedIn(); + return $request; } public function autodetectTokenType() : BearerTokenTypeEnum @@ -55,9 +52,4 @@ class BearerMethod implements MethodInterface return BearerTokenTypeEnum::UniqueKey; } - - protected function userFromJWT() : UserInterface - { - - } } \ No newline at end of file diff --git a/src/Authorize/Header/DigestMethod.php b/src/Authorize/Header/DigestMethod.php index 7968a85..ed2660d 100644 --- a/src/Authorize/Header/DigestMethod.php +++ b/src/Authorize/Header/DigestMethod.php @@ -4,15 +4,17 @@ namespace Ulmus\User\Authorize\Header; use Psr\Http\Message\ServerRequestInterface; use Ulmus\User\Entity\DigestAuthUserInterface; +use Ulmus\User\Lib\Authenticate; class DigestMethod implements MethodInterface { public function __construct( - protected DigestAuthUserInterface $user, + # protected Authenticate $authorize, + # protected DigestAuthUserInterface $user, protected string|array $arguments ) {} - public function execute(ServerRequestInterface $request) : bool + public function execute(ServerRequestInterface $request) : ServerRequestInterface { $arguments = $this->parseDigestArguments($this->arguments); @@ -26,7 +28,7 @@ class DigestMethod implements MethodInterface $arguments['nc'] = str_pad($arguments['nc'] ?? "1", 8, '0', STR_PAD_LEFT); - $ha1 = $this->getSecretHash(); + $ha1 = "@TODO !@"; # $this->authorize->user->getSecretHash(); if ($isSess) { $ha1 = hash($hashMethod, implode(':', [ @@ -39,14 +41,14 @@ class DigestMethod implements MethodInterface $ha2 = hash($hashMethod, implode(':', [ strtoupper($request->getMethod()), $arguments['uri'], hash($hashMethod, $body ?? "") ])); - break; + break; case 'auth': default: $ha2 = hash($hashMethod, implode(':', [ strtoupper($request->getMethod()), $arguments['uri'] ])); - break; + break; } if (isset($arguments['qop'])) { @@ -60,7 +62,13 @@ class DigestMethod implements MethodInterface ])); } - return $response === $arguments['response']; + if ($response === $arguments['response']) { + $request = $request->withAttribute('authentication_middleware:user_id', $arguments['username']); + + # @TODO ! Add Type here to match login with Username Only + } + + return $request; } diff --git a/src/Authorize/Header/MethodInterface.php b/src/Authorize/Header/MethodInterface.php index 3f12ed1..eceac12 100644 --- a/src/Authorize/Header/MethodInterface.php +++ b/src/Authorize/Header/MethodInterface.php @@ -6,5 +6,5 @@ use Psr\Http\Message\ServerRequestInterface; interface MethodInterface { - public function execute(ServerRequestInterface $request) : bool; + public function execute(ServerRequestInterface $request) : ServerRequestInterface; } \ No newline at end of file diff --git a/src/Authorize/HeaderAuthentication.php b/src/Authorize/HeaderAuthentication.php index c0a6323..81f161a 100644 --- a/src/Authorize/HeaderAuthentication.php +++ b/src/Authorize/HeaderAuthentication.php @@ -5,53 +5,64 @@ namespace Ulmus\User\Authorize; use Psr\Http\Message\ServerRequestInterface; use Ulmus\User\Common\AuthorizeContentTypeEnum; use Ulmus\User\Entity\{ DigestAuthUserInterface, UserInterface }; +use Ulmus\User\Lib\Authenticate; +use Ulmus\User\Lib\HeaderAuthenticationTypeEnum; class HeaderAuthentication implements AuthorizeMethodInterface { - public function connect(ServerRequestInterface $request, UserInterface $user): bool + public function __construct( + protected Authenticate $authorize, + ) { } + + public function connect(ServerRequestInterface $request): ServerRequestInterface { - if (null !== ( $auth = $request->getHeaderLine('Authorization') )) { - list($method, $value) = explode(' ', $auth, 2) + [ null, null ]; + $type = HeaderAuthenticationTypeEnum::fromRequest($request); - switch(strtolower($method)) { - case "basic": - $methodObj = new Header\BasicMethod($user, $value); + if ( null !== $type ) { + list(, $value) = explode(' ', $request->getHeaderLine('Authorization'), 2) + [ null, null ]; + + switch($type) { + case HeaderAuthenticationTypeEnum::Basic: + $methodObj = new Header\BasicMethod($value); break; - case "digest": - if (! $user instanceof DigestAuthUserInterface) { - throw new \RuntimeException("Your user entity must provide a valid hash of `user:realm:password` "); - } + case HeaderAuthenticationTypeEnum::Digest: + #if (! $user instanceof DigestAuthUserInterface) { + # throw new \RuntimeException("Your user entity must provide a valid hash of `user:realm:password` "); + #} - $methodObj = new Header\DigestMethod($user, $value); + $methodObj = new Header\DigestMethod($value); break; - case "bearer": - $methodObj = new Header\BearerMethod($user, $value); + case HeaderAuthenticationTypeEnum::Bearer: + $methodObj = new Header\BearerMethod($value); break; - case "token": - + case HeaderAuthenticationTypeEnum::Token: + // @TODO ! break; - - default: - throw new \InvalidArgumentException("An authentication method must be provided"); } } - return isset($methodObj) && $methodObj->execute($request); + if (isset($methodObj)) { + $request = $methodObj->execute($request); + } + + return $request; } public function catchRequest(ServerRequestInterface $request) : bool { - foreach(array_merge($request->getHeader('Accept'), $request->getHeader('Content-Type')) as $accept) { + # Previously only catched from JSON content-type ; now accepts every connections + + /*foreach(array_merge($request->getHeader('Accept'), $request->getHeader('Content-Type')) as $accept) { foreach(explode(',', $accept) as $contentType) { if ( AuthorizeContentTypeEnum::tryFrom(strtolower($contentType)) ) { return true; } } - } + }*/ - return false; + return $request->hasHeader('authorization'); } } \ No newline at end of file diff --git a/src/Authorize/PostRequestAuthentication.php b/src/Authorize/PostRequestAuthentication.php index 4ef2747..44a063c 100644 --- a/src/Authorize/PostRequestAuthentication.php +++ b/src/Authorize/PostRequestAuthentication.php @@ -5,21 +5,23 @@ namespace Ulmus\User\Authorize; use Psr\Http\Message\ServerRequestInterface; use Ulmus\User\Entity\UserInterface; use Ulmus\User\Lib\Authenticate; +use Ulmus\User\Lib\AuthenticationMethodEnum; class PostRequestAuthentication implements AuthorizeMethodInterface { public function __construct( - public Authenticate $authenticate, protected string $fieldUser = "email", protected string $postFieldUser = "email", protected string $postFieldPassword = "password", ) {} - public function connect(ServerRequestInterface $request, UserInterface $user): bool + public function connect(ServerRequestInterface $request) : ServerRequestInterface { $post = $request->getParsedBody(); - return $this->authenticate->authenticate([ $this->fieldUser => $post[$this->postFieldUser] ], $post[$this->postFieldPassword]); + return $request->withAttribute('authentication_middleware:method', AuthenticationMethodEnum::UsernamePassword) + ->withAttribute('authentication_middleware:username', [ $this->fieldUser => $post[$this->postFieldUser] ]) + ->withAttribute('authentication_middleware:password', $post[$this->postFieldPassword]); } public function catchRequest(ServerRequestInterface $request): bool diff --git a/src/Lib/Authenticate.php b/src/Lib/Authenticate.php index fe00b39..5dc1ebd 100644 --- a/src/Lib/Authenticate.php +++ b/src/Lib/Authenticate.php @@ -42,10 +42,14 @@ class Authenticate { $this->session->destroy(); } - public function authenticate(array $userLogin, string $password) : bool + public function authenticate(string|array $userLogin, string $password) : bool { $repository = $this->user::repository(); + if (is_string($userLogin)) { + $userLogin = [ $this->user->usernameField() => $userLogin ]; + } + foreach($userLogin as $field => $value) { $repository->or($field, $value); } diff --git a/src/Lib/HeaderAuthenticationTypeEnum.php b/src/Lib/HeaderAuthenticationTypeEnum.php new file mode 100644 index 0000000..3179df1 --- /dev/null +++ b/src/Lib/HeaderAuthenticationTypeEnum.php @@ -0,0 +1,24 @@ +hasHeader('authorization')) { + list($method, ) = explode(' ', $request->getHeaderLine('authorization'), 2); + + return static::tryFrom(strtolower($method)); + } + + return null; + } +} \ No newline at end of file diff --git a/src/Middleware/AuthenticationMiddleware.php b/src/Middleware/AuthenticationMiddleware.php index fbe94f6..e52d52d 100644 --- a/src/Middleware/AuthenticationMiddleware.php +++ b/src/Middleware/AuthenticationMiddleware.php @@ -16,8 +16,8 @@ use Ulmus\User\Lib\AuthenticationMethodEnum; class AuthenticationMiddleware implements MiddlewareInterface { public function __construct( - protected UserInterface $user, protected Authenticate $authenticator, + protected \Closure $loginFailedResponse, ) {} public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface @@ -25,6 +25,10 @@ class AuthenticationMiddleware implements MiddlewareInterface try { if (null !== $id = $request->getAttribute('authentication_middleware:user_id')) { $this->authenticator->loadUser($id); + + if ( ! $this->authenticator->user->isLoaded() ) { + throw new \Exception("Given user id do not match with an existing/active user"); + } } switch($request->getAttribute('authentication_middleware:method')) { @@ -38,7 +42,7 @@ class AuthenticationMiddleware implements MiddlewareInterface } } catch(\Exception $e) { - throw $e; + return call_user_func($this->loginFailedResponse, [ 'api.error_message' => $e->getMessage() ]); } return $handler->handle($request); diff --git a/src/Middleware/HeaderAuthenticationMiddleware.php b/src/Middleware/HeaderAuthenticationMiddleware.php index 7f54a41..b5d02d9 100644 --- a/src/Middleware/HeaderAuthenticationMiddleware.php +++ b/src/Middleware/HeaderAuthenticationMiddleware.php @@ -10,28 +10,18 @@ use Psr\Http\{ }; use Ulmus\User\Entity\UserInterface; use Ulmus\User\Authorize\HeaderAuthentication; +use Ulmus\User\Lib\Authenticate; class HeaderAuthenticationMiddleware implements MiddlewareInterface { - #protected HeaderAuthentication $authenticator; - public function __construct( - protected UserInterface $entity, - protected \Closure $loginFailedResponse, protected HeaderAuthentication $authenticator, ) { } public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { - try { - if ( $this->authenticator->catchRequest($request) ) { - if ( ! $this->authenticator->connect($request, $this->entity) ) { - return call_user_func($this->loginFailedResponse, [ 'api.process' => "Auth failed" ]); - } - } - } - catch(\Exception $e) { - return call_user_func($this->loginFailedResponse, [ 'api.error_message' => $e->getMessage() ]); + if ( $this->authenticator->catchRequest($request) ) { + $request = $this->authenticator->connect($request); } return $handler->handle($request); diff --git a/src/Middleware/PostRequestAuthenticationMiddleware.php b/src/Middleware/PostRequestAuthenticationMiddleware.php index e7c3a45..3eae7d8 100644 --- a/src/Middleware/PostRequestAuthenticationMiddleware.php +++ b/src/Middleware/PostRequestAuthenticationMiddleware.php @@ -14,24 +14,15 @@ use Ulmus\User\Lib\Authenticate; class PostRequestAuthenticationMiddleware implements MiddlewareInterface { - protected PostRequestAuthentication $authenticator; - public function __construct( - protected UserInterface $entity, - protected \Closure $loginFailedResponse, - PostRequestAuthentication $authenticator = null, + protected PostRequestAuthentication $authenticator, ) { - $this->authenticator = $authenticator ?: new PostRequestAuthentication(new Authenticate($entity)); } public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { - $this->authenticator->authenticate->rememberMe(); - if ( $this->authenticator->catchRequest($request) ) { - if ( ! $this->authenticator->connect($request, $this->entity) ) { - return call_user_func($this->loginFailedResponse, "Login failed"); - } + $request = $this->authenticator->connect($request); } return $handler->handle($request);