Code
/
islandora
7
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Add JWT Token Authentication (#38) 

* Add JWT Token Authentication

This adds JWT token authentication to Islandora. We send these tokens
along with broadcast messages, and can use them to authenticate with
Fedora as well as call back into Islandora.

* Updated the version for JWT in the composer file.

* JwtEventSubscriber tests.

* Fixing copy/pasta mistake in tests (#2)

* Update JWT Structure to Eliminate Nesting

No java JWT parsing libraries like when a JWT contains nested
structures, even when that is allowed in the standard. This
commit updates our code so we put the drupal data at the
root level of the JWT claims, instead of in a subclaim.

* Coding standards for new sniffs
pull/756/head
Jonathan Green 8 years ago committed by Nick Ruest
parent
74004f2bad
commit
afcd377f9e
30 changed files with 361 additions and 60 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      .github/PULL_REQUEST_TEMPLATE.md
  2. 1
      .gitignore
  3. 3
      composer.json
  4. 1
      config/install/core.entity_form_display.fedora_resource.rdf_source.default.yml
  5. 1
      config/install/core.entity_view_mode.fedora_resource.teaser.yml
  6. 1
      config/install/field.field.fedora_resource.rdf_source.field_ldp_contains.yml
  7. 1
      config/install/islandora.settings.yml
  8. 1
      config/install/rdf.mapping.fedora_resource_type.non_rdf_source.yml
  9. 1
      config/install/rdf.mapping.fedora_resource_type.rdf_source.yml
  10. 4
      config/install/rest.resource.entity.fedora_resource.yml
  11. 1
      config/install/rules.reaction.broadcast_create_event.yml
  12. 1
      config/install/rules.reaction.broadcast_delete_event.yml
  13. 1
      config/install/rules.reaction.broadcast_update_event.yml
  14. 1
      config/install/views.view.fedora_entities_reference.yml
  15. 1
      config/schema/islandora.schema.yml
  16. 2
      islandora.info.yml
  17. 1
      islandora.links.action.yml
  18. 6
      islandora.services.yml
  19. 4
      src/Controller/FedoraResourceAddController.php
  20. 20
      src/Entity/FedoraResource.php
  21. 140
      src/EventSubscriber/JwtEventSubscriber.php
  22. 10
      src/FedoraResourceInterface.php
  23. 41
      src/Plugin/RulesAction/Broadcaster.php
  24. 6
      src/Plugin/Search/FedoraEntitySearch.php
  25. 2
      src/StompFactory.php
  26. 6
      tests/src/Kernel/BroadcasterTest.php
  27. 2
      tests/src/Kernel/IslandoraKernelTestBase.php
  28. 141
      tests/src/Kernel/JwtEventSubscriberTest.php

15
.github/PULL_REQUEST_TEMPLATE.md
Unescape View File

@ -1,20 +1,24 @@
**GitHub Issue**: (link) **GitHub Issue**: (link)
* Other Relevant Links (Google Groups discussion, related pull requests, Release pull requests, etc.) * Other Relevant Links (Google Groups discussion, related pull requests,
Release pull requests, etc.)
# What does this Pull Request do? # What does this Pull Request do?
A brief description of what the intended result of the PR will be and/or what problem it solves. A brief description of what the intended result of the PR will be and/or what
problem it solves.
# What's new? # What's new?
A in-depth description of the changes made by this PR. Technical details and possible side effects. A in-depth description of the changes made by this PR. Technical details and
possible side effects.
* Changes x feature to such that y * Changes x feature to such that y
* Added x * Added x
* Removed y * Removed y
* Does this change require documentation to be updated? * Does this change require documentation to be updated?
* Does this change add any new dependencies? * Does this change add any new dependencies?
* Does this change require any other modifications to be made to the repository (ie. Regeneration activity, etc.)? * Does this change require any other modifications to be made to the repository
(ie. Regeneration activity, etc.)?
* Could this change impact execution of existing code? * Could this change impact execution of existing code?
# How should this be tested? # How should this be tested?
@ -26,7 +30,8 @@ A description of what steps someone could take to:
* Good testing instructions help get your PR completed faster. * Good testing instructions help get your PR completed faster.
# Additional Notes: # Additional Notes:
Any additional information that you think would be helpful when reviewing this PR. Any additional information that you think would be helpful when reviewing this
PR.
# Interested parties # Interested parties
Tag (@ mention) interested parties or, if unsure, @Islandora-CLAW/committers Tag (@ mention) interested parties or, if unsure, @Islandora-CLAW/committers

1
.gitignore vendored
Unescape View File

@ -1 +1,2 @@
vendor vendor
/.idea/

3
composer.json
Unescape View File

@ -19,7 +19,8 @@
"drupal/rules": "^3.0@alpha", "drupal/rules": "^3.0@alpha",
"drupal/search_api": "^1.0@beta", "drupal/search_api": "^1.0@beta",
"islandora/claw-jsonld": "dev-8.x-1.x", "islandora/claw-jsonld": "dev-8.x-1.x",
"stomp-php/stomp-php": "4.*" "stomp-php/stomp-php": "4.*",
"drupal/jwt": "1.0.0-alpha6"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "^4.8", "phpunit/phpunit": "^4.8",

1
config/install/core.entity_form_display.fedora_resource.rdf_source.default.yml
Unescape View File

@ -64,4 +64,3 @@ content:
placeholder: '' placeholder: ''
third_party_settings: { } third_party_settings: { }
hidden: { } hidden: { }

1
config/install/core.entity_view_mode.fedora_resource.teaser.yml
Unescape View File

@ -11,4 +11,3 @@ id: fedora_resource.teaser
label: Teaser label: Teaser
targetEntityType: fedora_resource targetEntityType: fedora_resource
cache: true cache: true

1
config/install/field.field.fedora_resource.rdf_source.field_ldp_contains.yml
Unescape View File

@ -28,4 +28,3 @@ settings:
display_name: entity_reference_1 display_name: entity_reference_1
arguments: { } arguments: { }
field_type: entity_reference field_type: entity_reference

1
config/install/islandora.settings.yml
Unescape View File

@ -3,4 +3,3 @@ fedora_rest_endpoint: 'http://localhost:8080/fcrepo/rest'
_core: _core:
default_config_hash: nDZDR2rrpXXQ-D_7BYrdDFAXYOsB5hgH6vCAMV5I3w8 default_config_hash: nDZDR2rrpXXQ-D_7BYrdDFAXYOsB5hgH6vCAMV5I3w8
broadcast_queue: islandora-connector-broadcast broadcast_queue: islandora-connector-broadcast

1
config/install/rdf.mapping.fedora_resource_type.non_rdf_source.yml
Unescape View File

@ -45,4 +45,3 @@ fieldMappings:
properties: properties:
- 'ldp:contains' - 'ldp:contains'
mapping_type: rel mapping_type: rel

1
config/install/rdf.mapping.fedora_resource_type.rdf_source.yml
Unescape View File

@ -49,4 +49,3 @@ fieldMappings:
properties: properties:
- 'ldp:contains' - 'ldp:contains'
mapping_type: rel mapping_type: rel

4
config/install/rest.resource.entity.fedora_resource.yml
Unescape View File

@ -21,6 +21,4 @@ configuration:
- json - json
- xml - xml
supported_auth: supported_auth:
- basic_auth - jwt_auth
- cookie

1
config/install/rules.reaction.broadcast_create_event.yml
Unescape View File

@ -54,4 +54,3 @@ expression:
rules_tokens: { } rules_tokens: { }
provides_mapping: { } provides_mapping: { }
action_id: islandora_broadcast action_id: islandora_broadcast

1
config/install/rules.reaction.broadcast_delete_event.yml
Unescape View File

@ -54,4 +54,3 @@ expression:
rules_tokens: { } rules_tokens: { }
provides_mapping: { } provides_mapping: { }
action_id: islandora_broadcast action_id: islandora_broadcast

1
config/install/rules.reaction.broadcast_update_event.yml
Unescape View File

@ -54,4 +54,3 @@ expression:
rules_tokens: { } rules_tokens: { }
provides_mapping: { } provides_mapping: { }
action_id: islandora_broadcast action_id: islandora_broadcast

1
config/install/views.view.fedora_entities_reference.yml
Unescape View File

@ -167,4 +167,3 @@ display:
- 'languages:language_interface' - 'languages:language_interface'
- user.permissions - user.permissions
tags: { } tags: { }

1
config/schema/islandora.schema.yml
Unescape View File

@ -11,4 +11,3 @@ islandora.settings:
broadcast_queue: broadcast_queue:
type: string type: string
label: 'Queue that handles distributing messages amongst multiple recipients' label: 'Queue that handles distributing messages amongst multiple recipients'

2
islandora.info.yml
Unescape View File

@ -15,4 +15,4 @@ dependencies:
- jsonld - jsonld
- rules - rules
- search_api - search_api
version: '8.x-1.x-dev' - jwt

1
islandora.links.action.yml
Unescape View File

@ -8,4 +8,3 @@ entity.fedora_resource_type.add_form:
title: 'Add Fedora resource type' title: 'Add Fedora resource type'
appears_on: appears_on:
- entity.fedora_resource_type.collection - entity.fedora_resource_type.collection

6
islandora.services.yml
Unescape View File

@ -12,3 +12,9 @@ services:
class: Stomp\StatefulStomp class: Stomp\StatefulStomp
factory: ['Drupal\islandora\StompFactory', create] factory: ['Drupal\islandora\StompFactory', create]
arguments: ['@config.factory'] arguments: ['@config.factory']
islandora.jwt-subscriber:
class: Drupal\islandora\EventSubscriber\JwtEventSubscriber
factory: ['Drupal\islandora\EventSubscriber\JwtEventSubscriber', create]
arguments: ['@entity_type.manager', '@current_user']
tags:
- { name: event_subscriber }

4
src/Controller/FedoraResourceAddController.php
Unescape View File

@ -86,7 +86,7 @@ class FedoraResourceAddController extends ControllerBase {
/** /**
* Presents the creation form for fedora_resource entities of given type. * Presents the creation form for fedora_resource entities of given type.
* *
* @param EntityInterface $fedora_resource_type * @param \Drupal\Core\Entity\EntityInterface $fedora_resource_type
* The custom bundle to add. * The custom bundle to add.
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\Request $request
* The current request object. * The current request object.
@ -104,7 +104,7 @@ class FedoraResourceAddController extends ControllerBase {
/** /**
* Provides the page title for this controller. * Provides the page title for this controller.
* *
* @param EntityInterface $fedora_resource_type * @param \Drupal\Core\Entity\EntityInterface $fedora_resource_type
* The custom bundle/type being added. * The custom bundle/type being added.
* *
* @return string * @return string

20
src/Entity/FedoraResource.php
Unescape View File

@ -69,26 +69,6 @@ class FedoraResource extends ContentEntityBase implements FedoraResourceInterfac
use EntityChangedTrait; use EntityChangedTrait;
/**
* Override this to have a rel ='uuid' for islandora entities.
*
* Stolen (but not inherited from EntityInterface)
*
* @param string $rel
* The link relationship type, for example: canonical or edit-form.
* @param array $options
* See \Drupal\Core\Routing\UrlGeneratorInterface::generateFromRoute() for
* the available options.
*
* @return \Drupal\Core\Url
* The URL object.
*/
public function toUrl($rel = 'canonical', array $options = []) {
// TODO: I Will override this to have a rel ='uuid' for islandora entities
// TODO: Change the autogenerated stub.
return parent::toUrl($rel, $options);
}
/** /**
* Gets an array of placeholders for Fedora Resource Entity. * Gets an array of placeholders for Fedora Resource Entity.
* *

140
src/EventSubscriber/JwtEventSubscriber.php
Unescape View File

@ -0,0 +1,140 @@
<?php
namespace Drupal\islandora\EventSubscriber;
use Drupal\jwt\Authentication\Event\JwtAuthValidateEvent;
use Drupal\jwt\Authentication\Event\JwtAuthValidEvent;
use Drupal\jwt\Authentication\Event\JwtAuthGenerateEvent;
use Drupal\jwt\Authentication\Event\JwtAuthEvents;
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
* Class JwtEventSubscriber.
*
* @package Drupal\islandora\EventSubscriber
*/
class JwtEventSubscriber implements EventSubscriberInterface {
/**
* User storage to load users.
*
* @var \Drupal\Core\Entity\EntityStorageInterface
*/
protected $userStorage;
/**
* The current user.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $currentUser;
/**
* Constructor.
*
* @param \Drupal\Core\Entity\EntityStorageInterface $userStorage
* User storage to load users.
* @param \Drupal\Core\Session\AccountInterface $user
* The current user.
*/
public function __construct(
EntityStorageInterface $userStorage,
AccountInterface $user
) {
$this->userStorage = $userStorage;
$this->currentUser = $user;
}
/**
* Factory.
*
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entityManager
* Entity manager to get user storage.
* @param \Drupal\Core\Session\AccountInterface $user
* The current user.
*/
public static function create(
EntityTypeManagerInterface $entityManager,
AccountInterface $user
) {
return new static(
$entityManager->getStorage('user'),
$user
);
}
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents() {
$events[JwtAuthEvents::VALIDATE][] = ['validate'];
$events[JwtAuthEvents::VALID][] = ['loadUser'];
$events[JwtAuthEvents::GENERATE][] = ['setIslandoraClaims'];
return $events;
}
/**
* Sets claims for a Islandora consumer on the JWT.
*
* @param \Drupal\jwt\Authentication\Event\JwtAuthGenerateEvent $event
* The event.
*/
public function setIslandoraClaims(JwtAuthGenerateEvent $event) {
global $base_secure_url;
// Standard claims, validated at JWT validation time.
$event->addClaim('iat', time());
$event->addClaim('exp', strtotime('+2 hour'));
// Islandora claims we need to validate.
$event->addClaim('uid', $this->currentUser->id());
$event->addClaim('name', $this->currentUser->getAccountName());
$event->addClaim('roles', $this->currentUser->getRoles(FALSE));
$event->addClaim('url', $base_secure_url);
}
/**
* Validates that the Islandora data is present in the JWT.
*
* @param \Drupal\jwt\Authentication\Event\JwtAuthValidateEvent $event
* A JwtAuth event.
*/
public function validate(JwtAuthValidateEvent $event) {
$token = $event->getToken();
$uid = $token->getClaim('uid');
$name = $token->getClaim('name');
$roles = $token->getClaim('roles');
$url = $token->getClaim('url');
if ($uid === NULL || $name === NULL || $roles === NULL || $url === NULL) {
$event->invalidate("Expected data missing from payload.");
return;
}
$user = $this->userStorage->load($uid);
if ($user === NULL) {
$event->invalidate("Specified UID does not exist.");
}
elseif ($user->getAccountName() !== $name) {
$event->invalidate("Account name does not match.");
}
}
/**
* Load and set a Drupal user to be authentication based on the JWT's uid.
*
* @param \Drupal\jwt\Authentication\Event\JwtAuthValidEvent $event
* A JwtAuth event.
*/
public function loadUser(JwtAuthValidEvent $event) {
$token = $event->getToken();
$uid = $token->getClaim('uid');
$user = $this->userStorage->load($uid);
$event->setUser($user);
}
}

10
src/FedoraResourceInterface.php
Unescape View File

@ -86,7 +86,7 @@ interface FedoraResourceInterface extends ContentEntityInterface, EntityChangedI
* Does the entity have a parent entity? * Does the entity have a parent entity?
* *
* @return bool * @return bool
* Whether a parent entity was set. * Whether a parent entity was set.
*/ */
public function hasParent(); public function hasParent();
@ -94,7 +94,7 @@ interface FedoraResourceInterface extends ContentEntityInterface, EntityChangedI
* Gets the id of the parent entity. * Gets the id of the parent entity.
* *
* @return int * @return int
* The id of the parent Fedora resource entity. * The id of the parent Fedora resource entity.
*/ */
public function getParentId(); public function getParentId();
@ -102,7 +102,7 @@ interface FedoraResourceInterface extends ContentEntityInterface, EntityChangedI
* Get the parent entity. * Get the parent entity.
* *
* @return \Drupal\islandora\FedoraResourceInterface * @return \Drupal\islandora\FedoraResourceInterface
* The actual entity of the parent Fedora resource. * The actual entity of the parent Fedora resource.
*/ */
public function getParent(); public function getParent();
@ -110,10 +110,10 @@ interface FedoraResourceInterface extends ContentEntityInterface, EntityChangedI
* Get the parent entity. * Get the parent entity.
* *
* @param \Drupal\Core\Entity\EntityTypeInterface $entity * @param \Drupal\Core\Entity\EntityTypeInterface $entity
* The parent entity. * The parent entity.
* *
* @return \Drupal\islandora\FedoraResourceInterface * @return \Drupal\islandora\FedoraResourceInterface
* The called Fedora resource entity. * The called Fedora resource entity.
*/ */
public function setParent(EntityTypeInterface $entity); public function setParent(EntityTypeInterface $entity);

41
src/Plugin/RulesAction/Broadcaster.php
Unescape View File

@ -5,6 +5,7 @@ namespace Drupal\islandora\Plugin\RulesAction;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\islandora\Form\IslandoraSettingsForm; use Drupal\islandora\Form\IslandoraSettingsForm;
use Drupal\rules\Core\RulesActionBase; use Drupal\rules\Core\RulesActionBase;
use Drupal\jwt\Authentication\Provider\JwtAuth;
use Stomp\Exception\StompException; use Stomp\Exception\StompException;
use Stomp\StatefulStomp; use Stomp\StatefulStomp;
use Stomp\Transport\Message; use Stomp\Transport\Message;
@ -45,6 +46,13 @@ class Broadcaster extends RulesActionBase implements ContainerFactoryPluginInter
*/ */
protected $broadcastQueue; protected $broadcastQueue;
/**
* The JWT Auth Service.
*
* @var \Drupal\jwt\Authentication\Provider\JwtAuth
*/
protected $auth;
/** /**
* Constructs a BroadcastAction. * Constructs a BroadcastAction.
* *
@ -58,12 +66,22 @@ class Broadcaster extends RulesActionBase implements ContainerFactoryPluginInter
* Name of queue that will handle distributing the broadcast. * Name of queue that will handle distributing the broadcast.
* @param \Stomp\StatefulStomp $stomp * @param \Stomp\StatefulStomp $stomp
* Stomp client. * Stomp client.
* @param \Drupal\jwt\Authentication\Provider\JwtAuth $auth
* JWT Auth client.
*/ */
public function __construct(array $configuration, $plugin_id, $plugin_definition, $broadcast_queue, StatefulStomp $stomp) { public function __construct(
array $configuration,
$plugin_id,
$plugin_definition,
$broadcast_queue,
StatefulStomp $stomp,
JwtAuth $auth
) {
parent::__construct($configuration, $plugin_id, $plugin_definition); parent::__construct($configuration, $plugin_id, $plugin_definition);
$this->broadcastQueue = $broadcast_queue; $this->broadcastQueue = $broadcast_queue;
$this->stomp = $stomp; $this->stomp = $stomp;
$this->auth = $auth;
} }
/** /**
@ -79,7 +97,8 @@ class Broadcaster extends RulesActionBase implements ContainerFactoryPluginInter
$plugin_id, $plugin_id,
$plugin_definition, $plugin_definition,
$broadcastQueue, $broadcastQueue,
$container->get('islandora.stomp') $container->get('islandora.stomp'),
$container->get('jwt.authentication.jwt')
); );
} }
@ -95,9 +114,25 @@ class Broadcaster extends RulesActionBase implements ContainerFactoryPluginInter
// Transform recipients array into comma searated list. // Transform recipients array into comma searated list.
$recipients = array_map('trim', $recipients); $recipients = array_map('trim', $recipients);
$recipients = implode(',', $recipients); $recipients = implode(',', $recipients);
$headers = ['IslandoraBroadcastRecipients' => $recipients];
// Include a token for later authentication in the message.
$token = $this->auth->generateToken();
if ($token !== NULL) {
$headers['Authorization'] = "Bearer $token";
}
else {
// JWT isn't properly configured. Log and notify user.
\Drupal::logger('islandora')->error(
'Error getting JWT token for message: @msg', ['@msg' => $e->getMessage()]
);
drupal_set_message(
t('Error getting JWT token for message. Check JWT Configuration.'), 'error'
);
}
// Transform message from string into a proper message object. // Transform message from string into a proper message object.
$message = new Message($message, ['IslandoraBroadcastRecipients' => $recipients]); $message = new Message($message, $headers);
// Send the message. // Send the message.
try { try {

6
src/Plugin/Search/FedoraEntitySearch.php
Unescape View File

@ -155,7 +155,7 @@ class FedoraResourceSearch extends ConfigurableSearchPluginBase implements Acces
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
static public function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
return new static( return new static(
$configuration, $configuration,
$plugin_id, $plugin_id,
@ -189,6 +189,8 @@ class FedoraResourceSearch extends ConfigurableSearchPluginBase implements Acces
* A config object for 'search.settings'. * A config object for 'search.settings'.
* @param \Drupal\Core\Language\LanguageManagerInterface $language_manager * @param \Drupal\Core\Language\LanguageManagerInterface $language_manager
* The language manager. * The language manager.
* @param \Drupal\Core\Render\RendererInterface $renderer
* Renderer.
* @param \Drupal\Core\Session\AccountInterface $account * @param \Drupal\Core\Session\AccountInterface $account
* The $account object to use for checking for access to advanced search. * The $account object to use for checking for access to advanced search.
*/ */
@ -458,7 +460,7 @@ class FedoraResourceSearch extends ConfigurableSearchPluginBase implements Acces
/** /**
* Adds the configured rankings to the search query. * Adds the configured rankings to the search query.
* *
* @param SelectExtender $query * @param \Drupal\Core\Database\Query\SelectExtender $query
* A query object that has been extended with the Search DB Extender. * A query object that has been extended with the Search DB Extender.
*/ */
protected function addFedoraResourceRankings(SelectExtender $query) { protected function addFedoraResourceRankings(SelectExtender $query) {

2
src/StompFactory.php
Unescape View File

@ -21,7 +21,7 @@ class StompFactory {
* @return \Stomp\StatefulStomp * @return \Stomp\StatefulStomp
* Stomp client. * Stomp client.
*/ */
static public function create(ConfigFactoryInterface $config) { public static function create(ConfigFactoryInterface $config) {
// Get broker url from config. // Get broker url from config.
$settings = $config->get(IslandoraSettingsForm::CONFIG_NAME); $settings = $config->get(IslandoraSettingsForm::CONFIG_NAME);
$brokerUrl = $settings->get(IslandoraSettingsForm::BROKER_URL); $brokerUrl = $settings->get(IslandoraSettingsForm::BROKER_URL);

6
tests/src/Kernel/BroadcasterTest.php
Unescape View File

@ -97,7 +97,7 @@ class BroadcasterTest extends IslandoraKernelTestBase {
/** /**
* Utility function to create a broadcaster action from a Stomp prophecy. * Utility function to create a broadcaster action from a Stomp prophecy.
* *
* @param StatefulStomp $stomp * @param \Stomp\StatefulStomp $stomp
* Stomp instance or prophecy. * Stomp instance or prophecy.
* *
* @return \Drupal\islandora\Plugin\RulesAction\Broadcaster * @return \Drupal\islandora\Plugin\RulesAction\Broadcaster
@ -106,6 +106,7 @@ class BroadcasterTest extends IslandoraKernelTestBase {
protected function createBroadcaster(StatefulStomp $stomp) { protected function createBroadcaster(StatefulStomp $stomp) {
// Pull the plugin definition out of the plugin system. // Pull the plugin definition out of the plugin system.
$actionManager = $this->container->get('plugin.manager.rules_action'); $actionManager = $this->container->get('plugin.manager.rules_action');
$jwt = $this->container->get('jwt.authentication.jwt');
$definitions = $actionManager->getDefinitions(); $definitions = $actionManager->getDefinitions();
$pluginDefinition = $definitions['islandora_broadcast']; $pluginDefinition = $definitions['islandora_broadcast'];
@ -114,7 +115,8 @@ class BroadcasterTest extends IslandoraKernelTestBase {
'islandora_broadcast', 'islandora_broadcast',
$pluginDefinition, $pluginDefinition,
$this->testQueue, $this->testQueue,
$stomp $stomp,
$jwt
); );
// Set the required contexts for the action to run. // Set the required contexts for the action to run.

2
tests/src/Kernel/IslandoraKernelTestBase.php
Unescape View File

@ -30,6 +30,8 @@ abstract class IslandoraKernelTestBase extends KernelTestBase {
'rules', 'rules',
'jsonld', 'jsonld',
'views', 'views',
'key',
'jwt',
'islandora', 'islandora',
]; ];

141
tests/src/Kernel/JwtEventSubscriberTest.php
Unescape View File

@ -0,0 +1,141 @@
<?php
namespace Drupal\Tests\islandora\Kernel;
use Drupal\jwt\Authentication\Event\JwtAuthGenerateEvent;
use Drupal\jwt\Authentication\Event\JwtAuthValidEvent;
use Drupal\jwt\Authentication\Event\JwtAuthValidateEvent;
use Drupal\jwt\JsonWebToken\JsonWebToken;
use Drupal\jwt\JsonWebToken\JsonWebTokenInterface;
use Drupal\simpletest\UserCreationTrait;
use Drupal\core\Entity\EntityStorageInterface;
use Drupal\islandora\EventSubscriber\JwtEventSubscriber;
/**
* JwtEventSubscriber tests.
*
* @group islandora
* @coversDefaultClass \Drupal\islandora\EventSubscriber\JwtEventSubscriber
*/
class JwtEventSubscriberTest extends IslandoraKernelTestBase {
use UserCreationTrait;
/**
* The current user.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $user;
/**
* {@inheritdoc}
*/
public function setUp() {
parent::setUp();
$this->user = $this->createUser();
}
/**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::setIslandoraClaims
*/
public function testGeneratesValidToken() {
$entity_storage = $this->container->get('entity_type.manager')->getStorage('user');
$subscriber = new JwtEventSubscriber($entity_storage, $this->user);
// Generate a new token.
$jwt = new JsonWebToken();
$event = new JwtAuthGenerateEvent($jwt);
$subscriber->setIslandoraClaims($event);
// Validate it.
$validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent);
$this->assert($validateEvent->isValid(), "Generated tokens must be valid.");
}
/**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate
*/
public function testInvalidatesMalformedToken() {
$entity_storage = $this->container->get('entity_type.manager')->getStorage('user');
$subscriber = new JwtEventSubscriber($entity_storage, $this->user);
// Create a new event with mock jwt that returns null for all functions.
$prophecy = $this->prophesize(JsonWebTokenInterface::class);
$jwt = $prophecy->reveal();
$event = new JwtAuthValidateEvent($jwt);
$subscriber->validate($event);
assert(!$event->isValid(), "Malformed event must be invalidated");
}
/**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate
*/
public function testInvalidatesBadUid() {
// Mock user entity storage, returns null when loading user.
$prophecy = $this->prophesize(EntityStorageInterface::class);
$entity_storage = $prophecy->reveal();
$subscriber = new JwtEventSubscriber($entity_storage, $this->user);
// Generate a new token.
$jwt = new JsonWebToken();
$event = new JwtAuthGenerateEvent($jwt);
$subscriber->setIslandoraClaims($event);
// Validate it.
$validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent);
assert(!$validateEvent->isValid(), "Event must be invalidated when user cannot be loaded.");
}
/**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate
*/
public function testInvliadatesBadAccount() {
$anotherUser = $this->createUser();
// Mock user entity storage, loads the wrong user.
$prophecy = $this->prophesize(EntityStorageInterface::class);
$prophecy->load($this->user->id())->willReturn($anotherUser);
$entity_storage = $prophecy->reveal();
$subscriber = new JwtEventSubscriber($entity_storage, $this->user);
// Generate a new token.
$jwt = new JsonWebToken();
$event = new JwtAuthGenerateEvent($jwt);
$subscriber->setIslandoraClaims($event);
// Validate it.
$validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent);
assert(!$validateEvent->isValid(), "Event must be invalidated when users don't align.");
}
/**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::loadUser
*/
public function testLoadsUser() {
$entity_storage = $this->container->get('entity_type.manager')->getStorage('user');
$subscriber = new JwtEventSubscriber($entity_storage, $this->user);
// Generate a new token.
$jwt = new JsonWebToken();
$event = new JwtAuthGenerateEvent($jwt);
$subscriber->setIslandoraClaims($event);
$validEvent = new JwtAuthValidEvent($jwt);
$subscriber->loadUser($validEvent);
$this->assert($validEvent->getUser()->id() == $this->user->id(), "Correct user must be loaded to valid event.");
}
}
Write Preview
Loading…
Cancel
Save