Skip to content

Commit

Permalink
feat(core): Support check user scopes in middleware (#32)
Browse files Browse the repository at this point in the history
* Check user scopes in middleware

* Update OauthMiddleware.php

* Update OauthMiddlewareTest.php

---------

Co-authored-by: Salah Alkhwlani <[email protected]>
  • Loading branch information
mostafaaminflakes and salkhwlani authored Jul 22, 2024
1 parent fc02e56 commit f5139b8
Show file tree
Hide file tree
Showing 2 changed files with 115 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/Http/OauthMiddleware.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,9 @@ public function handle($request, Closure $next, string $scope = null)
abort(401, 'Unauthorized Access');
}

// todo :: implement check the scopes
// todo:: $this->user->getScope()
if(!is_null($scope) && !collect(explode(' ', $this->user->getScope()))->contains($scope)){
abort(401, 'Unauthorized Access (The scope not allowed)');
}

$exception_at = now()->diffInSeconds($this->user->getExpiredAt());

Expand Down
112 changes: 112 additions & 0 deletions test/OauthMiddlewareTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ protected function getEnvironmentSetUp($app)
return 'hello '. auth()->guard('salla-oauth')->user()->getAuthIdentifier();
})->middleware(OauthMiddleware::class);

$app['router']->get('hello/user-order-read-scope')->uses(function () {
return 'hello '. auth()->guard('salla-oauth')->user()->getAuthIdentifier();
})->middleware('salla.oauth:orders.read');

$app['router']->get('hello/guest')->name('auth.guest')->uses(function () {
return 'hello guest';
});
Expand Down Expand Up @@ -89,4 +93,112 @@ public function testAddsUserinfoToRequest()
$this->assertTrue($authGuard->check());
$this->assertSame($user['data']['id'], $authGuard->user()->getAuthIdentifier());
}

public function testCheckAllowedUserScope()
{
$this->app->singleton(SallaOauth::class, function () {
return $this->getMockBuilder(Salla::class)
->disableOriginalConstructor()
->onlyMethods(['fetchResourceOwnerDetails'])
->getMock();
});

// Mock response
$user = [
'data' => [
'id' => '12345',
'name' => 'mock name',
'email' => '[email protected]',
'mobile' => '05000000',
'role' => 'user',
'created_at' => '2018-04-28 17:46:25',
'merchant' => [
'id' => '11111',
'owner_id' => '12345',
'owner_name' => 'mock name',
'username' => 'mock_name',
'name' => 'mock name',
'avatar' => 'mock_avatar',
'store_location' => 'mock_location',
'plan' => 'mock_plan',
'status' => 'mock_status',
'created_at' => '2018-04-28 17:46:25',
],
'context' => [
'app' => '123',
'scope' => 'orders.read products.read',
'exp' => 1721326955
]
]
];

$token = new AccessToken([
'access_token' => 'foobar',
]);

// Set up the expectation for fetchResourceOwnerDetails method
$this->app->make(SallaOauth::class)->expects($this->once())
->method('fetchResourceOwnerDetails')
->with($this->equalTo($token))
->willReturn($user);

$response = $this->get('hello/user-order-read-scope', [
'Authorization' => 'Bearer foobar'
]);
$response->assertStatus(200)->assertSeeText('hello 12345');
}

public function testCheckNotAllowedUserScope()
{
$this->app->singleton(SallaOauth::class, function () {
return $this->getMockBuilder(Salla::class)
->disableOriginalConstructor()
->onlyMethods(['fetchResourceOwnerDetails'])
->getMock();
});

// Mock response
$user = [
'data' => [
'id' => '12345',
'name' => 'mock name',
'email' => '[email protected]',
'mobile' => '05000000',
'role' => 'user',
'created_at' => '2018-04-28 17:46:25',
'merchant' => [
'id' => '11111',
'owner_id' => '12345',
'owner_name' => 'mock name',
'username' => 'mock_name',
'name' => 'mock name',
'avatar' => 'mock_avatar',
'store_location' => 'mock_location',
'plan' => 'mock_plan',
'status' => 'mock_status',
'created_at' => '2018-04-28 17:46:25',
],
'context' => [
'app' => '123',
'scope' => 'customers.read products.read',
'exp' => 1721326955
]
]
];

$token = new AccessToken([
'access_token' => 'foobar',
]);

// Set up the expectation for fetchResourceOwnerDetails method
$this->app->make(SallaOauth::class)->expects($this->once())
->method('fetchResourceOwnerDetails')
->with($this->equalTo($token))
->willReturn($user);

$response = $this->get('hello/user-order-read-scope', [
'Authorization' => 'Bearer foobar'
]);
$response->assertStatus(401)->assertSeeText('Unauthorized');
}
}

0 comments on commit f5139b8

Please sign in to comment.