This event listener will listen to all GET and HEAD requests and make sure that they include a valid access token. The official PHP-based imbo client (https://github.com/imbo/imboclient-php) appends this token to all such requests by default. If the access token is missing or invalid the event listener will throw an exception resulting in a HTTP response with 400 Bad Request.
Author: Christer Edvartsen (cogo@starzinger.net)
Inheritance: implements Imbo\EventListener\ListenerInterface
Esempio n. 1
0
 /**
  * @dataProvider getRewrittenAccessTokenData
  * @covers Imbo\EventListener\AccessToken::checkAccessToken
  */
 public function testWillRewriteIncomingUrlToConfiguredProtocol($accessToken, $url, $protocol, $correct)
 {
     if (!$correct) {
         $this->setExpectedException('Imbo\\Exception\\RuntimeException', 'Incorrect access token', 400);
     }
     $event = $this->getEventMock(['authentication' => ['protocol' => $protocol]]);
     $url = $url . '&accessToken=' . $accessToken;
     $this->query->expects($this->any())->method('has')->with('accessToken')->will($this->returnValue(true));
     $this->query->expects($this->any())->method('get')->with('accessToken')->will($this->returnValue($accessToken));
     $this->request->expects($this->any())->method('getRawUri')->will($this->returnValue(urldecode($url)));
     $this->request->expects($this->any())->method('getUriAsIs')->will($this->returnValue($url));
     $this->accessControl->expects($this->any())->method('getPrivateKey')->will($this->returnValue('foobar'));
     $this->listener->checkAccessToken($event);
 }
Esempio n. 2
0
 /**
  * @covers Imbo\EventListener\AccessToken::checkAccessToken
  */
 public function testWillSkipValidationWhenShortUrlHeaderIsPresent()
 {
     $this->responseHeaders->expects($this->once())->method('has')->with('X-Imbo-ShortUrl')->will($this->returnValue(true));
     $this->query->expects($this->never())->method('has');
     $this->listener->checkAccessToken($this->event);
 }