/**
* @expectedException \Acquia\Hmac\Exception\KeyNotFoundException
*/
public function testKeyNotFound()
{
$signer = new RequestSigner();
$request = new DummyRequest();
$request->headers = array('Content-Type' => 'text/plain', 'Date' => 'Fri, 19 Mar 1982 00:00:04 GMT', 'Authorization' => 'Acquia 2:' . DigestVersion1Test::EXPECTED_HASH);
$authenticator = new RequestAuthenticator(new RequestSigner(), 0);
$authenticator->authenticate($request, new DummyKeyLoader());
}
/**
* @param GetResponseEvent $event
*
* Attempts to authenticate the user via hmac
*
* @throws MalformedRequestException
* @throws TimestampOutOfRangeException
* @throws KeyNotFoundException
* @throws InvalidSignatureException
* @throws \Exception
*/
public function onKernelRequest(GetResponseEvent $event)
{
if ('/api/doc' === $event->getRequest()->getRequestUri()) {
return;
}
try {
$requestWrapper = new RequestWrapper($event->getRequest());
$signer = (new RequestSigner(new ApiAuthDigest()))->setProvider('APIAuth');
$authenticator = new RequestAuthenticator($signer, '+15 minutes');
$authenticator->authenticate($requestWrapper, $this->authenticationService);
} catch (\Exception $e) {
$response = $this->dispatchResponseAsException($e);
$event->setResponse($response);
}
}
/**
* Ensures an exception is thrown if the request is missing the X-Authorization-Timestamp header.
*
* @expectedException \Acquia\Hmac\Exception\MalformedRequestException
* @expectedExceptionMessage Request is missing X-Authorization-Timestamp.
*/
public function testMissingAuthenticationTimestampHeader()
{
$headers = ['Content-Type' => 'text/plain', 'Authorization' => 'acquia-http-hmac realm="Pipet service",' . 'id="bad-id",' . 'nonce="d1954337-5319-4821-8427-115542e08d10",' . 'version="2.0",' . 'headers="",' . 'signature="MRlPr/Z1WQY2sMthcaEqETRMw4gPYXlPcTpaLWS2gcc="'];
$request = new Request('GET', 'https://example.com/test', $headers);
$authenticator = new RequestAuthenticator(new MockKeyLoader($this->keys));
try {
$authenticator->authenticate($request);
} catch (MalformedRequestException $e) {
$this->assertSame($request, $e->getRequest());
throw $e;
}
}
/**
* Validate the HMAC Token
*
* @return boolean
*/
public function authenticate()
{
$signer = new RequestSigner();
$signer->setProvider('USF');
$authenticator = new RequestAuthenticator($signer, $this->_timeout);
$key = $authenticator->authenticate($this->_requestWrapper, $this->_keyLoader);
if ($key) {
$this->principal = "[HMAC]" . $key->getId();
$this->attributes = [];
return true;
}
return false;
}
/**
* Initializes the authenticator with a key loader, auth header, and comparison timestamp.
*
* @param \Acquia\Hmac\KeyLoaderInterface $keyLoader
* A datastore used to locate secrets for corresponding IDs.
* @param \Acquia\Hmac\AuthorizationHeaderInterface $authHeader
* An optional custom authorization header.
* @param int $timestamp
* An optional custom timestamp by which to compare requests.
*/
public function __construct(KeyLoaderInterface $keyLoader, AuthorizationHeaderInterface $authHeader = null, $timestamp = null)
{
parent::__construct($keyLoader);
$this->authHeader = $authHeader;
$this->timestamp = $timestamp ?: time();
}
