This listener enforces the usage of the signature and timestamp parameters when the user agent
wants to perform write operations (PUT/POST/DELETE).
/**
* @dataProvider getRewrittenSignatureData
* @covers Imbo\EventListener\Authenticate::authenticate
* @covers Imbo\EventListener\Authenticate::signatureIsValid
* @covers Imbo\EventListener\Authenticate::timestampIsValid
* @covers Imbo\EventListener\Authenticate::timestampHasExpired
*/
public function testApprovesSignaturesWhenConfigurationForcesProtocol($serverUrl, $protocol, $authHeader, $shouldMatch, $signature, $timestamp)
{
if (!$shouldMatch) {
$this->setExpectedException('Imbo\\Exception\\RuntimeException', 'Signature mismatch', 400);
}
$this->accessControl->expects($this->once())->method('getPrivateKey')->will($this->returnValue('key'));
$this->headers->expects($this->at(0))->method('has')->with('x-imbo-authenticate-timestamp')->will($this->returnValue(false));
$this->headers->expects($this->at(1))->method('get')->with('x-imbo-authenticate-timestamp', $timestamp)->will($this->returnValue($timestamp));
$this->headers->expects($this->at(2))->method('get')->with('x-imbo-authenticate-signature', $signature)->will($this->returnValue($signature));
$this->query->expects($this->at(0))->method('get')->with('timestamp')->will($this->returnValue($timestamp));
$this->query->expects($this->at(1))->method('get')->with('signature')->will($this->returnValue($signature));
$this->request->expects($this->once())->method('getRawUri')->will($this->returnValue($serverUrl));
$this->request->expects($this->once())->method('getPublicKey')->will($this->returnValue('christer'));
$this->request->expects($this->any())->method('getMethod')->will($this->returnValue('PUT'));
$responseHeaders = $this->getMock('Symfony\\Component\\HttpFoundation\\ResponseHeaderBag');
$responseHeaders->expects($this->once())->method('set')->with('X-Imbo-AuthUrl', $authHeader);
$this->response->headers = $responseHeaders;
$this->listener->authenticate($this->getEventMock(['authentication' => ['protocol' => $protocol]]));
}
/**
* @covers Imbo\EventListener\Authenticate::authenticate
* @covers Imbo\EventListener\Authenticate::signatureIsValid
* @covers Imbo\EventListener\Authenticate::timestampIsValid
* @covers Imbo\EventListener\Authenticate::timestampHasExpired
*/
public function testApprovesValidSignatureWithAuthInfoFromQueryParameters()
{
$httpMethod = 'GET';
$url = 'http://imbo/users/christer/images/image';
$publicKey = 'christer';
$privateKey = 'key';
$timestamp = gmdate('Y-m-d\\TH:i:s\\Z');
$data = $httpMethod . '|' . $url . '|' . $publicKey . '|' . $timestamp;
$signature = hash_hmac('sha256', $data, $privateKey);
$rawUrl = $url . '?signature=' . $signature . '×tamp=' . $timestamp;
$this->userLookup->expects($this->once())->method('getPrivateKeys')->will($this->returnValue([$privateKey]));
$this->headers->expects($this->at(0))->method('has')->with('x-imbo-authenticate-timestamp')->will($this->returnValue(false));
$this->headers->expects($this->at(1))->method('get')->with('x-imbo-authenticate-timestamp', $timestamp)->will($this->returnValue($timestamp));
$this->headers->expects($this->at(2))->method('get')->with('x-imbo-authenticate-signature', $signature)->will($this->returnValue($signature));
$this->query->expects($this->at(0))->method('get')->with('timestamp')->will($this->returnValue($timestamp));
$this->query->expects($this->at(1))->method('get')->with('signature')->will($this->returnValue($signature));
$this->request->expects($this->once())->method('getRawUri')->will($this->returnValue($rawUrl));
$this->request->expects($this->once())->method('getPublicKey')->will($this->returnValue($publicKey));
$this->request->expects($this->once())->method('getMethod')->will($this->returnValue($httpMethod));
$responseHeaders = $this->getMock('Symfony\\Component\\HttpFoundation\\ResponseHeaderBag');
$responseHeaders->expects($this->once())->method('set')->with('X-Imbo-AuthUrl', $url);
$this->response->headers = $responseHeaders;
$this->listener->authenticate($this->event);
}
