Refactored multiauthenticate middleware

sfelix-martins · Aug 19, 2018 · 056f18b · 056f18b
1 parent 8c15d13
commit 056f18b
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 11 deletions.
diff --git a/src/Http/Middleware/MultiAuthenticate.php b/src/Http/Middleware/MultiAuthenticate.php
@@ -4,6 +4,7 @@
 
 use Closure;
 use League\OAuth2\Server\ResourceServer;
+use Psr\Http\Message\ServerRequestInterface;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Auth\Middleware\Authenticate;
 use Illuminate\Contracts\Auth\Authenticatable;
@@ -73,9 +74,7 @@ public function handle($request, Closure $next, ...$guards)
         try {
             $psrRequest = $this->server->validateAuthenticatedRequest($psrRequest);
 
-            if (! ($tokenId     = $psrRequest->getAttribute('oauth_access_token_id')) ||
-                ! ($accessToken = $this->providers->findForToken($tokenId))
-            ) {
+            if (! ($accessToken = $this->getAccessTokenFromRequest($psrRequest))) {
                 throw new AuthenticationException('Unauthenticated', $guards);
             }
 
@@ -96,6 +95,19 @@ public function handle($request, Closure $next, ...$guards)
         return $next($request);
     }
 
+    /**
+     * @param ServerRequestInterface $request
+     * @return null|Token
+     */
+    public function getAccessTokenFromRequest(ServerRequestInterface $request)
+    {
+        if (! ($tokenId = $request->getAttribute('oauth_access_token_id'))) {
+            return null;
+        }
+
+        return $this->providers->findForToken($tokenId);
+    }
+
     /**
      * Check if user acting has the required guards and scopes on request.
      *

diff --git a/tests/Unit/MultiAuthenticateMiddlewareTest.php b/tests/Unit/MultiAuthenticateMiddlewareTest.php
@@ -10,6 +10,7 @@
 use League\OAuth2\Server\Exception\OAuthServerException;
 use SMartins\PassportMultiauth\Tests\Fixtures\Models\Company;
 use SMartins\PassportMultiauth\Http\Middleware\MultiAuthenticate;
+use Zend\Diactoros\ServerRequest;
 
 class MultiAuthenticateMiddlewareTest extends TestCase
 {
@@ -57,9 +58,10 @@ public function testTryAuthWithoutAccessTokenId()
     {
         $this->expectException(AuthenticationException::class);
 
+        $psr = (new ServerRequest())->withAttribute('oauth_access_token_id', null);
+
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
-        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr = Mockery::mock());
-        $psr->shouldReceive('getAttribute')->with('oauth_access_token_id')->andReturn(null);
+        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr);
 
         $repository = Mockery::mock('SMartins\PassportMultiauth\ProviderRepository');
 
@@ -75,9 +77,10 @@ public function testTryAuthWithNotExistentAccessToken()
     {
         $this->expectException(AuthenticationException::class);
 
+        $psr = (new ServerRequest())->withAttribute('oauth_access_token_id', 1);
+
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
-        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr = Mockery::mock());
-        $psr->shouldReceive('getAttribute')->with('oauth_access_token_id')->andReturn(1);
+        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr);
 
         $repository = Mockery::mock('SMartins\PassportMultiauth\ProviderRepository');
         $repository->shouldReceive('findForToken')->andReturn(null);
@@ -92,9 +95,10 @@ public function testTryAuthWithNotExistentAccessToken()
 
     public function testTryAuthWithExistentAccessTokenAndExistentOnProviders()
     {
+        $psr = (new ServerRequest())->withAttribute('oauth_access_token_id', 1);
+
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
-        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr = Mockery::mock());
-        $psr->shouldReceive('getAttribute')->with('oauth_access_token_id')->andReturn(1);
+        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr);
 
         $tokenProvider = new Provider;
         $tokenProvider->provider = 'companies';
@@ -121,9 +125,10 @@ public function testTryAuthWithExistentAccessTokenAndNotExistentOnProviders()
     {
         $this->expectException(AuthenticationException::class);
 
+        $psr = (new ServerRequest())->withAttribute('oauth_access_token_id', 1);
+
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
-        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr = Mockery::mock());
-        $psr->shouldReceive('getAttribute')->with('oauth_access_token_id')->andReturn(1);
+        $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr);
 
         $tokenProvider = new Provider;
         $tokenProvider->provider = 'companies';