Send actions as encrypted messages

Greg Bowler · Greg Bowler · commit 77b7d2c6bc51 · 2020-05-18T23:12:11.000+01:00
diff --git a/src/ProviderUri/AbstractProviderUri.php b/src/ProviderUri/AbstractProviderUri.php
@@ -35,10 +35,10 @@ protected function normaliseBaseUri(string $baseUri):Uri {
 	protected function buildQuery(
 		Token $token,
 		string $currentPath,
-		string $data = null
+		string $message = null
 	):string {
 		return http_build_query([
-			self::QUERY_STRING_CIPHER => (string)$token->generateRequestCipher($data),
+			self::QUERY_STRING_CIPHER => (string)$token->generateRequestCipher($message),
 			self::QUERY_STRING_INIT_VECTOR => (string)$token->getIv(),
 			self::QUERY_STRING_CURRENT_PATH => bin2hex($currentPath),
 		]);
diff --git a/src/ProviderUri/LogoutUri.php b/src/ProviderUri/LogoutUri.php
@@ -10,9 +10,12 @@ public function __construct(
 		string $baseRemoteUri = self::DEFAULT_BASE_REMOTE_URI
 	) {
 		$baseRemoteUri = $this->normaliseBaseUri($baseRemoteUri);
-		$baseRemoteUri = $baseRemoteUri->withPath("/logout");
 
 		parent::__construct($baseRemoteUri);
-		$this->query = $this->buildQuery($token, $currentPath);
+		$this->query = $this->buildQuery(
+			$token,
+			$currentPath,
+			"action=logout"
+		);
 	}
 }
diff --git a/test/phpunit/AuthenticatorTest.php b/test/phpunit/AuthenticatorTest.php
@@ -64,16 +64,19 @@ public function testIsLoggedInTrueWhenSessionDataSet() {
 		self::assertTrue($sut->isLoggedIn());
 	}
 
-	// TODO: Session shouldn't be cleared on call to logout - instead it should
-	// redirect to the provider, and a new test should asset the response data
-	// contains a logout confirmation.
-	public function TODO_UPDATE_testLogoutClearsSession() {
+	public function testLogoutCallsLogoutUri() {
 		$sessionData = self::createMock(SessionData::class);
 		$_SESSION = [
 			Authenticator::SESSION_KEY => $sessionData
 		];
 
 		$redirectHandler = self::createMock(RedirectHandler::class);
+		$redirectHandler->expects(self::once())
+			->method("redirect")
+			->with(self::callback(fn(UriInterface $uri) =>
+				$uri->getHost() === "login.authwave.com"
+				&& $uri->getPath() === "/logout"
+			));
 
 		$sut = new Authenticator(
 			"test-key",
@@ -83,6 +86,44 @@ public function TODO_UPDATE_testLogoutClearsSession() {
 			$redirectHandler
 		);
 		$sut->logout();
+		self::assertNotEmpty($_SESSION);
+	}
+
+	public function testCompleteAuthFromLogoutClearsSession() {
+		$token = self::createMock(Token::class);
+
+		$sessionData = self::createMock(SessionData::class);
+		$sessionData->method("getToken")
+			->willReturn($token);
+
+		$_SESSION = [
+			Authenticator::SESSION_KEY => $sessionData,
+		];
+
+		$responseCipher = "abcdef";
+
+		$currentUri = "/example-page-" . uniqid();
+		$currentUri .= "?";
+		$currentUri .= http_build_query([
+			Authenticator::RESPONSE_QUERY_PARAMETER => $responseCipher,
+		]);
+
+		$redirectHandler = self::createMock(RedirectHandler::class);
+		$redirectHandler->expects(self::once())
+			->method("redirect")
+			->with(self::callback(fn(UriInterface $uri) =>
+				$uri->getHost() == ""
+				&& $uri->getPath() == $currentUri
+			));
+
+		new Authenticator(
+			"test-key",
+			"/",
+			LoginUri::DEFAULT_BASE_REMOTE_URI,
+			null,
+			$redirectHandler
+		);
+
 		self::assertEmpty($_SESSION);
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -10,9 +10,12 @@ public function __construct(`
`10`	`10`	`string $baseRemoteUri = self::DEFAULT_BASE_REMOTE_URI`
`11`	`11`	`) {`
`12`	`12`	`$baseRemoteUri = $this->normaliseBaseUri($baseRemoteUri);`
`13`		`- $baseRemoteUri = $baseRemoteUri->withPath("/logout");`
`14`	`13`
`15`	`14`	`parent::__construct($baseRemoteUri);`
`16`		`- $this->query = $this->buildQuery($token, $currentPath);`
	`15`	`+ $this->query = $this->buildQuery(`
	`16`	`+ $token,`
	`17`	`+ $currentPath,`
	`18`	`+ "action=logout"`
	`19`	`+ );`
`17`	`20`	`}`
`18`	`21`	`}`