Add query param authentication

Add warning about QueryParam auth: it is not recommended
php-http · Dec 22, 2015 · 2b9abac · 2b9abac
1 parent 9fc3a41
commit 2b9abac
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 0 deletions.
diff --git a/spec/Authentication/QueryParamSpec.php b/spec/Authentication/QueryParamSpec.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace spec\Http\Message\Authentication;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\UriInterface;
+use PhpSpec\ObjectBehavior;
+
+class QueryParamSpec extends ObjectBehavior
+{
+    use AuthenticationBehavior;
+
+    function let()
+    {
+        $this->beConstructedWith([
+            'username' => 'username',
+            'password' => 'password',
+        ]);
+    }
+
+    function it_is_initializable()
+    {
+        $this->shouldHaveType('Http\Message\Authentication\QueryParam');
+    }
+
+    function it_authenticates_a_request(
+        RequestInterface $request,
+        UriInterface $uri,
+        RequestInterface $newRequest,
+        UriInterface $newUri
+    ) {
+        $request->getUri()->willReturn($uri);
+        $uri->getQuery()->willReturn('param1=value1&param2[]=value2');
+        $uri->withQuery('param1=value1&param2%5B0%5D=value2&username=username&password=password')->will(
+            function ($args) use ($newUri) {
+                $newUri->getQuery()->willReturn($args[0]);
+
+                return $newUri;
+            }
+        );
+
+        $request->withUri($newUri)->will(function ($args) use ($newRequest) {
+            $newRequest->getUri()->willReturn($args[0]);
+
+            return $newRequest;
+        });
+
+        $authenticatedRequest = $this->authenticate($request);
+        $authenticatedRequest->shouldBe($newRequest);
+
+        $authenticatedUri = $authenticatedRequest->getUri();
+        $authenticatedUri->shouldBe($newUri);
+        $authenticatedUri->getQuery()->shouldReturn('param1=value1&param2%5B0%5D=value2&username=username&password=password');
+    }
+}
diff --git a/src/Authentication/QueryParam.php b/src/Authentication/QueryParam.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Http\Message\Authentication;
+
+use Http\Message\Authentication;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Authenticate a PSR-7 Request by adding parameters to its query.
+ *
+ * Note: Although in some cases it can be useful, we do not recommend using query parameters for authentication.
+ * Credentials in the URL is generally unsafe as they are not encrypted, anyone can see them.
+ *
+ * @author Márk Sági-Kazár <mark.sagikazar@gmail.com>
+ */
+final class QueryParam implements Authentication
+{
+    /**
+     * @var array
+     */
+    private $params = [];
+
+    /**
+     * @param array $params
+     */
+    public function __construct(array $params)
+    {
+        $this->params = $params;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function authenticate(RequestInterface $request)
+    {
+        $uri = $request->getUri();
+        $query = $uri->getQuery();
+        $params = [];
+
+        parse_str($query, $params);
+
+        $params = array_merge($params, $this->params);
+
+        $query = http_build_query($params);
+
+        $uri = $uri->withQuery($query);
+
+        return $request->withUri($uri);
+    }
+}