this fixes #28 and refreshes the access_token for you when requesting…

… user or accessing a redirect if authenticated route
stormpath · Jan 28, 2016 · 82563ff · 82563ff
1 parent d007c08
commit 82563ff
Show file tree

Hide file tree

Showing 4 changed files with 206 additions and 4 deletions.
diff --git a/src/Http/Middleware/RedirectIfAuthenticated.php b/src/Http/Middleware/RedirectIfAuthenticated.php
@@ -19,9 +19,16 @@
 
 use Closure;
 use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Cookie\CookieJar;
 
 class RedirectIfAuthenticated
 {
+    private $cookieJar;
+
+    public function __construct(CookieJar $cookieJar)
+    {
+        $this->cookieJar = $cookieJar;
+    }
 
     /**
      * Handle an incoming request.
@@ -42,10 +49,68 @@ public function handle($request, Closure $next)
 
     public function isAuthenticated($request)
     {
-        if(!$request->cookie(config('stormpath.web.accessTokenCookie.name'))) {
+        $cookie = null;
+
+        $cookie = $request->cookie(config('stormpath.web.accessTokenCookie.name'));
+        if($cookie instanceof \Symfony\Component\HttpFoundation\Cookie)
+            $cookie = $cookie->getValue();
+
+        if(null === $cookie) {
+            $cookie = $this->refreshCookie($request);
+        }
+
+        // validation that the cookie is a valid cookie
+        try {
+            (new \Stormpath\Oauth\VerifyAccessToken(app('stormpath.application')))->verify($cookie);
+            return true;
+        } catch (\Exception $re) {
             return false;
         }
+    }
+
+    private function refreshCookie($request)
+    {
+        try {
+            $spApplication = app('stormpath.application');
+        } catch (\Exception $e) {
+            return null;
+        }
+
+        $cookie = $request->cookie(config('stormpath.web.refreshTokenCookie.name'));
+        if($cookie instanceof \Symfony\Component\HttpFoundation\Cookie)
+            $cookie = $cookie->getValue();
+
+        try {
+            $refreshGrant = new \Stormpath\Oauth\RefreshGrantRequest($cookie);
+            $auth = new \Stormpath\Oauth\RefreshGrantAuthenticator($spApplication);
+            $result = $auth->authenticate($refreshGrant);
+
+            $this->setNewAccessToken($request, $result);
+
+            return $result->getAccessTokenString();
+
+        } catch(\Stormpath\Resource\ResourceError $re) {
+            return null;
+        }
+    }
+
+    private function setNewAccessToken($request, $cookies)
+    {
+        $this->cookieJar->queue(
+            cookie(
+                config('stormpath.web.accessTokenCookie.name'),
+                $cookies->getAccessTokenString(),
+                $cookies->getExpiresIn(),
+                config('stormpath.web.accessTokenCookie.path'),
+                config('stormpath.web.accessTokenCookie.domain'),
+                config('stormpath.web.accessTokenCookie.secure'),
+                config('stormpath.web.accessTokenCookie.httpOnly')
+            )
+
+        );
+
+
+        $request->cookies->add([config('stormpath.web.accessTokenCookie.name') => $cookies->getAccessTokenString() ]);
 
-        return true;
     }
 }
diff --git a/src/Support/StormpathLaravelServiceProvider.php b/src/Support/StormpathLaravelServiceProvider.php
@@ -115,17 +115,24 @@ private function registerApplication()
     private function registerUser()
     {
         $this->app->bind('stormpath.user', function($app) {
+
+            try {
+                $spApplication = app('stormpath.application');
+            } catch (\Exception $e) {
+                return null;
+            }
+
             $cookie = $app->request->cookie(config('stormpath.web.accessTokenCookie.name'));
 
             if(null === $cookie) {
-                return null;
+                $cookie = $this->refreshCookie($app->request);
             }
 
             try {
                 if($cookie instanceof \Symfony\Component\HttpFoundation\Cookie) {
                     $cookie = $cookie->getValue();
                 }
-                $result = (new \Stormpath\Oauth\VerifyAccessToken(app('stormpath.application')))->verify($cookie);
+                $result = (new \Stormpath\Oauth\VerifyAccessToken($spApplication))->verify($cookie);
                 return $result->getAccount();
             } catch (\Exception $e) {}
 
@@ -134,6 +141,47 @@ private function registerUser()
         });
     }
 
+    private function refreshCookie($request)
+    {
+        $cookie = $request->cookie(config('stormpath.web.refreshTokenCookie.name'));
+        if($cookie instanceof \Symfony\Component\HttpFoundation\Cookie)
+            $cookie = $cookie->getValue();
+
+        try {
+            $refreshGrant = new \Stormpath\Oauth\RefreshGrantRequest($cookie);
+            $auth = new \Stormpath\Oauth\RefreshGrantAuthenticator(app('stormpath.application'));
+            $result = $auth->authenticate($refreshGrant);
+
+            $this->setNewAccessToken($request, $result);
+
+            return $result->getAccessTokenString();
+
+        } catch(\Stormpath\Resource\ResourceError $re) {
+            return null;
+        }
+    }
+
+    private function setNewAccessToken($request, $cookies)
+    {
+        $cookieJar = app('cookie');
+        $cookieJar->queue(
+            cookie(
+                config('stormpath.web.accessTokenCookie.name'),
+                $cookies->getAccessTokenString(),
+                $cookies->getExpiresIn(),
+                config('stormpath.web.accessTokenCookie.path'),
+                config('stormpath.web.accessTokenCookie.domain'),
+                config('stormpath.web.accessTokenCookie.secure'),
+                config('stormpath.web.accessTokenCookie.httpOnly')
+            )
+
+        );
+
+
+        $request->cookies->add([config('stormpath.web.accessTokenCookie.name') => $cookies->getAccessTokenString() ]);
+
+    }
+
     private function enhanceConfig($application)
     {
         $value = false;

diff --git a/tests/Http/Middleware/RedirectIfAuthenticatedTest.php b/tests/Http/Middleware/RedirectIfAuthenticatedTest.php
@@ -66,6 +66,40 @@ public function it_redirects_home_if_user_is_authenticated()
         $this->see('Home');
     }
 
+    /** @test */
+    public function it_will_refresh_the_access_token_if_expired()
+    {
+        $this->setupStormpathApplication();
+        $this->createAccount(['login'=>'test@test.com', 'password'=>'superP4ss!']);
+
+        $passwordGrant = new \Stormpath\Oauth\PasswordGrantRequest('test@test.com', 'superP4ss!');
+        $auth = new \Stormpath\Oauth\PasswordGrantAuthenticator(app('stormpath.application'));
+        $result =  $auth->authenticate($passwordGrant);
+
+        $this->call('GET', 'testRedirectIfAuthenticatedMiddleware',[], $this->cookiesToSendRefreshOnly($result));
+        $this->assertRedirectedTo('/');
+        $this->followRedirects();
+        $this->see('Home');
+
+
+    }
+
+    /** @test */
+    public function it_will_return_null_if_no_access_token_and_invalid_refresh_token()
+    {
+        $this->setupStormpathApplication();
+        $this->createAccount(['login'=>'test@test.com', 'password'=>'superP4ss!']);
+
+        $passwordGrant = new \Stormpath\Oauth\PasswordGrantRequest('test@test.com', 'superP4ss!');
+        $auth = new \Stormpath\Oauth\PasswordGrantAuthenticator(app('stormpath.application'));
+        $result =  $auth->authenticate($passwordGrant);
+
+        $this->get('testRedirectIfAuthenticatedMiddleware');
+        $this->see('Hello!');
+
+
+    }
+
     private function cookiesToSend($result)
     {
         return [
@@ -92,6 +126,22 @@ private function cookiesToSend($result)
         ];
     }
 
+    private function cookiesToSendRefreshOnly($result)
+    {
+        return [
+            config('stormpath.web.refreshTokenCookie.name') =>
+                cookie(
+                    config('stormpath.web.refreshTokenCookie.name'),
+                    $result->getRefreshTokenString(),
+                    $result->getExpiresIn(),
+                    config('stormpath.web.refreshTokenCookie.path'),
+                    config('stormpath.web.refreshTokenCookie.domain'),
+                    config('stormpath.web.refreshTokenCookie.secure'),
+                    config('stormpath.web.refreshTokenCookie.httpOnly')
+                )
+        ];
+    }
+
 
 
 }
diff --git a/tests/Support/StormpathLaravelServiceProviderTest.php b/tests/Support/StormpathLaravelServiceProviderTest.php
@@ -74,6 +74,13 @@ public function it_throws_exception_if_stormpath_applicaiton_is_not_full_url()
         app('stormpath.application');
     }
 
+    /** @test */
+    public function it_returns_null_when_getting_user_without_an_application_set()
+    {
+        $user = app('stormpath.user');
+        $this->assertNull($user);
+    }
+
     /** @test */
     public function it_sets_verify_email_config_to_false_by_default()
     {
@@ -162,7 +169,23 @@ public function attempt_to_get_user_with_no_access_token_returns_null()
         $this->assertNull($user);
     }
 
+    /** @test */
+    public function it_will_refresh_the_access_token_if_expired()
+    {
+        $this->setupStormpathApplication();
+        $this->createAccount(['login'=>'test@test.com', 'password'=>'superP4ss!']);
+
+        $passwordGrant = new \Stormpath\Oauth\PasswordGrantRequest('test@test.com', 'superP4ss!');
+        $auth = new \Stormpath\Oauth\PasswordGrantAuthenticator(app('stormpath.application'));
+        $result =  $auth->authenticate($passwordGrant);
 
+        $this->call('GET', 'login',[], $this->cookiesToSendRefreshOnly($result));
+
+        $user = app('stormpath.user');
+
+        $this->assertNotNull($user);
+
+    }
 
     /**
      * @param Application $app
@@ -230,4 +253,20 @@ private function badCookiesToSend()
         ];
     }
 
+    private function cookiesToSendRefreshOnly($result)
+    {
+        return [
+            config('stormpath.web.refreshTokenCookie.name') =>
+                cookie(
+                    config('stormpath.web.refreshTokenCookie.name'),
+                    $result->getRefreshTokenString(),
+                    $result->getExpiresIn(),
+                    config('stormpath.web.refreshTokenCookie.path'),
+                    config('stormpath.web.refreshTokenCookie.domain'),
+                    config('stormpath.web.refreshTokenCookie.secure'),
+                    config('stormpath.web.refreshTokenCookie.httpOnly')
+                )
+        ];
+    }
+
 }