diff --git a/CHANGELOG.md b/CHANGELOG.md index 404c77d..380f3a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,39 @@ All notable changes to this project will be documented in this file, in reverse chronological order by release. +## 0.3.0 - 2017-11-28 + +### Added + +- [#13](https://github.com/zendframework/zend-expressive-authorization/pull/13) adds + a requirement on the zend-expressive-authentication package, v 0.2.0 and up. + +### Changed + +- [#13](https://github.com/zendframework/zend-expressive-authorization/pull/13) + modifies the `AuthorizationMiddleware` workflow. It now looks for a + `Zend\Expressive\Authentication\UserInterface` request parameter that + implements that interface; with none available, it returns a 401 status. + Additionally, it now uses `UserInterface::getUserRoles()`, which returns an + array of roles; as such, it loops through each, delegating request processing + for the first role granted permission. + +- [#13](https://github.com/zendframework/zend-expressive-authorization/pull/13) + pins to http-interop/http-middleware 0.4.1, as that is the most recent version + supported by zend-expressive-authentication. + +### Deprecated + +- Nothing. + +### Removed + +- Nothing. + +### Fixed + +- Nothing. + ## 0.2.0 - 2017-10-09 ### Added diff --git a/composer.json b/composer.json index 9c12517..a8e50d9 100644 --- a/composer.json +++ b/composer.json @@ -22,9 +22,11 @@ }, "require": { "php": "^7.1", + "http-interop/http-middleware": "^0.4.1", "psr/container": "^1.0", "psr/http-message": "^1.0.1", "webimpress/http-middleware-compatibility": "^0.1.1", + "zendframework/zend-expressive-authentication": "^0.2 || ^1.0", "zendframework/zend-expressive-router": "^2.2" }, "require-dev": { diff --git a/composer.lock b/composer.lock index 1bd9235..3c7a016 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "d29d73c36314b16a87292e3366fa8822", + "content-hash": "bdce846cff4338e6578f2e5e03082f51", "packages": [ { "name": "fig/http-message-util", @@ -106,6 +106,7 @@ "request", "response" ], + "abandoned": "http-interop/http-server-middleware", "time": "2017-01-14T15:23:42+00:00" }, { @@ -207,28 +208,80 @@ ], "time": "2016-08-06T14:39:51+00:00" }, + { + "name": "webimpress/composer-extra-dependency", + "version": "0.2.2", + "source": { + "type": "git", + "url": "https://github.com/webimpress/composer-extra-dependency.git", + "reference": "31fa56391d30f03b1180c87610cbe22254780ad9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/webimpress/composer-extra-dependency/zipball/31fa56391d30f03b1180c87610cbe22254780ad9", + "reference": "31fa56391d30f03b1180c87610cbe22254780ad9", + "shasum": "" + }, + "require": { + "composer-plugin-api": "^1.1", + "php": "^5.6 || ^7.0" + }, + "require-dev": { + "composer/composer": "^1.5.2", + "mikey179/vfsstream": "^1.6.5", + "phpunit/phpunit": "^5.7.22 || ^6.4.1", + "zendframework/zend-coding-standard": "~1.0.0" + }, + "type": "composer-plugin", + "extra": { + "class": "Webimpress\\ComposerExtraDependency\\Plugin" + }, + "autoload": { + "psr-4": { + "Webimpress\\ComposerExtraDependency\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-2-Clause" + ], + "description": "Composer plugin to require extra dependencies", + "homepage": "https://github.com/webimpress/composer-extra-dependency", + "keywords": [ + "composer", + "dependency", + "webimpress" + ], + "time": "2017-10-17T17:15:14+00:00" + }, { "name": "webimpress/http-middleware-compatibility", - "version": "0.1.1", + "version": "0.1.4", "source": { "type": "git", "url": "https://github.com/webimpress/http-middleware-compatibility.git", - "reference": "793d21864a0417bbe01437c33f902cac49c1788c" + "reference": "8ed1c2c7523dce0035b98bc4f3a73ca9cd1d3717" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webimpress/http-middleware-compatibility/zipball/793d21864a0417bbe01437c33f902cac49c1788c", - "reference": "793d21864a0417bbe01437c33f902cac49c1788c", + "url": "https://api.github.com/repos/webimpress/http-middleware-compatibility/zipball/8ed1c2c7523dce0035b98bc4f3a73ca9cd1d3717", + "reference": "8ed1c2c7523dce0035b98bc4f3a73ca9cd1d3717", "shasum": "" }, "require": { "http-interop/http-middleware": "^0.1.1 || ^0.2 || ^0.3 || ^0.4.1 || ^0.5", - "php": "^5.6 || ^7.0" + "php": "^5.6 || ^7.0", + "webimpress/composer-extra-dependency": "^0.2.2" }, "require-dev": { - "phpunit/phpunit": "^5.7.22 || ^6.3.1" + "phpunit/phpunit": "^5.7.23 || ^6.4.3" }, "type": "library", + "extra": { + "dependency": [ + "http-interop/http-middleware" + ] + }, "autoload": { "files": [ "autoload/http-middleware.php" @@ -245,7 +298,68 @@ "psr-15", "webimpress" ], - "time": "2017-10-05T15:55:30+00:00" + "time": "2017-10-17T17:31:10+00:00" + }, + { + "name": "zendframework/zend-expressive-authentication", + "version": "0.2.0", + "source": { + "type": "git", + "url": "https://github.com/zendframework/zend-expressive-authentication.git", + "reference": "d9971483056cfc55e6193a709f6c1d934d97d7f8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/zendframework/zend-expressive-authentication/zipball/d9971483056cfc55e6193a709f6c1d934d97d7f8", + "reference": "d9971483056cfc55e6193a709f6c1d934d97d7f8", + "shasum": "" + }, + "require": { + "http-interop/http-middleware": "^0.4.1", + "php": "^7.1", + "psr/container": "^1.0", + "psr/http-message": "^1.0.1" + }, + "conflict": { + "container-interop/container-interop": "<1.2.0" + }, + "require-dev": { + "phpunit/phpunit": "^6.3", + "roave/security-advisories": "dev-master", + "zendframework/zend-coding-standard": "~1.0.0" + }, + "suggest": { + "ext-pdo": "*: for use with the PDO-backed UserRepositoryInterface implementation", + "zendframework/zend-expressive-authentication-basic": "Provides an HTTP Basic Authentication AuthenticationInterface implementation", + "zendframework/zend-expressive-authentication-session": "Provides a username/password + session AuthenticationInterface implementation", + "zendframework/zend-expressive-authentication-zendauthentication": "Provides a zend-authentication AuthenticationInterface implementation" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0-dev" + } + }, + "autoload": { + "psr-4": { + "Zend\\Expressive\\Authentication\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "Authentication middleware for Expressive and PSR-7 applications", + "keywords": [ + "Authentication", + "ZendFramework", + "http", + "middleware", + "psr-7", + "zend-expressive", + "zf" + ], + "time": "2017-11-27T16:59:48+00:00" }, { "name": "zendframework/zend-expressive-router", @@ -361,37 +475,40 @@ }, { "name": "myclabs/deep-copy", - "version": "1.6.1", + "version": "1.7.0", "source": { "type": "git", "url": "https://github.com/myclabs/DeepCopy.git", - "reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102" + "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/8e6e04167378abf1ddb4d3522d8755c5fd90d102", - "reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102", + "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e", + "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e", "shasum": "" }, "require": { - "php": ">=5.4.0" + "php": "^5.6 || ^7.0" }, "require-dev": { - "doctrine/collections": "1.*", - "phpunit/phpunit": "~4.1" + "doctrine/collections": "^1.0", + "doctrine/common": "^2.6", + "phpunit/phpunit": "^4.1" }, "type": "library", "autoload": { "psr-4": { "DeepCopy\\": "src/DeepCopy/" - } + }, + "files": [ + "src/DeepCopy/deep_copy.php" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], "description": "Create deep copies (clones) of your objects", - "homepage": "https://github.com/myclabs/DeepCopy", "keywords": [ "clone", "copy", @@ -399,7 +516,7 @@ "object", "object graph" ], - "time": "2017-04-12T18:52:22+00:00" + "time": "2017-10-19T19:58:43+00:00" }, { "name": "phar-io/manifest", @@ -559,29 +676,35 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "4.1.1", + "version": "4.2.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "2d3d238c433cf69caeb4842e97a3223a116f94b2" + "reference": "66465776cfc249844bde6d117abff1d22e06c2da" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/2d3d238c433cf69caeb4842e97a3223a116f94b2", - "reference": "2d3d238c433cf69caeb4842e97a3223a116f94b2", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/66465776cfc249844bde6d117abff1d22e06c2da", + "reference": "66465776cfc249844bde6d117abff1d22e06c2da", "shasum": "" }, "require": { "php": "^7.0", - "phpdocumentor/reflection-common": "^1.0@dev", + "phpdocumentor/reflection-common": "^1.0.0", "phpdocumentor/type-resolver": "^0.4.0", "webmozart/assert": "^1.0" }, "require-dev": { - "mockery/mockery": "^0.9.4", - "phpunit/phpunit": "^4.4" + "doctrine/instantiator": "~1.0.5", + "mockery/mockery": "^1.0", + "phpunit/phpunit": "^6.4" }, "type": "library", + "extra": { + "branch-alias": { + "dev-master": "4.x-dev" + } + }, "autoload": { "psr-4": { "phpDocumentor\\Reflection\\": [ @@ -600,7 +723,7 @@ } ], "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", - "time": "2017-08-30T18:51:59+00:00" + "time": "2017-11-27T17:38:31+00:00" }, { "name": "phpdocumentor/type-resolver", @@ -651,16 +774,16 @@ }, { "name": "phpspec/prophecy", - "version": "v1.7.2", + "version": "1.7.3", "source": { "type": "git", "url": "https://github.com/phpspec/prophecy.git", - "reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6" + "reference": "e4ed002c67da8eceb0eb8ddb8b3847bb53c5c2bf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpspec/prophecy/zipball/c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6", - "reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6", + "url": "https://api.github.com/repos/phpspec/prophecy/zipball/e4ed002c67da8eceb0eb8ddb8b3847bb53c5c2bf", + "reference": "e4ed002c67da8eceb0eb8ddb8b3847bb53c5c2bf", "shasum": "" }, "require": { @@ -672,7 +795,7 @@ }, "require-dev": { "phpspec/phpspec": "^2.5|^3.2", - "phpunit/phpunit": "^4.8 || ^5.6.5" + "phpunit/phpunit": "^4.8.35 || ^5.7" }, "type": "library", "extra": { @@ -710,20 +833,20 @@ "spy", "stub" ], - "time": "2017-09-04T11:05:03+00:00" + "time": "2017-11-24T13:59:53+00:00" }, { "name": "phpunit/php-code-coverage", - "version": "5.2.2", + "version": "5.2.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "8ed1902a57849e117b5651fc1a5c48110946c06b" + "reference": "033ec97498cf530cc1be4199264cad568b19be26" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/8ed1902a57849e117b5651fc1a5c48110946c06b", - "reference": "8ed1902a57849e117b5651fc1a5c48110946c06b", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/033ec97498cf530cc1be4199264cad568b19be26", + "reference": "033ec97498cf530cc1be4199264cad568b19be26", "shasum": "" }, "require": { @@ -732,7 +855,7 @@ "php": "^7.0", "phpunit/php-file-iterator": "^1.4.2", "phpunit/php-text-template": "^1.2.1", - "phpunit/php-token-stream": "^1.4.11 || ^2.0", + "phpunit/php-token-stream": "^2.0.1", "sebastian/code-unit-reverse-lookup": "^1.0.1", "sebastian/environment": "^3.0", "sebastian/version": "^2.0.1", @@ -774,20 +897,20 @@ "testing", "xunit" ], - "time": "2017-08-03T12:40:43+00:00" + "time": "2017-11-27T09:00:30+00:00" }, { "name": "phpunit/php-file-iterator", - "version": "1.4.2", + "version": "1.4.5", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-file-iterator.git", - "reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5" + "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/3cc8f69b3028d0f96a9078e6295d86e9bf019be5", - "reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5", + "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4", + "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4", "shasum": "" }, "require": { @@ -821,7 +944,7 @@ "filesystem", "iterator" ], - "time": "2016-10-03T07:40:28+00:00" + "time": "2017-11-27T13:52:08+00:00" }, { "name": "phpunit/php-text-template", @@ -915,16 +1038,16 @@ }, { "name": "phpunit/php-token-stream", - "version": "2.0.1", + "version": "2.0.2", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-token-stream.git", - "reference": "9a02332089ac48e704c70f6cefed30c224e3c0b0" + "reference": "791198a2c6254db10131eecfe8c06670700904db" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/9a02332089ac48e704c70f6cefed30c224e3c0b0", - "reference": "9a02332089ac48e704c70f6cefed30c224e3c0b0", + "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/791198a2c6254db10131eecfe8c06670700904db", + "reference": "791198a2c6254db10131eecfe8c06670700904db", "shasum": "" }, "require": { @@ -960,20 +1083,20 @@ "keywords": [ "tokenizer" ], - "time": "2017-08-20T05:47:52+00:00" + "time": "2017-11-27T05:48:46+00:00" }, { "name": "phpunit/phpunit", - "version": "6.3.1", + "version": "6.4.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "c0ff817b36a827e64bf5f57bc72278150cf30a77" + "reference": "562f7dc75d46510a4ed5d16189ae57fbe45a9932" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/c0ff817b36a827e64bf5f57bc72278150cf30a77", - "reference": "c0ff817b36a827e64bf5f57bc72278150cf30a77", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/562f7dc75d46510a4ed5d16189ae57fbe45a9932", + "reference": "562f7dc75d46510a4ed5d16189ae57fbe45a9932", "shasum": "" }, "require": { @@ -1018,7 +1141,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "6.3.x-dev" + "dev-master": "6.4.x-dev" } }, "autoload": { @@ -1044,7 +1167,7 @@ "testing", "xunit" ], - "time": "2017-09-24T07:25:54+00:00" + "time": "2017-11-08T11:26:09+00:00" }, { "name": "phpunit/phpunit-mock-objects", @@ -1111,27 +1234,28 @@ "source": { "type": "git", "url": "https://github.com/Roave/SecurityAdvisories.git", - "reference": "140175d0d4a71950b045fb87cc7d979340b9f16e" + "reference": "f793fe6ff54acabd9bc9f76f4a9ad3c89a68c789" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/140175d0d4a71950b045fb87cc7d979340b9f16e", - "reference": "140175d0d4a71950b045fb87cc7d979340b9f16e", + "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/f793fe6ff54acabd9bc9f76f4a9ad3c89a68c789", + "reference": "f793fe6ff54acabd9bc9f76f4a9ad3c89a68c789", "shasum": "" }, "conflict": { "adodb/adodb-php": "<5.20.6", - "amphp/artax": ">=2,<2.0.6|<1.0.6", + "amphp/artax": "<1.0.6|>=2,<2.0.6", "aws/aws-sdk-php": ">=3,<3.2.1", "bugsnag/bugsnag-laravel": ">=2,<2.0.2", - "cakephp/cakephp": ">=3,<3.0.15|>=2,<2.4.99|>=2.5,<2.5.99|>=2.6,<2.6.12|>=1.3,<1.3.18|>=2.7,<2.7.6|>=3.1,<3.1.4", + "cakephp/cakephp": ">=1.3,<1.3.18|>=2,<2.4.99|>=2.5,<2.5.99|>=2.6,<2.6.12|>=2.7,<2.7.6|>=3,<3.0.15|>=3.1,<3.1.4", "cart2quote/module-quotation": ">=4.1.6,<=4.4.5|>=5,<5.4.4", - "cartalyst/sentry": "<2.1", + "cartalyst/sentry": "<=2.1.6", "codeigniter/framework": "<=3.0.6", "composer/composer": "<=1.0.0-alpha11", "contao-components/mediaelement": ">=2.14.2,<2.21.1", - "contao/core": ">=2,<3.5.28", - "contao/core-bundle": ">=4,<4.4.1", + "contao/core": ">=2,<3.5.31", + "contao/core-bundle": ">=4,<4.4.8", + "contao/listing-bundle": ">=4,<4.4.8", "doctrine/annotations": ">=1,<1.2.7", "doctrine/cache": ">=1,<1.3.2|>=1.4,<1.4.2", "doctrine/common": ">=2,<2.4.3|>=2.5,<2.5.1", @@ -1144,7 +1268,7 @@ "dompdf/dompdf": ">=0.6,<0.6.2", "drupal/core": ">=8,<8.3.7", "drupal/drupal": ">=8,<8.3.7", - "ezsystems/ezpublish-legacy": ">=2017.8,<2017.8.1.1|>=5.4,<5.4.10.1|>=5.3,<5.3.12.2", + "ezsystems/ezpublish-legacy": ">=5.3,<5.3.12.2|>=5.4,<5.4.10.1|>=2017.8,<2017.8.1.1", "firebase/php-jwt": "<2", "friendsofsymfony/rest-bundle": ">=1.2,<1.2.2", "friendsofsymfony/user-bundle": ">=1.2,<1.3.5", @@ -1164,10 +1288,12 @@ "oro/crm": ">=1.7,<1.7.4", "oro/platform": ">=1.7,<1.7.4", "phpmailer/phpmailer": ">=5,<5.2.24", + "phpunit/phpunit": ">=4.8.19,<4.8.28|>=5.0.10,<5.6.3", + "phpxmlrpc/extras": "<6.0.1", "pusher/pusher-php-server": "<2.2.1", "sabre/dav": ">=1.6,<1.6.99|>=1.7,<1.7.11|>=1.8,<1.8.9", - "shopware/shopware": "<4.4|>=5,<5.2.16", - "silverstripe/cms": ">=3.1,<3.1.11|>=3,<=3.0.11", + "shopware/shopware": "<5.2.25", + "silverstripe/cms": ">=3,<=3.0.11|>=3.1,<3.1.11", "silverstripe/forum": "<=0.6.1|>=0.7,<=0.7.3", "silverstripe/framework": ">=3,<3.3", "silverstripe/userforms": "<3", @@ -1178,16 +1304,18 @@ "squizlabs/php_codesniffer": ">=1,<2.8.1", "swiftmailer/swiftmailer": ">=4,<5.4.5", "symfony/dependency-injection": ">=2,<2.0.17", - "symfony/form": ">=2.3,<2.3.35|>=2.4,<2.6.12|>=2.7,<2.7.7", + "symfony/form": ">=2.3,<2.3.35|>=2.4,<2.6.12|>=2.7,<2.7.38|>=2.8,<2.8.31|>=3,<3.2.14|>=3.3,<3.3.13", "symfony/framework-bundle": ">=2,<2.3.18|>=2.4,<2.4.8|>=2.5,<2.5.2", "symfony/http-foundation": ">=2,<2.3.27|>=2.4,<2.5.11|>=2.6,<2.6.6", "symfony/http-kernel": ">=2,<2.3.29|>=2.4,<2.5.12|>=2.6,<2.6.8", + "symfony/intl": ">=2.7,<2.7.38|>=2.8,<2.8.31|>=3,<3.2.14|>=3.3,<3.3.13", "symfony/routing": ">=2,<2.0.19", - "symfony/security": ">=2.7.30,<2.7.32|>=2.8.23,<2.8.25|>=3.2.10,<3.2.12|>=3.3.3,<3.3.5|>=2.3,<2.3.37|>=2.4,<2.6.13|>=2.7,<2.7.9|>=2,<2.0.25|>=2.1,<2.1.13|>=2.2,<2.2.9", - "symfony/security-core": ">=2.7.30,<2.7.32|>=2.8.23,<2.8.25|>=3.2.10,<3.2.12|>=3.3.3,<3.3.5|>=2.8,<2.8.6|>=3,<3.0.6|>=2.4,<2.6.13|>=2.7,<2.7.9", - "symfony/security-http": ">=2.4,<2.7.13|>=2.3,<2.3.41|>=2.8,<2.8.6|>=3,<3.0.6", + "symfony/security": ">=2,<2.0.25|>=2.1,<2.1.13|>=2.2,<2.2.9|>=2.3,<2.3.37|>=2.4,<2.6.13|>=2.7,<2.7.9|>=2.7.30,<2.7.32|>=2.8.23,<2.8.25|>=3.2.10,<3.2.12|>=3.3.3,<3.3.5", + "symfony/security-core": ">=2.4,<2.6.13|>=2.7,<2.7.9|>=2.7.30,<2.7.32|>=2.8,<2.8.6|>=2.8.23,<2.8.25|>=3,<3.0.6|>=3.2.10,<3.2.12|>=3.3.3,<3.3.5", + "symfony/security-csrf": ">=2.7,<2.7.38|>=2.8,<2.8.31|>=3,<3.2.14|>=3.3,<3.3.13", + "symfony/security-http": ">=2.3,<2.3.41|>=2.4,<2.7.38|>=2.8,<2.8.31|>=3,<3.2.14|>=3.3,<3.3.13", "symfony/serializer": ">=2,<2.0.11", - "symfony/symfony": ">=2,<2.3.41|>=2.4,<2.7.13|>=2.7.30,<2.7.32|>=2.8.23,<2.8.25|>=3.2.10,<3.2.12|>=3.3.3,<3.3.5|>=2.8,<2.8.6|>=3,<3.0.6", + "symfony/symfony": ">=2,<2.3.41|>=2.4,<2.7.38|>=2.8,<2.8.31|>=3,<3.2.14|>=3.3,<3.3.13", "symfony/translation": ">=2,<2.0.17", "symfony/validator": ">=2,<2.0.24|>=2.1,<2.1.12|>=2.2,<2.2.5|>=2.3,<2.3.3", "symfony/web-profiler-bundle": ">=2,<2.3.19|>=2.4,<2.4.9|>=2.5,<2.5.4", @@ -1195,8 +1323,8 @@ "thelia/backoffice-default-template": ">=2.1,<2.1.2", "thelia/thelia": ">=2.1.0-beta1,<2.1.3|>=2.1,<2.1.2", "twig/twig": "<1.20", - "typo3/cms": ">=6.2,<6.2.30|>=8,<8.7.5|>=7,<7.6.22", - "typo3/flow": ">=2.3,<2.3.16|>=3,<3.0.10|>=3.1,<3.1.7|>=3.2,<3.2.7|>=3.3,<3.3.5|>=1,<1.0.4|>=1.1,<1.1.1|>=2,<2.0.1", + "typo3/cms": ">=6.2,<6.2.30|>=7,<7.6.22|>=8,<8.7.5", + "typo3/flow": ">=1,<1.0.4|>=1.1,<1.1.1|>=2,<2.0.1|>=2.3,<2.3.16|>=3,<3.0.10|>=3.1,<3.1.7|>=3.2,<3.2.7|>=3.3,<3.3.5", "typo3/neos": ">=1.1,<1.1.3|>=1.2,<1.2.13|>=2,<2.0.4", "willdurand/js-translation-bundle": "<2.1.1", "yiisoft/yii": ">=1.1.14,<1.1.15", @@ -1224,6 +1352,7 @@ "zendframework/zendframework1": "<1.12.20", "zendframework/zendopenid": ">=2,<2.0.2", "zendframework/zendxml": ">=1,<1.0.1", + "zetacomponents/mail": "<1.8.2", "zf-commons/zfc-user": "<1.2.2", "zfcampus/zf-apigility-doctrine": ">=1,<1.0.3", "zfr/zfr-oauth2-server-module": "<0.1.2" @@ -1241,7 +1370,7 @@ } ], "description": "Prevents installation of composer packages with known security vulnerabilities: no API, simply require it", - "time": "2017-09-11T12:05:25+00:00" + "time": "2017-11-24T16:44:41+00:00" }, { "name": "sebastian/code-unit-reverse-lookup", @@ -1290,30 +1419,30 @@ }, { "name": "sebastian/comparator", - "version": "2.0.2", + "version": "2.1.0", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/comparator.git", - "reference": "ae068fede81d06e7bb9bb46a367210a3d3e1fe6a" + "reference": "1174d9018191e93cb9d719edec01257fc05f8158" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/ae068fede81d06e7bb9bb46a367210a3d3e1fe6a", - "reference": "ae068fede81d06e7bb9bb46a367210a3d3e1fe6a", + "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/1174d9018191e93cb9d719edec01257fc05f8158", + "reference": "1174d9018191e93cb9d719edec01257fc05f8158", "shasum": "" }, "require": { "php": "^7.0", "sebastian/diff": "^2.0", - "sebastian/exporter": "^3.0" + "sebastian/exporter": "^3.1" }, "require-dev": { - "phpunit/phpunit": "^6.0" + "phpunit/phpunit": "^6.4" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "2.0.x-dev" + "dev-master": "2.1.x-dev" } }, "autoload": { @@ -1344,13 +1473,13 @@ } ], "description": "Provides the functionality to compare PHP values for equality", - "homepage": "http://www.github.com/sebastianbergmann/comparator", + "homepage": "https://github.com/sebastianbergmann/comparator", "keywords": [ "comparator", "compare", "equality" ], - "time": "2017-08-03T07:14:59+00:00" + "time": "2017-11-03T07:16:52+00:00" }, { "name": "sebastian/diff", diff --git a/src/AuthorizationMiddleware.php b/src/AuthorizationMiddleware.php index 51d0d26..4849cec 100644 --- a/src/AuthorizationMiddleware.php +++ b/src/AuthorizationMiddleware.php @@ -11,6 +11,7 @@ use Psr\Http\Message\ServerRequestInterface; use Webimpress\HttpMiddlewareCompatibility\HandlerInterface; use Webimpress\HttpMiddlewareCompatibility\MiddlewareInterface; +use Zend\Expressive\Authentication\UserInterface; use const Webimpress\HttpMiddlewareCompatibility\HANDLER_METHOD; @@ -34,18 +35,19 @@ public function __construct(AuthorizationInterface $authorization, ResponseInter /** * {@inheritDoc} - * @todo Use role/identity interface from zend-expressive-authentication once published. */ public function process(ServerRequestInterface $request, HandlerInterface $handler) { - $role = $request->getAttribute(AuthorizationInterface::class, false); - - if (false === $role) { + $user = $request->getAttribute(UserInterface::class, false); + if (! $user instanceof UserInterface) { return $this->responsePrototype->withStatus(401); } - return $this->authorization->isGranted($role, $request) - ? $handler->{HANDLER_METHOD}($request) - : $this->responsePrototype->withStatus(403); + foreach ($user->getUserRoles() as $role) { + if ($this->authorization->isGranted($role, $request)) { + return $handler->{HANDLER_METHOD}($request); + } + } + return $this->responsePrototype->withStatus(403); } } diff --git a/src/AuthorizationMiddlewareFactory.php b/src/AuthorizationMiddlewareFactory.php index a01451a..119eed1 100644 --- a/src/AuthorizationMiddlewareFactory.php +++ b/src/AuthorizationMiddlewareFactory.php @@ -10,9 +10,12 @@ use Psr\Container\ContainerInterface; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; +use Zend\Expressive\Authentication\ResponsePrototypeTrait; class AuthorizationMiddlewareFactory { + use ResponsePrototypeTrait; + public function __invoke(ContainerInterface $container) : AuthorizationMiddleware { if (! $container->has(AuthorizationInterface::class)) { @@ -23,21 +26,12 @@ public function __invoke(ContainerInterface $container) : AuthorizationMiddlewar )); } - if (! $container->has(ResponseInterface::class) - && ! class_exists(Response::class) - ) { - throw new Exception\InvalidConfigException(sprintf( - 'Cannot create %s service; dependency %s is missing. Either define the service, ' - . 'or install zendframework/zend-diactoros', - AuthorizationMiddleware::class, - ResponseInterface::class - )); + try { + $responsePrototype = $this->getResponsePrototype($container); + } catch (\Exception $e) { + throw new Exception\InvalidConfigException($e->getMessage()); } - $responsePrototype = $container->has(ResponseInterface::class) - ? $container->get(ResponseInterface::class) - : new Response(); - return new AuthorizationMiddleware( $container->get(AuthorizationInterface::class), $responsePrototype diff --git a/test/AuthorizationMiddlewareTest.php b/test/AuthorizationMiddlewareTest.php index 975c230..65c3a4b 100644 --- a/test/AuthorizationMiddlewareTest.php +++ b/test/AuthorizationMiddlewareTest.php @@ -12,6 +12,8 @@ use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Webimpress\HttpMiddlewareCompatibility\HandlerInterface; +use Zend\Expressive\Authentication\UserInterface; +use Zend\Expressive\Authentication\UserRepository\UserTrait; use Zend\Expressive\Authorization\AuthorizationInterface; use Zend\Expressive\Authorization\AuthorizationMiddleware; @@ -19,6 +21,8 @@ class AuthorizationMiddlewareTest extends TestCase { + use UserTrait; + protected function setUp() { $this->authorization = $this->prophesize(AuthorizationInterface::class); @@ -33,11 +37,15 @@ public function testConstructor() $this->assertInstanceOf(AuthorizationMiddleware::class, $middleware); } - public function testProcessWithoutRoleAttribute() + public function testProcessWithoutUserAttribute() { - $this->request->getAttribute(AuthorizationInterface::class, false)->willReturn(false); + $this->request->getAttribute(UserInterface::class, false)->willReturn(false); $this->response->withStatus(401)->will([$this->response, 'reveal']); + $this->delegate + ->{HANDLER_METHOD}(Argument::any()) + ->shouldNotBeCalled(); + $middleware = new AuthorizationMiddleware($this->authorization->reveal(), $this->response->reveal()); $response = $middleware->process( @@ -50,9 +58,19 @@ public function testProcessWithoutRoleAttribute() public function testProcessRoleNotGranted() { - $this->request->getAttribute(AuthorizationInterface::class, false)->willReturn('foo'); - $this->response->withStatus(403)->will([$this->response, 'reveal']); - $this->authorization->isGranted('foo', $this->request->reveal())->willReturn(false); + $this->request + ->getAttribute(UserInterface::class, false) + ->willReturn($this->generateUser('foo', ['bar'])); + $this->response + ->withStatus(403) + ->will([$this->response, 'reveal']); + $this->authorization + ->isGranted('bar', Argument::that([$this->request, 'reveal'])) + ->willReturn(false); + + $this->delegate + ->{HANDLER_METHOD}(Argument::any()) + ->shouldNotBeCalled(); $middleware = new AuthorizationMiddleware($this->authorization->reveal(), $this->response->reveal()); @@ -66,11 +84,18 @@ public function testProcessRoleNotGranted() public function testProcessRoleGranted() { - $this->request->getAttribute(AuthorizationInterface::class, false)->willReturn('foo'); - $this->authorization->isGranted('foo', $this->request->reveal())->willReturn(true); + $this->request + ->getAttribute(UserInterface::class, false) + ->willReturn($this->generateUser('foo', ['bar'])); + $this->authorization + ->isGranted('bar', Argument::that([$this->request, 'reveal'])) + ->willReturn(true); + + $this->delegate + ->{HANDLER_METHOD}(Argument::any()) + ->will([$this->response, 'reveal']); $middleware = new AuthorizationMiddleware($this->authorization->reveal(), $this->response->reveal()); - $this->delegate->{HANDLER_METHOD}(Argument::any())->willReturn($this->response->reveal()); $response = $middleware->process( $this->request->reveal(),