Merge branch '2.next' into 2.x

markstory · markstory · commit 3f9b514cba1c · 2022-12-27T15:26:50.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - 2.x
+      - 2.next
   pull_request:
     branches:
       - '*'
diff --git a/src/Middleware/AuthorizationMiddleware.php b/src/Middleware/AuthorizationMiddleware.php
@@ -24,8 +24,7 @@
 use Authorization\Identity;
 use Authorization\IdentityDecorator;
 use Authorization\IdentityInterface;
-use Authorization\Middleware\UnauthorizedHandler\HandlerFactory;
-use Authorization\Middleware\UnauthorizedHandler\HandlerInterface;
+use Authorization\Middleware\UnauthorizedHandler\UnauthorizedHandlerTrait;
 use Cake\Core\InstanceConfigTrait;
 use InvalidArgumentException;
 use Psr\Http\Message\ResponseInterface;
@@ -42,6 +41,7 @@
 class AuthorizationMiddleware implements MiddlewareInterface
 {
     use InstanceConfigTrait;
+    use UnauthorizedHandlerTrait;
 
     /**
      * Default config.
@@ -132,37 +132,16 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 throw new AuthorizationRequiredException(['url' => $request->getRequestTarget()]);
             }
         } catch (Exception $exception) {
-            $unauthorizedHandler = $this->getHandler();
-            $response = $unauthorizedHandler->handle(
+            $response = $this->handleException(
                 $exception,
                 $request,
-                (array)$this->getConfig('unauthorizedHandler')
+                $this->getConfig('unauthorizedHandler')
             );
         }
 
         return $response;
     }
 
-    /**
-     * Returns unauthorized handler.
-     *
-     * @return \Authorization\Middleware\UnauthorizedHandler\HandlerInterface
-     */
-    protected function getHandler(): HandlerInterface
-    {
-        $handler = $this->getConfig('unauthorizedHandler');
-        if (!is_array($handler)) {
-            $handler = [
-                'className' => $handler,
-            ];
-        }
-        if (!isset($handler['className'])) {
-            throw new RuntimeException('Missing `className` key from handler config.');
-        }
-
-        return HandlerFactory::create($handler['className']);
-    }
-
     /**
      * Returns AuthorizationServiceInterface instance.
      *
diff --git a/src/Middleware/RequestAuthorizationMiddleware.php b/src/Middleware/RequestAuthorizationMiddleware.php
@@ -17,7 +17,9 @@
 namespace Authorization\Middleware;
 
 use Authorization\AuthorizationServiceInterface;
+use Authorization\Exception\Exception;
 use Authorization\Exception\ForbiddenException;
+use Authorization\Middleware\UnauthorizedHandler\UnauthorizedHandlerTrait;
 use Cake\Core\InstanceConfigTrait;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -38,6 +40,7 @@
 class RequestAuthorizationMiddleware implements MiddlewareInterface
 {
     use InstanceConfigTrait;
+    use UnauthorizedHandlerTrait;
 
     /**
      * Default Config
@@ -48,6 +51,7 @@ class RequestAuthorizationMiddleware implements MiddlewareInterface
         'authorizationAttribute' => 'authorization',
         'identityAttribute' => 'identity',
         'method' => 'access',
+        'unauthorizedHandler' => 'Authorization.Exception',
     ];
 
     /**
@@ -95,8 +99,12 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $identity = $request->getAttribute($this->getConfig('identityAttribute'));
 
         $result = $service->canResult($identity, $this->getConfig('method'), $request);
-        if (!$result->getStatus()) {
-            throw new ForbiddenException($result, [$this->getConfig('method'), $request->getRequestTarget()]);
+        try {
+            if (!$result->getStatus()) {
+                throw new ForbiddenException($result, [$this->getConfig('method'), $request->getRequestTarget()]);
+            }
+        } catch (Exception $exception) {
+            return $this->handleException($exception, $request, $this->getConfig('unauthorizedHandler'));
         }
 
         return $handler->handle($request);
diff --git a/src/Middleware/UnauthorizedHandler/UnauthorizedHandlerTrait.php b/src/Middleware/UnauthorizedHandler/UnauthorizedHandlerTrait.php
@@ -0,0 +1,56 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ * @link          https://cakephp.org CakePHP(tm) Project
+ * @since         2.3.0
+ * @license       https://opensource.org/licenses/mit-license.php MIT License
+ */
+namespace Authorization\Middleware\UnauthorizedHandler;
+
+use Authorization\Exception\Exception;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use RuntimeException;
+
+trait UnauthorizedHandlerTrait
+{
+    /**
+     * Handle exception.
+     *
+     * @param \Authorization\Exception\Exception $exception Exception to handle.
+     * @param \Psr\Http\Message\ServerRequestInterface $request Request instance.
+     * @param array|string $handler Handler config.
+     * @return \Psr\Http\Message\ResponseInterface
+     */
+    protected function handleException(
+        Exception $exception,
+        ServerRequestInterface $request,
+        $handler
+    ): ResponseInterface {
+        if (is_string($handler)) {
+            $handler = [
+                'className' => $handler,
+            ];
+        }
+        if (!isset($handler['className'])) {
+            throw new RuntimeException('Missing `className` key from handler config.');
+        }
+
+        $unauthorizedHandler = HandlerFactory::create($handler['className']);
+
+        return $unauthorizedHandler->handle(
+            $exception,
+            $request,
+            $handler
+        );
+    }
+}
diff --git a/src/Policy/Exception/MissingPolicyException.php b/src/Policy/Exception/MissingPolicyException.php
@@ -17,6 +17,7 @@
 namespace Authorization\Policy\Exception;
 
 use Authorization\Exception\Exception;
+use Cake\Datasource\RepositoryInterface;
 use Throwable;
 
 class MissingPolicyException extends Exception
@@ -37,7 +38,20 @@ class MissingPolicyException extends Exception
     public function __construct($resource, ?int $code = null, ?Throwable $previous = null)
     {
         if (is_object($resource)) {
-            $resource = [get_class($resource)];
+            $resourceClass = get_class($resource);
+            if (
+                method_exists($resource, 'getRepository') &&
+                $resource->getRepository() &&
+                $resource->getRepository() instanceof RepositoryInterface
+            ) {
+                $repositoryClass = get_class($resource->getRepository());
+                $resource = sprintf($this->_messageTemplate, $resourceClass);
+                $queryMessage = ' This resource looks like a `Query`. If you are using `OrmResolver`, ' .
+                    'you should create a new policy class for your `%s` class in `src/Policy/`.';
+                $resource .= sprintf($queryMessage, $repositoryClass);
+            } else {
+                $resource = [$resourceClass];
+            }
         }
 
         parent::__construct($resource, $code, $previous);
diff --git a/tests/TestCase/Middleware/RequestAuthorizationMiddlewareTest.php b/tests/TestCase/Middleware/RequestAuthorizationMiddlewareTest.php
@@ -121,4 +121,29 @@ public function testInvokeServiceWithResult()
             throw $e;
         }
     }
+
+    public function testUnauthorizedHandlerSuppress()
+    {
+        $request = (new ServerRequest([
+                'url' => '/articles/index',
+            ]))
+            ->withParam('action', 'add')
+            ->withParam('controller', 'Articles');
+
+        $handler = new TestRequestHandler();
+
+        $resolver = new MapResolver([
+            ServerRequest::class => new RequestPolicy(),
+        ]);
+
+        $authService = new AuthorizationService($resolver);
+        $request = $request->withAttribute('authorization', $authService);
+
+        $middleware = new RequestAuthorizationMiddleware([
+            'unauthorizedHandler' => 'Suppress',
+        ]);
+        $result = $middleware->process($request, $handler);
+
+        $this->assertSame(200, $result->getStatusCode());
+    }
 }
diff --git a/tests/TestCase/Middleware/UnauthorizedHandler/CakeRedirectHandlerTest.php b/tests/TestCase/Middleware/UnauthorizedHandler/CakeRedirectHandlerTest.php
@@ -29,15 +29,14 @@ public function setUp(): void
     {
         parent::setUp();
 
-        Router::reload();
         Router::fullBaseUrl('http://localhost');
         $builder = Router::createRouteBuilder('/');
         $builder->connect(
             '/login',
             ['controller' => 'Users', 'action' => 'login'],
             ['_name' => 'login']
         );
-        $builder->connect('/:controller/:action');
+        $builder->connect('/{controller}/{action}');
     }
 
     public function testHandleRedirectionDefault()
diff --git a/tests/TestCase/Policy/Exception/MissingPolicyExceptionTest.php b/tests/TestCase/Policy/Exception/MissingPolicyExceptionTest.php
@@ -0,0 +1,45 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ * @link https://cakephp.org CakePHP(tm) Project
+ * @since 1.0.0
+ * @license https://opensource.org/licenses/mit-license.php MIT License
+ */
+namespace Authorization\Test\TestCase\Policy\Exception;
+
+use Authorization\Policy\Exception\MissingPolicyException;
+use Cake\Datasource\QueryInterface;
+use Cake\TestSuite\TestCase;
+use TestApp\Model\Table\ArticlesTable;
+
+class MissingPolicyExceptionTest extends TestCase
+{
+    public function testConstructQueryInstance(): void
+    {
+        $articles = new ArticlesTable();
+        $query = $this->createMock(QueryInterface::class);
+        $query->method('getRepository')
+            ->willReturn($articles);
+        $missingPolicyException = new MissingPolicyException($query);
+        $needle = 'This resource looks like a `Query`. If you are using ' .
+            '`OrmResolver`, you should create a new policy class for ' .
+            'your `TestApp\Model\Table\ArticlesTable` class in `src/Policy/`.';
+        $this->assertTextContains($needle, $missingPolicyException->getMessage());
+    }
+
+    public function testConstructAnotherInstance(): void
+    {
+        $missingPolicyException = new MissingPolicyException(new \stdClass());
+        $needle = 'Policy for `stdClass` has not been defined.';
+        $this->assertSame($needle, $missingPolicyException->getMessage());
+    }
+}
