Merge branch 'feature/auth-refactoring' into 7.x

Author: skie

.travis.yml

@@ -1,14 +1,26 @@
 language: php
 
+dist: xenial
+
 php:
   - 7.2
   - 7.3
-
+  - '7.4snapshot'
+ 
 sudo: false
 
+services:
+  - postgresql
+  - mysql
+
+cache:
+  directories:
+    - vendor
+    - $HOME/.composer/cache 
+
 env:
   matrix:
-    - DB=mysql db_dsn='mysql://travis@0.0.0.0/cakephp_test'
+    - DB=mysql db_dsn='mysql://root@127.0.0.1/cakephp_test?init[]=SET sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
     - DB=pgsql db_dsn='postgres://[email protected]/cakephp_test'
     - DB=sqlite db_dsn='sqlite:///:memory:'
 
@@ -31,8 +43,8 @@ matrix:
 before_script:
   - composer self-update
   - composer install --prefer-dist --no-interaction
-  - if [ $DB = 'mysql' ]; then mysql -e 'CREATE DATABASE cakephp_test;'; fi
-  - if [ $DB = 'pgsql' ]; then psql -c 'CREATE DATABASE cakephp_test;' -U postgres; fi
+  - if [[ $DB == 'mysql' ]]; then mysql -u root -e 'CREATE DATABASE cakephp_test;'; fi
+  - if [[ $DB == 'pgsql' ]]; then psql -c 'CREATE DATABASE cakephp_test;' -U postgres; fi
   - if [[ $PHPSTAN = 1 ]]; then composer stan-setup; fi
 
 script:

composer.json

@@ -60,14 +60,18 @@
         "check": [
             "@cs-check",
             "@test",
-            "@stan"
+            "@analyse"
         ],
-        "cs-check": "phpcs -p --standard=vendor/cakephp/cakephp-codesniffer/CakePHP src/ tests/",
+        "analyse": [
+            "@stan",
+            "@psalm"
+         ],
+         "cs-check": "phpcs -p --standard=vendor/cakephp/cakephp-codesniffer/CakePHP src/ tests/",
         "cs-fix": "phpcbf --standard=vendor/cakephp/cakephp-codesniffer/CakePHP src/ tests/",
         "test": "phpunit --stderr",
-        "stan": "phpstan analyse src/ && psalm --show-info=false",
-        "psalm": "psalm --show-info=false",
-        "stan-setup": "cp composer.json composer.backup && composer require --dev phpstan/phpstan:^0.11 vimeo/psalm:^3.0 && mv composer.backup composer.json", 
+        "stan": "phpstan analyse src/",
+        "psalm": "php vendor/psalm/phar/psalm.phar --show-info=false src/ ",
+        "stan-setup": "cp composer.json composer.backup && composer require --dev phpstan/phpstan-shim:^0.11.18 psalm/phar:^3.5  && mv composer.backup composer.json",
         "rector": "rector process src/",
         "rector-setup": "cp composer.json composer.backup && composer require --dev rector/rector:^0.4.11 && mv composer.backup composer.json", 
         "coverage-test": "phpunit --stderr --coverage-clover=clover.xml"

config/api.php

@@ -1,13 +1,20 @@
 <?php
 /**
- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  *
  * Licensed under The MIT License
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
+use Authentication\AuthenticationService;
+use Authentication\Middleware\AuthenticationMiddleware;
+use Authorization\Middleware\AuthorizationMiddleware;
+use Authorization\Middleware\RequestAuthorizationMiddleware;
+use CakeDC\Api\Middleware\ParseApiRequestMiddleware;
+use CakeDC\Api\Middleware\ProcessApiRequestMiddleware;
+use CakeDC\Api\ApiInitializer;
 
 return [
     'Api' => [
@@ -31,6 +38,30 @@
                 'default' => 'auth'
             ],
         ],
+        
+        'Middleware' => [
+            'authentication' => [
+                'class' => AuthenticationMiddleware::class,
+                'request' => ApiInitializer::class,
+                'method' => 'getAuthenticationService',
+            ],
+            'apiParser' => [
+                'class' => ParseApiRequestMiddleware::class,
+            ],
+            'apiAuthorize' => [
+                'class' => AuthorizationMiddleware::class,
+                'request' => ApiInitializer::class,
+                'params' => [
+                    'unauthorizedHandler' => 'CakeDC/Api.ApiException',
+                ],
+            ],
+            'apiAuthorizeRequest' => [
+                'class' => RequestAuthorizationMiddleware::class,
+            ],
+            'apiProcessor' => [
+                'class' => ProcessApiRequestMiddleware::class,
+            ],
+        ],
 
         'Service' => [
             'default' => [

config/api_permissions.php.default

@@ -0,0 +1,13 @@
+<?php
+
+return [
+    'CakeDC/Auth.api_permissions' => [
+            [
+                'role' => '*',
+                'service' => '*',
+                'action' => '*',
+                'method' => '*',
+                'bypassAuth' => true,
+            ],
+    ]
+];

config/bootstrap.php

@@ -1,11 +1,11 @@
 <?php
 /**
- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  *
  * Licensed under The MIT License
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
 

config/routes.php

@@ -1,20 +1,26 @@
 <?php
 /**
- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  *
  * Licensed under The MIT License
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
 
 use Cake\Core\Configure;
 use Cake\Routing\Router;
+use Cake\Routing\RouteBuilder;
 
 Router::plugin('CakeDC/Api', ['path' => '/api'], function ($routes) {
     $useVersioning = Configure::read('Api.useVersioning');
     $versionPrefix = Configure::read('Api.versionPrefix');
+    $middlewares = Configure::read('Api.Middleware');
+    $middlewareNames = array_keys($middlewares);
+
+    $routes->applyMiddleware(...$middlewareNames);
+
     if (empty($versionPrefix)) {
         $versionPrefix = 'v';
     }
@@ -29,11 +35,6 @@
                 'controller' => 'Api',
                 'action' => 'listing'
             ], ['version' => $versionPrefix . '\d+', 'pass' => []]);
-        $routes->connect('/:version/:service/*', [
-                'plugin' => 'CakeDC/Api',
-                'controller' => 'Api',
-                'action' => 'process'
-            ], ['version' => $versionPrefix . '\d+', 'pass' => []]);
     }
     $routes->connect('/describe/*', [
             'plugin' => 'CakeDC/Api',
@@ -45,9 +46,5 @@
             'controller' => 'Api',
             'action' => 'listing'
         ]);
-    $routes->connect('/:service/*', [
-            'plugin' => 'CakeDC/Api',
-            'controller' => 'Api',
-            'action' => 'process'
-        ]);
+    $routes->connect('/**', ['plugin' => 'CakeDC/Api', 'controller' => 'Api', 'action' => 'notFound']);
 });

src/ApiInitializer.php

@@ -0,0 +1,81 @@
+<?php 
+declare(strict_types=1);
+
+/**
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
+ * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+
+namespace CakeDC\Api;
+
+use Authentication\AuthenticationService;
+use Authorization\AuthorizationService;
+use Authorization\AuthorizationServiceInterface;
+use Authorization\AuthorizationServiceProviderInterface;
+use Authorization\Policy\MapResolver;
+use Authorization\Policy\OrmResolver;
+use Authorization\Policy\ResolverCollection;
+use Cake\Core\Configure;
+use Cake\Http\ServerRequest;
+use CakeDC\Api\Rbac\ApiRbac;
+use CakeDC\Auth\Rbac\Rbac;
+use CakeDC\Auth\Policy\CollectionPolicy;
+use CakeDC\Auth\Policy\RbacPolicy;
+use CakeDC\Auth\Policy\SuperuserPolicy;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class ApiInitializer implements AuthorizationServiceProviderInterface
+{
+
+    public function getAuthenticationService(): AuthenticationService
+    {
+        $service = new AuthenticationService();
+        $service->loadIdentifier('Authentication.JwtSubject', []);
+
+        $service->loadIdentifier('Authentication.Password', []);
+        $service->loadAuthenticator('Authentication.Session', [
+            'sessionKey' => 'Auth',
+        ]);
+
+        $service->loadIdentifier('Authentication.Token', [
+            'dataField' => 'token',
+            'tokenField' => 'api_token',
+        ]);
+        $service->loadAuthenticator('Authentication.Token', [
+            'queryParam' => 'token',
+        ]);
+        
+        return $service;
+    }
+
+    public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface
+    {
+        $map = new MapResolver();
+        $rbac = new ApiRbac();
+        $map->map(
+            ServerRequest::class,
+            new CollectionPolicy([
+                //SuperuserPolicy::class,
+                new RbacPolicy([
+                    'adapter' => $rbac
+                ])
+            ])
+        );
+
+        $orm = new OrmResolver();
+
+        $resolver = new ResolverCollection([
+            $map,
+            $orm
+        ]);
+
+        return new AuthorizationService($resolver);
+    }
+
+}

src/Controller/ApiController.php

@@ -123,4 +123,9 @@ protected function _process(array $options = []): ?Response
 
         return $this->getResponse();
     }
+    
+    public function notFound()
+    {
+        return $this->getResponse()->withStatus(404);
+    }
 }

src/Controller/AppController.php

@@ -13,10 +13,9 @@
 
 namespace CakeDC\Api\Controller;
 
-//use App\Controller\AppController as BaseController;
+use App\Controller\AppController as BaseController;
 
-
-use Cake\Controller\Controller as BaseController;
+// use Cake\Controller\Controller as BaseController;
 
 /**
  * Class AppController

src/Middleware/ApiMiddleware.php

@@ -27,6 +27,7 @@
 /**
  * Applies routing rules to the request and creates the controller
  * instance if possible.
+ * @deprecated use ParseApiRequestMiddleware and ProcessApiRequestMiddleware instead
  */
 class ApiMiddleware implements MiddlewareInterface
 {