Merge branch '4.3' into main

Author: Steveb-p

composer.json

@@ -17,10 +17,10 @@
     },
     "autoload-dev": {
         "psr-4": {
-            "EzSystems\\EzPlatformRestBundle\\Tests\\": "tests/bundle/",
-            "EzSystems\\EzPlatformRest\\Tests\\": "tests/lib/",
             "Ibexa\\Tests\\Rest\\": "tests/lib/",
-            "Ibexa\\Tests\\Bundle\\Rest\\": "tests/bundle/"
+            "Ibexa\\Tests\\Bundle\\Rest\\": "tests/bundle/",
+            "Ibexa\\Tests\\Contracts\\Rest\\": "tests/contracts/",
+            "Ibexa\\Tests\\Integration\\Rest\\": "tests/integration/"
         }
     },
     "require": {

phpunit.xml

@@ -15,6 +15,7 @@
     </testsuite>
     <testsuite name="Ibexa REST">
       <directory>tests/lib/</directory>
+      <directory>tests/contracts/</directory>
       <exclude>tests/lib/Server</exclude>
     </testsuite>
     <testsuite name="Ibexa REST Server Tests">

src/bundle/Resources/config/security.yml

@@ -12,6 +12,8 @@ services:
             - "@?logger"
         abstract: true
 
+    Ibexa\Contracts\Rest\Security\AuthorizationHeaderRESTRequestMatcher: ~
+
     Ibexa\Rest\Server\Security\RestLogoutHandler:
         arguments:
             - '@ibexa.config.resolver'

src/contracts/Security/AuthorizationHeaderRESTRequestMatcher.php

@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Contracts\Rest\Security;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestMatcher;
+
+final class AuthorizationHeaderRESTRequestMatcher extends RequestMatcher
+{
+    public function matches(Request $request): bool
+    {
+        if ($request->attributes->get('is_rest_request', false) !== true) {
+            return false;
+        }
+
+        if (
+            $request->attributes->get('_route') === 'ibexa.rest.create_token'
+            || !empty($request->headers->get('Authorization'))
+        ) {
+            return parent::matches($request);
+        }
+
+        return false;
+    }
+}

tests/contracts/Security/AuthorizationHeaderRESTRequestMatcherTest.php

@@ -0,0 +1,59 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Tests\Contracts\Rest\Security;
+
+use Ibexa\Contracts\Rest\Security\AuthorizationHeaderRESTRequestMatcher;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+
+final class AuthorizationHeaderRESTRequestMatcherTest extends TestCase
+{
+    public function testDoesNotMatchNonRestRequests(): void
+    {
+        $matcher = new AuthorizationHeaderRESTRequestMatcher();
+
+        self::assertFalse($matcher->matches(new Request()));
+    }
+
+    public function testDoesNotMatchRestRequestsWithoutHeader(): void
+    {
+        $matcher = new AuthorizationHeaderRESTRequestMatcher();
+
+        $request = new Request([], [], [
+            'is_rest_request' => true,
+        ]);
+
+        self::assertFalse($matcher->matches($request));
+    }
+
+    public function testMatchesRestRequestsWithHeader(): void
+    {
+        $matcher = new AuthorizationHeaderRESTRequestMatcher();
+
+        $request = new Request([], [], [
+            'is_rest_request' => true,
+        ], [], [], [
+            'HTTP_AUTHORIZATION' => 'Bearer foo',
+        ]);
+
+        self::assertTrue($matcher->matches($request));
+    }
+
+    public function testMatchesRestJwtCreationEndpoint(): void
+    {
+        $matcher = new AuthorizationHeaderRESTRequestMatcher();
+
+        $request = new Request([], [], [
+            'is_rest_request' => true,
+            '_route' => 'ibexa.rest.create_token',
+        ]);
+
+        self::assertTrue($matcher->matches($request));
+    }
+}