feat: add Filters\JWTAuth

kenjis · kenjis · commit fd1f5a173d0f · 2022-06-01T16:51:07.000+09:00
diff --git a/src/Config/Registrar.php b/src/Config/Registrar.php
@@ -6,6 +6,7 @@
 use CodeIgniter\Shield\Collectors\Auth;
 use CodeIgniter\Shield\Filters\AuthRates;
 use CodeIgniter\Shield\Filters\ChainAuth;
+use CodeIgniter\Shield\Filters\JWTAuth;
 use CodeIgniter\Shield\Filters\SessionAuth;
 use CodeIgniter\Shield\Filters\TokenAuth;
 
@@ -20,6 +21,7 @@ public static function Filters(): array
             'aliases' => [
                 'session'    => SessionAuth::class,
                 'tokens'     => TokenAuth::class,
+                'jwt'        => JWTAuth::class,
                 'chain'      => ChainAuth::class,
                 'auth-rates' => AuthRates::class,
             ],
diff --git a/src/Filters/JWTAuth.php b/src/Filters/JWTAuth.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace CodeIgniter\Shield\Filters;
+
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\Response;
+use CodeIgniter\HTTP\ResponseInterface;
+use CodeIgniter\Shield\Authentication\Authenticators\JWT;
+use Config\Services;
+
+/**
+ * JWT Authentication Filter.
+ *
+ * JSON Web Token authentication for web applications.
+ */
+class JWTAuth implements FilterInterface
+{
+    /**
+     * Do whatever processing this filter needs to do.
+     * By default it should not return anything during
+     * normal execution. However, when an abnormal state
+     * is found, it should return an instance of
+     * CodeIgniter\HTTP\Response. If it does, script
+     * execution will end and that Response will be
+     * sent back to the client, allowing for error pages,
+     * redirects, etc.
+     *
+     * @param array|null $arguments
+     *
+     * @return Response|void
+     */
+    public function before(RequestInterface $request, $arguments = null)
+    {
+        helper(['auth', 'setting']);
+
+        /** @var JWT $authenticator */
+        $authenticator = auth('jwt')->getAuthenticator();
+
+        $result = $authenticator->attempt([
+            'token' => $request->getHeaderLine(
+                setting('Auth.authenticatorHeader')['jwt'] ?? 'Authorization'
+            ),
+        ]);
+
+        if (! $result->isOK()) {
+            return Services::response()
+                ->setJSON([
+                    'error' => $result->reason(),
+                ])
+                ->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED);
+        }
+
+        if (setting('Auth.recordActiveDate')) {
+            $authenticator->recordActiveDate();
+        }
+    }
+
+    /**
+     * We don't have anything to do here.
+     *
+     * @param Response|ResponseInterface $response
+     * @param array|null                 $arguments
+     *
+     * @return void
+     */
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    {
+    }
+}
diff --git a/tests/Authentication/Filters/JWTFilterTest.php b/tests/Authentication/Filters/JWTFilterTest.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Tests\Authentication\Filters;
+
+use CodeIgniter\Config\Factories;
+use CodeIgniter\Shield\Authentication\TokenGenerator\JWTGenerator;
+use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Filters\JWTAuth;
+use CodeIgniter\Shield\Models\UserModel;
+use CodeIgniter\Test\FeatureTestTrait;
+use Config\Services;
+use Tests\Support\DatabaseTestCase;
+
+/**
+ * @internal
+ */
+final class JWTFilterTest extends DatabaseTestCase
+{
+    use FeatureTestTrait;
+
+    protected $namespace;
+
+    protected function setUp(): void
+    {
+        Services::reset(true);
+
+        parent::setUp();
+
+        $_SESSION = [];
+
+        // Register our filter
+        $filterConfig                     = \config('Filters');
+        $filterConfig->aliases['jwtAuth'] = JWTAuth::class;
+        Factories::injectMock('filters', 'filters', $filterConfig);
+
+        // Add a test route that we can visit to trigger.
+        $routes = \service('routes');
+        $routes->group('/', ['filter' => 'jwtAuth'], static function ($routes) {
+            $routes->get('protected-route', static function () {
+                echo 'Protected';
+            });
+        });
+        $routes->get('open-route', static function () {
+            echo 'Open';
+        });
+        $routes->get('login', 'AuthController::login', ['as' => 'login']);
+        Services::injectMock('routes', $routes);
+    }
+
+    public function testFilterNotAuthorized()
+    {
+        $result = $this->call('get', 'protected-route');
+
+        $result->assertStatus(401);
+
+        $result = $this->get('open-route');
+
+        $result->assertStatus(200);
+        $result->assertSee('Open');
+    }
+
+    public function testFilterSuccess()
+    {
+        /** @var User $user */
+        $user = \fake(UserModel::class);
+
+        $generator = new JWTGenerator();
+        $token     = $generator->generateAccessToken($user);
+
+        $result = $this->withHeaders(['Authorization' => 'Bearer ' . $token])
+            ->get('protected-route');
+
+        $result->assertStatus(200);
+        $result->assertSee('Protected');
+
+        $this->assertSame($user->id, \auth('jwt')->id());
+        $this->assertSame($user->id, \auth('jwt')->user()->id);
+    }
+}
