Merge pull request #12 from minvws/up

Using 2.0 version of puzi

composer.json

@@ -25,7 +25,7 @@
     "prefer-stable": true,
     "require": {
         "php": "^8.0",
-        "minvws/puzi-php": "^1.1",
+        "minvws/puzi-php": "^2.0",
         "laravel/framework": "^8.0|^9.0"
     },
     "require-dev": {

src/Middleware/AuthenticateWithUzi.php

@@ -61,11 +61,14 @@ public function handle($request, Closure $next, $guard = null)
         }
 
         try {
-            $uziUser = $this->uziReader->getDataFromRequest($request);
-            if (!$this->uziValidator->isValid($uziUser)) {
+            if (!$this->uziValidator->isValid($request)) {
                 throw new AuthenticationException('Unauthenticated.');
             }
 
+            $uziUser = $this->uziReader->getDataFromRequest($request);
+            if (! $uziUser) {
+                throw new AuthenticationException('Unauthenticated.');
+            }
             $this->auth->guard($guard)->login(AuthenticatableUziUser::fromUziUser($uziUser), false);
 
             return $next($request);

src/UziServiceProvider.php

@@ -3,6 +3,7 @@
 namespace MinVWS\PUZI\Laravel;
 
 use Illuminate\Support\ServiceProvider;
+use MinVWS\PUZI\UziReader;
 use MinVWS\PUZI\UziValidator;
 
 /**
@@ -26,10 +27,37 @@ public function boot()
     public function register()
     {
         $this->app->bind(UziValidator::class, function () {
+
+            // Split certificates from file
+            $caCerts = [];
+            $path = config('uzi.ca_certs_path', null);
+            if ($path) {
+                $fileContent = @file_get_contents($path);
+                if ($fileContent === false) {
+                    throw new \RuntimeException("Could not read CA certificates from $path");
+                }
+
+                $caCerts = preg_split('/-----BEGIN CERTIFICATE-----/', $fileContent);
+                if ($caCerts === false) {
+                    $caCerts = [];
+                } else {
+                    // remove empty first element
+                    array_shift($caCerts);
+                }
+
+                foreach ($caCerts as &$cert) {
+                    $cert = trim($cert);
+                    $cert = str_replace('-----END CERTIFICATE-----', '', $cert);
+                    $cert = str_replace("\n", '', $cert);
+                }
+            }
+
             return new UziValidator(
+                new UziReader(),
                 config("uzi.strict_ca_check", true),
                 config("uzi.allowed_types", []),
-                config("uzi.allowed_roles", [])
+                config("uzi.allowed_roles", []),
+                $caCerts
             );
         });
     }

src/config/uzi.php

@@ -9,4 +9,7 @@
 
     // Which roles are allowed to log in
     'allowed_roles' => [],
+
+    // The CA certificates to use for validating the UZI certificate. Must be concatenated in a single file.
+    'ca_certs_path' => env('UZI_CA_CERTS_PATH', null),
 ];

tests/Middleware/AuthenticateWithUziTest.php

@@ -76,7 +76,22 @@ public function testExceptionDuringValidation(): void
 
         $middleware = $this->getMiddleware();
 
-        $this->mockReader->shouldReceive('getDataFromRequest')->andThrow(new UziException());
+        $this->mockValidator->shouldReceive('isValid')->andReturnFalse();
+        $this->expectException(AuthenticationException::class);
+
+        $middleware->handle($request, function () {
+        });
+    }
+
+    public function testNoUziInfo(): void
+    {
+        $request = new Request();
+        $request->server->set('HTTPS', 'on');
+
+        $middleware = $this->getMiddleware();
+
+        $this->mockValidator->shouldReceive('isValid')->andReturnFalse();
+        $this->mockReader->shouldReceive('getDataFromRequest')->andReturnNull();
         $this->expectException(AuthenticationException::class);
 
         $middleware->handle($request, function () {