add AuthorizationEnvironmentMiddleware

nojimage · nojimage · commit 61581ce2859e · 2020-01-23T12:07:14.000+09:00
diff --git a/src/Middleware/AuthorizationEnvironmentMiddleware.php b/src/Middleware/AuthorizationEnvironmentMiddleware.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace OAuthServer\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+/**
+ * For php-fpm|php-cgi
+ *
+ * Set Authorization header from HTTP_AUTHORIZATION|REDIRECT_HTTP_AUTHORIZATION environment
+ */
+class AuthorizationEnvironmentMiddleware
+{
+    /**
+     * @var array the Environment variable name that set for Authorization
+     */
+    protected $environment = [
+        'HTTP_AUTHORIZATION',
+        'REDIRECT_HTTP_AUTHORIZATION',
+    ];
+
+    /**
+     * AuthorizationEnvironmentMiddleware constructor.
+     *
+     * @param array $environment the Environment variable name that set for Authorization
+     */
+    public function __construct(array $environment = ['HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION'])
+    {
+        $this->environment = $environment;
+    }
+
+    /**
+     * Serve assets if the path matches one.
+     *
+     * @param ServerRequestInterface $request The request.
+     * @param ResponseInterface $response The response.
+     * @param callable $next Callback to invoke the next middleware.
+     * @return ResponseInterface A response
+     */
+    public function __invoke($request, $response, $next)
+    {
+        if ($request->hasHeader('Authorization')) {
+            // If Authorization header is set, nothing to do.
+            return $next($request, $response);
+        }
+
+        foreach ($this->environment as $env) {
+            // Set Authorization header, if the environment variables is set.
+            if (isset($_SERVER[$env])) {
+                return $next($request->withHeader('Authorization', $_SERVER[$env]), $response);
+            }
+        }
+
+        return $next($request, $response);
+    }
+}
diff --git a/tests/TestCase/Middleware/AuthorizationEnvironmentMiddlewareTest.php b/tests/TestCase/Middleware/AuthorizationEnvironmentMiddlewareTest.php
@@ -0,0 +1,88 @@
+<?php
+
+namespace OAuthServer\Test\TestCase\Middleware;
+
+use OAuthServer\Middleware\AuthorizationEnvironmentMiddleware;
+use PHPUnit\Framework\TestCase;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Zend\Diactoros\Response;
+use Zend\Diactoros\ServerRequest;
+
+class AuthorizationEnvironmentMiddlewareTest extends TestCase
+{
+    protected function setUp()
+    {
+        parent::setUp();
+        unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
+    }
+
+    protected function tearDown()
+    {
+        unset($_SERVER['HTTP_AUTHORIZATION'], $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
+        parent::tearDown();
+    }
+
+    /**
+     * @dataProvider dataSetHeaderFromEnvironment
+     * @param string $env environment name
+     * @return       void
+     */
+    public function testSetHeaderFromEnvironment($env)
+    {
+        $_SERVER[$env] = 'from env';
+
+        $request = new ServerRequest();
+        $response = new Response();
+        $next = function (ServerRequestInterface $request, ResponseInterface $response) {
+            $this->assertSame('from env', $request->getHeaderLine('authorization'));
+        };
+
+        $middleware = new AuthorizationEnvironmentMiddleware();
+
+        $middleware($request, $response, $next);
+    }
+
+    /**
+     * @return array
+     */
+    public function dataSetHeaderFromEnvironment()
+    {
+        return [
+            ['HTTP_AUTHORIZATION'],
+            ['REDIRECT_HTTP_AUTHORIZATION'],
+        ];
+    }
+
+    public function testSetHeaderFromFirstEnvironment()
+    {
+        $_SERVER['HTTP_AUTHORIZATION'] = 'from authorization';
+        $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'from redirect authorization';
+
+        $request = new ServerRequest();
+        $response = new Response();
+        $next = function (ServerRequestInterface $request, ResponseInterface $response) {
+            $this->assertSame('from authorization', $request->getHeaderLine('authorization'));
+        };
+
+        $middleware = new AuthorizationEnvironmentMiddleware();
+
+        $middleware($request, $response, $next);
+    }
+
+    public function testNotSetHeaderWhenExists()
+    {
+        $_SERVER['HTTP_AUTHORIZATION'] = 'from authorization';
+        $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'from redirect authorization';
+
+        $request = (new ServerRequest())->withHeader('Authorization', 'from header');
+        $response = new Response();
+        $next = function (ServerRequestInterface $request, ResponseInterface $response) {
+            $this->assertSame('from header', $request->getHeaderLine('authorization'));
+        };
+
+        $middleware = new AuthorizationEnvironmentMiddleware();
+
+        $middleware($request, $response, $next);
+    }
+}
