Use serialised stdClass object to represent user data

Greg Bowler · Greg Bowler · commit eb3745c53d92 · 2020-04-13T14:31:39.000+01:00
diff --git a/src/Authenticator.php b/src/Authenticator.php
@@ -80,6 +80,10 @@ public function logout():void {
 		$this->redirectHandler->redirect($this->getLogoutUri());
 	}
 
+	public function adminLogin():void {
+// TODO: Implement!
+	}
+
 	public function getUuid():string {
 		$userData = $this->sessionData->getUserData();
 		return $userData->getUuid();
@@ -99,7 +103,7 @@ public function getAuthUri(Token $token):AuthUri {
 	}
 
 	public function getAdminUri(
-		string $path = AdminUri::PATH_ACCOUNT
+		string $path = AdminUri::PATH_ADMIN
 	):UriInterface {
 		return new AdminUri(
 			$this->authwaveHost,
diff --git a/src/ProviderUri/AdminUri.php b/src/ProviderUri/AdminUri.php
@@ -2,7 +2,7 @@
 namespace Authwave\ProviderUri;
 
 class AdminUri extends AbstractProviderUri {
-	const PATH_ACCOUNT = "/account";
+	const PATH_ADMIN = "/admin";
 	const PATH_SETTINGS = "/settings";
 
 	public function __construct(
diff --git a/src/Token.php b/src/Token.php
@@ -55,13 +55,13 @@ public function decryptResponseCipher(string $cipher):UserData {
 			throw new ResponseCipherDecryptionException();
 		}
 
-		$data = unserialize(
+		$data = @unserialize(
 			$decrypted
 		);
 		if($data === false) {
 			throw new InvalidUserDataSerializationException();
 		}
 
-		return new UserData($data["uuid"], $data["email"]);
+		return new UserData($data->{"uuid"}, $data->{"email"});
 	}
 }
diff --git a/test/phpunit/AuthenticatorTest.php b/test/phpunit/AuthenticatorTest.php
@@ -355,7 +355,7 @@ public function testGetAdminUri() {
 		);
 		$sut = $auth->getAdminUri();
 		self::assertEquals(
-			AdminUri::PATH_ACCOUNT,
+			AdminUri::PATH_ADMIN,
 			$sut->getPath()
 		);
 	}
diff --git a/test/phpunit/ProviderUri/AdminUriTest.php b/test/phpunit/ProviderUri/AdminUriTest.php
@@ -8,10 +8,10 @@ class AdminUriTest extends TestCase {
 	public function testPathAccount() {
 		$sut = new AdminUri(
 			"example.com",
-			AdminUri::PATH_ACCOUNT
+			AdminUri::PATH_ADMIN
 		);
 		self::assertEquals(
-			AdminUri::PATH_ACCOUNT,
+			AdminUri::PATH_ADMIN,
 			$sut->getPath()
 		);
 	}
diff --git a/test/phpunit/TokenTest.php b/test/phpunit/TokenTest.php
@@ -65,7 +65,8 @@ public function testDecryptResponseCipherBadJson() {
 	}
 
 	public function testDecryptResponseCipher() {
-		$key = uniqid("test-key-");
+		$clientKey = uniqid("test-key-");
+// SecretIv is stored in the client application's session only.
 		$secretIv = self::createMock(InitVector::class);
 		$secretIv->method("getBytes")
 			->willReturn(str_repeat("0", 16));
@@ -75,22 +76,20 @@ public function testDecryptResponseCipher() {
 
 		$uuid = "aabb-ccdd-eeff";
 		$email = "user@example.com";
-		$json = <<<JSON
-		{
-			"uuid": "$uuid",
-			"email": "$email"
-		}
-		JSON;
+		$serialized = serialize((object)[
+			"uuid" => $uuid,
+			"email" => $email,
+		]);
 
 		$cipher = openssl_encrypt(
-			$json,
+			$serialized,
 			Token::ENCRYPTION_METHOD,
-			implode("|", [$key, $secretIv->getBytes()]),
+			$clientKey,
 			0,
-			$iv->getBytes()
+			$secretIv->getBytes()
 		);
 		$cipher = base64_encode($cipher);
-		$sut = new Token($key, $secretIv, $iv);
+		$sut = new Token($clientKey, $secretIv, $iv);
 		$userData = $sut->decryptResponseCipher($cipher);
 		self::assertInstanceOf(UserData::class, $userData);
 		self::assertEquals($uuid, $userData->getUuid());

Original file line number	Diff line number	Diff line change
`@@ -55,13 +55,13 @@ public function decryptResponseCipher(string $cipher):UserData {`
`55`	`55`	`throw new ResponseCipherDecryptionException();`
`56`	`56`	`}`
`57`	`57`
`58`		`- $data = unserialize(`
	`58`	`+ $data = @unserialize(`
`59`	`59`	`$decrypted`
`60`	`60`	`);`
`61`	`61`	`if($data === false) {`
`62`	`62`	`throw new InvalidUserDataSerializationException();`
`63`	`63`	`}`
`64`	`64`
`65`		`- return new UserData($data["uuid"], $data["email"]);`
	`65`	`+ return new UserData($data->{"uuid"}, $data->{"email"});`
`66`	`66`	`}`
`67`	`67`	`}`
Original file line number	Diff line number	Diff line change
`@@ -355,7 +355,7 @@ public function testGetAdminUri() {`
`355`	`355`	`);`
`356`	`356`	`$sut = $auth->getAdminUri();`
`357`	`357`	`self::assertEquals(`
`358`		`- AdminUri::PATH_ACCOUNT,`
	`358`	`+ AdminUri::PATH_ADMIN,`
`359`	`359`	`$sut->getPath()`
`360`	`360`	`);`
`361`	`361`	`}`