extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-01-23 06:38:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make the User Name unique

Browse Source
This commit is contained in:
Bubka 2023-03-13 14:53:42 +01:00
parent dc71d87f61
commit 5ced8cbf0e
5 changed files with 133 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/Extensions/RemoteUserProvider.php
View File

@ -29,7 +29,7 @@ class RemoteUserProvider implements UserProvider
public function retrieveById($identifier)
{
// We don't know the id length so we trim it to prevent to long strings in DB
$name = substr($identifier['id'], 0, 180);
$name = substr($identifier['id'], 0, 191);
$email = null;
$user = User::where('name', $name)->first();
@ -44,16 +44,16 @@ public function retrieveById($identifier)
]);
if (User::where('id', '<>', $user->id ?? 0)->where('email', $identifier['email'])->count() == 0) {
$email = $identifier['email'];
$email = strtolower($identifier['email']);
}
} catch (ValidationException $e) {
// do nothing
}
}
$email = $email ?? $this->remoteEmail((string) $identifier['id']);
if (is_null($user)) {
$email = $email ?? $this->fakeRemoteEmail($identifier['id']);
$user = User::create([
'name' => $name,
'email' => strtolower($email),
@ -68,7 +68,7 @@ public function retrieveById($identifier)
}
} else {
// Here we keep the account's email sync-ed
if ($user->email != $email) {
if ($email && $user->email != $email) {
$user->email = $email;
$user->save();
}
@ -80,10 +80,10 @@ public function retrieveById($identifier)
/**
* Set a fake email address
*
* @param $id string
* @param $id mixed
* @return string
*/
protected function remoteEmail(string $id)
protected function fakeRemoteEmail(mixed $id)
{
return substr($id, 0, 184) . '@remote';
}

2
app/Http/Requests/UserStoreRequest.php
View File

@ -24,7 +24,7 @@ public function authorize()
public function rules()
{
return [
'name' => 'required|string|max:255',
'name' => 'unique:App\Models\User,name|required|string|max:255',
'email' => 'unique:App\Models\User,email|required|string|email|max:255',
'password' => 'required|string|min:8|confirmed',
];

2
app/Http/Requests/UserUpdateRequest.php
View File

@ -25,7 +25,7 @@ public function authorize()
public function rules()
{
return [
'name' => 'required|string|max:255',
'name' => 'unique:App\Models\User,name|required|string|max:255',
'email' => 'unique:App\Models\User,email|required|string|email|max:255',
'password' => 'required',
];

32
database/migrations/2023_03_13_114928_set_username_unique.php Normal file
View File

@ -0,0 +1,32 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('users', function (Blueprint $table) {
$table->unique('name');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('users', function (Blueprint $table) {
$table->dropUnique('users_name_unique');
});
}
};

121
tests/Feature/Extensions/RemoteUserProviderTest.php
View File

@ -9,6 +9,7 @@
/**
* @covers \App\Extensions\RemoteUserProvider
* @covers \App\Services\Auth\ReverseProxyGuard
*/
class RemoteUserProviderTest extends FeatureTestCase
{
@ -36,7 +37,31 @@ public function test_user_is_retreived_from_db()
/**
* @test
*/
public function test_user_is_set_from_reverse_proxy_info_with_provided_email()
public function test_user_is_set_from_proxy_headers()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
$this->app['auth']->shouldUse('reverse-proxy-guard');
$this->json('GET', '/api/v1/groups', [], [
'HTTP_REMOTE_USER' => self::USER_NAME,
]);
$this->assertAuthenticated('reverse-proxy-guard');
$user = $this->app->make('auth')->guard('reverse-proxy-guard')->user();
$this->assertEquals(self::USER_NAME, $user->name);
$this->assertEquals(strtolower(self::USER_NAME) . '@remote', $user->email);
$this->assertDatabaseHas('users', [
'name' => self::USER_NAME,
'email' => strtolower(self::USER_NAME) . '@remote',
]);
}
/**
* @test
*/
public function test_user_is_set_from_proxy_headers_with_an_email()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
@ -50,33 +75,19 @@ public function test_user_is_set_from_reverse_proxy_info_with_provided_email()
$this->assertAuthenticated('reverse-proxy-guard');
$user = $this->app->make('auth')->guard('reverse-proxy-guard')->user();
$this->assertEquals(self::USER_NAME, $user->name);
$this->assertEquals(self::USER_EMAIL, $user->email);
}
/**
* @test
*/
public function test_user_is_set_from_reverse_proxy_without_email()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
$this->app['auth']->shouldUse('reverse-proxy-guard');
$this->json('GET', '/api/v1/groups', [], [
'HTTP_REMOTE_USER' => self::USER_NAME,
$this->assertDatabaseHas('users', [
'name' => self::USER_NAME,
'email' => self::USER_EMAIL,
]);
$this->assertAuthenticated('reverse-proxy-guard');
$user = $this->app->make('auth')->guard('reverse-proxy-guard')->user();
$this->assertEquals(self::USER_NAME, $user->name);
$this->assertEquals(strtolower(self::USER_NAME) . '@remote', $user->email);
}
/**
* @test
*/
public function test_user_is_set_from_reverse_proxy_even_if_identifier_is_long()
public function test_user_is_set_from_proxy_headers_even_if_name_is_long()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
@ -84,6 +95,8 @@ public function test_user_is_set_from_reverse_proxy_even_if_identifier_is_long()
$this->app['auth']->shouldUse('reverse-proxy-guard');
$name = str_pad('john', 300, '_');
$inDbName = substr($name, 0, 191);
$inDbEmail = substr($name, 0, 184) . '@remote';
$this->json('GET', '/api/v1/groups', [], [
'HTTP_REMOTE_USER' => $name,
@ -91,14 +104,40 @@ public function test_user_is_set_from_reverse_proxy_even_if_identifier_is_long()
$this->assertAuthenticated('reverse-proxy-guard');
$user = $this->app->make('auth')->guard('reverse-proxy-guard')->user();
$this->assertLessThan(192, strlen($user->name));
$this->assertLessThan(192, strlen($user->email));
$this->assertEquals($inDbName, $user->name);
$this->assertEquals($inDbEmail, $user->email);
$this->assertDatabaseHas('users', [
'name' => $inDbName,
'email' => $inDbEmail,
]);
}
/**
* @test
*/
public function test_user_email_is_sync_with_email_proxy_header()
public function test_user_is_not_set_from_proxy_headers_when_name_is_missing()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
$this->app['auth']->shouldUse('reverse-proxy-guard');
$this->json('GET', '/api/v1/groups', [], [
'HTTP_REMOTE_USER' => '',
]);
$this->assertGuest('reverse-proxy-guard');
$user = $this->app->make('auth')->guard('reverse-proxy-guard')->user();
$this->assertNull($user);
$this->assertDatabaseCount('users', 0);
}
/**
* @test
*/
public function test_user_email_is_synced_with_email_from_proxy_headers()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
@ -116,7 +155,6 @@ public function test_user_email_is_sync_with_email_proxy_header()
]);
$this->assertAuthenticated('reverse-proxy-guard');
$this->assertDatabaseHas('users', [
'id' => $dbUser->id,
'email' => self::USER_EMAIL,
@ -126,7 +164,34 @@ public function test_user_email_is_sync_with_email_proxy_header()
/**
* @test
*/
public function test_user_email_is_not_sync_with_invalid_email_proxy_header()
public function test_user_email_is_not_synced_when_email_from_proxy_headers_is_missing()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
$dbUser = User::factory()->create([
'name' => self::USER_NAME,
'email' => strtolower(self::USER_NAME) . '@remote',
]);
$this->app['auth']->shouldUse('reverse-proxy-guard');
$this->json('GET', '/api/v1/groups', [], [
'HTTP_REMOTE_USER' => self::USER_NAME,
'HTTP_REMOTE_EMAIL' => '',
]);
$this->assertAuthenticated('reverse-proxy-guard');
$this->assertDatabaseHas('users', [
'id' => $dbUser->id,
'email' => strtolower(self::USER_NAME) . '@remote',
]);
}
/**
* @test
*/
public function test_user_email_is_not_synced_when_email_from_proxy_headers_is_invalid()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
@ -144,7 +209,6 @@ public function test_user_email_is_not_sync_with_invalid_email_proxy_header()
]);
$this->assertAuthenticated('reverse-proxy-guard');
$this->assertDatabaseHas('users', [
'id' => $dbUser->id,
'email' => $dbUser->email,
@ -154,14 +218,14 @@ public function test_user_email_is_not_sync_with_invalid_email_proxy_header()
/**
* @test
*/
public function test_user_email_is_not_sync_with_already_used_email_proxy_header()
public function test_user_email_is_not_sync_when_email_from_proxy_headers_is_already_in_use()
{
Config::set('auth.auth_proxy_headers.user', 'HTTP_REMOTE_USER');
Config::set('auth.auth_proxy_headers.email', 'HTTP_REMOTE_EMAIL');
$dbUser = User::factory()->create([
'name' => self::USER_NAME,
'email' => strtolower(self::USER_NAME) . '@remote',
'email' => self::USER_EMAIL,
]);
$otherUser = User::factory()->create([
@ -176,7 +240,6 @@ public function test_user_email_is_not_sync_with_already_used_email_proxy_header
]);
$this->assertAuthenticated('reverse-proxy-guard');
$this->assertDatabaseHas('users', [
'id' => $dbUser->id,
'email' => $dbUser->email,