aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/CoreBundle
diff options
context:
space:
mode:
Diffstat (limited to 'src/Wallabag/CoreBundle')
-rw-r--r--src/Wallabag/CoreBundle/Controller/WallabagRestController.php360
-rw-r--r--src/Wallabag/CoreBundle/DependencyInjection/Security/Factory/WsseFactory.php40
-rw-r--r--src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php6
-rw-r--r--src/Wallabag/CoreBundle/Resources/config/routing_rest.yml4
-rw-r--r--src/Wallabag/CoreBundle/Resources/config/services.yml12
-rw-r--r--src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php78
-rw-r--r--src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php23
-rw-r--r--src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php62
-rw-r--r--src/Wallabag/CoreBundle/Tests/Command/InstallCommandTest.php4
-rw-r--r--src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php4
-rw-r--r--src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php4
-rw-r--r--src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php4
-rw-r--r--src/Wallabag/CoreBundle/Tests/Controller/WallabagRestControllerTest.php214
-rw-r--r--src/Wallabag/CoreBundle/Tests/WallabagCoreTestCase.php (renamed from src/Wallabag/CoreBundle/Tests/WallabagTestCase.php)2
-rw-r--r--src/Wallabag/CoreBundle/WallabagCoreBundle.php9
15 files changed, 12 insertions, 814 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php b/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
deleted file mode 100644
index 14f42c48..00000000
--- a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
+++ /dev/null
@@ -1,360 +0,0 @@
1<?php
2
3namespace Wallabag\CoreBundle\Controller;
4
5use Nelmio\ApiDocBundle\Annotation\ApiDoc;
6use Symfony\Bundle\FrameworkBundle\Controller\Controller;
7use Symfony\Component\HttpFoundation\Request;
8use Symfony\Component\HttpFoundation\Response;
9use Wallabag\CoreBundle\Entity\Entry;
10use Wallabag\CoreBundle\Entity\Tag;
11use Wallabag\CoreBundle\Service\Extractor;
12use Hateoas\Configuration\Route;
13use Hateoas\Representation\Factory\PagerfantaFactory;
14
15class WallabagRestController extends Controller
16{
17 /**
18 * @param Entry $entry
19 * @param string $tags
20 */
21 private function assignTagsToEntry(Entry $entry, $tags)
22 {
23 foreach (explode(',', $tags) as $label) {
24 $label = trim($label);
25 $tagEntity = $this
26 ->getDoctrine()
27 ->getRepository('WallabagCoreBundle:Tag')
28 ->findOneByLabel($label);
29
30 if (is_null($tagEntity)) {
31 $tagEntity = new Tag($this->getUser());
32 $tagEntity->setLabel($label);
33 }
34
35 // only add the tag on the entry if the relation doesn't exist
36 if (!$entry->getTags()->contains($tagEntity)) {
37 $entry->addTag($tagEntity);
38 }
39 }
40 }
41
42 /**
43 * Retrieve salt for a giver user.
44 *
45 * @ApiDoc(
46 * parameters={
47 * {"name"="username", "dataType"="string", "required"=true, "description"="username"}
48 * }
49 * )
50 * @return array
51 */
52 public function getSaltAction($username)
53 {
54 $user = $this
55 ->getDoctrine()
56 ->getRepository('WallabagCoreBundle:User')
57 ->findOneByUsername($username);
58
59 if (is_null($user)) {
60 throw $this->createNotFoundException();
61 }
62
63 return array($user->getSalt() ?: null);
64 }
65 /**
66 * Retrieve all entries. It could be filtered by many options.
67 *
68 * @ApiDoc(
69 * parameters={
70 * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by archived status."},
71 * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by starred status."},
72 * {"name"="sort", "dataType"="string", "required"=false, "format"="'created' or 'updated', default 'created'", "description"="sort entries by date."},
73 * {"name"="order", "dataType"="string", "required"=false, "format"="'asc' or 'desc', default 'desc'", "description"="order of sort."},
74 * {"name"="page", "dataType"="integer", "required"=false, "format"="default '1'", "description"="what page you want."},
75 * {"name"="perPage", "dataType"="integer", "required"=false, "format"="default'30'", "description"="results per page."},
76 * {"name"="tags", "dataType"="string", "required"=false, "format"="api%2Crest", "description"="a list of tags url encoded. Will returns entries that matches ALL tags."},
77 * }
78 * )
79 * @return Entry
80 */
81 public function getEntriesAction(Request $request)
82 {
83 $isArchived = $request->query->get('archive');
84 $isStarred = $request->query->get('star');
85 $sort = $request->query->get('sort', 'created');
86 $order = $request->query->get('order', 'desc');
87 $page = (int) $request->query->get('page', 1);
88 $perPage = (int) $request->query->get('perPage', 30);
89 $tags = $request->query->get('tags', array());
90
91 $pager = $this
92 ->getDoctrine()
93 ->getRepository('WallabagCoreBundle:Entry')
94 ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
95
96 if (0 === $pager->getNbResults()) {
97 throw $this->createNotFoundException();
98 }
99
100 $pager->setCurrentPage($page);
101 $pager->setMaxPerPage($perPage);
102
103 $pagerfantaFactory = new PagerfantaFactory('page', 'perPage');
104 $paginatedCollection = $pagerfantaFactory->createRepresentation(
105 $pager,
106 new Route('api_get_entries', [], $absolute = true)
107 );
108
109 $json = $this->get('serializer')->serialize($paginatedCollection, 'json');
110
111 return new Response($json, 200, array('application/json'));
112 }
113
114 /**
115 * Retrieve a single entry
116 *
117 * @ApiDoc(
118 * requirements={
119 * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
120 * }
121 * )
122 * @return Entry
123 */
124 public function getEntryAction(Entry $entry)
125 {
126 if ($entry->getUser()->getId() != $this->getUser()->getId()) {
127 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
128 }
129
130 $json = $this->get('serializer')->serialize($entry, 'json');
131
132 return new Response($json, 200, array('application/json'));
133 }
134
135 /**
136 * Create an entry
137 *
138 * @ApiDoc(
139 * parameters={
140 * {"name"="url", "dataType"="string", "required"=true, "format"="http://www.test.com/article.html", "description"="Url for the entry."},
141 * {"name"="title", "dataType"="string", "required"=false, "description"="Optional, we'll get the title from the page."},
142 * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."},
143 * }
144 * )
145 * @return Entry
146 */
147 public function postEntriesAction(Request $request)
148 {
149 $url = $request->request->get('url');
150
151 $content = Extractor::extract($url);
152 $entry = new Entry($this->getUser());
153 $entry->setUrl($url);
154 $entry->setTitle($request->request->get('title') ?: $content->getTitle());
155 $entry->setContent($content->getBody());
156
157 $tags = $request->request->get('tags', '');
158 if (!empty($tags)) {
159 $this->assignTagsToEntry($entry, $tags);
160 }
161
162 $em = $this->getDoctrine()->getManager();
163 $em->persist($entry);
164 $em->flush();
165
166 $json = $this->get('serializer')->serialize($entry, 'json');
167
168 return new Response($json, 200, array('application/json'));
169 }
170
171 /**
172 * Change several properties of an entry
173 *
174 * @ApiDoc(
175 * requirements={
176 * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
177 * },
178 * parameters={
179 * {"name"="title", "dataType"="string", "required"=false},
180 * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."},
181 * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false", "description"="archived the entry."},
182 * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false", "description"="starred the entry."},
183 * }
184 * )
185 * @return Entry
186 */
187 public function patchEntriesAction(Entry $entry, Request $request)
188 {
189 if ($entry->getUser()->getId() != $this->getUser()->getId()) {
190 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
191 }
192
193 $title = $request->request->get("title");
194 $isArchived = $request->request->get("archive");
195 $isStarred = $request->request->get("star");
196
197 if (!is_null($title)) {
198 $entry->setTitle($title);
199 }
200
201 if (!is_null($isArchived)) {
202 $entry->setArchived($isArchived);
203 }
204
205 if (!is_null($isStarred)) {
206 $entry->setStarred($isStarred);
207 }
208
209 $tags = $request->request->get('tags', '');
210 if (!empty($tags)) {
211 $this->assignTagsToEntry($entry, $tags);
212 }
213
214 $em = $this->getDoctrine()->getManager();
215 $em->flush();
216
217 $json = $this->get('serializer')->serialize($entry, 'json');
218
219 return new Response($json, 200, array('application/json'));
220 }
221
222 /**
223 * Delete **permanently** an entry
224 *
225 * @ApiDoc(
226 * requirements={
227 * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
228 * }
229 * )
230 * @return Entry
231 */
232 public function deleteEntriesAction(Entry $entry)
233 {
234 if ($entry->getUser()->getId() != $this->getUser()->getId()) {
235 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
236 }
237
238 $em = $this->getDoctrine()->getManager();
239 $em->remove($entry);
240 $em->flush();
241
242 $json = $this->get('serializer')->serialize($entry, 'json');
243
244 return new Response($json, 200, array('application/json'));
245 }
246
247 /**
248 * Retrieve all tags for an entry
249 *
250 * @ApiDoc(
251 * requirements={
252 * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
253 * }
254 * )
255 */
256 public function getEntriesTagsAction(Entry $entry)
257 {
258 if ($entry->getUser()->getId() != $this->getUser()->getId()) {
259 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
260 }
261
262 $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
263
264 return new Response($json, 200, array('application/json'));
265 }
266
267 /**
268 * Add one or more tags to an entry
269 *
270 * @ApiDoc(
271 * requirements={
272 * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
273 * },
274 * parameters={
275 * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."},
276 * }
277 * )
278 */
279 public function postEntriesTagsAction(Request $request, Entry $entry)
280 {
281 if ($entry->getUser()->getId() != $this->getUser()->getId()) {
282 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
283 }
284
285 $tags = $request->request->get('tags', '');
286 if (!empty($tags)) {
287 $this->assignTagsToEntry($entry, $tags);
288 }
289
290 $em = $this->getDoctrine()->getManager();
291 $em->persist($entry);
292 $em->flush();
293
294 $json = $this->get('serializer')->serialize($entry, 'json');
295
296 return new Response($json, 200, array('application/json'));
297 }
298
299 /**
300 * Permanently remove one tag for an entry
301 *
302 * @ApiDoc(
303 * requirements={
304 * {"name"="tag", "dataType"="string", "requirement"="\w+", "description"="The tag"},
305 * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
306 * }
307 * )
308 */
309 public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
310 {
311 if ($entry->getUser()->getId() != $this->getUser()->getId()) {
312 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
313 }
314
315 $entry->removeTag($tag);
316 $em = $this->getDoctrine()->getManager();
317 $em->persist($entry);
318 $em->flush();
319
320 $json = $this->get('serializer')->serialize($entry, 'json');
321
322 return new Response($json, 200, array('application/json'));
323 }
324
325 /**
326 * Retrieve all tags
327 *
328 * @ApiDoc()
329 */
330 public function getTagsAction()
331 {
332 $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
333
334 return new Response($json, 200, array('application/json'));
335 }
336
337 /**
338 * Permanently remove one tag from **every** entry
339 *
340 * @ApiDoc(
341 * requirements={
342 * {"name"="tag", "dataType"="string", "requirement"="\w+", "description"="The tag"}
343 * }
344 * )
345 */
346 public function deleteTagAction(Tag $tag)
347 {
348 if ($tag->getUser()->getId() != $this->getUser()->getId()) {
349 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$tag->getUser()->getId().', logged user id: '.$this->getUser()->getId());
350 }
351
352 $em = $this->getDoctrine()->getManager();
353 $em->remove($tag);
354 $em->flush();
355
356 $json = $this->get('serializer')->serialize($tag, 'json');
357
358 return new Response($json, 200, array('application/json'));
359 }
360}
diff --git a/src/Wallabag/CoreBundle/DependencyInjection/Security/Factory/WsseFactory.php b/src/Wallabag/CoreBundle/DependencyInjection/Security/Factory/WsseFactory.php
deleted file mode 100644
index 0b5bdb40..00000000
--- a/src/Wallabag/CoreBundle/DependencyInjection/Security/Factory/WsseFactory.php
+++ /dev/null
@@ -1,40 +0,0 @@
1<?php
2
3namespace Wallabag\CoreBundle\DependencyInjection\Security\Factory;
4
5use Symfony\Component\DependencyInjection\ContainerBuilder;
6use Symfony\Component\DependencyInjection\Reference;
7use Symfony\Component\DependencyInjection\DefinitionDecorator;
8use Symfony\Component\Config\Definition\Builder\NodeDefinition;
9use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
10
11class WsseFactory implements SecurityFactoryInterface
12{
13 public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
14 {
15 $providerId = 'security.authentication.provider.wsse.'.$id;
16 $container
17 ->setDefinition($providerId, new DefinitionDecorator('wsse.security.authentication.provider'))
18 ->replaceArgument(0, new Reference($userProvider))
19 ;
20
21 $listenerId = 'security.authentication.listener.wsse.'.$id;
22 $listener = $container->setDefinition($listenerId, new DefinitionDecorator('wsse.security.authentication.listener'));
23
24 return array($providerId, $listenerId, $defaultEntryPoint);
25 }
26
27 public function getPosition()
28 {
29 return 'pre_auth';
30 }
31
32 public function getKey()
33 {
34 return 'wsse';
35 }
36
37 public function addConfiguration(NodeDefinition $node)
38 {
39 }
40}
diff --git a/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php b/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php
index c6ecc99e..7493351b 100644
--- a/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php
+++ b/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php
@@ -3,15 +3,15 @@
3namespace Wallabag\CoreBundle\DependencyInjection; 3namespace Wallabag\CoreBundle\DependencyInjection;
4 4
5use Symfony\Component\DependencyInjection\ContainerBuilder; 5use Symfony\Component\DependencyInjection\ContainerBuilder;
6use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
7use Symfony\Component\HttpKernel\DependencyInjection\Extension;
8use Symfony\Component\Config\FileLocator; 6use Symfony\Component\Config\FileLocator;
7use Symfony\Component\HttpKernel\DependencyInjection\Extension;
8use Symfony\Component\DependencyInjection\Loader;
9 9
10class WallabagCoreExtension extends Extension 10class WallabagCoreExtension extends Extension
11{ 11{
12 public function load(array $configs, ContainerBuilder $container) 12 public function load(array $configs, ContainerBuilder $container)
13 { 13 {
14 $loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); 14 $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
15 $loader->load('services.yml'); 15 $loader->load('services.yml');
16 } 16 }
17 17
diff --git a/src/Wallabag/CoreBundle/Resources/config/routing_rest.yml b/src/Wallabag/CoreBundle/Resources/config/routing_rest.yml
deleted file mode 100644
index d3af6b72..00000000
--- a/src/Wallabag/CoreBundle/Resources/config/routing_rest.yml
+++ /dev/null
@@ -1,4 +0,0 @@
1entries:
2 type: rest
3 resource: "WallabagCoreBundle:WallabagRest"
4 name_prefix: api_
diff --git a/src/Wallabag/CoreBundle/Resources/config/services.yml b/src/Wallabag/CoreBundle/Resources/config/services.yml
index cea6c0df..d8bd8d52 100644
--- a/src/Wallabag/CoreBundle/Resources/config/services.yml
+++ b/src/Wallabag/CoreBundle/Resources/config/services.yml
@@ -4,18 +4,6 @@ services:
4 tags: 4 tags:
5 - { name: twig.extension } 5 - { name: twig.extension }
6 6
7 wsse.security.authentication.provider:
8 class: Wallabag\CoreBundle\Security\Authentication\Provider\WsseProvider
9 public: false
10 arguments: ['', '%kernel.cache_dir%/security/nonces']
11
12 wsse.security.authentication.listener:
13 class: Wallabag\CoreBundle\Security\Firewall\WsseListener
14 public: false
15 tags:
16 - { name: monolog.logger, channel: wsse }
17 arguments: ['@security.context', '@security.authentication.manager', '@logger']
18
19 wallabag_core.helper.detect_active_theme: 7 wallabag_core.helper.detect_active_theme:
20 class: Wallabag\CoreBundle\Helper\DetectActiveTheme 8 class: Wallabag\CoreBundle\Helper\DetectActiveTheme
21 arguments: 9 arguments:
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
deleted file mode 100644
index 7e6a5dfb..00000000
--- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
+++ /dev/null
@@ -1,78 +0,0 @@
1<?php
2namespace Wallabag\CoreBundle\Security\Authentication\Provider;
3
4use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
5use Symfony\Component\Security\Core\User\UserProviderInterface;
6use Symfony\Component\Security\Core\Exception\AuthenticationException;
7use Symfony\Component\Security\Core\Exception\NonceExpiredException;
8use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
9use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken;
10
11class WsseProvider implements AuthenticationProviderInterface
12{
13 private $userProvider;
14 private $cacheDir;
15
16 public function __construct(UserProviderInterface $userProvider, $cacheDir)
17 {
18 $this->userProvider = $userProvider;
19 $this->cacheDir = $cacheDir;
20
21 // If cache directory does not exist we create it
22 if (!is_dir($this->cacheDir)) {
23 mkdir($this->cacheDir, 0777, true);
24 }
25 }
26
27 public function authenticate(TokenInterface $token)
28 {
29 $user = $this->userProvider->loadUserByUsername($token->getUsername());
30
31 if (!$user) {
32 throw new AuthenticationException("Bad credentials. Did you forgot your username?");
33 }
34
35 if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
36 $authenticatedToken = new WsseUserToken($user->getRoles());
37 $authenticatedToken->setUser($user);
38
39 return $authenticatedToken;
40 }
41
42 throw new AuthenticationException('The WSSE authentication failed.');
43 }
44
45 protected function validateDigest($digest, $nonce, $created, $secret)
46 {
47 // Check created time is not in the future
48 if (strtotime($created) > time()) {
49 throw new AuthenticationException("Back to the future...");
50 }
51
52 // Expire timestamp after 5 minutes
53 if (time() - strtotime($created) > 300) {
54 throw new AuthenticationException("Too late for this timestamp... Watch your watch.");
55 }
56
57 // Validate nonce is unique within 5 minutes
58 if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
59 throw new NonceExpiredException('Previously used nonce detected');
60 }
61
62 file_put_contents($this->cacheDir.'/'.$nonce, time());
63
64 // Validate Secret
65 $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
66
67 if ($digest !== $expected) {
68 throw new AuthenticationException("Bad credentials ! Digest is not as expected.");
69 }
70
71 return $digest === $expected;
72 }
73
74 public function supports(TokenInterface $token)
75 {
76 return $token instanceof WsseUserToken;
77 }
78}
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php
deleted file mode 100644
index ea6fb9bf..00000000
--- a/src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php
+++ /dev/null
@@ -1,23 +0,0 @@
1<?php
2namespace Wallabag\CoreBundle\Security\Authentication\Token;
3
4use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
5
6class WsseUserToken extends AbstractToken
7{
8 public $created;
9 public $digest;
10 public $nonce;
11
12 public function __construct(array $roles = array())
13 {
14 parent::__construct($roles);
15
16 $this->setAuthenticated(count($roles) > 0);
17 }
18
19 public function getCredentials()
20 {
21 return '';
22 }
23}
diff --git a/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php b/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php
deleted file mode 100644
index 6ffdfaf0..00000000
--- a/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php
+++ /dev/null
@@ -1,62 +0,0 @@
1<?php
2
3namespace Wallabag\CoreBundle\Security\Firewall;
4
5use Symfony\Component\HttpFoundation\Response;
6use Symfony\Component\HttpKernel\Event\GetResponseEvent;
7use Symfony\Component\Security\Http\Firewall\ListenerInterface;
8use Symfony\Component\Security\Core\Exception\AuthenticationException;
9use Symfony\Component\Security\Core\SecurityContextInterface;
10use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
11use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken;
12use Psr\Log\LoggerInterface;
13
14class WsseListener implements ListenerInterface
15{
16 protected $securityContext;
17 protected $authenticationManager;
18 protected $logger;
19
20 public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
21 {
22 $this->securityContext = $securityContext;
23 $this->authenticationManager = $authenticationManager;
24 $this->logger = $logger;
25 }
26
27 public function handle(GetResponseEvent $event)
28 {
29 $request = $event->getRequest();
30
31 $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
32 if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
33 return;
34 }
35
36 $token = new WsseUserToken();
37 $token->setUser($matches[1]);
38
39 $token->digest = $matches[2];
40 $token->nonce = $matches[3];
41 $token->created = $matches[4];
42
43 try {
44 $authToken = $this->authenticationManager->authenticate($token);
45
46 $this->securityContext->setToken($authToken);
47
48 return;
49 } catch (AuthenticationException $failed) {
50 $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
51 $this->logger->err($failedMessage);
52
53 // Deny authentication with a '403 Forbidden' HTTP response
54 $response = new Response();
55 $response->setStatusCode(403);
56 $response->setContent($failedMessage);
57 $event->setResponse($response);
58
59 return;
60 }
61 }
62}
diff --git a/src/Wallabag/CoreBundle/Tests/Command/InstallCommandTest.php b/src/Wallabag/CoreBundle/Tests/Command/InstallCommandTest.php
index f689b532..7a819953 100644
--- a/src/Wallabag/CoreBundle/Tests/Command/InstallCommandTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Command/InstallCommandTest.php
@@ -2,7 +2,7 @@
2 2
3namespace Wallabag\CoreBundle\Tests\Command; 3namespace Wallabag\CoreBundle\Tests\Command;
4 4
5use Wallabag\CoreBundle\Tests\WallabagTestCase; 5use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
6use Wallabag\CoreBundle\Command\InstallCommand; 6use Wallabag\CoreBundle\Command\InstallCommand;
7use Wallabag\CoreBundle\Tests\Mock\InstallCommandMock; 7use Wallabag\CoreBundle\Tests\Mock\InstallCommandMock;
8use Symfony\Bundle\FrameworkBundle\Console\Application; 8use Symfony\Bundle\FrameworkBundle\Console\Application;
@@ -12,7 +12,7 @@ use Symfony\Component\Console\Output\NullOutput;
12use Doctrine\Bundle\DoctrineBundle\Command\DropDatabaseDoctrineCommand; 12use Doctrine\Bundle\DoctrineBundle\Command\DropDatabaseDoctrineCommand;
13use Doctrine\Bundle\DoctrineBundle\Command\CreateDatabaseDoctrineCommand; 13use Doctrine\Bundle\DoctrineBundle\Command\CreateDatabaseDoctrineCommand;
14 14
15class InstallCommandTest extends WallabagTestCase 15class InstallCommandTest extends WallabagCoreTestCase
16{ 16{
17 public static function tearDownAfterClass() 17 public static function tearDownAfterClass()
18 { 18 {
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
index 5030bcbd..3c158922 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
@@ -2,9 +2,9 @@
2 2
3namespace Wallabag\CoreBundle\Tests\Controller; 3namespace Wallabag\CoreBundle\Tests\Controller;
4 4
5use Wallabag\CoreBundle\Tests\WallabagTestCase; 5use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
6 6
7class ConfigControllerTest extends WallabagTestCase 7class ConfigControllerTest extends WallabagCoreTestCase
8{ 8{
9 public function testLogin() 9 public function testLogin()
10 { 10 {
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
index 1a0d586c..8a7fdda2 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -2,10 +2,10 @@
2 2
3namespace Wallabag\CoreBundle\Tests\Controller; 3namespace Wallabag\CoreBundle\Tests\Controller;
4 4
5use Wallabag\CoreBundle\Tests\WallabagTestCase; 5use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
6use Doctrine\ORM\AbstractQuery; 6use Doctrine\ORM\AbstractQuery;
7 7
8class EntryControllerTest extends WallabagTestCase 8class EntryControllerTest extends WallabagCoreTestCase
9{ 9{
10 public function testLogin() 10 public function testLogin()
11 { 11 {
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
index 1dd05f89..e560ffdd 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
@@ -2,11 +2,11 @@
2 2
3namespace Wallabag\CoreBundle\Tests\Controller; 3namespace Wallabag\CoreBundle\Tests\Controller;
4 4
5use Wallabag\CoreBundle\Tests\WallabagTestCase;
6use Symfony\Component\Filesystem\Filesystem; 5use Symfony\Component\Filesystem\Filesystem;
7use Symfony\Component\Finder\Finder; 6use Symfony\Component\Finder\Finder;
7use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
8 8
9class SecurityControllerTest extends WallabagTestCase 9class SecurityControllerTest extends WallabagCoreTestCase
10{ 10{
11 public function testLogin() 11 public function testLogin()
12 { 12 {
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/WallabagRestControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/WallabagRestControllerTest.php
deleted file mode 100644
index c9907065..00000000
--- a/src/Wallabag/CoreBundle/Tests/Controller/WallabagRestControllerTest.php
+++ /dev/null
@@ -1,214 +0,0 @@
1<?php
2
3namespace Wallabag\CoreBundle\Tests\Controller;
4
5use Wallabag\CoreBundle\Tests\WallabagTestCase;
6
7class WallabagRestControllerTest extends WallabagTestCase
8{
9 /**
10 * Generate HTTP headers for authenticate user on API
11 *
12 * @param $username
13 * @param $password
14 * @param $salt
15 *
16 * @return array
17 */
18 private function generateHeaders($username, $password, $salt)
19 {
20 $encryptedPassword = sha1($password.$username.$salt);
21 $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
22
23 $now = new \DateTime('now', new \DateTimeZone('UTC'));
24 $created = (string) $now->format('Y-m-d\TH:i:s\Z');
25 $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));
26
27 return array(
28 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
29 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
30 );
31 }
32
33 public function testGetSalt()
34 {
35 $client = $this->createClient();
36 $client->request('GET', '/api/salts/admin.json');
37 $this->assertEquals(200, $client->getResponse()->getStatusCode());
38 $this->assertNotEmpty(json_decode($client->getResponse()->getContent()));
39
40 $client->request('GET', '/api/salts/notfound.json');
41 $this->assertEquals(404, $client->getResponse()->getStatusCode());
42 }
43
44 public function testWithBadHeaders()
45 {
46 $client = $this->createClient();
47
48 $entry = $client->getContainer()
49 ->get('doctrine.orm.entity_manager')
50 ->getRepository('WallabagCoreBundle:Entry')
51 ->findOneByIsArchived(false);
52
53 if (!$entry) {
54 $this->markTestSkipped('No content found in db.');
55 }
56
57 $badHeaders = array(
58 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
59 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
60 );
61
62 $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
63 $this->assertEquals(403, $client->getResponse()->getStatusCode());
64 }
65
66 public function testGetOneEntry()
67 {
68 $client = $this->createClient();
69 $client->request('GET', '/api/salts/admin.json');
70 $salt = json_decode($client->getResponse()->getContent());
71
72 $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
73
74 $entry = $client->getContainer()
75 ->get('doctrine.orm.entity_manager')
76 ->getRepository('WallabagCoreBundle:Entry')
77 ->findOneByIsArchived(false);
78
79 if (!$entry) {
80 $this->markTestSkipped('No content found in db.');
81 }
82
83 $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
84 $this->assertContains($entry->getTitle(), $client->getResponse()->getContent());
85
86 $this->assertTrue(
87 $client->getResponse()->headers->contains(
88 'Content-Type',
89 'application/json'
90 )
91 );
92 }
93
94 public function testGetEntries()
95 {
96 $client = $this->createClient();
97 $client->request('GET', '/api/salts/admin.json');
98 $salt = json_decode($client->getResponse()->getContent());
99
100 $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
101
102 $client->request('GET', '/api/entries', array(), array(), $headers);
103
104 $this->assertEquals(200, $client->getResponse()->getStatusCode());
105
106 $this->assertGreaterThanOrEqual(1, count(json_decode($client->getResponse()->getContent())));
107
108 $this->assertContains('Google', $client->getResponse()->getContent());
109
110 $this->assertTrue(
111 $client->getResponse()->headers->contains(
112 'Content-Type',
113 'application/json'
114 )
115 );
116 }
117
118 public function testDeleteEntry()
119 {
120 $client = $this->createClient();
121 $client->request('GET', '/api/salts/admin.json');
122 $salt = json_decode($client->getResponse()->getContent());
123
124 $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
125
126 $entry = $client->getContainer()
127 ->get('doctrine.orm.entity_manager')
128 ->getRepository('WallabagCoreBundle:Entry')
129 ->findOneByUser(1);
130
131 if (!$entry) {
132 $this->markTestSkipped('No content found in db.');
133 }
134
135 $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
136
137 $this->assertEquals(200, $client->getResponse()->getStatusCode());
138
139 // We'll try to delete this entry again
140 $client->request('GET', '/api/salts/admin.json');
141 $salt = json_decode($client->getResponse()->getContent());
142
143 $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
144
145 $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
146
147 $this->assertEquals(404, $client->getResponse()->getStatusCode());
148 }
149
150 public function testGetTagsEntry()
151 {
152 $client = $this->createClient();
153 $client->request('GET', '/api/salts/admin.json');
154 $salt = json_decode($client->getResponse()->getContent());
155 $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
156
157 $entry = $client->getContainer()
158 ->get('doctrine.orm.entity_manager')
159 ->getRepository('WallabagCoreBundle:Entry')
160 ->findOneWithTags(1);
161
162 $entry = $entry[0];
163
164 if (!$entry) {
165 $this->markTestSkipped('No content found in db.');
166 }
167
168 $tags = array();
169 foreach ($entry->getTags() as $tag) {
170 $tags[] = array('id' => $tag->getId(), 'label' => $tag->getLabel());
171 }
172
173 $client->request('GET', '/api/entries/'.$entry->getId().'/tags', array(), array(), $headers);
174
175 $this->assertEquals(json_encode($tags, JSON_HEX_QUOT), $client->getResponse()->getContent());
176 }
177
178 public function testPostTagsOnEntry()
179 {
180 $client = $this->createClient();
181 $client->request('GET', '/api/salts/admin.json');
182 $salt = json_decode($client->getResponse()->getContent());
183 $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
184
185 $entry = $client->getContainer()
186 ->get('doctrine.orm.entity_manager')
187 ->getRepository('WallabagCoreBundle:Entry')
188 ->findOneByUser(1);
189
190 if (!$entry) {
191 $this->markTestSkipped('No content found in db.');
192 }
193
194 $newTags = 'tag1,tag2,tag3';
195
196 $client->request('POST', '/api/entries/'.$entry->getId().'/tags', array('tags' => $newTags), array(), $headers);
197
198 $this->assertEquals(200, $client->getResponse()->getStatusCode());
199
200 $entryDB = $client->getContainer()
201 ->get('doctrine.orm.entity_manager')
202 ->getRepository('WallabagCoreBundle:Entry')
203 ->find($entry->getId());
204
205 $tagsInDB = array();
206 foreach ($entryDB->getTags()->toArray() as $tag) {
207 $tagsInDB[$tag->getId()] = $tag->getLabel();
208 }
209
210 foreach (explode(',', $newTags) as $tag) {
211 $this->assertContains($tag, $tagsInDB);
212 }
213 }
214}
diff --git a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php b/src/Wallabag/CoreBundle/Tests/WallabagCoreTestCase.php
index 22016d8e..e5096528 100644
--- a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
+++ b/src/Wallabag/CoreBundle/Tests/WallabagCoreTestCase.php
@@ -4,7 +4,7 @@ namespace Wallabag\CoreBundle\Tests;
4 4
5use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; 5use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
6 6
7abstract class WallabagTestCase extends WebTestCase 7abstract class WallabagCoreTestCase extends WebTestCase
8{ 8{
9 private $client = null; 9 private $client = null;
10 10
diff --git a/src/Wallabag/CoreBundle/WallabagCoreBundle.php b/src/Wallabag/CoreBundle/WallabagCoreBundle.php
index 1deab03a..f5899e39 100644
--- a/src/Wallabag/CoreBundle/WallabagCoreBundle.php
+++ b/src/Wallabag/CoreBundle/WallabagCoreBundle.php
@@ -3,16 +3,7 @@
3namespace Wallabag\CoreBundle; 3namespace Wallabag\CoreBundle;
4 4
5use Symfony\Component\HttpKernel\Bundle\Bundle; 5use Symfony\Component\HttpKernel\Bundle\Bundle;
6use Wallabag\CoreBundle\DependencyInjection\Security\Factory\WsseFactory;
7use Symfony\Component\DependencyInjection\ContainerBuilder;
8 6
9class WallabagCoreBundle extends Bundle 7class WallabagCoreBundle extends Bundle
10{ 8{
11 public function build(ContainerBuilder $container)
12 {
13 parent::build($container);
14
15 $extension = $container->getExtension('security');
16 $extension->addSecurityListenerFactory(new WsseFactory());
17 }
18} 9}