Introduce App ID, closes #3 (#5)

Author: Greg Bowler

src/AuthUri.php

@@ -4,8 +4,9 @@
 use Gt\Http\Uri;
 
 class AuthUri extends Uri {
-	const DEFAULT_BASE_URI = "login.authwave.com";
+	const DEFAULT_BASE_REMOTE_URI = "login.authwave.com";
 
+	const QUERY_STRING_ID = "id";
 	const QUERY_STRING_CIPHER = "cipher";
 	const QUERY_STRING_INIT_VECTOR = "iv";
 	const QUERY_STRING_CURRENT_PATH = "path";
@@ -14,20 +15,22 @@ class AuthUri extends Uri {
 	 * @param Token $token This must be the same instance of the Token when
 	 * creating Authenticator for the first time as it is when checking the
 	 * response from the Authwave provider (store in a session).
+	 * @param string $clientId
 	 * @param string $currentPath
-	 * @param string $baseUri The base URI of the application. This is the
+	 * @param string $baseRemoteUri The base URI of the application. This is the
 	 * URI authority with optional scheme, as localhost allows http://
 	 */
 	public function __construct(
 		Token $token,
+		string $clientId,
 		string $currentPath = "/",
-		string $baseUri = self::DEFAULT_BASE_URI
+		string $baseRemoteUri = self::DEFAULT_BASE_REMOTE_URI
 	) {
-		$baseUri = $this->normaliseBaseUri($baseUri);
-
-		parent::__construct($baseUri);
+		$baseRemoteUri = $this->normaliseBaseUri($baseRemoteUri);
+		parent::__construct($baseRemoteUri);
 
 		$this->query = http_build_query([
+			self::QUERY_STRING_ID => $clientId,
 			self::QUERY_STRING_CIPHER => (string)$token->generateRequestCipher(),
 			self::QUERY_STRING_INIT_VECTOR => (string)$token->getIv(),
 			self::QUERY_STRING_CURRENT_PATH => $currentPath,

src/Authenticator.php

@@ -14,8 +14,10 @@ class Authenticator {
 	private SessionContainer $session;
 	private SessionData $sessionData;
 	private RedirectHandler $redirectHandler;
+	private string $clientId;
 
 	public function __construct(
+		string $clientId,
 		string $clientKey,
 		string $currentUriPath,
 		string $authwaveHost = "login.authwave.com",
@@ -32,6 +34,7 @@ public function __construct(
 			$session->set(self::SESSION_KEY, new SessionData());
 		}
 
+		$this->clientId = $clientId;
 		$this->clientKey = $clientKey;
 		$this->currentUriPath = $currentUriPath;
 		$this->authwaveHost = $authwaveHost;
@@ -69,6 +72,7 @@ public function login(Token $token = null):void {
 
 		$loginUri = new AuthUri(
 			$token,
+			$this->clientId,
 			$this->currentUriPath,
 			$this->authwaveHost
 		);

src/InitVectorNotSetException.php

@@ -15,7 +15,12 @@ public function testAuthUriHttps() {
 			->willReturn("https://example.com");
 		$token = self::createMock(Token::class);
 
-		$sut = new AuthUri($token, "", $baseUri);
+		$sut = new AuthUri(
+			$token,
+			"example-app-id",
+			"",
+			$baseUri
+		);
 		self::assertEquals(
 			"https",
 			$sut->getScheme()
@@ -26,7 +31,13 @@ public function testAuthUriHttps() {
 // But it should still default to HTTPS on localhost.
 	public function testGetAuthUriHostnameLocalhostHttpsByDefault() {
 		$token = self::createMock(Token::class);
-		$sut = new AuthUri($token, "/", "localhost");
+		$sut = new AuthUri(
+			$token,
+			"example-app-id",
+			"/",
+			"localhost"
+		);
+
 		self::assertStringStartsWith(
 			"https://localhost",
 			$sut
@@ -36,7 +47,12 @@ public function testGetAuthUriHostnameLocalhostHttpsByDefault() {
 // We should be able to set the scheme to HTTP for localhost hostname only.
 	public function testGetAuthUriHostnameLocalhostHttpAllowed() {
 		$token = self::createMock(Token::class);
-		$sut = new AuthUri($token, "/", "http://localhost");
+		$sut = new AuthUri(
+			$token,
+			"example-app-id",
+			"/",
+			"http://localhost"
+		);
 		self::assertStringStartsWith(
 			"http://localhost",
 			$sut
@@ -47,7 +63,12 @@ public function testGetAuthUriHostnameLocalhostHttpAllowed() {
 	public function testGetAuthUriHostnameNotLocalhostHttpNotAllowed() {
 		$token = self::createMock(Token::class);
 		self::expectException(InsecureProtocolException::class);
-		new AuthUri($token, "/", "http://localhost.com");
+		new AuthUri(
+			$token,
+			"example-app-id",
+			"/",
+			"http://localhost.com"
+		);
 	}
 
 	public function testAuthUriHttpsInferred() {
@@ -57,7 +78,12 @@ public function testAuthUriHttpsInferred() {
 // Note on the line above, no scheme is passed in - we must assume https.
 		$token = self::createMock(Token::class);
 
-		$sut = new AuthUri($token, "/", $baseUri);
+		$sut = new AuthUri(
+			$token,
+			"example-app-id",
+			"/",
+			$baseUri);
+
 		self::assertEquals(
 			"https",
 			$sut->getScheme()
@@ -79,7 +105,12 @@ public function testQueryString() {
 			->willReturn($iv);
 
 		$returnPath = "/examplePage";
-		$sut = new AuthUri($token, $returnPath, $baseUri);
+		$sut = new AuthUri(
+			$token,
+			"example-app-id",
+			$returnPath,
+			$baseUri
+		);
 		parse_str($sut->getQuery(), $queryParts);
 
 		self::assertEquals(

test/phpunit/AuthUriTest.php

@@ -16,12 +16,20 @@
 class AuthenticatorTest extends TestCase {
 	public function testConstructWithDefaultSessionNotStarted() {
 		self::expectException(SessionNotStartedException::class);
-		new Authenticator("test-key","/");
+		new Authenticator(
+			"example-app-id",
+			"test-key",
+			"/"
+		);
 	}
 
 	public function testConstructWithDefaultSession() {
 		$_SESSION = [];
-		new Authenticator("test-key", "/");
+		new Authenticator(
+			"example-app-id",
+			"test-key",
+			"/"
+		);
 		self::assertArrayHasKey(
 			Authenticator::SESSION_KEY,
 			$_SESSION
@@ -31,6 +39,7 @@ public function testConstructWithDefaultSession() {
 	public function testIsLoggedInFalseByDefault() {
 		$_SESSION = [];
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/"
 		);
@@ -49,8 +58,9 @@ public function testIsLoggedInTrueWhenSessionDataSet() {
 		];
 
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
-			"/",
+			"/"
 		);
 		self::assertTrue($sut->isLoggedIn());
 	}
@@ -62,8 +72,9 @@ public function testLogoutClearsSession() {
 		];
 
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
-			"/",
+			"/"
 		);
 		$sut->logout();
 		self::assertEmpty($_SESSION);
@@ -76,13 +87,14 @@ public function testLoginRedirects() {
 		$redirectHandler->expects(self::once())
 			->method("redirect")
 			->with(self::callback(fn(UriInterface $uri) =>
-				$uri->getHost() === AuthUri::DEFAULT_BASE_URI
+				$uri->getHost() === AuthUri::DEFAULT_BASE_REMOTE_URI
 			));
 
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/",
-			AuthUri::DEFAULT_BASE_URI,
+			AuthUri::DEFAULT_BASE_REMOTE_URI,
 			null,
 			$redirectHandler
 		);
@@ -102,6 +114,7 @@ public function testLoginRedirectsLocalhost() {
 			));
 
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/",
 			"http://localhost:8081",
@@ -117,6 +130,7 @@ public function testLoginRedirectsWithCorrectQueryString() {
 		$key = uniqid("key-");
 		$currentPath = uniqid("/path/");
 
+		$id = "example-app-id";
 		$cipher = "example-cipher";
 		$ivString = "example-iv";
 
@@ -131,6 +145,7 @@ public function testLoginRedirectsWithCorrectQueryString() {
 			->willReturn($iv);
 
 		$expectedQueryParts = [
+			AuthUri::QUERY_STRING_ID => $id,
 			AuthUri::QUERY_STRING_CIPHER => $cipher,
 			AuthUri::QUERY_STRING_INIT_VECTOR => $ivString,
 			AuthUri::QUERY_STRING_CURRENT_PATH => $currentPath,
@@ -145,9 +160,10 @@ public function testLoginRedirectsWithCorrectQueryString() {
 			));
 
 		$sut = new Authenticator(
+			$id,
 			$key,
 			$currentPath,
-			AuthUri::DEFAULT_BASE_URI,
+			AuthUri::DEFAULT_BASE_REMOTE_URI,
 			null,
 			$redirectHandler
 		);
@@ -165,9 +181,10 @@ public function testLoginDoesNothingWhenAlreadyLoggedIn() {
 			->method("redirect");
 
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/",
-			AuthUri::DEFAULT_BASE_URI,
+			AuthUri::DEFAULT_BASE_REMOTE_URI,
 			null,
 			$redirectHandler
 		);
@@ -178,6 +195,7 @@ public function testLoginDoesNothingWhenAlreadyLoggedIn() {
 	public function testGetUuidThrowsExceptionWhenNotLoggedIn() {
 		$_SESSION = [];
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/"
 		);
@@ -199,6 +217,7 @@ public function testGetUuid() {
 			Authenticator::SESSION_KEY => $sessionData,
 		];
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/"
 		);
@@ -208,6 +227,7 @@ public function testGetUuid() {
 	public function testGetEmailThrowsExceptionWhenNotLoggedIn() {
 		$_SESSION = [];
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/"
 		);
@@ -229,6 +249,7 @@ public function testGetEmail() {
 			Authenticator::SESSION_KEY => $sessionData,
 		];
 		$sut = new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/"
 		);
@@ -243,6 +264,7 @@ public function testCompleteAuthNotLoggedIn() {
 		$_SESSION = [];
 		self::expectException(NotLoggedInException::class);
 		new Authenticator(
+			"example-app-id",
 			"test-key",
 			$currentUri
 		);
@@ -275,9 +297,10 @@ public function testCompleteAuth() {
 			Authenticator::SESSION_KEY => $sessionData,
 		];
 		new Authenticator(
+			"example-app-id",
 			"test-key",
 			$currentUri,
-			AuthUri::DEFAULT_BASE_URI,
+			AuthUri::DEFAULT_BASE_REMOTE_URI,
 			null,
 			$redirectHandler
 		);
@@ -302,9 +325,10 @@ public function testCompleteAuthNotAffectedByQueryString() {
 		$_SESSION = [];
 
 		new Authenticator(
+			"example-app-id",
 			"test-key",
 			"/example-path?filter=something",
-			AuthUri::DEFAULT_BASE_URI,
+			AuthUri::DEFAULT_BASE_REMOTE_URI,
 			null,
 			$redirectHandler
 		);