Make authentication more configurable and extendable.

Signed-off-by: Jason Lewis <jason.lewis1991@gmail.com>

Author: jasonlewis

composer.json

@@ -14,6 +14,7 @@
         "illuminate/support": "4.1.*"
     },
     "require-dev": {
+        "dingo/oauth2-server": "0.2.*",
         "illuminate/routing": "4.1.*",
         "illuminate/events": "4.1.*",
         "illuminate/auth": "4.1.*",

src/ApiServiceProvider.php

@@ -1,5 +1,6 @@
 <?php namespace Dingo\Api;
 
+use Closure;
 use Dingo\Api\Http\Response;
 use Dingo\Api\Routing\Router;
 use Dingo\Api\Auth\AuthManager;
@@ -135,13 +136,25 @@ protected function registerAuthentication()
 			$providers = [];
 
 			$resolvers = [
-				'basic'  => function($app) { return new BasicProvider($app['auth']); },
-				'oauth2' => function($app) { return new OAuth2Provider($app['dingo.oauth.resource']); }
+				'basic'  => function($app, $options) { return new BasicProvider($app['auth'], $options); },
+				'oauth2' => function($app, $options) { return new OAuth2Provider($app['dingo.oauth.resource'], $options); }
 			];
 
-			foreach ($app['config']['api::auth'] as $provider)
+			foreach ($app['config']['api::auth'] as $key => $value)
 			{
-				$providers[$provider] = $resolvers[$provider]($app);
+				list ($provider, $options) = [$key, $value];
+
+				if ( ! is_string($key))
+				{
+					list ($provider, $options) = [$value, []];
+				}
+
+				if ($options instanceof Closure)
+				{
+					$options = call_user_func($options, $app);
+				}
+
+				$providers[$provider] = $resolvers[$provider]($app, $options);
 			}
 
 			return new Authentication($app['router'], $app['auth'], $providers);

src/Auth/Provider.php renamed to src/Auth/AuthorizationProvider.php

@@ -3,7 +3,14 @@
 use Exception;
 use Illuminate\Http\Request;
 
-abstract class Provider {
+abstract class AuthorizationProvider implements ProviderInterface {
+
+	/**
+	 * Array of provider speicifc options.
+	 * 
+	 * @var array
+	 */
+	protected $options = [];
 
 	/**
 	 * Validate the requests authorization header for the provider.
@@ -19,14 +26,6 @@ public function validateAuthorizationHeader(Request $request)
 		}
 	}
 
-	/**
-	 * Authenticate request.
-	 * 
-	 * @param  array  $scopes
-	 * @return int
-	 */
-	abstract public function authenticate(array $scopes);
-
 	/**
 	 * Get the providers authorization method.
 	 * 

src/Auth/BasicProvider.php

@@ -1,32 +1,51 @@
 <?php namespace Dingo\Api\Auth;
 
+use Illuminate\Http\Request;
 use Illuminate\Auth\AuthManager;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 
-class BasicProvider extends Provider {
+class BasicProvider extends AuthorizationProvider {
+
+	/**
+	 * Illuminate authentication manager.
+	 * 
+	 * @var \Illuminate\Auth\AuthManager
+	 */
+	protected $auth;
+
+	/**
+	 * Array of provider speicifc options.
+	 * 
+	 * @var array
+	 */
+	protected $options = ['identifier' => 'email'];
 
 	/**
 	 * Create a new Dingo\Api\Auth\BasicProvider instance.
 	 * 
 	 * @param  \Illuminate\Auth\AuthManager  $auth
+	 * @param  array  $options
 	 * @return void
 	 */
-	public function __construct(AuthManager $auth)
+	public function __construct(AuthManager $auth, array $options)
 	{
 		$this->auth = $auth;
+		$this->options = array_merge($this->options, $options);
 	}
 
 	/**
 	 * Authenticate request with Basic.
 	 * 
-	 * @param  array  $scopes
+	 * @param  \Illuminate\Http\Request  $request
 	 * @return int
 	 */
-	public function authenticate(array $scopes)
+	public function authenticate(Request $request)
 	{
-		if ($response = $this->auth->onceBasic() and $response->getStatusCode() === 401)
+		$this->validateAuthorizationHeader($request);
+
+		if ($response = $this->auth->onceBasic($this->options['identifier']) and $response->getStatusCode() === 401)
 		{
-			throw new UnauthorizedHttpException('Basic', 'Invalid credentials.');
+			throw new UnauthorizedHttpException('Basic', 'Invalid authentication credentials.');
 		}
 
 		return $this->auth->user()->id;

src/Auth/OAuth2Provider.php

@@ -1,34 +1,52 @@
 <?php namespace Dingo\Api\Auth;
 
+use Illuminate\Http\Request;
 use Dingo\OAuth2\Server\Resource;
 use Dingo\OAuth2\Exception\InvalidTokenException;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 
-class OAuth2Provider extends Provider {
+class OAuth2Provider extends AuthorizationProvider {
+
+	/**
+	 * OAuth 2.0 resource server instance.
+	 * 
+	 * @var \Dingo\OAuth2\Server\Resource
+	 */
+	protected $resource;
+
+	/**
+	 * Array of request scopes.
+	 * 
+	 * @var array
+	 */
+	protected $scopes = [];
 
 	/**
 	 * Create a new Dingo\Api\Auth\OAuth2Provider instance.
 	 * 
-	 * @param  \Illuminate\Auth\Guard  $auth
 	 * @param  \Dingo\OAuth2\Server\Resource  $resource
+	 * @param  array  $options
 	 * @return void
 	 */
-	public function __construct(Resource $resource)
+	public function __construct(Resource $resource, array $options)
 	{
 		$this->resource = $resource;
+		$this->options = $options;
 	}
 
 	/**
 	 * Authenticate request with OAuth2.
 	 * 
-	 * @param  array  $scopes
+	 * @param  \Illuminate\Http\Request  $request
 	 * @return int
 	 */
-	public function authenticate(array $scopes)
+	public function authenticate(Request $request)
 	{
+		$this->validateAuthorizationHeader($request);
+
 		try
 		{
-			$token = $this->resource->validateRequest($scopes);
+			$token = $this->resource->validateRequest($this->scopes);
 
 			return $token->getUserId();
 		}
@@ -48,4 +66,17 @@ public function getAuthorizationMethod()
 		return 'bearer';
 	}
 
+	/**
+	 * Set the OAuth 2.0 request scopes.
+	 * 
+	 * @param  array  $scopes
+	 * @return \Dingo\Api\Auth\OAuth2Provider
+	 */
+	public function setScopes(array $scopes)
+	{
+		$this->scopes = $scopes;
+
+		return $this;
+	}
+
 }

src/Auth/ProviderInterface.php

@@ -0,0 +1,15 @@
+<?php namespace Dingo\Api\Auth;
+
+use Illuminate\Http\Request;
+
+interface ProviderInterface {
+
+	/**
+	 * Authenticate the request.
+	 * 
+	 * @param  \Illuminate\Http\Request  $request
+	 * @return int
+	 */
+	public function authenticate(Request $request);
+
+}

src/Authentication.php

@@ -6,6 +6,8 @@
 use Illuminate\Routing\Route;
 use Illuminate\Auth\AuthManager;
 use Dingo\Api\Http\InternalRequest;
+use Dingo\Api\Auth\ProviderInterface;
+use Dingo\Api\Auth\AuthorizationProvider;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 
 class Authentication {
@@ -81,17 +83,20 @@ public function authenticate()
 			// If authenticating via OAuth2 a route can be protected by defining its scopes.
 			// We'll grab the scopes for this route and pass them through to the
 			// authentication providers.
-			$scopes = $this->getRouteScopes($route);
+			if (isset($this->providers['oauth2']))
+			{
+				$scopes = $this->getRouteScopes($route);
+
+				$this->providers['oauth2']->setScopes($scopes);
+			}
 
 			// Spin through each of the registered authentication providers and attempt to
-			// authenticate when one of them.
+			// authenticate through one of them.
 			foreach ($this->providers as $provider)
 			{
 				try
 				{
-					$provider->validateAuthorizationHeader($request);
-
-					return $this->userId = $provider->authenticate($scopes);
+					return $this->userId = $provider->authenticate($request);
 				}
 				catch (UnauthorizedHttpException $exception)
 				{
@@ -109,7 +114,7 @@ public function authenticate()
 
 			if ($exception === null)
 			{
-				$exception = new UnauthorizedHttpException(null, 'Failed to authenticate because of an invalid or missing authorization header.');
+				$exception = new UnauthorizedHttpException(null, 'Failed to authenticate because of bad credentials or an invalid authorization header.');
 			}
 
 			throw $exception;
@@ -185,4 +190,18 @@ public function setUser($user)
 		return $this;
 	}
 
+	/**
+	 * Extend the authentication layer by registering a custom provider.
+	 * 
+	 * @param  string  $key
+	 * @param  \Dingo\Api\Auth\ProviderInterface  $provider
+	 * @return \Dingo\Api\Authentication
+	 */
+	public function extend($key, ProviderInterface $provider)
+	{
+		$this->providers[$key] = $provider;
+
+		return $this;
+	}
+
 }

tests/AuthProviderTest.php renamed to tests/AuthAuthorizationProviderTest.php

@@ -1,14 +1,14 @@
 <?php
 
-class AuthProviderTest extends PHPUnit_Framework_TestCase {
+class AuthAuthorizationProviderTest extends PHPUnit_Framework_TestCase {
 
 
 	/**
 	 * @expectedException \Exception
 	 */
 	public function testValidatingAuthorizationHeaderFailsWhenInvalidAndThrowsException()
 	{
-		$provider = new ProviderStub;
+		$provider = new AuthorizationProviderStub;
 		$request = Illuminate\Http\Request::create('/', 'GET');
 		$request->headers->set('authorization', 'bar');
 
@@ -18,7 +18,7 @@ public function testValidatingAuthorizationHeaderFailsWhenInvalidAndThrowsExcept
 
 	public function testValidatingAuthorizationHeaderSucceedsAndReturnsNull()
 	{
-		$provider = new ProviderStub;
+		$provider = new AuthorizationProviderStub;
 		$request = Illuminate\Http\Request::create('/', 'GET');
 		$request->headers->set('authorization', 'foo');
 
@@ -28,9 +28,9 @@ public function testValidatingAuthorizationHeaderSucceedsAndReturnsNull()
 
 }
 
-class ProviderStub extends Dingo\Api\Auth\Provider {
+class AuthorizationProviderStub extends Dingo\Api\Auth\AuthorizationProvider {
 
-	public function authenticate(array $scopes) {}
+	public function authenticate(Illuminate\Http\Request $request) {}
 
 	public function getAuthorizationMethod() { return 'foo'; }