diff --git a/test/unit/AuthenticateRequestTest.php b/test/unit/AuthenticateRequestTest.php index 2a47751..95f8ae0 100644 --- a/test/unit/AuthenticateRequestTest.php +++ b/test/unit/AuthenticateRequestTest.php @@ -129,6 +129,25 @@ public function itShouldValidateRequestUsingQueryString() $this->createEscher('us-east-1/host/aws4_request')->authenticate($keyDB, $serverVars, ''); } + /** + * @test + */ + public function itShouldValidatePresignedUrlRequestWithSpecialCharacters() + { + $serverVars = array( + 'REQUEST_TIME' => $this->strtotime('20150310T173248Z'), + 'REQUEST_METHOD' => 'GET', + 'HTTP_HOST' => 'service.example.com', + 'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=utf-8', + 'REQUEST_URI' => '/login?id=12345678&domain=login.example.com&redirect_to=https%3A%2F%2Fhome.dev%2Fbootstrap.php%3Fr%3Dservice%2Findex%26service%3Dservice_name%3F&X-EMS-Algorithm=EMS-HMAC-SHA256&X-EMS-Credentials=service_api_key%2F20150310%2Feu%2Fservice%2Fems_request&X-EMS-Date=20150310T173248Z&X-EMS-Expires=86400&X-EMS-SignedHeaders=host&X-EMS-Signature=661f2147c77b6784be5a60a8b842a96de6327653f1ed5d4305da43103c69a6f5', + 'HTTPS' => 'on', + 'SERVER_PORT' => '443', + 'SERVER_NAME' => 'service.example.com', + ); + $keyDB = array('service_api_key' => 'service_secret'); + $this->createEscher('eu/service/ems_request', new DateTime('20150310T173248Z'))->authenticate($keyDB, $serverVars); + } + /** * @test * @expectedException EscherException @@ -192,12 +211,6 @@ public function invalidPortProvider() ); } - protected function createEscher($credentialScope) - { - return Escher::create($credentialScope, null) - ->setAlgoPrefix('EMS')->setVendorKey('EMS')->setAuthHeaderKey('X-Ems-Auth')->setDateHeaderKey('X-Ems-Date'); - } - private function strtotime($dateString) { return EscherUtils::parseLongDate($dateString)->format('U'); diff --git a/test/unit/SignRequestUsingHeaderTest.php b/test/unit/SignRequestUsingHeaderTest.php index d863624..5591797 100644 --- a/test/unit/SignRequestUsingHeaderTest.php +++ b/test/unit/SignRequestUsingHeaderTest.php @@ -19,8 +19,7 @@ public function itShouldSignRequest() 'x-ems-auth' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd', ); $headersToSign = array('content-type', 'host', 'x-ems-date'); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); - $actualHeaders = $this->createEscher($date)->signRequest( + $actualHeaders = $this->createEscher('us-east-1/iam/aws4_request')->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', 'POST', 'http://iam.amazonaws.com/', 'Action=ListUsers&Version=2010-05-08', $inputHeaders, $headersToSign ); @@ -42,9 +41,8 @@ public function itShouldAutomagicallyAddHostHeader() 'x-ems-date' => '20110909T233600Z', 'x-ems-auth' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd', ); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); $headersToSign = array('content-type', 'host', 'x-ems-date'); - $actualHeaders = $this->createEscher($date)->signRequest( + $actualHeaders = $this->createEscher('us-east-1/iam/aws4_request')->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', 'POST', 'http://iam.amazonaws.com/', 'Action=ListUsers&Version=2010-05-08', $inputHeaders, $headersToSign ); @@ -61,9 +59,8 @@ public function itShouldAutomagicallyAddHostHeaderWithPort($url, $expectedHost) $inputHeaders = array( 'content-type' => 'application/x-www-form-urlencoded; charset=utf-8', ); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); $headersToSign = array('content-type', 'host', 'x-ems-date'); - $actualHeaders = $this->createEscher($date)->signRequest( + $actualHeaders = $this->createEscher('us-east-1/iam/aws4_request')->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', 'POST', $url, 'Action=ListUsers&Version=2010-05-08', $inputHeaders, $headersToSign ); @@ -99,9 +96,8 @@ public function itShouldAutomagicallyAddDateAndHostToSignedHeaders() 'x-ems-date' => '20110909T233600Z', 'x-ems-auth' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd', ); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); $headersToSign = array('content-type'); - $actualHeaders = $this->createEscher($date)->signRequest( + $actualHeaders = $this->createEscher('us-east-1/iam/aws4_request')->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', 'POST', 'http://iam.amazonaws.com/', 'Action=ListUsers&Version=2010-05-08', $inputHeaders, $headersToSign ); @@ -126,9 +122,8 @@ public function itShouldOnlySignHeadersExplicitlySetToBeSigned() 'x-ems-auth' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd', ); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); $headersToSign = array('content-type', 'host', 'x-ems-date'); - $actualHeaders = $this->createEscher($date)->signRequest( + $actualHeaders = $this->createEscher('us-east-1/iam/aws4_request')->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', 'POST', 'http://iam.amazonaws.com/', 'Action=ListUsers&Version=2010-05-08', $inputHeaders, $headersToSign ); @@ -151,9 +146,8 @@ public function itShouldUseTheProvidedAuthHeaderName() 'custom-auth-header' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd', ); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); $headersToSign = array('content-type', 'host', 'x-ems-date'); - $actualHeaders = $this->createEscher($date, 'Custom-Auth-Header')->signRequest( + $actualHeaders = $this->createEscher('us-east-1/iam/aws4_request')->setAuthHeaderKey('Custom-Auth-Header')->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', 'POST', 'http://iam.amazonaws.com/', 'Action=ListUsers&Version=2010-05-08', $inputHeaders, $headersToSign ); @@ -176,9 +170,7 @@ public function itShouldUseTheProvidedAlgoPrefix() 'x-ems-auth' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd', ); - $date = new DateTime('20110909T233600Z', new DateTimeZone("UTC")); - $escher = Escher::create('us-east-1/iam/aws4_request', $date) - ->setAlgoPrefix('EMS')->setVendorKey('EMS')->setAuthHeaderKey('X-Ems-Auth')->setDateHeaderKey('X-Ems-Date'); + $escher = $this->createEscher('us-east-1/iam/aws4_request'); $headersToSign = array('content-type', 'host', 'x-ems-date'); $actualHeaders = $escher->signRequest( 'AKIDEXAMPLE', 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', @@ -198,8 +190,7 @@ public function itShouldGenerateSignedHeaders() ); $date = new DateTime('2011/05/11 12:00:00', new DateTimeZone("UTC")); - $escher = Escher::create('us-east-1/host/aws4_request', $date) - ->setAlgoPrefix('EMS')->setVendorKey('EMS')->setAuthHeaderKey('X-Ems-Auth')->setDateHeaderKey('X-Ems-Date'); + $escher = $this->createEscher('us-east-1/host/aws4_request', $date); $actualHeaders = $escher->signRequest( 'th3K3y', 'very_secure', @@ -216,9 +207,11 @@ public function itShouldGenerateSignedHeaders() $this->assertEqualMaps($expectedHeaders, $actualHeaders); } - protected function createEscher($date, $authHeaderName = 'X-Ems-Auth') + /** + * @return DateTime + */ + protected function getDate() { - return Escher::create('us-east-1/iam/aws4_request', $date) - ->setAlgoPrefix('EMS')->setVendorKey('EMS')->setAuthHeaderKey($authHeaderName)->setDateHeaderKey('X-Ems-Date'); + return new DateTime('20110909T233600Z', new DateTimeZone("UTC")); } } diff --git a/test/unit/SignRequestUsingQueryStringTest.php b/test/unit/SignRequestUsingQueryStringTest.php index 333ef6e..7d1ef6d 100644 --- a/test/unit/SignRequestUsingQueryStringTest.php +++ b/test/unit/SignRequestUsingQueryStringTest.php @@ -9,7 +9,7 @@ class SignRequestUsingQueryStringTest extends TestBase */ public function itShouldGenerateSignedUrl() { - $signedUrl = $this->getEscher()->presignUrl('th3K3y', 'very_secure', 'http://example.com/something?foo=bar&baz=barbaz', $this->expires); + $signedUrl = $this->createEscher()->presignUrl('th3K3y', 'very_secure', 'http://example.com/something?foo=bar&baz=barbaz', $this->expires); $expectedSignedUrl = 'http://example.com/something?foo=bar&baz=barbaz&X-EMS-Algorithm=EMS-HMAC-SHA256&X-EMS-Credentials=th3K3y%2F20110511%2Fus-east-1%2Fhost%2Faws4_request&X-EMS-Date=20110511T120000Z&X-EMS-Expires=123456&X-EMS-SignedHeaders=host&X-EMS-Signature=fbc9dbb91670e84d04ad2ae7505f4f52ab3ff9e192b8233feeae57e9022c2b67'; @@ -21,7 +21,7 @@ public function itShouldGenerateSignedUrl() */ public function itShouldHandlePort() { - $signedUrl = $this->getEscher()->presignUrl('th3K3y', 'very_secure', 'http://example.com:5000/something?foo=bar&baz=barbaz', $this->expires); + $signedUrl = $this->createEscher()->presignUrl('th3K3y', 'very_secure', 'http://example.com:5000/something?foo=bar&baz=barbaz', $this->expires); $expectedSignedUrl = 'http://example.com:5000/something?foo=bar&baz=barbaz&X-EMS-Algorithm=EMS-HMAC-SHA256&X-EMS-Credentials=th3K3y%2F20110511%2Fus-east-1%2Fhost%2Faws4_request&X-EMS-Date=20110511T120000Z&X-EMS-Expires=123456&X-EMS-SignedHeaders=host&X-EMS-Signature=7f7032b393945a0167fe65d35a7e2827a781ecab9019d814adf95c23bfa5e458'; @@ -33,7 +33,7 @@ public function itShouldHandlePort() */ public function itShouldRespectWhenUrlHasLocationHash() { - $signedUrl = $this->getEscher()->presignUrl('th3K3y', 'very_secure', 'http://example.com:5000/something?foo=bar&baz=barbaz#/client_fragment', $this->expires); + $signedUrl = $this->createEscher()->presignUrl('th3K3y', 'very_secure', 'http://example.com:5000/something?foo=bar&baz=barbaz#/client_fragment', $this->expires); $expectedSignedUrl = 'http://example.com:5000/something?foo=bar&baz=barbaz&X-EMS-Algorithm=EMS-HMAC-SHA256&X-EMS-Credentials=th3K3y%2F20110511%2Fus-east-1%2Fhost%2Faws4_request&X-EMS-Date=20110511T120000Z&X-EMS-Expires=123456&X-EMS-SignedHeaders=host&X-EMS-Signature=7f7032b393945a0167fe65d35a7e2827a781ecab9019d814adf95c23bfa5e458#/client_fragment'; @@ -41,19 +41,18 @@ public function itShouldRespectWhenUrlHasLocationHash() } /** - * @return DateTime + * @test */ - private function getDate() + public function itShouldRespectWhenUrlHasSpecialChars() { - return new DateTime('2011/05/11 12:00:00', new DateTimeZone("UTC")); - } + $signedUrl = $this->createEscher('eu/service/ems_request', new DateTime('20150310T173248Z'))->presignUrl( + 'service_api_key', + 'service_secret', + 'https://service.example.com/login?id=12345678&domain=login.example.com&redirect_to=https%3A%2F%2Fhome.dev%2Fbootstrap.php%3Fr%3Dservice%2Findex%26service%3Dservice_name%3F' + ); - /** - * @return Escher - */ - private function getEscher() - { - return Escher::create('us-east-1/host/aws4_request', $this->getDate()) - ->setAlgoPrefix('EMS')->setVendorKey('EMS')->setAuthHeaderKey('X-Ems-Auth')->setDateHeaderKey('X-Ems-Date'); + $expectedSignedUrl = 'https://service.example.com/login?id=12345678&domain=login.example.com&redirect_to=https%3A%2F%2Fhome.dev%2Fbootstrap.php%3Fr%3Dservice%2Findex%26service%3Dservice_name%3F&X-EMS-Algorithm=EMS-HMAC-SHA256&X-EMS-Credentials=service_api_key%2F20150310%2Feu%2Fservice%2Fems_request&X-EMS-Date=20150310T173248Z&X-EMS-Expires=86400&X-EMS-SignedHeaders=host&X-EMS-Signature=661f2147c77b6784be5a60a8b842a96de6327653f1ed5d4305da43103c69a6f5'; + + $this->assertEquals($expectedSignedUrl, $signedUrl); } } diff --git a/test/unit/TestBase.php b/test/unit/TestBase.php index 703d0df..36a6e4c 100644 --- a/test/unit/TestBase.php +++ b/test/unit/TestBase.php @@ -8,4 +8,27 @@ protected function assertEqualMaps(array $expected, array $actual, $message = '' ksort($actual); $this->assertEquals($expected, $actual, $message); } + + /** + * @param string $credentialScope + * @param DateTime $date + * @return Escher + */ + protected function createEscher($credentialScope = 'us-east-1/host/aws4_request', $date = null) + { + if (is_null($date)) + { + $date = $this->getDate(); + } + return Escher::create($credentialScope, $date) + ->setAlgoPrefix('EMS')->setVendorKey('EMS')->setAuthHeaderKey('X-Ems-Auth')->setDateHeaderKey('X-Ems-Date'); + } + + /** + * @return DateTime + */ + protected function getDate() + { + return new DateTime('2011/05/11 12:00:00', new DateTimeZone("UTC")); + } }