From 6e33d816aa327afd0215a90903c9913effc21fcf Mon Sep 17 00:00:00 2001
From: James Seconde <jim.seconde@googlemail.com>
Date: Mon, 22 Jul 2024 15:29:08 +0100
Subject: [PATCH] Added validation for Silent Auth (#491)

---
 src/Verify2/Client.php                        | 21 ++++++
 src/Verify2/Request/SilentAuthRequest.php     | 11 +++
 .../Verify2/Request/SilentAuthRequestTest.php | 74 +++++++++++++++++++
 3 files changed, 106 insertions(+)
 create mode 100644 test/Verify2/Request/SilentAuthRequestTest.php

diff --git a/src/Verify2/Client.php b/src/Verify2/Client.php
index 7f97036f..63864e6c 100644
--- a/src/Verify2/Client.php
+++ b/src/Verify2/Client.php
@@ -7,6 +7,8 @@
 use Vonage\Client\Exception\Exception;
 use Vonage\Client\Exception\Request;
 use Vonage\Verify2\Request\BaseVerifyRequest;
+use Vonage\Verify2\Request\SilentAuthRequest;
+use Vonage\Verify2\VerifyObjects\VerificationWorkflow;
 
 class Client implements APIClient
 {
@@ -21,6 +23,14 @@ public function getAPIResource(): APIResource
 
     public function startVerification(BaseVerifyRequest $request): ?array
     {
+        if (self::isSilentAuthRequest($request)) {
+            if (SilentAuthRequest::isValidWorkflow($request->getWorkflows())) {
+                return $this->getAPIResource()->create($request->toArray());
+            }
+
+            throw new \InvalidArgumentException('Silent Auth must be the first workflow if used');
+        }
+
         return $this->getAPIResource()->create($request->toArray());
     }
 
@@ -53,4 +63,15 @@ public function nextWorkflow(string $requestId): bool
 
         return true;
     }
+
+    public static function isSilentAuthRequest(BaseVerifyRequest $request): bool
+    {
+        foreach ($request->getWorkflows() as $workflow) {
+            if ($workflow['channel'] == VerificationWorkflow::WORKFLOW_SILENT_AUTH) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }
diff --git a/src/Verify2/Request/SilentAuthRequest.php b/src/Verify2/Request/SilentAuthRequest.php
index b391e7df..b8661934 100644
--- a/src/Verify2/Request/SilentAuthRequest.php
+++ b/src/Verify2/Request/SilentAuthRequest.php
@@ -32,4 +32,15 @@ public function toArray(): array
             'workflow' => $this->getWorkflows()
         ];
     }
+
+    public static function isValidWorkflow(array $workflows): bool
+    {
+        $firstWorkflow = $workflows[0];
+
+        if ($firstWorkflow['channel'] == VerificationWorkflow::WORKFLOW_SILENT_AUTH) {
+            return true;
+        }
+
+        return false;
+    }
 }
diff --git a/test/Verify2/Request/SilentAuthRequestTest.php b/test/Verify2/Request/SilentAuthRequestTest.php
new file mode 100644
index 00000000..ac12b3f2
--- /dev/null
+++ b/test/Verify2/Request/SilentAuthRequestTest.php
@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+namespace VonageTest\Verify2\Request;
+
+use PHPUnit\Framework\TestCase;
+use Vonage\Client;
+use Vonage\Verify2\Request\BaseVerifyRequest;
+use Vonage\Verify2\Request\SilentAuthRequest;
+use Vonage\Verify2\Request\SMSRequest;
+use Vonage\Verify2\VerifyObjects\VerificationLocale;
+use Vonage\Verify2\VerifyObjects\VerificationWorkflow;
+
+class SilentAuthRequestTest extends TestCase
+{
+    public function testIsValidSilentAuthRequest(): void
+    {
+        $silentAuthRequest = new SilentAuthRequest(
+            '077377775555',
+            'VONAGE',
+            'https://silent-auth.example'
+        );
+
+        $extraWorkflow = new VerificationWorkflow(
+            VerificationWorkflow::WORKFLOW_SMS,
+            '077377775555'
+        );
+
+        $silentAuthRequest->addWorkflow($extraWorkflow);
+
+        $client = new Client(new Client\Credentials\Basic('test', 'test2'));
+        $this->assertTrue($client->verify2()::isSilentAuthRequest($silentAuthRequest));
+        $this->assertTrue(SilentAuthRequest::isValidWorkflow($silentAuthRequest->getWorkflows()));
+    }
+
+    public function testIsInvalidSilentAuthRequest(): void
+    {
+        $request = new SMSRequest(
+            '077377775555',
+            'VONAGE',
+        );
+
+        $extraWorkflow = new VerificationWorkflow(
+            VerificationWorkflow::WORKFLOW_SILENT_AUTH,
+            '077377775555'
+        );
+
+        $request->addWorkflow($extraWorkflow);
+        $client = new Client(new Client\Credentials\Basic('test', 'test2'));
+
+        $this->assertTrue($client->verify2()::isSilentAuthRequest($request));
+        $this->assertFalse(SilentAuthRequest::isValidWorkflow($request->getWorkflows()));
+    }
+
+    public function testIsNotSilentAuthRequest(): void
+    {
+        $request = new SMSRequest(
+            '077377775555',
+            'VONAGE',
+        );
+
+        $extraWorkflow = new VerificationWorkflow(
+            VerificationWorkflow::WORKFLOW_EMAIL,
+            'jim@jim.com'
+        );
+
+        $request->addWorkflow($extraWorkflow);
+        $client = new Client(new Client\Credentials\Basic('test', 'test2'));
+
+        $this->assertFalse($client->verify2()::isSilentAuthRequest($request));
+        // No second test to see if the workflow is valid, why are you checking a workflow on a non SA request?
+    }
+}