diff --git a/src/Auth/AclAdapter/IniAclAdapter.php b/src/Auth/AclAdapter/IniAclAdapter.php index 324538ec..3ff7f3d0 100644 --- a/src/Auth/AclAdapter/IniAclAdapter.php +++ b/src/Auth/AclAdapter/IniAclAdapter.php @@ -40,6 +40,7 @@ public function getAcl(array $availableRoles, array $config): array { $role = mb_substr($role, 1); if (!array_key_exists($role, $availableRoles)) { unset($roles[$roleId]); + continue; } @@ -52,6 +53,7 @@ public function getAcl(array $availableRoles, array $config): array { // Prevent undefined roles appearing in the iniMap if (!array_key_exists($role, $availableRoles) && $role !== '*') { unset($roles[$roleId]); + continue; } if ($role === '*') { diff --git a/src/Auth/AclTrait.php b/src/Auth/AclTrait.php index 7719958b..fb83649a 100644 --- a/src/Auth/AclTrait.php +++ b/src/Auth/AclTrait.php @@ -50,9 +50,9 @@ trait AclTrait { * Finds the authorization adapter to use for this request. * * @param string $adapter Acl adapter to load. - * @return \TinyAuth\Auth\AclAdapter\AclAdapterInterface * @throws \Cake\Core\Exception\Exception * @throws \InvalidArgumentException + * @return \TinyAuth\Auth\AclAdapter\AclAdapterInterface */ protected function _loadAclAdapter($adapter) { if ($this->_aclAdapter !== null) { @@ -82,8 +82,8 @@ protected function _loadAclAdapter($adapter) { * * @param array $user User data * @param array $params Request params - * @return bool Success * @throws \Cake\Core\Exception\Exception + * @return bool Success */ protected function _checkUser(array $user, array $params) { if ($this->getConfig('includeAuthentication') && $this->_isPublic($params)) { @@ -341,8 +341,8 @@ protected function _isPublic(array $params) { * Hack to get the auth data here for hasAccess(). * We re-use the cached data for performance reasons. * - * @return array * @throws \Cake\Core\Exception\Exception + * @return array */ protected function _getAuth() { if ($this->auth) { @@ -426,6 +426,7 @@ protected function _constructIniKey($params) { if (!empty($params['plugin'])) { $res = $params['plugin'] . ".$res"; } + return $res; } @@ -435,8 +436,8 @@ protected function _constructIniKey($params) { * Will look for a roles array in * Configure first, tries database roles table next. * - * @return int[] List with all available roles * @throws \Cake\Core\Exception\Exception + * @return int[] List with all available roles */ protected function _getAvailableRoles() { if ($this->_roles !== null) { @@ -496,8 +497,8 @@ protected function _getAvailableRoles() { * in multi-role mode) * * @param array $user The user to get the roles for - * @return int[] List with all role ids belonging to the user * @throws \Cake\Core\Exception\Exception + * @return int[] List with all role ids belonging to the user */ protected function _getUserRoles($user) { // Single-role from session @@ -513,6 +514,7 @@ protected function _getUserRoles($user) { if (!isset($user[$this->getConfig('roleColumn')])) { return []; } + return $this->_mapped([$user[$this->getConfig('roleColumn')]]); } @@ -522,6 +524,7 @@ protected function _getUserRoles($user) { if (isset($userRoles[0]['id'])) { $userRoles = Hash::extract($userRoles, '{n}.id'); } + return $this->_mapped((array)$userRoles); } @@ -532,6 +535,7 @@ protected function _getUserRoles($user) { if (isset($userRoles[0][$this->getConfig('roleColumn')])) { $userRoles = Hash::extract($userRoles, '{n}.' . $this->getConfig('roleColumn')); } + return $this->_mapped((array)$userRoles); } @@ -550,8 +554,8 @@ protected function _getUserRoles($user) { protected function _pivotTableName() { $pivotTableName = $this->getConfig('pivotTable'); if (!$pivotTableName) { - list(, $rolesTableName) = pluginSplit($this->getConfig('rolesTable')); - list(, $usersTableName) = pluginSplit($this->getConfig('usersTable')); + [, $rolesTableName] = pluginSplit($this->getConfig('rolesTable')); + [, $usersTableName] = pluginSplit($this->getConfig('usersTable')); $tables = [ $usersTableName, $rolesTableName, diff --git a/src/Auth/AllowAdapter/IniAllowAdapter.php b/src/Auth/AllowAdapter/IniAllowAdapter.php index 5f4f5fd8..3305df80 100644 --- a/src/Auth/AllowAdapter/IniAllowAdapter.php +++ b/src/Auth/AllowAdapter/IniAllowAdapter.php @@ -24,6 +24,7 @@ public function getAllow(array $config): array { $action = trim($action); if ($action === '') { unset($actions[$k]); + continue; } $actions[$k] = $action; @@ -39,6 +40,7 @@ public function getAllow(array $config): array { $denied = mb_substr($action, 0, 1) === '!'; if ($denied) { $auth[$key]['deny'][] = mb_substr($action, 1); + continue; } diff --git a/src/Auth/AllowTrait.php b/src/Auth/AllowTrait.php index d55e4b41..0d24e82c 100644 --- a/src/Auth/AllowTrait.php +++ b/src/Auth/AllowTrait.php @@ -138,9 +138,9 @@ protected function _getAllow($path = null) { * Finds the authentication adapter to use for this request. * * @param string $adapter Acl adapter to load. - * @return \TinyAuth\Auth\AllowAdapter\AllowAdapterInterface * @throws \Cake\Core\Exception\Exception * @throws \InvalidArgumentException + * @return \TinyAuth\Auth\AllowAdapter\AllowAdapterInterface */ protected function _loadAllowAdapter($adapter) { if ($this->_allowAdapter !== null) { diff --git a/src/Auth/AuthUserTrait.php b/src/Auth/AuthUserTrait.php index 3ceeb23e..f1854df5 100644 --- a/src/Auth/AuthUserTrait.php +++ b/src/Auth/AuthUserTrait.php @@ -59,6 +59,7 @@ public function id() { */ public function isMe($userId) { $field = $this->getConfig('idColumn'); + return $userId && (string)$userId === (string)$this->user($field); } @@ -73,6 +74,7 @@ public function user($key = null) { if ($key === null) { return $user; } + return Hash::get($user, $key); } @@ -116,6 +118,7 @@ public function hasRole($expectedRole, $providedRoles = null) { if (array_key_exists($expectedRole, $roles) || in_array($expectedRole, $roles)) { return true; } + return false; } @@ -159,6 +162,7 @@ public function hasRoles($expectedRoles, $oneRoleIsEnough = true, $providedRoles if ($count === count($expectedRoles)) { return true; } + return false; } diff --git a/src/Controller/Component/AuthComponent.php b/src/Controller/Component/AuthComponent.php index ecefff8a..6fc584b9 100644 --- a/src/Controller/Component/AuthComponent.php +++ b/src/Controller/Component/AuthComponent.php @@ -2,8 +2,8 @@ namespace TinyAuth\Controller\Component; -use Cake\Controller\ComponentRegistry; use Cake\Controller\Component\AuthComponent as CakeAuthComponent; +use Cake\Controller\ComponentRegistry; use RuntimeException; use TinyAuth\Auth\AclTrait; use TinyAuth\Auth\AllowTrait; diff --git a/src/Middleware/RequestAuthorizationMiddleware.php b/src/Middleware/RequestAuthorizationMiddleware.php index cc4eb02e..b31476b2 100644 --- a/src/Middleware/RequestAuthorizationMiddleware.php +++ b/src/Middleware/RequestAuthorizationMiddleware.php @@ -58,6 +58,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface $can = $service->can($identity, $this->getConfig('method'), $request); if (!$can) { $result = new Result($can, 'Can not ' . $this->getConfig('method') . ' request'); + throw new ForbiddenException($result); } diff --git a/src/Panel/AuthPanel.php b/src/Panel/AuthPanel.php index 67f5bd98..fb9e54c5 100644 --- a/src/Panel/AuthPanel.php +++ b/src/Panel/AuthPanel.php @@ -19,8 +19,8 @@ class AuthPanel extends DebugPanel { use AllowTrait; use InstanceConfigTrait; - const ICON_RESTRICTED = "\u{1f512}"; - const ICON_PUBLIC = "\u{1f513}"; + public const ICON_RESTRICTED = "\u{1f512}"; + public const ICON_PUBLIC = "\u{1f513}"; /** * Defines which plugin this panel is from so the element can be located. @@ -57,7 +57,7 @@ public function __construct() { * @return void */ public function shutdown(EventInterface $event) { - /** @var \Cake\Controller\Controller $controller */ + /** @var \Cake\Controller\Controller $controller */ $controller = $event->getSubject(); $request = $controller->getRequest(); @@ -102,6 +102,7 @@ public function data() { $data = [ 'isPublic' => $this->isPublic, ]; + return $this->_data + $data; } @@ -143,6 +144,7 @@ protected function _injectRole(array $user, $role, $id) { $pivotTableName = $this->_pivotTableName(); if (isset($user[$pivotTableName])) { $user[$pivotTableName] = [$role => $id]; + return $user; } diff --git a/src/Sync/Syncer.php b/src/Sync/Syncer.php index 856e8762..2d6a91dc 100644 --- a/src/Sync/Syncer.php +++ b/src/Sync/Syncer.php @@ -54,6 +54,7 @@ public function syncAcl(Arguments $args, ConsoleIo $io) { $io->info($string); $io->info('=== ' . $config['aclFile'] . ' end ==='); } + return; } diff --git a/src/Utility/Cache.php b/src/Utility/Cache.php index e3bd0687..f9863c21 100644 --- a/src/Utility/Cache.php +++ b/src/Utility/Cache.php @@ -14,8 +14,8 @@ class Cache { use StaticConfigTrait; - const KEY_ALLOW = 'allow'; - const KEY_ACL = 'acl'; + public const KEY_ALLOW = 'allow'; + public const KEY_ACL = 'acl'; /** * @var array diff --git a/src/Utility/Utility.php b/src/Utility/Utility.php index 140fa5be..aabccdeb 100644 --- a/src/Utility/Utility.php +++ b/src/Utility/Utility.php @@ -20,7 +20,7 @@ public static function deconstructIniKey($key) { ]; if (strpos($key, '.') !== false) { - list($res['plugin'], $key) = explode('.', $key); + [$res['plugin'], $key] = explode('.', $key); } $lastSlashPos = strrpos($key, '/'); if ($lastSlashPos !== false) { @@ -29,6 +29,7 @@ public static function deconstructIniKey($key) { $key = substr($key, $lastSlashPos + 1); } $res['controller'] = $key; + return $res; } @@ -56,8 +57,8 @@ public static function parseFiles($paths, $file) { * Returns the ini file as an array. * * @param string $ini Full path to the ini file - * @return array List * @throws \Cake\Core\Exception\Exception + * @return array List */ public static function parseFile($ini) { if (!file_exists($ini)) { @@ -77,6 +78,7 @@ public static function parseFile($ini) { if (!is_array($iniArray)) { throw new Exception(sprintf('Invalid TinyAuth config file (%s)', $ini)); } + return $iniArray; } diff --git a/src/View/Helper/AuthUserHelper.php b/src/View/Helper/AuthUserHelper.php index 49fba305..40859bb3 100644 --- a/src/View/Helper/AuthUserHelper.php +++ b/src/View/Helper/AuthUserHelper.php @@ -43,8 +43,8 @@ public function __construct(View $View, array $config = []) { * `includeAuthentication` config and make sure all actions are whitelisted in auth allow INI file. * * @param array $url - * @return bool * @throws \Cake\Core\Exception\Exception + * @return bool */ public function hasAccess(array $url) { if (isset($url['_name'])) { @@ -138,8 +138,8 @@ protected function _default($title, array $options) { } /** - * @return array * @throws \Cake\Core\Exception\Exception + * @return array */ protected function _getUser() { $authUser = $this->_View->get('_authUser'); diff --git a/tests/TestCase/Controller/Component/AuthComponentTest.php b/tests/TestCase/Controller/Component/AuthComponentTest.php index e70d8ede..659cf2ab 100644 --- a/tests/TestCase/Controller/Component/AuthComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthComponentTest.php @@ -39,7 +39,8 @@ public function setUp(): void { * @return void */ public function testValid() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Users', 'action' => 'view', 'plugin' => null, @@ -63,7 +64,8 @@ public function testValid() { * @return void */ public function testValidAnyAction() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'plugin' => 'Extras', 'controller' => 'Offers', 'action' => 'index', @@ -87,7 +89,8 @@ public function testValidAnyAction() { * @return void */ public function testDeniedActionInController() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'plugin' => 'Extras', 'controller' => 'Offers', 'action' => 'denied', @@ -113,7 +116,8 @@ public function testDeniedActionInController() { * @return void */ public function testDeniedAction() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'plugin' => 'Extras', 'controller' => 'Offers', 'action' => 'superPrivate', @@ -139,7 +143,8 @@ public function testDeniedAction() { * @return void */ public function testValidActionNestedPrefix() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'plugin' => null, 'prefix' => 'Admin/MyPrefix', 'controller' => 'MyTest', @@ -162,7 +167,8 @@ public function testValidActionNestedPrefix() { * @return void */ public function testDeniedActionNestedPrefix() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'plugin' => null, 'prefix' => 'admin/my_prefix', 'controller' => 'MyTest', @@ -187,7 +193,8 @@ public function testDeniedActionNestedPrefix() { * @return void */ public function testInvalid() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'FooBar', 'action' => 'index', 'plugin' => null, diff --git a/tests/TestCase/Controller/Component/AuthUserComponentTest.php b/tests/TestCase/Controller/Component/AuthUserComponentTest.php index c77e4e96..fad5d98a 100644 --- a/tests/TestCase/Controller/Component/AuthUserComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthUserComponentTest.php @@ -2,8 +2,8 @@ namespace TinyAuth\Test\TestCase\Controller\Component; -use Cake\Controller\ComponentRegistry; use Cake\Controller\Component\AuthComponent; +use Cake\Controller\ComponentRegistry; use Cake\Controller\Controller; use Cake\Core\Configure; use Cake\Event\Event; diff --git a/tests/TestCase/Controller/Component/AuthenticationComponentTest.php b/tests/TestCase/Controller/Component/AuthenticationComponentTest.php index 8c87bee3..56c658bb 100644 --- a/tests/TestCase/Controller/Component/AuthenticationComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthenticationComponentTest.php @@ -36,7 +36,8 @@ public function setUp(): void { * @return void */ public function testValid() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Users', 'action' => 'view', 'plugin' => null, @@ -59,7 +60,8 @@ public function testValid() { * @return void */ public function testIsPublic() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Users', 'action' => 'view', 'plugin' => null, @@ -78,7 +80,8 @@ public function testIsPublic() { * @return void */ public function testIsPublicFail() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Sales', 'action' => 'view', 'plugin' => null, @@ -97,7 +100,8 @@ public function testIsPublicFail() { * @return void */ public function testIsPublicAllowNonPrefixed() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Foos', 'action' => 'view', ]]); @@ -113,7 +117,8 @@ public function testIsPublicAllowNonPrefixed() { * @return void */ public function testIsPublicAllowNonPrefixedFail() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Foos', 'action' => 'view', 'prefix' => 'Foo', @@ -130,7 +135,8 @@ public function testIsPublicAllowNonPrefixedFail() { * @return void */ public function testIsPublicAllowPrefixed() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Foos', 'action' => 'view', 'prefix' => 'FooBar', @@ -147,7 +153,8 @@ public function testIsPublicAllowPrefixed() { * @return void */ public function testIsPublicAllowPrefixedFail() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Foos', 'action' => 'view', 'prefix' => 'Foo', diff --git a/tests/TestCase/Controller/Component/AuthorizationComponentTest.php b/tests/TestCase/Controller/Component/AuthorizationComponentTest.php index 5325becf..aa0db854 100644 --- a/tests/TestCase/Controller/Component/AuthorizationComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthorizationComponentTest.php @@ -46,7 +46,8 @@ public function setUp(): void { * @return void */ public function testValid() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Users', 'action' => 'view', 'plugin' => null, diff --git a/tests/TestCase/Policy/RequestPolicyTest.php b/tests/TestCase/Policy/RequestPolicyTest.php index d656b4e8..4395be63 100644 --- a/tests/TestCase/Policy/RequestPolicyTest.php +++ b/tests/TestCase/Policy/RequestPolicyTest.php @@ -44,7 +44,8 @@ public function setUp(): void { * @return void */ public function testPolicyCanAccessSuccess() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Tags', 'action' => 'delete', 'plugin' => null, @@ -64,7 +65,8 @@ public function testPolicyCanAccessSuccess() { * @return void */ public function testPolicyCanAccessFail() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Tags', 'action' => 'edit', 'plugin' => null, diff --git a/tests/TestCase/View/Helper/AuthUserHelperTest.php b/tests/TestCase/View/Helper/AuthUserHelperTest.php index bc9c70fe..1e743ebc 100644 --- a/tests/TestCase/View/Helper/AuthUserHelperTest.php +++ b/tests/TestCase/View/Helper/AuthUserHelperTest.php @@ -6,9 +6,9 @@ use Cake\Core\Exception\Exception; use Cake\Core\Plugin; use Cake\Routing\Exception\MissingRouteException; +use Cake\Routing\Route\DashedRoute; use Cake\Routing\RouteBuilder; use Cake\Routing\Router; -use Cake\Routing\Route\DashedRoute; use Cake\TestSuite\TestCase; use Cake\View\View; use TinyAuth\Utility\Cache; diff --git a/tests/TestCase/View/Helper/AuthenticationHelperTest.php b/tests/TestCase/View/Helper/AuthenticationHelperTest.php index c2107f49..7a3a712e 100644 --- a/tests/TestCase/View/Helper/AuthenticationHelperTest.php +++ b/tests/TestCase/View/Helper/AuthenticationHelperTest.php @@ -47,7 +47,8 @@ public function tearDown(): void { * @return void */ public function testIsPublic() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Users', 'action' => 'view', 'plugin' => null, @@ -66,7 +67,8 @@ public function testIsPublic() { * @return void */ public function testIsPublicFail() { - $request = new ServerRequest(['params' => [ + $request = new ServerRequest([ +'params' => [ 'controller' => 'Sales', 'action' => 'view', 'plugin' => null, diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 81948ef6..eb0abff1 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,6 +1,6 @@