[PLA-1601] Return error when null auth driver is used in production. (#…

…133)
enjin · Feb 14, 2024 · a3e80f8 · a3e80f8
1 parent b53d45f
commit a3e80f8
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 46 deletions.
diff --git a/config/enjin-platform.php b/config/enjin-platform.php
@@ -189,7 +189,7 @@
     |
     */
     'qr' => [
-        'adapter' => \Enjin\Platform\Services\Qr\Adapters\PlatformQrAdapter::class,
+        'adapter' => Enjin\Platform\Services\Qr\Adapters\PlatformQrAdapter::class,
         'size' => env('QR_CODE_SIZE', 512),
         'format' => env('QR_CODE_FORMAT', 'png'),
     ],

diff --git a/config/graphql.php b/config/graphql.php
@@ -9,13 +9,13 @@
 
         // The controller/method to use in GraphQL request.
         // Also supported array syntax: `[\Rebing\GraphQL\GraphQLController::class, 'query']`
-        'controller' => \Enjin\Platform\Http\Controllers\GraphQLController::class . '@query',
+        'controller' => Enjin\Platform\Http\Controllers\GraphQLController::class . '@query',
 
         // Any middleware for the graphql route group
         // This middleware will apply to all schemas
         'middleware' => [
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Enjin\Platform\Middlewares\Authenticated::class,
+            Illuminate\Session\Middleware\StartSession::class,
+            Enjin\Platform\Middlewares\Authenticated::class,
         ],
 
         // Additional route group attributes
@@ -111,7 +111,7 @@
     'types' => [
         // ExampleType::class,
         // ExampleRelationType::class,
-        \Rebing\GraphQL\Support\UploadType::class,
+        Rebing\GraphQL\Support\UploadType::class,
     ],
 
     // This callable will be passed the Error object for each errors GraphQL catch.
@@ -121,7 +121,7 @@
     //     'message' => '',
     //     'locations' => []
     // ]
-    'error_formatter' => [\Rebing\GraphQL\GraphQL::class, 'formatError'],
+    'error_formatter' => [Rebing\GraphQL\GraphQL::class, 'formatError'],
 
     /*
      * Custom Error Handling
@@ -130,7 +130,7 @@
      *
      * The default handler will pass exceptions to laravel Error Handling mechanism
      */
-    'errors_handler' => [\Rebing\GraphQL\GraphQL::class, 'handleErrors'],
+    'errors_handler' => [Rebing\GraphQL\GraphQL::class, 'handleErrors'],
 
     /*
      * Options to limit the query complexity and depth. See the doc
@@ -147,13 +147,13 @@
      * You can define your own pagination type.
      * Reference \Rebing\GraphQL\Support\PaginationType::class
      */
-    'pagination_type' => \Enjin\Platform\GraphQL\Types\Pagination\ConnectionType::class,
+    'pagination_type' => Enjin\Platform\GraphQL\Types\Pagination\ConnectionType::class,
 
     /*
      * You can define your own simple pagination type.
      * Reference \Rebing\GraphQL\Support\SimplePaginationType::class
      */
-    'simple_pagination_type' => \Rebing\GraphQL\Support\SimplePaginationType::class,
+    'simple_pagination_type' => Rebing\GraphQL\Support\SimplePaginationType::class,
 
     /*
      * Overrides the default field resolver
@@ -211,12 +211,12 @@
      * Execution middlewares
      */
     'execution_middleware' => [
-        \Rebing\GraphQL\Support\ExecutionMiddleware\ValidateOperationParamsMiddleware::class,
-        \Enjin\Platform\Middlewares\OperationDefinitionNodeStore::class,
+        Rebing\GraphQL\Support\ExecutionMiddleware\ValidateOperationParamsMiddleware::class,
+        Enjin\Platform\Middlewares\OperationDefinitionNodeStore::class,
         // AutomaticPersistedQueriesMiddleware listed even if APQ is disabled, see the docs for the `'apq'` configuration
-        \Rebing\GraphQL\Support\ExecutionMiddleware\AutomaticPersistedQueriesMiddleware::class,
-        \Rebing\GraphQL\Support\ExecutionMiddleware\AddAuthUserContextValueMiddleware::class,
+        Rebing\GraphQL\Support\ExecutionMiddleware\AutomaticPersistedQueriesMiddleware::class,
+        Rebing\GraphQL\Support\ExecutionMiddleware\AddAuthUserContextValueMiddleware::class,
         // \Rebing\GraphQL\Support\ExecutionMiddleware\UnusedVariablesMiddleware::class,
-        \Enjin\Platform\Middlewares\UniqueFieldNamesArray::class,
+        Enjin\Platform\Middlewares\UniqueFieldNamesArray::class,
     ],
 ];
diff --git a/lang/en/error.php b/lang/en/error.php
@@ -5,6 +5,7 @@
     'auth.auth_not_defined' => 'The auth is not defined.',
     'auth.basic_token.token_not_defined' => 'The basic token is not defined in your .env',
     'auth.driver_not_supported' => 'Driver [:driver] is not supported.',
+    'auth.null_driver_not_allowed_in_production' => 'The Null auth driver cannot be used in production.',
     'cannot_represent_integer_range' => 'Cannot represent following value as integer range: :value',
     'cannot_represent_integer_ranges_array' => 'Cannot represent following value as integer ranges array: :value',
     'cannot_represent_object' => 'Cannot represent following value as object: ',

diff --git a/src/Http/Controllers/QrController.php b/src/Http/Controllers/QrController.php
@@ -27,7 +27,7 @@ public function get(Request $request)
             throw new PlatformException(__('enjin-platform::error.qr.extension_not_installed'), 501);
         }
 
-        $qrCode = QRCode::format($format)->size($size)->generate($data);
+        $qrCode = QrCode::format($format)->size($size)->generate($data);
         $mimeType = match ($format) {
             'eps' => 'application/postscript',
             'svg' => 'image/svg+xml',

diff --git a/src/Services/Auth/Drivers/NullAuth.php b/src/Services/Auth/Drivers/NullAuth.php
@@ -4,6 +4,7 @@
 
 use Enjin\Platform\Services\Auth\Authenticator;
 use Illuminate\Http\Request;
+use Illuminate\Support\Str;
 
 class NullAuth implements Authenticator
 {
@@ -12,7 +13,7 @@ class NullAuth implements Authenticator
      */
     public function authenticate(Request $request): bool
     {
-        return true;
+        return !$this->isProduction();
     }
 
     /**
@@ -25,11 +26,16 @@ public function getToken(): string
 
     public function getError(): string
     {
-        return '';
+        return $this->isProduction() ? __('enjin-platform::error.auth.null_driver_not_allowed_in_production') : '';
     }
 
     public static function create(): Authenticator
     {
         return new static();
     }
+
+    private function isProduction()
+    {
+        return 'production' === Str::lower(config('app.env'));
+    }
 }
diff --git a/tests/Feature/GraphQL/Mutations/RemoveAllAttributesTest.php b/tests/Feature/GraphQL/Mutations/RemoveAllAttributesTest.php
@@ -36,7 +36,7 @@ class RemoveAllAttributesTest extends TestCaseGraphQL
     protected Model $token;
     protected Encoder $tokenIdEncoder;
     protected Model $attribute;
-    protected MOdel $wallet;
+    protected Model $wallet;
 
     protected function setUp(): void
     {

diff --git a/tests/Feature/GraphQL/Mutations/SetWalletAccountTest.php b/tests/Feature/GraphQL/Mutations/SetWalletAccountTest.php
@@ -84,34 +84,34 @@ public function test_it_can_update_wallet_with_external_id(): void
 
     // Exception Path
 
-     public function test_it_will_fail_with_no_id_and_external_id(): void
-     {
-         $wallet = Wallet::factory()->create();
-         $response = $this->graphql($this->method, [
-             'account' => $wallet->public_key,
-         ], true);
-
-         $this->assertArraySubset(
-             [
-                 'id' => ['The id field is required when external id is not present.'],
-                 'externalId' => ['The external id field is required when id is not present.'],
-             ],
-             $response['error']
-         );
-
-         $response = $this->graphql($this->method, [
-             'id' => $wallet->id,
-             'externalId' => $wallet->external_id,
-             'account' => $wallet->public_key,
-         ], true);
-         $this->assertArraySubset(
-             [
-                 'id' => ['The id field prohibits external id from being present.'],
-                 'externalId' => ['The external id field prohibits id from being present.'],
-             ],
-             $response['error']
-         );
-     }
+    public function test_it_will_fail_with_no_id_and_external_id(): void
+    {
+        $wallet = Wallet::factory()->create();
+        $response = $this->graphql($this->method, [
+            'account' => $wallet->public_key,
+        ], true);
+
+        $this->assertArraySubset(
+            [
+                'id' => ['The id field is required when external id is not present.'],
+                'externalId' => ['The external id field is required when id is not present.'],
+            ],
+            $response['error']
+        );
+
+        $response = $this->graphql($this->method, [
+            'id' => $wallet->id,
+            'externalId' => $wallet->external_id,
+            'account' => $wallet->public_key,
+        ], true);
+        $this->assertArraySubset(
+            [
+                'id' => ['The id field prohibits external id from being present.'],
+                'externalId' => ['The external id field prohibits id from being present.'],
+            ],
+            $response['error']
+        );
+    }
 
     public function test_it_will_fail_with_no_address(): void
     {

diff --git a/tests/Unit/AuthServiceTest.php b/tests/Unit/AuthServiceTest.php
@@ -35,4 +35,14 @@ public function test_it_can_make_null_auth()
         $this->assertEmpty($auth->getError());
         $this->assertTrue($auth->authenticate(request()));
     }
+
+    public function test_it_returns_error_with_null_auth_in_production()
+    {
+        $this->app['config']->set('app.env', 'production');
+        $auth = resolve(AuthManager::class)->driver();
+        $this->assertInstanceOf(NullAuth::class, $auth);
+        $this->assertEmpty($auth->getToken());
+        $this->assertSame(__('enjin-platform::error.auth.null_driver_not_allowed_in_production'), $auth->getError());
+        $this->assertFalse($auth->authenticate(request()));
+    }
 }