Merge pull request #1 from michalbundyra/failed-routing-is-granted

Hotfix: isGranted for failed routing
mezzio · Jan 24, 2020 · 8ff1655 · 8ff1655
2 parents 0b8c353 + cf25e0f
commit 8ff1655
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 16 deletions.
diff --git a/src/LaminasRbac.php b/src/LaminasRbac.php
@@ -52,6 +52,11 @@ public function isGranted(string $role, ServerRequestInterface $request) : bool
             ));
         }
 
+        // No matching route. Everyone can access.
+        if ($routeResult->isFailure()) {
+            return true;
+        }
+
         $routeName = $routeResult->getMatchedRouteName();
         if (null !== $this->assertion) {
             $this->assertion->setRequest($request);

diff --git a/test/LaminasRbacTest.php b/test/LaminasRbacTest.php
@@ -14,6 +14,7 @@
 use Mezzio\Authorization\Exception;
 use Mezzio\Authorization\Rbac\LaminasRbac;
 use Mezzio\Authorization\Rbac\LaminasRbacAssertionInterface;
+use Mezzio\Router\Route;
 use Mezzio\Router\RouteResult;
 use PHPUnit\Framework\TestCase;
 use Prophecy\Prophecy\ObjectProphecy;
@@ -61,12 +62,10 @@ public function testIsGrantedWithoutAssertion()
         $this->rbac->isGranted('foo', 'home', null)->willReturn(true);
         $laminasRbac = new LaminasRbac($this->rbac->reveal());
 
-        $routeResult = $this->prophesize(RouteResult::class);
-        $routeResult->getMatchedRouteName()->willReturn('home');
+        $routeResult = $this->getSuccessRouteResult('home');
 
         $request = $this->prophesize(ServerRequestInterface::class);
-        $request->getAttribute(RouteResult::class, false)
-                ->willReturn($routeResult->reveal());
+        $request->getAttribute(RouteResult::class, false)->willReturn($routeResult);
 
         $result = $laminasRbac->isGranted('foo', $request->reveal());
         $this->assertTrue($result);
@@ -77,25 +76,21 @@ public function testIsNotGrantedWithoutAssertion()
         $this->rbac->isGranted('foo', 'home', null)->willReturn(false);
         $laminasRbac = new LaminasRbac($this->rbac->reveal());
 
-        $routeResult = $this->prophesize(RouteResult::class);
-        $routeResult->getMatchedRouteName()->willReturn('home');
+        $routeResult = $this->getSuccessRouteResult('home');
 
         $request = $this->prophesize(ServerRequestInterface::class);
-        $request->getAttribute(RouteResult::class, false)
-                ->willReturn($routeResult->reveal());
+        $request->getAttribute(RouteResult::class, false)->willReturn($routeResult);
 
         $result = $laminasRbac->isGranted('foo', $request->reveal());
         $this->assertFalse($result);
     }
 
     public function testIsGrantedWitAssertion()
     {
-        $routeResult = $this->prophesize(RouteResult::class);
-        $routeResult->getMatchedRouteName()->willReturn('home');
+        $routeResult = $this->getSuccessRouteResult('home');
 
         $request = $this->prophesize(ServerRequestInterface::class);
-        $request->getAttribute(RouteResult::class, false)
-                ->willReturn($routeResult->reveal());
+        $request->getAttribute(RouteResult::class, false)->willReturn($routeResult);
 
         $this->rbac->isGranted('foo', 'home', $this->assertion->reveal())->willReturn(true);
 
@@ -108,12 +103,10 @@ public function testIsGrantedWitAssertion()
 
     public function testIsNotGrantedWitAssertion()
     {
-        $routeResult = $this->prophesize(RouteResult::class);
-        $routeResult->getMatchedRouteName()->willReturn('home');
+        $routeResult = $this->getSuccessRouteResult('home');
 
         $request = $this->prophesize(ServerRequestInterface::class);
-        $request->getAttribute(RouteResult::class, false)
-                ->willReturn($routeResult->reveal());
+        $request->getAttribute(RouteResult::class, false)->willReturn($routeResult);
 
         $this->rbac->isGranted('foo', 'home', $this->assertion->reveal())->willReturn(false);
 
@@ -123,4 +116,30 @@ public function testIsNotGrantedWitAssertion()
         $this->assertFalse($result);
         $this->assertion->setRequest($request->reveal())->shouldBeCalled();
     }
+
+    public function testIsGrantedWithFailedRouting()
+    {
+        $routeResult = $this->getFailureRouteResult(Route::HTTP_METHOD_ANY);
+
+        $request = $this->prophesize(ServerRequestInterface::class);
+        $request->getAttribute(RouteResult::class, false)->willReturn($routeResult);
+
+        $laminasRbac = new LaminasRbac($this->rbac->reveal());
+
+        $result = $laminasRbac->isGranted('foo', $request->reveal());
+        $this->assertTrue($result);
+    }
+
+    private function getSuccessRouteResult(string $routeName): RouteResult
+    {
+        $route = $this->prophesize(Route::class);
+        $route->getName()->willReturn($routeName);
+
+        return RouteResult::fromRoute($route->reveal());
+    }
+
+    private function getFailureRouteResult(?array $methods): RouteResult
+    {
+        return RouteResult::fromRouteFailure($methods);
+    }
 }