Merge pull request #1 from lbausch/develop

WIP: Version 0.1

Author: lbausch

.github/workflows/tests.yml

@@ -0,0 +1,60 @@
+name: tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  tests:
+
+    runs-on: ubuntu-latest
+    # services:
+    #   mysql:
+    #     image: mysql:5.7
+    #     env:
+    #       MYSQL_ALLOW_EMPTY_PASSWORD: yes
+    #       MYSQL_DATABASE: forge
+    #     ports:
+    #       - 33306:3306
+    #     options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    strategy:
+      fail-fast: true
+      matrix:
+        php: [7.2, 7.3, 7.4]
+        stability: [prefer-lowest, prefer-stable]
+
+    name: PHP ${{ matrix.php }} - ${{ matrix.stability }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Cache dependencies
+        uses: actions/cache@v1
+        with:
+          path: ~/.composer/cache/files
+          key: dependencies-php-${{ matrix.php }}-composer-${{ hashFiles('composer.json') }}
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, gd
+          coverage: xdebug
+
+      - name: Install dependencies
+        run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress
+
+      - name: Execute tests
+        run: vendor/bin/phpunit --verbose --coverage-xml .coverage-xml
+        env:
+          DB_PORT: ${{ job.services.mysql.ports[3306] }}
+          DB_USERNAME: root
+
+      - name: Run codacy-coverage-reporter
+        uses: codacy/codacy-coverage-reporter-action@master
+        with:
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          coverage-reports: .coverage-xml/index.xml

.gitignore

@@ -1,2 +1,3 @@
 /composer.lock
 /vendor/
+/.phpunit.result.cache

README.md

@@ -1,26 +1,43 @@
 # Flarum Laravel Session <!-- omit in toc -->
 
+![tests](https://github.com/lbausch/flarum-laravel-session/workflows/tests/badge.svg) [![Codacy Badge](https://app.codacy.com/project/badge/Coverage/08e639f60aca4927891fa9e4661003bd)](https://www.codacy.com/manual/lbausch/flarum-laravel-session)
+
 **Disclaimer**: This package is still a proof of concept.
 
-- [What it does](#what-it-does)
+- [What It Does](#what-it-does)
 - [Requirements](#requirements)
-- [Installation and configuration](#installation-and-configuration)
+- [Installation and Configuration](#installation-and-configuration)
+  - [Composer](#composer)
+  - [Register Middleware](#register-middleware)
+  - [Setup Database Connection](#setup-database-connection)
+  - [Publish Package Configuration](#publish-package-configuration)
+  - [Disable Cookie Encryption](#disable-cookie-encryption)
 - [Usage](#usage)
-- [Accessing session cookie from different domain](#accessing-session-cookie-from-different-domain)
+  - [Setup Middleware](#setup-middleware)
+  - [Updating Attributes](#updating-attributes)
+- [Accessing Session Cookie From Different Domain](#accessing-session-cookie-from-different-domain)
 
-## What it does
+## What It Does
 This package allows to use the session of [Flarum](https://flarum.org/) for authentication within a Laravel application.
 It accesses Flarum's session cookie and reads the session data from the session storage.
 Based on the user information in the Flarum database an user in the Laravel application is created / updated and logged in.
 
 ## Requirements
-+ PHP 7.4
++ PHP 7.2+
 + Laravel 7
-+ Working installation of Flarum in the same filesystem as the Laravel application, so Flarum's session files can be accessed
-+ Flarum and Laravel need to share the same domain / subdomain, so Flarum's session cookie can be read
++ Working installation of Flarum in the same filesystem as the Laravel application, so Flarum's session files can be read
++ Flarum and Laravel need to share the same domain / subdomain, so Flarum's session cookie can be accessed
+
+## Installation and Configuration
 
-## Installation and configuration
-Install the package by executing `composer require lbausch/flarum-laravel-session:dev-master` and register the middleware in `app/Http/Kernel.php`:
+### Composer
+Install the package with Composer:
+```bash
+composer require lbausch/flarum-laravel-session:dev-master
+```
+
+### Register Middleware
+Register the middleware in `app/Http/Kernel.php`:
 ```php
 /**
  * The application's route middleware.
@@ -31,10 +48,12 @@ Install the package by executing `composer require lbausch/flarum-laravel-sessio
  */
 protected $routeMiddleware = [
     // ...
-    'flarum' => \Bausch\FlarumLaravelSession\FlarumMiddleware::class,
+    'flarum' => \Bausch\FlarumLaravelSession\FlarumSessionMiddleware::class,
     // ...
 ];
 ```
+
+### Setup Database Connection
 Define a database connection for the Flarum database in `config/database.php`:
 ```php
 'flarum' => [
@@ -57,9 +76,26 @@ Define a database connection for the Flarum database in `config/database.php`:
     ]) : [],
 ],
 ```
+
+### Publish Package Configuration
 Publish the package configuration using `php artisan vendor:publish --provider=Bausch\\FlarumLaravelSession\\ServiceProvider` and update `config/flarum.php` with your settings.
 
+### Disable Cookie Encryption
+To avoid Laravel from trying to encrypt the Flarum session cookie, add the following to `app/Http/Middleware/EncryptCookies.php`:
+```php
+/**
+ * The names of the cookies that should not be encrypted.
+ *
+ * @var array
+ */
+protected $except = [
+    'flarum_session',
+];
+```
+
 ## Usage
+
+### Setup Middleware
 In `routes/web.php` you may assign the middleware as desired:
 ```php
 Route::middleware(['flarum'])->group(function () {
@@ -69,7 +105,12 @@ Route::middleware(['flarum'])->group(function () {
 });
 ```
 
-## Accessing session cookie from different domain
+### Updating Attributes
+Attributes which are updated upon a successful authentication can be specified by modifying the array `update_attributes` in `config/flarum.php`.
+To track the relationship between your local user and the Flarum user, you may add a column `flarum_id` to your users table.
+
+
+## Accessing Session Cookie From Different Domain
 If Flarum is running on domain.tld and Laravel on sub.domain.tld you need to configure Flarum (`config.php`), so the session cookie can be accessed on the subdomain:
 ```php
 // Note the dot before domain.tld

composer.json

@@ -1,30 +1,48 @@
 {
     "name": "lbausch/flarum-laravel-session",
-    "description": "Use Flarum's session within Laravel",
+    "description": "Use the session of Flarum within Laravel.",
     "type": "library",
-    "require-dev": {
-        "orchestra/testbench": "^5.3"
-    },
     "license": "MIT",
+    "keywords": [
+        "auth",
+        "authentication",
+        "flarum",
+        "laravel",
+        "session",
+        "share"
+    ],
+    "support": {
+        "issues": "https://github.com/lbausch/flarum-laravel-session/issues",
+        "source": "https://github.com/lbausch/flarum-laravel-session"
+    },
     "authors": [
         {
             "name": "Lorenz Bausch",
             "email": "[email protected]"
         }
     ],
     "require": {
-        "php": "^7.4",
+        "php": "^7.2",
         "illuminate/auth": "^7.0",
         "illuminate/filesystem": "^7.0",
         "illuminate/http": "^7.0",
         "illuminate/session": "^7.0",
         "illuminate/support": "^7.0"
     },
+    "require-dev": {
+        "orchestra/testbench": "^5.3",
+        "phpunit/phpunit": "8.*"
+    },
     "autoload": {
         "psr-4": {
             "Bausch\\FlarumLaravelSession\\": "src/"
         }
     },
+    "autoload-dev": {
+        "psr-4": {
+            "Tests\\": "tests/"
+        }
+    },
     "extra": {
         "laravel": {
             "providers": [

config/flarum.php

@@ -9,7 +9,7 @@
     /*
      * Model which is authenticatable
      */
-    'model' => App\User::class,
+    'model' => config('auth.providers.users.model', App\User::class),
 
     /*
      * Flarum session configuration
@@ -23,11 +23,20 @@
         /*
          * Absolute path to the session directory of Flarum
          */
-        'path' => base_path('flarum/storage/sessions'),
+        'path' => env('FLARUM_SESSION_PATH', base_path('flarum/storage/sessions')),
     ],
 
     /*
      * Flarum database connection as defined in config/database.php
      */
     'db_connection' => env('FLARUM_DB_CONNECTION', 'flarum'),
+
+    /*
+     * Attributes to update upon successful authentication: Flarum user => local user
+     */
+    'update_attributes' => [
+        'username' => 'username',
+        'id' => 'flarum_id',
+        'email' => 'email',
+    ],
 ];

phpunit.xml.dist

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="./vendor/phpunit/phpunit/phpunit.xsd"
+         bootstrap="vendor/autoload.php"
+         colors="true"
+         testdox="true"
+>
+    <testsuites>
+        <testsuite name="Flarum Laravel Session Test Suite">
+            <directory suffix="Test.php">./tests</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src</directory>
+        </whitelist>
+    </filter>
+    <php>
+        <env name="DB_CONNECTION" value="testing"/>
+    </php>
+</phpunit>

src/FlarumMiddleware.php renamed to src/FlarumSessionMiddleware.php

@@ -3,18 +3,18 @@
 namespace Bausch\FlarumLaravelSession;
 
 use Closure;
+use Illuminate\Container\Container;
 use Illuminate\Filesystem\Filesystem;
 use Illuminate\Foundation\Auth\User;
 use Illuminate\Http\Request;
 use Illuminate\Session\FileSessionHandler;
 use Illuminate\Session\Store;
-use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Str;
 
-class FlarumMiddleware
+class FlarumSessionMiddleware
 {
     /**
      * Handle an incoming request.
@@ -40,12 +40,7 @@ public function handle(Request $request, Closure $next)
         $session_store = new Store('flarum-laravel-session', $this->getFileSessionHandler(), $flarum_session_id);
 
         // Start session
-        $session_started = $session_store->start();
-
-        // Abort if session could'nt be started
-        if (!$session_started) {
-            abort(403);
-        }
+        $session_store->start();
 
         // Try to get user id
         $user_id = $session_store->get('user_id', false);
@@ -56,7 +51,7 @@ public function handle(Request $request, Closure $next)
         }
 
         // Get Flarum user from Flarum database
-        $flarum_user = DB::connection(Config::get('flarum.database_connection'))->table('users')->find($user_id);
+        $flarum_user = DB::connection(Config::get('flarum.db_connection'))->table('users')->find($user_id);
 
         // Abort if no Flarum user is present in database
         if (!$flarum_user) {
@@ -81,7 +76,7 @@ public function handle(Request $request, Closure $next)
     protected function getFileSessionHandler(): FileSessionHandler
     {
         // Create filesystem
-        $filesystem = new Filesystem();
+        $filesystem = Container::getInstance()->make(Filesystem::class);
 
         // Get path to session files
         $session_path = Config::get('flarum.session.path');
@@ -102,28 +97,25 @@ protected function getFileSessionHandler(): FileSessionHandler
     protected function createOrUpdateUser(?User $user, object $flarum_user): User
     {
         // Get a user instance
-        if (is_null($user)) {
+        if (null === $user) {
             $user = $this->getUser();
         }
 
-        // Attributes to update: local user => flarum user
-        $attributes = [
-            'username' => 'username',
-            'nickname' => 'nickname',
-            'flarum_id' => 'id',
-            'email' => 'email',
-        ];
+        // Attributes to update: Flarum user => local user
+        $update_attributes = Config::get('flarum.update_attributes', []);
 
         // Update attributes
-        foreach ($attributes as $attribute) {
-            $user->{$attribute} = $flarum_user->{$attribute};
+        foreach ($update_attributes as $flarum_attribute => $local_attribute) {
+            $user->{$local_attribute} = $flarum_user->{$flarum_attribute};
         }
 
         // Set a random password
         $user->password = bcrypt(Str::random(30));
 
         // Save user
-        $user->save();
+        if ($user->isDirty()) {
+            $user->save();
+        }
 
         // Return user
         return $user;
@@ -134,6 +126,6 @@ protected function createOrUpdateUser(?User $user, object $flarum_user): User
      */
     protected function getUser(): User
     {
-        return App::make(config('flarum.model'));
+        return Container::getInstance()->make(Config::get('flarum.model'));
     }
 }