Split of the SecurityContext to AuthorizationChecker and TokenStorage

1 files changed, 99 insertions, 0 deletions

diff --git a/Core/Tests/Authorization/AuthorizationCheckerTest.php b/Core/Tests/Authorization/AuthorizationCheckerTest.php
new file mode 100644
index 0000000..64de6ef
--- /dev/null
+++ b/Core/Tests/Authorization/AuthorizationCheckerTest.php
@@ -0,0 +1,99 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Authorization;
+
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
+use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
+
+class AuthorizationCheckerTest extends \PHPUnit_Framework_TestCase
+{
+    private $authenticationManager;
+    private $accessDecisionManager;
+    private $authorizationChecker;
+    private $tokenStorage;
+
+    public function setUp()
+    {
+        $this->authenticationManager = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface');
+        $this->accessDecisionManager = $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface');
+        $this->tokenStorage = new TokenStorage();
+
+        $this->authorizationChecker = new AuthorizationChecker(
+            $this->tokenStorage,
+            $this->authenticationManager,
+            $this->accessDecisionManager
+        );
+    }
+
+    public function testVoteAuthenticatesTokenIfNecessary()
+    {
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+        $this->tokenStorage->setToken($token);
+
+        $newToken = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+
+        $this->authenticationManager
+            ->expects($this->once())
+            ->method('authenticate')
+            ->with($this->equalTo($token))
+            ->will($this->returnValue($newToken));
+
+        // default with() isn't a strict check
+        $tokenComparison = function ($value) use ($newToken) {
+            // make sure that the new token is used in "decide()" and not the old one
+            return $value === $newToken;
+        };
+
+        $this->accessDecisionManager
+            ->expects($this->once())
+            ->method('decide')
+            ->with($this->callback($tokenComparison))
+            ->will($this->returnValue(true));
+
+        // first run the token has not been re-authenticated yet, after isGranted is called, it should be equal
+        $this->assertFalse($newToken === $this->tokenStorage->getToken());
+        $this->assertTrue($this->authorizationChecker->isGranted('foo'));
+        $this->assertTrue($newToken === $this->tokenStorage->getToken());
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
+     */
+    public function testVoteWithoutAuthenticationToken()
+    {
+        $this->authorizationChecker->isGranted('ROLE_FOO');
+    }
+
+    /**
+     * @dataProvider isGrantedProvider
+     */
+    public function testIsGranted($decide)
+    {
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+        $token
+            ->expects($this->once())
+            ->method('isAuthenticated')
+            ->will($this->returnValue(true));
+
+        $this->accessDecisionManager
+            ->expects($this->once())
+            ->method('decide')
+            ->will($this->returnValue($decide));
+        $this->tokenStorage->setToken($token);
+        $this->assertTrue($decide === $this->authorizationChecker->isGranted('ROLE_FOO'));
+    }
+
+    public function isGrantedProvider()
+    {
+        return array(array(true), array(false));
+    }
+}