diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ee0d8bd..1e13689 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -51,5 +51,15 @@ jobs: - name: "Install dependencies (Composer)" uses: "ramsey/composer-install@v3" + - name: Setup Mago + if: ${{ matrix.php-version == '8.4' }} + uses: nhedger/setup-mago@v1 + + - name: Run Mago + if: ${{ matrix.php-version == '8.4' }} + run: | + mago format --dry-run + mago lint --reporting-format=github + - name: "Run PHPUnit" run: php -dextension=./target/release/libext_biscuit_php.so vendor/bin/phpunit diff --git a/README.md b/README.md index 51dc9ad..5bf3a1f 100644 --- a/README.md +++ b/README.md @@ -141,11 +141,22 @@ $publicKey = PublicKey::fromBytes($bytes, 1); // Explicit Secp256r1 ## Testing ```bash -composer install -composer test +cargo build +php \ + -dextension=target/debug/libext_biscuit_php.so \ + vendor/bin/phpunit +``` + +## Formatting -# With coverage -composer test:coverage +We're using [Mago](https://mago.carthage.software/) as code-style formatter for PHP code + +```bash +composer install +cargo build +php \ + -dextension=target/debug/libext_biscuit_php.so \ + vendor/bin/mago lint // and format ``` ## Generating PHP Stubs diff --git a/composer.json b/composer.json index af0b902..145833f 100644 --- a/composer.json +++ b/composer.json @@ -18,11 +18,12 @@ "php": "^8.1" }, "require-dev": { - "phpunit/phpunit": "^10" + "phpunit/phpunit": "^10", + "carthage-software/mago": "^1.0.0-beta.34" }, - "scripts": { - "test": "phpunit", - "test:coverage": "phpunit --coverage-html coverage", - "test:filter": "phpunit --filter" + "config": { + "allow-plugins": { + "carthage-software/mago": true + } } } \ No newline at end of file diff --git a/mago.toml b/mago.toml new file mode 100644 index 0000000..40a9644 --- /dev/null +++ b/mago.toml @@ -0,0 +1,30 @@ +# Welcome to Mago! +# For full documentation, see https://mago.carthage.software/tools/overview +php-version = "8.4.0" + +[source] +paths = ["tests/"] +includes = ["vendor"] +excludes = [] + +[formatter] +print-width = 120 +tab-width = 4 +use-tabs = false + +[linter] +integrations = ["phpunit"] + +[linter.rules] +ambiguous-function-call = { enabled = false } +literal-named-argument = { enabled = false } +halstead = { effort-threshold = 7000 } +too-many-methods = { enabled = false } + +[analyzer] +find-unused-definitions = true +find-unused-expressions = false +analyze-dead-code = false +check-throws = true +allow-possibly-undefined-array-keys = true +perform-heuristic-checks = true diff --git a/tests/BiscuitTest.php b/tests/BiscuitTest.php index 3bab74b..0e6958d 100644 --- a/tests/BiscuitTest.php +++ b/tests/BiscuitTest.php @@ -4,24 +4,22 @@ namespace Biscuit\Tests; -use Biscuit\Auth\{ - Algorithm, - Authorizer, - AuthorizerBuilder, - Biscuit, - BiscuitBuilder, - BlockBuilder, - Check, - Fact, - KeyPair, - Policy, - PrivateKey, - PublicKey, - Rule, - ThirdPartyBlock, - ThirdPartyRequest, - UnverifiedBiscuit -}; +use Biscuit\Auth\Algorithm; +use Biscuit\Auth\Authorizer; +use Biscuit\Auth\AuthorizerBuilder; +use Biscuit\Auth\Biscuit; +use Biscuit\Auth\BiscuitBuilder; +use Biscuit\Auth\BlockBuilder; +use Biscuit\Auth\Check; +use Biscuit\Auth\Fact; +use Biscuit\Auth\KeyPair; +use Biscuit\Auth\Policy; +use Biscuit\Auth\PrivateKey; +use Biscuit\Auth\PublicKey; +use Biscuit\Auth\Rule; +use Biscuit\Auth\ThirdPartyBlock; +use Biscuit\Auth\ThirdPartyRequest; +use Biscuit\Auth\UnverifiedBiscuit; use PHPUnit\Framework\TestCase; class BiscuitTest extends TestCase @@ -29,62 +27,62 @@ class BiscuitTest extends TestCase public function testKeyPairGeneration(): void { $kp = new KeyPair(); - $this->assertInstanceOf(KeyPair::class, $kp); + static::assertInstanceOf(KeyPair::class, $kp); $publicKey = $kp->public(); - $this->assertInstanceOf(PublicKey::class, $publicKey); + static::assertInstanceOf(PublicKey::class, $publicKey); $privateKey = $kp->private(); - $this->assertInstanceOf(PrivateKey::class, $privateKey); + static::assertInstanceOf(PrivateKey::class, $privateKey); } public function testKeyPairFromPrivateKey(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $kp = KeyPair::fromPrivateKey($privateKey); - $this->assertInstanceOf(KeyPair::class, $kp); + static::assertInstanceOf(KeyPair::class, $kp); - $this->assertEquals($privateKeyHex, $kp->private()->toHex()); + static::assertSame($privateKeyHex, $kp->private()->toHex()); } public function testPublicKeyFromHex(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); - $this->assertEquals($publicKeyHex, $publicKey->toHex()); + static::assertSame($publicKeyHex, $publicKey->toHex()); } public function testPublicKeyFromBytes(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); $bytes = $publicKey->toBytes(); $publicKey2 = PublicKey::fromBytes(pack('C*', ...$bytes)); - $this->assertEquals($publicKey->toHex(), $publicKey2->toHex()); + static::assertSame($publicKey->toHex(), $publicKey2->toHex()); } public function testPrivateKeyFromHex(): void { - $privateKeyHex = "ed25519-private/12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a"; + $privateKeyHex = 'ed25519-private/12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a'; $privateKey = new PrivateKey($privateKeyHex); - $this->assertEquals($privateKeyHex, $privateKey->toHex()); + static::assertSame($privateKeyHex, $privateKey->toHex()); } public function testPrivateKeyFromBytes(): void { - $privateKeyHex = "ed25519-private/12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a"; + $privateKeyHex = 'ed25519-private/12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a'; $privateKey = new PrivateKey($privateKeyHex); $bytes = $privateKey->toBytes(); $privateKey2 = PrivateKey::fromBytes(pack('C*', ...$bytes)); - $this->assertEquals($privateKey->toHex(), $privateKey2->toHex()); + static::assertSame($privateKey->toHex(), $privateKey2->toHex()); } public function testBiscuitBuilder(): void @@ -98,7 +96,7 @@ public function testBiscuitBuilder(): void $builder->addCheck(new Check('check if user($u)')); $biscuit = $builder->build($kp->private()); - $this->assertInstanceOf(Biscuit::class, $biscuit); + static::assertInstanceOf(Biscuit::class, $biscuit); } public function testBiscuitBuilderWithParameters(): void @@ -109,16 +107,16 @@ public function testBiscuitBuilderWithParameters(): void $builder->addCodeWithParams( 'user({username}); resource({res});', ['username' => 'alice', 'res' => 'file1'], - [] + [], ); $biscuit = $builder->build($kp->private()); - $this->assertInstanceOf(Biscuit::class, $biscuit); + static::assertInstanceOf(Biscuit::class, $biscuit); } public function testBiscuitSerialization(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $kp = KeyPair::fromPrivateKey($privateKey); @@ -127,19 +125,17 @@ public function testBiscuitSerialization(): void $biscuit = $builder->build($privateKey); - $base64 = $biscuit->toBase64(); - $this->assertIsString($base64); + static::assertIsString($base64); $parsed = Biscuit::fromBase64($base64, $kp->public()); - $this->assertInstanceOf(Biscuit::class, $parsed); - + static::assertInstanceOf(Biscuit::class, $parsed); $bytes = $biscuit->toBytes(); - $this->assertIsArray($bytes); + static::assertIsArray($bytes); $parsed2 = Biscuit::fromBytes(pack('C*', ...$bytes), $kp->public()); - $this->assertInstanceOf(Biscuit::class, $parsed2); + static::assertInstanceOf(Biscuit::class, $parsed2); } public function testBiscuitAppend(): void @@ -149,13 +145,13 @@ public function testBiscuitAppend(): void $builder->addCode('user("alice")'); $biscuit = $builder->build($kp->private()); - $this->assertEquals(1, $biscuit->blockCount()); + static::assertSame(1, $biscuit->blockCount()); $block = new BlockBuilder(); $block->addCode('resource("file1")'); $biscuit2 = $biscuit->append($block); - $this->assertEquals(2, $biscuit2->blockCount()); + static::assertSame(2, $biscuit2->blockCount()); } public function testBlockBuilder(): void @@ -166,19 +162,15 @@ public function testBlockBuilder(): void $builder->addRule(new Rule('head($v) <- fact($v)')); $builder->addCheck(new Check('check if fact(true)')); - $this->assertInstanceOf(BlockBuilder::class, $builder); + static::assertInstanceOf(BlockBuilder::class, $builder); } public function testBlockBuilderWithParameters(): void { $builder = new BlockBuilder(); - $builder->addCodeWithParams( - 'resource({res}); permission({perm});', - ['res' => 'file1', 'perm' => 'read'], - [] - ); + $builder->addCodeWithParams('resource({res}); permission({perm});', ['res' => 'file1', 'perm' => 'read'], []); - $this->assertInstanceOf(BlockBuilder::class, $builder); + static::assertInstanceOf(BlockBuilder::class, $builder); } public function testAuthorizerBuilder(): void @@ -196,7 +188,7 @@ public function testAuthorizerBuilder(): void $authBuilder->addPolicy(new Policy('allow if user("alice")')); $authorizer = $authBuilder->build($biscuit); - $this->assertInstanceOf(Authorizer::class, $authorizer); + static::assertInstanceOf(Authorizer::class, $authorizer); } public function testAuthorizerBuilderWithParameters(): void @@ -207,14 +199,10 @@ public function testAuthorizerBuilderWithParameters(): void $biscuit = $biscuitBuilder->build($kp->private()); $authBuilder = new AuthorizerBuilder(); - $authBuilder->addCodeWithParams( - 'allow if user({username})', - ['username' => 'alice'], - [] - ); + $authBuilder->addCodeWithParams('allow if user({username})', ['username' => 'alice'], []); $authorizer = $authBuilder->build($biscuit); - $this->assertInstanceOf(Authorizer::class, $authorizer); + static::assertInstanceOf(Authorizer::class, $authorizer); } public function testAuthorizerBuilderUnauthenticated(): void @@ -223,19 +211,18 @@ public function testAuthorizerBuilderUnauthenticated(): void $authBuilder->addCode('fact("test"); allow if fact("test")'); $authorizer = $authBuilder->buildUnauthenticated(); - $this->assertInstanceOf(Authorizer::class, $authorizer); + static::assertInstanceOf(Authorizer::class, $authorizer); $policy = $authorizer->authorize(); - $this->assertEquals(0, $policy); + static::assertSame(0, $policy); } public function testCompleteLifecycle(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $kp = KeyPair::fromPrivateKey($privateKey); - $biscuitBuilder = new BiscuitBuilder(); $biscuitBuilder->addCodeWithParams('user({id})', ['id' => '1234'], []); @@ -245,22 +232,19 @@ public function testCompleteLifecycle(): void $biscuit = $biscuitBuilder->build($privateKey); - $block = new BlockBuilder(); $block->addCode('check if user($u)'); $biscuit = $biscuit->append($block); - $token = $biscuit->toBase64(); $parsedToken = Biscuit::fromBase64($token, $kp->public()); - $authBuilder = new AuthorizerBuilder(); $authBuilder->addCodeWithParams('allow if user({id})', ['id' => '1234'], []); $authorizer = $authBuilder->build($parsedToken); $policy = $authorizer->authorize(); - $this->assertEquals(0, $policy); + static::assertSame(0, $policy); } public function testAuthorizerQuery(): void @@ -278,14 +262,14 @@ public function testAuthorizerQuery(): void $rule = new Rule('u($id) <- user($id)'); $facts = $authorizer->query($rule); - $this->assertIsArray($facts); - $this->assertCount(1, $facts); - $this->assertEquals('u', $facts[0]->name()); + static::assertIsArray($facts); + static::assertCount(1, $facts); + static::assertSame('u', $facts[0]->name()); } public function testAuthorizerSnapshot(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $kp = KeyPair::fromPrivateKey($privateKey); @@ -297,25 +281,23 @@ public function testAuthorizerSnapshot(): void $authBuilder->addCodeWithParams('allow if user({id})', ['id' => '1234'], []); $authorizer = $authBuilder->build($biscuit); - $snapshot = $authorizer->base64Snapshot(); - $this->assertIsString($snapshot); + static::assertIsString($snapshot); $parsed = Authorizer::fromBase64Snapshot($snapshot); - $this->assertInstanceOf(Authorizer::class, $parsed); + static::assertInstanceOf(Authorizer::class, $parsed); $policy = $parsed->authorize(); - $this->assertEquals(0, $policy); - + static::assertSame(0, $policy); $rawSnapshot = $authorizer->rawSnapshot(); - $this->assertIsArray($rawSnapshot); + static::assertIsArray($rawSnapshot); $parsedFromRaw = Authorizer::fromRawSnapshot(pack('C*', ...$rawSnapshot)); - $this->assertInstanceOf(Authorizer::class, $parsedFromRaw); + static::assertInstanceOf(Authorizer::class, $parsedFromRaw); $rawPolicy = $parsedFromRaw->authorize(); - $this->assertEquals(0, $rawPolicy); + static::assertSame(0, $rawPolicy); } public function testAuthorizerBuilderSnapshot(): void @@ -323,25 +305,23 @@ public function testAuthorizerBuilderSnapshot(): void $authBuilder = new AuthorizerBuilder(); $authBuilder->addCodeWithParams('allow if user({id})', ['id' => '1234'], []); - $snapshot = $authBuilder->base64Snapshot(); - $this->assertIsString($snapshot); + static::assertIsString($snapshot); $parsed = AuthorizerBuilder::fromBase64Snapshot($snapshot); - $this->assertInstanceOf(AuthorizerBuilder::class, $parsed); - + static::assertInstanceOf(AuthorizerBuilder::class, $parsed); $rawSnapshot = $authBuilder->rawSnapshot(); - $this->assertIsArray($rawSnapshot); + static::assertIsArray($rawSnapshot); $parsedFromRaw = AuthorizerBuilder::fromRawSnapshot(pack('C*', ...$rawSnapshot)); - $this->assertInstanceOf(AuthorizerBuilder::class, $parsedFromRaw); + static::assertInstanceOf(AuthorizerBuilder::class, $parsedFromRaw); } public function testUnverifiedBiscuit(): void { $kp = new KeyPair(); - $pubkey = new PublicKey("ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"); + $pubkey = new PublicKey('ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'); $builder = new BiscuitBuilder(); $builder->addCode('test(true)'); @@ -359,16 +339,16 @@ public function testUnverifiedBiscuit(): void $utoken1 = UnverifiedBiscuit::fromBase64($base64_1); $utoken2 = UnverifiedBiscuit::fromBase64($base64_2); - $this->assertNull($utoken1->rootKeyId()); - $this->assertEquals(42, $utoken2->rootKeyId()); + static::assertNull($utoken1->rootKeyId()); + static::assertSame(42, $utoken2->rootKeyId()); - $this->assertEquals(1, $utoken1->blockCount()); - $this->assertEquals(2, $utoken2->blockCount()); + static::assertSame(1, $utoken1->blockCount()); + static::assertSame(2, $utoken2->blockCount()); } public function testUnverifiedBiscuitVerification(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $kp = KeyPair::fromPrivateKey($privateKey); @@ -380,7 +360,7 @@ public function testUnverifiedBiscuitVerification(): void $utoken = UnverifiedBiscuit::fromBase64($base64); $verified = $utoken->verify($kp->public()); - $this->assertInstanceOf(Biscuit::class, $verified); + static::assertInstanceOf(Biscuit::class, $verified); } public function testUnverifiedBiscuitAppend(): void @@ -397,7 +377,7 @@ public function testUnverifiedBiscuitAppend(): void $block->addCode('check if true'); $utoken2 = $utoken->append($block); - $this->assertEquals(2, $utoken2->blockCount()); + static::assertSame(2, $utoken2->blockCount()); } public function testRevocationIds(): void @@ -408,15 +388,15 @@ public function testRevocationIds(): void $biscuit = $builder->build($kp->private()); $revocationIds = $biscuit->revocationIds(); - $this->assertIsArray($revocationIds); - $this->assertCount(1, $revocationIds); + static::assertIsArray($revocationIds); + static::assertCount(1, $revocationIds); $block = new BlockBuilder(); $block->addCode('resource("file1")'); $biscuit2 = $biscuit->append($block); $revocationIds2 = $biscuit2->revocationIds(); - $this->assertCount(2, $revocationIds2); + static::assertCount(2, $revocationIds2); } public function testThirdPartyBlocks(): void @@ -431,43 +411,45 @@ public function testThirdPartyBlocks(): void $newBlock->addCodeWithParams('external_fact({fact})', ['fact' => '56'], []); $thirdPartyRequest = $biscuit->thirdPartyRequest(); - $this->assertInstanceOf(ThirdPartyRequest::class, $thirdPartyRequest); + static::assertInstanceOf(ThirdPartyRequest::class, $thirdPartyRequest); $thirdPartyBlock = $thirdPartyRequest->createBlock($thirdPartyKp->private(), $newBlock); - $this->assertInstanceOf(ThirdPartyBlock::class, $thirdPartyBlock); + static::assertInstanceOf(ThirdPartyBlock::class, $thirdPartyBlock); $biscuitWithThirdParty = $biscuit->appendThirdParty($thirdPartyKp->public(), $thirdPartyBlock); - $this->assertInstanceOf(Biscuit::class, $biscuitWithThirdParty); + static::assertInstanceOf(Biscuit::class, $biscuitWithThirdParty); - $this->assertEquals(2, $biscuitWithThirdParty->blockCount()); + static::assertSame(2, $biscuitWithThirdParty->blockCount()); $externalKey = $biscuitWithThirdParty->blockExternalKey(1); - $this->assertInstanceOf(PublicKey::class, $externalKey); - $this->assertEquals($thirdPartyKp->public()->toHex(), $externalKey->toHex()); + static::assertInstanceOf(PublicKey::class, $externalKey); + static::assertSame($thirdPartyKp->public()->toHex(), $externalKey->toHex()); } public function testPEMKeyImport(): void { $privatePem = "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIASZaU0NoF3KxABSZj5x1QwVOUZfiSbf6SAzz3qq1T1l\n-----END PRIVATE KEY-----"; - $privateKeyHex = "ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65"; + $privateKeyHex = 'ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65'; $privateKey = PrivateKey::fromPem($privatePem); - $this->assertEquals($privateKeyHex, $privateKey->toHex()); + static::assertSame($privateKeyHex, $privateKey->toHex()); $kp = KeyPair::fromPrivateKey($privateKey); - $this->assertInstanceOf(KeyPair::class, $kp); + static::assertInstanceOf(KeyPair::class, $kp); } public function testDERKeyImport(): void { - $privateDer = hex2bin("302e020100300506032b6570042204200499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65"); - $privateKeyHex = "ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65"; + $privateDer = hex2bin( + '302e020100300506032b6570042204200499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65', + ); + $privateKeyHex = 'ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65'; $privateKey = PrivateKey::fromDer($privateDer); - $this->assertEquals($privateKeyHex, $privateKey->toHex()); + static::assertSame($privateKeyHex, $privateKey->toHex()); $kp = KeyPair::fromPrivateKey($privateKey); - $this->assertInstanceOf(KeyPair::class, $kp); + static::assertInstanceOf(KeyPair::class, $kp); } public function testSetRootKeyId(): void @@ -481,7 +463,7 @@ public function testSetRootKeyId(): void $base64 = $biscuit->toBase64(); $utoken = UnverifiedBiscuit::fromBase64($base64); - $this->assertEquals(42, $utoken->rootKeyId()); + static::assertSame(42, $utoken->rootKeyId()); } public function testFactWithSet(): void @@ -489,7 +471,7 @@ public function testFactWithSet(): void $fact = new Fact('user({name})'); $fact->set('name', 'alice'); - $this->assertInstanceOf(Fact::class, $fact); + static::assertInstanceOf(Fact::class, $fact); } public function testRuleWithSet(): void @@ -497,7 +479,7 @@ public function testRuleWithSet(): void $rule = new Rule('can_read($u, {res}) <- user($u), resource({res})'); $rule->set('res', 'file1'); - $this->assertInstanceOf(Rule::class, $rule); + static::assertInstanceOf(Rule::class, $rule); } public function testCheckWithSet(): void @@ -505,7 +487,7 @@ public function testCheckWithSet(): void $check = new Check('check if user({username})'); $check->set('username', 'alice'); - $this->assertInstanceOf(Check::class, $check); + static::assertInstanceOf(Check::class, $check); } public function testPolicyWithSet(): void @@ -513,7 +495,7 @@ public function testPolicyWithSet(): void $policy = new Policy('allow if user({username})'); $policy->set('username', 'alice'); - $this->assertInstanceOf(Policy::class, $policy); + static::assertInstanceOf(Policy::class, $policy); } public function testBlockMerge(): void @@ -526,7 +508,7 @@ public function testBlockMerge(): void $builder1->merge($builder2); - $this->assertInstanceOf(BlockBuilder::class, $builder1); + static::assertInstanceOf(BlockBuilder::class, $builder1); } public function testAuthorizerBuilderMerge(): void @@ -539,7 +521,7 @@ public function testAuthorizerBuilderMerge(): void $builder1->merge($builder2); - $this->assertInstanceOf(AuthorizerBuilder::class, $builder1); + static::assertInstanceOf(AuthorizerBuilder::class, $builder1); } public function testAuthorizerBuilderMergeBlock(): void @@ -552,6 +534,6 @@ public function testAuthorizerBuilderMergeBlock(): void $authBuilder->mergeBlock($blockBuilder); - $this->assertInstanceOf(AuthorizerBuilder::class, $authBuilder); + static::assertInstanceOf(AuthorizerBuilder::class, $authBuilder); } } diff --git a/tests/BlockBuilderTest.php b/tests/BlockBuilderTest.php index 0c42a58..a415f1e 100644 --- a/tests/BlockBuilderTest.php +++ b/tests/BlockBuilderTest.php @@ -1,10 +1,12 @@ set('id', 'uuid'); - self::assertEquals( - 'check if resource("uuid"), operation("read") or admin("authority")', - (string) $check, - ); + static::assertSame('check if resource("uuid"), operation("read") or admin("authority")', (string) $check); } public function testExcpetionWhenBadCheck(): void { $this->expectException(InvalidCheck::class); - $this->expectExceptionMessage('error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "wrong", message: None }] }'); + $this->expectExceptionMessage( + 'error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "wrong", message: None }] }', + ); new Check('wrong'); } diff --git a/tests/FactTest.php b/tests/FactTest.php index e9e9aa7..b1aa34a 100644 --- a/tests/FactTest.php +++ b/tests/FactTest.php @@ -1,5 +1,7 @@ set('id', 15); - self::assertEquals( - 'user(15)', - (string) $fact, - ); + static::assertSame('user(15)', (string) $fact); } public function testExcpetionWhenBadFact(): void { $this->expectException(InvalidFact::class); - $this->expectExceptionMessage('error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "", message: None }] }'); + $this->expectExceptionMessage( + 'error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "", message: None }] }', + ); new Fact('wrong'); } diff --git a/tests/KeyPairTest.php b/tests/KeyPairTest.php index a94b127..e500de8 100644 --- a/tests/KeyPairTest.php +++ b/tests/KeyPairTest.php @@ -1,5 +1,7 @@ assertInstanceOf(KeyPair::class, $keyPair); - $this->assertInstanceOf(PublicKey::class, $keyPair->public()); - $this->assertInstanceOf(PrivateKey::class, $keyPair->private()); - $this->assertIsString($keyPair->public()->toHex()); + static::assertInstanceOf(KeyPair::class, $keyPair); + static::assertInstanceOf(PublicKey::class, $keyPair->public()); + static::assertInstanceOf(PrivateKey::class, $keyPair->private()); + static::assertIsString($keyPair->public()->toHex()); } public function testNewWithAlgorithmDefault(): void { $keyPair = KeyPair::newWithAlgorithm(); - $this->assertInstanceOf(KeyPair::class, $keyPair); - $this->assertStringStartsWith('ed25519/', $keyPair->public()->toHex()); + static::assertInstanceOf(KeyPair::class, $keyPair); + static::assertStringStartsWith('ed25519/', $keyPair->public()->toHex()); } public function testNewWithAlgorithmEd25519(): void { $keyPair = KeyPair::newWithAlgorithm(0); - $this->assertInstanceOf(KeyPair::class, $keyPair); - $this->assertStringStartsWith('ed25519/', $keyPair->public()->toHex()); + static::assertInstanceOf(KeyPair::class, $keyPair); + static::assertStringStartsWith('ed25519/', $keyPair->public()->toHex()); } public function testNewWithAlgorithmSecp256r1(): void { $keyPair = KeyPair::newWithAlgorithm(1); - $this->assertInstanceOf(KeyPair::class, $keyPair); - $this->assertStringStartsWith('secp256r1/', $keyPair->public()->toHex()); + static::assertInstanceOf(KeyPair::class, $keyPair); + static::assertStringStartsWith('secp256r1/', $keyPair->public()->toHex()); } public function testFromPrivateKey(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $keyPair = KeyPair::fromPrivateKey($privateKey); - $this->assertInstanceOf(KeyPair::class, $keyPair); - $this->assertEquals($privateKeyHex, $keyPair->private()->toHex()); + static::assertInstanceOf(KeyPair::class, $keyPair); + static::assertSame($privateKeyHex, $keyPair->private()->toHex()); } public function testFromPrivateKeyRoundTrip(): void @@ -61,23 +63,17 @@ public function testFromPrivateKeyRoundTrip(): void $reconstructedKeyPair = KeyPair::fromPrivateKey($privateKey); - $this->assertEquals( - $originalKeyPair->public()->toHex(), - $reconstructedKeyPair->public()->toHex() - ); - $this->assertEquals( - $originalKeyPair->private()->toHex(), - $reconstructedKeyPair->private()->toHex() - ); + static::assertSame($originalKeyPair->public()->toHex(), $reconstructedKeyPair->public()->toHex()); + static::assertSame($originalKeyPair->private()->toHex(), $reconstructedKeyPair->private()->toHex()); } public function testPrivateKeyConstruction(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); - $this->assertInstanceOf(PrivateKey::class, $privateKey); - $this->assertEquals($privateKeyHex, $privateKey->toHex()); + static::assertInstanceOf(PrivateKey::class, $privateKey); + static::assertSame($privateKeyHex, $privateKey->toHex()); } public function testInvalidPrivateKeyException(): void @@ -89,109 +85,111 @@ public function testInvalidPrivateKeyException(): void public function testPrivateKeyToBytes(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $bytes = $privateKey->toBytes(); - $this->assertIsArray($bytes); - $this->assertNotEmpty($bytes); - $this->assertCount(32, $bytes); + static::assertIsArray($bytes); + static::assertNotEmpty($bytes); + static::assertCount(32, $bytes); } public function testPrivateKeyFromBytes(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $bytes = $privateKey->toBytes(); $reconstructed = PrivateKey::fromBytes(pack('C*', ...$bytes)); - $this->assertEquals($privateKeyHex, $reconstructed->toHex()); + static::assertSame($privateKeyHex, $reconstructed->toHex()); } public function testPrivateKeyFromBytesWithExplicitAlgorithm(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); $bytes = $privateKey->toBytes(); $reconstructed = PrivateKey::fromBytes(pack('C*', ...$bytes), 0); - $this->assertEquals($privateKeyHex, $reconstructed->toHex()); + static::assertSame($privateKeyHex, $reconstructed->toHex()); } public function testPrivateKeyFromPem(): void { $privatePem = "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIASZaU0NoF3KxABSZj5x1QwVOUZfiSbf6SAzz3qq1T1l\n-----END PRIVATE KEY-----"; - $expectedHex = "ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65"; + $expectedHex = 'ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65'; $privateKey = PrivateKey::fromPem($privatePem); - $this->assertInstanceOf(PrivateKey::class, $privateKey); - $this->assertEquals($expectedHex, $privateKey->toHex()); + static::assertInstanceOf(PrivateKey::class, $privateKey); + static::assertSame($expectedHex, $privateKey->toHex()); } public function testPrivateKeyFromDer(): void { - $privateDer = hex2bin("302e020100300506032b6570042204200499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65"); - $expectedHex = "ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65"; + $privateDer = hex2bin( + '302e020100300506032b6570042204200499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65', + ); + $expectedHex = 'ed25519-private/0499694d0da05dcac40052663e71d50c1539465f8926dfe92033cf7aaad53d65'; $privateKey = PrivateKey::fromDer($privateDer); - $this->assertInstanceOf(PrivateKey::class, $privateKey); - $this->assertEquals($expectedHex, $privateKey->toHex()); + static::assertInstanceOf(PrivateKey::class, $privateKey); + static::assertSame($expectedHex, $privateKey->toHex()); } public function testPrivateKeyToString(): void { - $privateKeyHex = "ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97"; + $privateKeyHex = 'ed25519-private/473b5189232f3f597b5c2f3f9b0d5e28b1ee4e7cce67ec6b7fbf5984157a6b97'; $privateKey = new PrivateKey($privateKeyHex); - $this->assertEquals($privateKeyHex, (string)$privateKey); + static::assertSame($privateKeyHex, (string) $privateKey); } public function testPublicKeyConstruction(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); - $this->assertInstanceOf(PublicKey::class, $publicKey); - $this->assertEquals($publicKeyHex, $publicKey->toHex()); + static::assertInstanceOf(PublicKey::class, $publicKey); + static::assertSame($publicKeyHex, $publicKey->toHex()); } public function testPublicKeyToBytes(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); $bytes = $publicKey->toBytes(); - $this->assertIsArray($bytes); - $this->assertNotEmpty($bytes); - $this->assertCount(32, $bytes); + static::assertIsArray($bytes); + static::assertNotEmpty($bytes); + static::assertCount(32, $bytes); } public function testPublicKeyFromBytes(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); $bytes = $publicKey->toBytes(); $reconstructed = PublicKey::fromBytes(pack('C*', ...$bytes)); - $this->assertEquals($publicKeyHex, $reconstructed->toHex()); + static::assertSame($publicKeyHex, $reconstructed->toHex()); } public function testPublicKeyFromBytesWithExplicitAlgorithm(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); $bytes = $publicKey->toBytes(); $reconstructed = PublicKey::fromBytes(pack('C*', ...$bytes), 0); - $this->assertEquals($publicKeyHex, $reconstructed->toHex()); + static::assertSame($publicKeyHex, $reconstructed->toHex()); } public function testPublicKeyFromKeyPair(): void @@ -199,16 +197,16 @@ public function testPublicKeyFromKeyPair(): void $keyPair = new KeyPair(); $publicKey = $keyPair->public(); - $this->assertInstanceOf(PublicKey::class, $publicKey); - $this->assertStringStartsWith('ed25519/', $publicKey->toHex()); + static::assertInstanceOf(PublicKey::class, $publicKey); + static::assertStringStartsWith('ed25519/', $publicKey->toHex()); } public function testPublicKeyToString(): void { - $publicKeyHex = "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"; + $publicKeyHex = 'ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189'; $publicKey = new PublicKey($publicKeyHex); - $this->assertEquals($publicKeyHex, (string)$publicKey); + static::assertSame($publicKeyHex, (string) $publicKey); } public function testKeyPairPublicPrivateConsistency(): void @@ -217,11 +215,11 @@ public function testKeyPairPublicPrivateConsistency(): void $publicKey = $keyPair->public(); $privateKey = $keyPair->private(); - $this->assertMatchesRegularExpression('/^ed25519\/[0-9a-f]{64}$/', $publicKey->toHex()); - $this->assertMatchesRegularExpression('/^ed25519-private\/[0-9a-f]{64}$/', $privateKey->toHex()); + static::assertMatchesRegularExpression('/^ed25519\/[0-9a-f]{64}$/', $publicKey->toHex()); + static::assertMatchesRegularExpression('/^ed25519-private\/[0-9a-f]{64}$/', $privateKey->toHex()); $reconstructed = KeyPair::fromPrivateKey($privateKey); - $this->assertEquals($publicKey->toHex(), $reconstructed->public()->toHex()); + static::assertSame($publicKey->toHex(), $reconstructed->public()->toHex()); } public function testMultipleKeyPairsAreUnique(): void @@ -229,16 +227,16 @@ public function testMultipleKeyPairsAreUnique(): void $keyPair1 = new KeyPair(); $keyPair2 = new KeyPair(); - $this->assertNotEquals( + static::assertNotSame( $keyPair1->public()->toHex(), $keyPair2->public()->toHex(), - 'Different KeyPair instances should generate different keys' + 'Different KeyPair instances should generate different keys', ); - $this->assertNotEquals( + static::assertNotSame( $keyPair1->private()->toHex(), $keyPair2->private()->toHex(), - 'Different KeyPair instances should generate different private keys' + 'Different KeyPair instances should generate different private keys', ); } @@ -248,13 +246,13 @@ public function testKeySerializationRoundTrip(): void $publicBytes = $originalKeyPair->public()->toBytes(); $publicReconstructed = PublicKey::fromBytes(pack('C*', ...$publicBytes)); - $this->assertEquals($originalKeyPair->public()->toHex(), $publicReconstructed->toHex()); + static::assertSame($originalKeyPair->public()->toHex(), $publicReconstructed->toHex()); $privateBytes = $originalKeyPair->private()->toBytes(); $privateReconstructed = PrivateKey::fromBytes(pack('C*', ...$privateBytes)); - $this->assertEquals($originalKeyPair->private()->toHex(), $privateReconstructed->toHex()); + static::assertSame($originalKeyPair->private()->toHex(), $privateReconstructed->toHex()); $reconstructedKeyPair = KeyPair::fromPrivateKey($privateReconstructed); - $this->assertEquals($originalKeyPair->public()->toHex(), $reconstructedKeyPair->public()->toHex()); + static::assertSame($originalKeyPair->public()->toHex(), $reconstructedKeyPair->public()->toHex()); } } diff --git a/tests/PolicyTest.php b/tests/PolicyTest.php index 7a640e0..68e7357 100644 --- a/tests/PolicyTest.php +++ b/tests/PolicyTest.php @@ -1,5 +1,7 @@ set('test', true); - self::assertEquals( - 'allow if resource(true)', - (string) $policy, - ); + static::assertSame('allow if resource(true)', (string) $policy); } public function testExcpetionWhenBadPolicy(): void { $this->expectException(InvalidPolicy::class); - $this->expectExceptionMessage('error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "wrong", message: None }] }'); + $this->expectExceptionMessage( + 'error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "wrong", message: None }] }', + ); new Policy('wrong'); } diff --git a/tests/RbacExampleTest.php b/tests/RbacExampleTest.php index 851f7f2..e120b51 100644 --- a/tests/RbacExampleTest.php +++ b/tests/RbacExampleTest.php @@ -4,12 +4,10 @@ namespace Biscuit\Tests; -use Biscuit\Auth\{ - AuthorizerBuilder, - Biscuit, - BiscuitBuilder, - KeyPair -}; +use Biscuit\Auth\AuthorizerBuilder; +use Biscuit\Auth\Biscuit; +use Biscuit\Auth\BiscuitBuilder; +use Biscuit\Auth\KeyPair; use Biscuit\Exception\AuthorizerError; use PHPUnit\Framework\TestCase; @@ -43,11 +41,7 @@ public function testAdminServiceCanPerformCriticalOperations(): void // 1. CREATE TOKEN: payment-api has service-admin role for critical priority $tokenBuilder = new BiscuitBuilder(); - $tokenBuilder->addCodeWithParams( - 'user({id})', - ['id' => 'payment-api'], - [] - ); + $tokenBuilder->addCodeWithParams('user({id})', ['id' => 'payment-api'], []); $tokenBuilder->addCodeWithParams( 'user_roles({id}, "api", {priority}, {roles})', [ @@ -55,7 +49,7 @@ public function testAdminServiceCanPerformCriticalOperations(): void 'priority' => 'critical', 'roles' => ['service-admin'], ], - [] + [], ); $token = $tokenBuilder->build($keyPair->private()); @@ -71,7 +65,7 @@ public function testAdminServiceCanPerformCriticalOperations(): void 'role' => 'service-admin', 'permissions' => ['api:read', 'api:write', 'api:delete', 'api:admin'], ], - [] + [], ); // RBAC Logic: Derive rights from user_roles + role definitions @@ -97,7 +91,7 @@ public function testAdminServiceCanPerformCriticalOperations(): void $authorizer = $authBuilder->build($token); $authorizer->authorize(); - $this->assertTrue(true, 'Admin service should be able to perform critical operations'); + static::assertTrue(true, 'Admin service should be able to perform critical operations'); } public function testWriterServiceCannotPerformCriticalOperations(): void @@ -106,11 +100,7 @@ public function testWriterServiceCannotPerformCriticalOperations(): void // 1. CREATE TOKEN: notification-api has service-writer role for normal priority only $tokenBuilder = new BiscuitBuilder(); - $tokenBuilder->addCodeWithParams( - 'user({id})', - ['id' => 'notification-api'], - [] - ); + $tokenBuilder->addCodeWithParams('user({id})', ['id' => 'notification-api'], []); $tokenBuilder->addCodeWithParams( 'user_roles({id}, "api", {priority}, {roles})', [ @@ -118,7 +108,7 @@ public function testWriterServiceCannotPerformCriticalOperations(): void 'priority' => 'normal', 'roles' => ['service-writer'], ], - [] + [], ); $token = $tokenBuilder->build($keyPair->private()); @@ -134,7 +124,7 @@ public function testWriterServiceCannotPerformCriticalOperations(): void 'role' => 'service-writer', 'permissions' => ['api:read', 'api:write'], ], - [] + [], ); // Same RBAC logic @@ -178,7 +168,7 @@ public function testPriorityScopedRoles(): void 'priority' => 'critical', 'roles' => ['service-admin'], ], - [] + [], ); // Writer for normal priority @@ -189,7 +179,7 @@ public function testPriorityScopedRoles(): void 'priority' => 'normal', 'roles' => ['service-writer'], ], - [] + [], ); $token = $tokenBuilder->build($keyPair->private()); @@ -199,7 +189,7 @@ public function testPriorityScopedRoles(): void $authBuilder1->addCodeWithParams( 'role("critical", "service-admin", {perms})', ['perms' => ['api:read', 'api:write', 'api:delete', 'api:admin']], - [] + [], ); $authBuilder1->addCode(' right($id, $p, $op, $priority) <- @@ -212,14 +202,14 @@ public function testPriorityScopedRoles(): void $authBuilder1->addCode('operation("api:delete"); resource("critical");'); $authBuilder1->build($token)->authorize(); - $this->assertTrue(true, 'payment-api can perform api:delete at critical priority (admin)'); + static::assertTrue(true, 'payment-api can perform api:delete at critical priority (admin)'); // TEST 2: payment-api CANNOT perform api:delete at normal priority (only writer role) $authBuilder2 = new AuthorizerBuilder(); $authBuilder2->addCodeWithParams( 'role("normal", "service-writer", {perms})', ['perms' => ['api:read', 'api:write']], - [] + [], ); $authBuilder2->addCode(' right($id, $p, $op, $priority) <- diff --git a/tests/RuleTest.php b/tests/RuleTest.php index a780206..c0cfbb5 100644 --- a/tests/RuleTest.php +++ b/tests/RuleTest.php @@ -1,5 +1,7 @@ set('test', 15); - self::assertEquals( - 'right(15, "read") <- resource(15), operation("read")', - (string) $rule, - ); + static::assertSame('right(15, "read") <- resource(15), operation("read")', (string) $rule); } public function testExcpetionWhenBadRule(): void { $this->expectException(InvalidRule::class); - $this->expectExceptionMessage('error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "", message: None }] }'); + $this->expectExceptionMessage( + 'error generating Datalog: datalog parsing error: ParseErrors { errors: [ParseError { input: "", message: None }] }', + ); new Rule('wrong'); } diff --git a/tests/bootstrap.php b/tests/bootstrap.php index f74fed3..08d122b 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,3 +1,5 @@