First commit

paulredmond · paulredmond · commit 319cf1a66435 · 2017-10-19T16:03:26.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+/vendor
+/.idea
+.DS_Store
+coverage.xml
+composer.lock
diff --git a/.scrutinizer.yml b/.scrutinizer.yml
@@ -0,0 +1,33 @@
+filter:
+    paths: [src/*]
+    excluded_paths: [tests/*]
+checks:
+  php:
+    code_rating: true
+    remove_extra_empty_lines: true
+    remove_php_closing_tag: true
+    remove_trailing_whitespace: true
+    fix_use_statements:
+      remove_unused: true
+      preserve_multiple: false
+      preserve_blanklines: true
+      order_alphabetically: true
+    fix_php_opening_tag: true
+    fix_linefeed: true
+    fix_line_ending: true
+    fix_identation_4spaces: true
+    fix_doc_comments: true
+tools:
+  external_code_coverage: true
+  php_code_coverage: false
+  php_code_sniffer:
+    config:
+      standard: PSR2
+    filter:
+      paths: ['src']
+  php_loc:
+    enabled: true
+    excluded_dirs: [vendor]
+  php_cpd:
+    enabled: true
+    excluded_dirs: [vendor]
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,22 @@
+language: php
+
+php:
+  - 7.0
+  - 7.1
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+before_install:
+  - travis_retry composer self-update
+
+install:
+  - travis_retry composer install --no-interaction --prefer-dist --no-suggest
+
+script:
+  - vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover
+
+after_script:
+  - wget https://scrutinizer-ci.com/ocular.phar
+  - php ocular.phar code-coverage:upload --format=php-clover coverage.clover
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Laravel Shield
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/composer.json b/composer.json
@@ -0,0 +1,32 @@
+{
+    "name": "laravel-shield/mailgun",
+    "description": "A mailgun service for Laravel Shield.",
+    "type": "library",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Ashley Clarke",
+            "email": "me@ashleyclarke.me"
+        },
+        {
+            "name": "Paul Redmond",
+            "email": "paulrredmond@gmail.com"
+        }
+    ],
+    "require": {
+        "laravel-shield/shield": "^1.0"
+    },
+    "require-dev": {
+        "laravel-shield/testing": "^1.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Shield\\Mailgun\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Shield\\Mailgun\\Test\\": "tests/"
+        }
+    }
+}
diff --git a/phpunit.xml b/phpunit.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         bootstrap="vendor/autoload.php"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false">
+    <testsuites>
+
+        <testsuite name="Unit Tests">
+            <directory suffix="Test.php">./tests/Unit</directory>
+        </testsuite>
+
+    </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src</directory>
+        </whitelist>
+    </filter>
+    <php>
+        <env name="APP_ENV" value="testing"/>
+        <env name="CACHE_DRIVER" value="array"/>
+        <env name="SESSION_DRIVER" value="array"/>
+        <env name="QUEUE_DRIVER" value="sync"/>
+    </php>
+    <logging>
+        <log type="coverage-clover" target="coverage.xml" showUncoveredFiles="true"/>
+    </logging>
+</phpunit>
diff --git a/src/Mailgun.php b/src/Mailgun.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Shield\Mailgun;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Collection;
+use Shield\Shield\Contracts\Service;
+
+/**
+ * Class Skeleton
+ *
+ * @package \Shield\Skeleton
+ */
+class Mailgun implements Service
+{
+    public function verify(Request $request, Collection $config): bool
+    {
+        $tolerance = $config->get('tolerance', 60 * 5);
+        $timestamp = $request->input('timestamp');
+
+        if (
+            ! $request->isMethod('POST') ||
+            abs(time() - $timestamp) > $tolerance
+        ) {
+            return false;
+        }
+
+        $signature = hash_hmac(
+            'sha256',
+            $request->input('timestamp') . $request->input('token'),
+            $config->get('token')
+        );
+
+        return $signature === $request->input('signature');
+    }
+
+    public function headers(): array
+    {
+        return [];
+    }
+}
diff --git a/tests/Unit/ServiceTest.php b/tests/Unit/ServiceTest.php
@@ -0,0 +1,182 @@
+<?php
+
+namespace Shield\Mailgun\Test\Unit;
+
+use Shield\Mailgun\Mailgun;
+use Shield\Testing\TestCase;
+use Illuminate\Http\Request;
+use PHPUnit\Framework\Assert;
+use Illuminate\Support\Carbon;
+use Shield\Shield\Contracts\Service;
+
+/**
+ * Class ServiceTest
+ *
+ * @package \Shield\Mailgun\Test\Unit
+ */
+class ServiceTest extends TestCase
+{
+    /**
+     * @var \Shield\Mailgun\Mailgun
+     */
+    protected $service;
+
+    protected function setUp()
+    {
+        parent::setUp();
+
+        $this->service = new Mailgun;
+    }
+
+    /** @test */
+    public function it_is_a_service()
+    {
+        Assert::assertInstanceOf(Service::class, new Mailgun);
+    }
+
+    /** @test */
+    public function it_can_verify_a_valid_request()
+    {
+        $token = 'raNd0mk3y';
+        $this->app['config']['shield.services.mailgun.options.token'] = $token;
+
+        // Build the signature for the request payload
+        $timestamp = Carbon::now()->timestamp;
+        $signature = $this->buildSignature($timestamp, $token);
+
+        $request = $this->request(json_encode([
+            'timestamp' => $timestamp,
+            'token' => $token,
+            'signature' => $signature,
+        ]));
+
+        $headers = [
+            'Content-Type' => 'application/json'
+        ];
+
+        $request->headers->add($headers);
+
+        Assert::assertTrue($this->service->verify($request, $this->getConfig()));
+    }
+
+    /** @test */
+    public function it_will_not_verify_an_old_request()
+    {
+        $token = 'raNd0mk3y';
+        $tolerance = 60;
+
+        $this->app['config']['shield.services.mailgun.options.token'] = $token;
+        $this->app['config']['shield.services.mailgun.options.tolerance'] = $tolerance;
+
+        // Build the signature for the request payload
+        $timestamp = Carbon::now()->subSeconds($tolerance + 1)->timestamp;
+        $signature = $this->buildSignature($timestamp, $token);
+
+        $request = $this->request(json_encode([
+            'timestamp' => $timestamp,
+            'token' => $token,
+            'signature' => $signature,
+        ]));
+
+        $headers = [
+            'Content-Type' => 'application/json'
+        ];
+
+        $request->headers->add($headers);
+
+        Assert::assertFalse($this->service->verify($request, $this->getConfig()));
+    }
+
+    /** @test */
+    public function it_will_not_verify_a_bad_request()
+    {
+        $token = 'good';
+        $this->app['config']['shield.services.mailgun.options.token'] = $token;
+
+        // Build the signature for the request payload
+        $timestamp = Carbon::now()->timestamp;
+        $signature = $this->buildSignature($timestamp, $token);
+
+        $request = $this->request(json_encode([
+            'timestamp' => $timestamp,
+            'token' => 'bad',
+            'signature' => $signature,
+        ]));
+
+        $headers = [
+            'Content-Type' => 'application/json'
+        ];
+
+        $request->headers->add($headers);
+
+        Assert::assertFalse($this->service->verify($request, $this->getConfig()));
+    }
+
+    /** @test */
+    public function it_requires_a_post_request()
+    {
+        // Set up valid data
+        $token = 'raNd0mk3y';
+        $this->app['config']['shield.services.mailgun.options.token'] = $token;
+
+        // Build the signature for the request payload
+        $timestamp = Carbon::now()->timestamp;
+        $signature = $this->buildSignature($timestamp, $token);
+
+        $requestBody = json_encode([
+            'timestamp' => $timestamp,
+            'token' => $token,
+            'signature' => $signature,
+        ]);
+
+        $examples = ['GET', 'PUT', 'PATCH', 'DELETE', 'POST'];
+
+        foreach ($examples as $example) {
+
+            $request = Request::create('http://example.com', $example, [], [], [], [], $requestBody);
+            $request->headers->add([
+                'Content-Type' => 'application/json'
+            ]);
+
+            $assertion = $example === 'POST' ? 'assertTrue' : 'assertFalse';
+
+            Assert::$assertion(
+                $this->service->verify($request, $this->getConfig()),
+                "Expected $example to $assertion, but it did not."
+            );
+        }
+    }
+
+    /** @test */
+    public function it_has_correct_headers_required()
+    {
+        Assert::assertArraySubset([], $this->service->headers());
+    }
+
+    /**
+     * Get a configuration value for mailgun
+     * @param $value An optional value
+     * @param $default When a value is requested, a default value
+     * 
+     * @return Collection|string
+     */
+    protected function getConfig($value = null, $default = null)
+    {
+        $config = collect($this->app['config']['shield.services.mailgun.options']);
+
+        if ($value === null) {
+            return $config;
+        }
+
+        return $config->get($value, $default);
+    }
+
+    protected function buildSignature($timestamp, $token)
+    {
+        return hash_hmac(
+            'sha256',
+            sprintf('%s%s', $timestamp, $token),
+            $this->getConfig('token')
+        );
+    }
+}
