From 77b7d2c6bc515e562cc17a452da0cf4161cc42e5 Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg.bowler@g105b.com>
Date: Mon, 18 May 2020 23:12:11 +0100
Subject: [PATCH] Send actions as encrypted messages

---
 src/ProviderUri/AbstractProviderUri.php |  4 +-
 src/ProviderUri/LogoutUri.php           |  7 +++-
 test/phpunit/AuthenticatorTest.php      | 49 +++++++++++++++++++++++--
 3 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/src/ProviderUri/AbstractProviderUri.php b/src/ProviderUri/AbstractProviderUri.php
index 747e795..bdd63f4 100644
--- a/src/ProviderUri/AbstractProviderUri.php
+++ b/src/ProviderUri/AbstractProviderUri.php
@@ -35,10 +35,10 @@ protected function normaliseBaseUri(string $baseUri):Uri {
 	protected function buildQuery(
 		Token $token,
 		string $currentPath,
-		string $data = null
+		string $message = null
 	):string {
 		return http_build_query([
-			self::QUERY_STRING_CIPHER => (string)$token->generateRequestCipher($data),
+			self::QUERY_STRING_CIPHER => (string)$token->generateRequestCipher($message),
 			self::QUERY_STRING_INIT_VECTOR => (string)$token->getIv(),
 			self::QUERY_STRING_CURRENT_PATH => bin2hex($currentPath),
 		]);
diff --git a/src/ProviderUri/LogoutUri.php b/src/ProviderUri/LogoutUri.php
index a64f1cd..c2ed192 100644
--- a/src/ProviderUri/LogoutUri.php
+++ b/src/ProviderUri/LogoutUri.php
@@ -10,9 +10,12 @@ public function __construct(
 		string $baseRemoteUri = self::DEFAULT_BASE_REMOTE_URI
 	) {
 		$baseRemoteUri = $this->normaliseBaseUri($baseRemoteUri);
-		$baseRemoteUri = $baseRemoteUri->withPath("/logout");
 
 		parent::__construct($baseRemoteUri);
-		$this->query = $this->buildQuery($token, $currentPath);
+		$this->query = $this->buildQuery(
+			$token,
+			$currentPath,
+			"action=logout"
+		);
 	}
 }
\ No newline at end of file
diff --git a/test/phpunit/AuthenticatorTest.php b/test/phpunit/AuthenticatorTest.php
index 444b3ba..5fba507 100644
--- a/test/phpunit/AuthenticatorTest.php
+++ b/test/phpunit/AuthenticatorTest.php
@@ -64,16 +64,19 @@ public function testIsLoggedInTrueWhenSessionDataSet() {
 		self::assertTrue($sut->isLoggedIn());
 	}
 
-	// TODO: Session shouldn't be cleared on call to logout - instead it should
-	// redirect to the provider, and a new test should asset the response data
-	// contains a logout confirmation.
-	public function TODO_UPDATE_testLogoutClearsSession() {
+	public function testLogoutCallsLogoutUri() {
 		$sessionData = self::createMock(SessionData::class);
 		$_SESSION = [
 			Authenticator::SESSION_KEY => $sessionData
 		];
 
 		$redirectHandler = self::createMock(RedirectHandler::class);
+		$redirectHandler->expects(self::once())
+			->method("redirect")
+			->with(self::callback(fn(UriInterface $uri) =>
+				$uri->getHost() === "login.authwave.com"
+				&& $uri->getPath() === "/logout"
+			));
 
 		$sut = new Authenticator(
 			"test-key",
@@ -83,6 +86,44 @@ public function TODO_UPDATE_testLogoutClearsSession() {
 			$redirectHandler
 		);
 		$sut->logout();
+		self::assertNotEmpty($_SESSION);
+	}
+
+	public function testCompleteAuthFromLogoutClearsSession() {
+		$token = self::createMock(Token::class);
+
+		$sessionData = self::createMock(SessionData::class);
+		$sessionData->method("getToken")
+			->willReturn($token);
+
+		$_SESSION = [
+			Authenticator::SESSION_KEY => $sessionData,
+		];
+
+		$responseCipher = "abcdef";
+
+		$currentUri = "/example-page-" . uniqid();
+		$currentUri .= "?";
+		$currentUri .= http_build_query([
+			Authenticator::RESPONSE_QUERY_PARAMETER => $responseCipher,
+		]);
+
+		$redirectHandler = self::createMock(RedirectHandler::class);
+		$redirectHandler->expects(self::once())
+			->method("redirect")
+			->with(self::callback(fn(UriInterface $uri) =>
+				$uri->getHost() == ""
+				&& $uri->getPath() == $currentUri
+			));
+
+		new Authenticator(
+			"test-key",
+			"/",
+			LoginUri::DEFAULT_BASE_REMOTE_URI,
+			null,
+			$redirectHandler
+		);
+
 		self::assertEmpty($_SESSION);
 	}