better debugging and small refactor

Author: pbergman

README.md

@@ -9,14 +9,14 @@ It can be used to validate push/pull and registration us users for you private r
 ###Configuring
 
 
-property | description
+property | type | description
 ---------|-------------
-prop.public_key   |  the private key, should be the content not file location
-prop.private_key  |  the public key, should be the content not file location
-prop.audience     |  audience that is registered in the registry (server name of registry)
-prop.issuer       |  issuer that is registered in the registry (server name of this server)
-prop.log_level    |  array of log levels to display
-prop.log_file     |  log file for logging , if non is given it will use stdout
+prop.public_key   | string |  the private key, should be the content not file location
+prop.private_key  | string |  the public key, should be the content not file location
+prop.audience     | string |  audience that is registered in the registry (server name of registry)
+prop.issuer       | string |  issuer that is registered in the registry (server name of this server)
+prop.log_level    | string\|array |  log level[s] to display (example: ['error', 'info'])
+prop.log_file     |string |  log file for logging , if non is given it will use stdout
 
 
 the config should be given as argument with the constructor:

src/DockerToken/Application.php

@@ -37,40 +37,8 @@ public function __construct(array $values = array())
      */
     protected function initialize()
     {
-        if (!isset($this['prop.public_key'])) {
-            throw new ParameterException('No public key defined');
-        }
-        if (!isset($this['prop.private_key'])) {
-            throw new ParameterException('No private key defined');
-        }
-        if (!isset($this['prop.audience'])) {
-            throw new ParameterException('No audience for claim defined');
-        }
-        if (!isset($this['prop.issuer'])) {
-            throw new ParameterException('No issuer for claim defined');
-        }
-
-        if (isset($this['prop.log_level']) && is_array($this['prop.log_level'])) {
-            $level = $this['prop.log_level'];
-        } else {
-            $level = null;
-        }
-
-        if (isset($this['prop.log_file'])) {
-
-            if (is_file($this['prop.log_file'])) {
-                $this['prop.log_file'] = fopen($this['prop.log_file'], 'a+');
-            }
-
-            if (!is_resource($this['prop.log_file'])) {
-                throw new ParameterException('Log file should be valid file or resource');
-            }
-
-            $this['logger'] = new StreamLogger($this['prop.log_file'], $level);
-        } else {
-            $this['logger'] = new StreamLogger(fopen('php://stdout', 'a+'), $level);
-        }
-
+        $this->validateOptions();
+        $this->initializeLogger();
         $this->configureRoute();
     }
 
@@ -84,8 +52,11 @@ protected function configureRoute()
 
             try {
                 $parameters = new Parameters($this);
-                $token = new ClaimSet($this['prop.audience'], $parameters->getAccount(), $this['prop.issuer']);
-
+                $token = new ClaimSet(
+                    $this['prop.audience'],
+                    $parameters->getAccount(),
+                    $this['prop.issuer']
+                );
                 if (null !== $scope = $parameters->getScope()) {
                     list($type, $name, $actions) = explode(':', $scope, 3);
                     $token->addAccess(new Access($type, $name, explode(',', $actions)));
@@ -101,22 +72,76 @@ protected function configureRoute()
                     }
                 }
 
-                $token = JWT::encode($token->getArrayCopy(), $this['prop.private_key'], 'RS256', $this->getKid());
-
                 return $this->json(
-                    ['token' => $token],
-                    Response::HTTP_OK,
-                    ['Content-Type' => 'application/json']
+                    [
+                        'token' =>  JWT::encode(
+                            $token->getArrayCopy(),
+                            $this['prop.private_key'],
+                            'RS256',
+                            $this->getKid()
+                        ),
+                    ],
+                    Response::HTTP_OK
                 );
 
-
             } catch (InvalidAccessException $e) {
-                return new Response('Invalid credentials', Response::HTTP_UNAUTHORIZED);
+                return new Response(
+                    $e->getMessage(),
+                    Response::HTTP_UNAUTHORIZED
+                );
+            } catch (\Exception $e) {
+                $this['logger']->error(
+                    sprintf('Exception thrown: %s @ %s(%s),', $e->getMessage(), $e->getFile(), $e->getLine()));
+                return new Response($e->getMessage(), Response::HTTP_INTERNAL_SERVER_ERROR);
             }
-
         });
     }
 
+    /**
+     * validate the given options
+     *
+     * @throws ParameterException
+     */
+    protected function validateOptions()
+    {
+        if (!isset($this['prop.public_key'])) {
+            throw new ParameterException('No public key defined');
+        }
+        if (!isset($this['prop.private_key'])) {
+            throw new ParameterException('No private key defined');
+        }
+        if (!isset($this['prop.audience'])) {
+            throw new ParameterException('No audience for claim defined');
+        }
+        if (!isset($this['prop.issuer'])) {
+            throw new ParameterException('No issuer for claim defined');
+        }
+    }
+
+    /**
+     * Setup logger
+     */
+    protected function initializeLogger()
+    {
+        $levels = (isset($this['prop.log_level'])) ? (array) $this['prop.log_level'] : null;
+
+        if (isset($this['prop.log_file'])) {
+
+            if (is_file($this['prop.log_file'])) {
+                $this['prop.log_file'] = fopen($this['prop.log_file'], 'a+');
+            }
+
+            if (!is_resource($this['prop.log_file'])) {
+                throw new ParameterException(sprintf('Logger file should be valid file or resource, given "%s"', gettype($this['prop.log_file'])));
+            }
+
+            $this['logger'] = new StreamLogger($this['prop.log_file'], $levels);
+        } else {
+            $this['logger'] = new StreamLogger(fopen('php://stdout', 'w'), $levels);
+        }
+     }
+
+
 
     /**
      * Create a kid from the public that the registry will
@@ -131,7 +156,8 @@ public function getKid()
             throw new InvalidAccessException();
         }
         $key = preg_replace('/\n|\r/', '',  $m['DATA']);
-        return implode(':', array_slice(str_split(rtrim(Base32::encode(hash('sha256', base64_decode($key), true)), '='), 4), 0, 12));
+        $key = array_slice(str_split(rtrim(Base32::encode(hash('sha256', base64_decode($key), true)), '='), 4), 0, 12);
+        return implode(':', $key);
     }
 
 }

src/DockerToken/Exception/InvalidAccessException.php

@@ -5,7 +5,13 @@
  */
 namespace DockerToken\Exception;
 
+use Exception;
+
 class InvalidAccessException extends \Exception implements ExceptionInterface
 {
+    public function __construct($message = 'Invalid credentials')
+    {
+        parent::__construct($message);
+    }
 
 }

src/DockerToken/Exception/InvalidRequestException.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * @author    Philip Bergman <pbergman@live.nl>
+ * @copyright Philip Bergman
+ */
+namespace DockerToken\Exception;
+
+use Exception;
+
+class InvalidRequestException extends \Exception implements ExceptionInterface
+{
+    public function __construct($message = 'Invalid request')
+    {
+        parent::__construct($message);
+    }
+
+}

src/DockerToken/Request/Parameters.php

@@ -6,7 +6,7 @@
 namespace DockerToken\Request;
 
 use DockerToken\Application;
-use DockerToken\Exception\InvalidAccessException;
+use DockerToken\Exception\InvalidRequestException;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpFoundation\Request;
 
@@ -41,7 +41,7 @@ function __construct(Application $app)
      * get username and password from the headers
      *
      * @param   Request $request
-     * @throws  InvalidAccessException
+     * @throws  InvalidRequestException
      */
     protected function parseAuthorization(Request $request)
     {
@@ -51,14 +51,19 @@ protected function parseAuthorization(Request $request)
 
         if (is_null($username) || is_null($password)) {
             if (null === $authorization = $headers->get('authorization')) {
-                $this->logger->critical('Could not get authorization header');
-                throw new InvalidAccessException('Could not get authorization header');
+                $this->logger->error(
+                    sprintf(
+                        'Could not get authorization from header, got: "%s"',
+                        implode('", "', $headers->keys())
+                    )
+                );
+                throw new InvalidRequestException();
             } else {
                 if (preg_match('/^(.*):(.*)$/', base64_decode($authorization), $m)) {
                     list(, $username, $password) = $m;
                 } else {
-                    $this->logger->error('Authorization header is invalid');
-                    throw new InvalidAccessException('Authorization header is invalid');
+                    $this->logger->error(sprintf('Authorization header is invalid, "%s', base64_decode($authorization)));
+                    throw new InvalidRequestException();
                 }
             }
         }