Change Server::setAuth() to use bool as async promise resolution value

clue · clue · commit 5a14c290bf54 · 2018-11-17T14:21:43.000+01:00
diff --git a/README.md b/README.md
@@ -676,21 +676,38 @@ the connection will be rejected.
 
 Because your authentication mechanism might take some time to actually check
 the provided authentication credentials (like querying a remote database or webservice),
-the server side uses a [Promise](https://github.com/reactphp/promise) based interface.
+the server side uses a [Promise](https://github.com/reactphp/promise)-based interface.
 While this might seem complex at first, it actually provides a very simple way
 to handle simultanous connections in a non-blocking fashion and increases overall performance.
 
-```PHP
-$server->setAuth(function ($username, $password, $remote) {
-    // either return a boolean success value right away
-    // or use promises for delayed authentication
+You can use the `setAuth(callable $authenticator)` method to configure a callable
+function that should return a `bool` value like this synchronous example:
 
+```php
+$server->setAuth(function ($username, $password, $remote) {
     // $remote is a full URI à la socks5://user:pass@192.168.1.1:1234
     // or socks5s://user:pass@192.168.1.1:1234 for SOCKS over TLS
     // useful for logging or extracting parts, such as the remote IP
     $ip = parse_url($remote, PHP_URL_HOST);
 
-    return ($username === 'root' && $ip === '127.0.0.1');
+    return ($username === 'root' && $password === 'secret' && $ip === '127.0.0.1');
+});
+```
+
+Similarly, you can return a [Promise](https://github.com/reactphp/promise) from
+the authenticator function that will fulfill with a `bool` value like this async
+example:
+
+```php
+$server->setAuth(function ($username, $password) use ($db) {
+    // pseudo-code: query database for given authentication details
+    return $db->query(
+        'SELECT 1 FROM users WHERE name = ? AND password = ?',
+        array($username, $password)
+    )->then(function (QueryResult $result) {
+        // ensure we find exactly one match in the database
+        return count($result->resultRows) === 1;
+    });
 });
 ```
 
diff --git a/src/Server.php b/src/Server.php
@@ -3,8 +3,6 @@
 namespace Clue\React\Socks;
 
 use React\Socket\ServerInterface;
-use React\Promise;
-use React\Promise\Deferred;
 use React\Promise\PromiseInterface;
 use React\Socket\ConnectorInterface;
 use React\Socket\Connector;
@@ -71,13 +69,9 @@ public function setAuth($auth)
 
         // wrap authentication callback in order to cast its return value to a promise
         $this->auth = function($username, $password, $remote) use ($auth) {
-            $ret = call_user_func($auth, $username, $password, $remote);
-            if ($ret instanceof PromiseInterface) {
-                return $ret;
-            }
-            $deferred = new Deferred();
-            $ret ? $deferred->resolve() : $deferred->reject();
-            return $deferred->promise();
+            return  \React\Promise\resolve(
+                call_user_func($auth, $username, $password, $remote)
+            );
         };
     }
 
@@ -215,7 +209,7 @@ public function handleSocks4(ConnectionInterface $stream, StreamReader $reader)
     }
 
     /** @internal */
-    public function handleSocks5(ConnectionInterface $stream, $auth=null, StreamReader $reader)
+    public function handleSocks5(ConnectionInterface $stream, $auth, StreamReader $reader)
     {
         $remote = $stream->getRemoteAddress();
         if ($remote !== null) {
@@ -255,13 +249,19 @@ public function handleSocks5(ConnectionInterface $stream, $auth=null, StreamRead
                             $remote = str_replace('://', '://' . rawurlencode($username) . ':' . rawurlencode($password) . '@', $remote);
                         }
 
-                        return $auth($username, $password, $remote)->then(function () use ($stream) {
-                            // accept
-                            $stream->write(pack('C2', 0x01, 0x00));
-                        }, function() use ($stream) {
-                            // reject => send any code but 0x00
+                        return $auth($username, $password, $remote)->then(function ($authenticated) use ($stream) {
+                            if ($authenticated) {
+                                // accept auth
+                                $stream->write(pack('C2', 0x01, 0x00));
+                            } else {
+                                // reject auth => send any code but 0x00
+                                $stream->end(pack('C2', 0x01, 0xFF));
+                                throw new UnexpectedValueException('Authentication denied');
+                            }
+                        }, function ($e) use ($stream) {
+                            // reject failed authentication => send any code but 0x00
                             $stream->end(pack('C2', 0x01, 0xFF));
-                            throw new UnexpectedValueException('Unable to authenticate');
+                            throw new UnexpectedValueException('Authentication error', 0, $e);
                         });
                     });
                 });
@@ -336,7 +336,7 @@ public function connectTarget(ConnectionInterface $stream, array $target)
         // validate URI so a string hostname can not pass excessive URI parts
         $parts = parse_url('tcp://' . $uri);
         if (!$parts || !isset($parts['scheme'], $parts['host'], $parts['port']) || count($parts) !== 3) {
-            return Promise\reject(new InvalidArgumentException('Invalid target URI given'));
+            return \React\Promise\reject(new InvalidArgumentException('Invalid target URI given'));
         }
 
         if (isset($target[2])) {
diff --git a/tests/FunctionalTest.php b/tests/FunctionalTest.php
@@ -302,6 +302,39 @@ public function testConnectionInvalidAuthenticationMismatch()
         $this->assertRejectPromise($this->client->connect('www.google.com:80'), null, SOCKET_EACCES);
     }
 
+    public function testConnectionInvalidAuthenticatorReturnsFalse()
+    {
+        $this->server->setAuth(function () {
+            return false;
+        });
+
+        $this->client = new Client('user:pass@127.0.0.1:' . $this->port, $this->connector);
+
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), null, SOCKET_EACCES);
+    }
+
+    public function testConnectionInvalidAuthenticatorReturnsPromiseFulfilledWithFalse()
+    {
+        $this->server->setAuth(function () {
+            return \React\Promise\resolve(false);
+        });
+
+        $this->client = new Client('user:pass@127.0.0.1:' . $this->port, $this->connector);
+
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), null, SOCKET_EACCES);
+    }
+
+    public function testConnectionInvalidAuthenticatorReturnsPromiseRejected()
+    {
+        $this->server->setAuth(function () {
+            return \React\Promise\reject();
+        });
+
+        $this->client = new Client('user:pass@127.0.0.1:' . $this->port, $this->connector);
+
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), null, SOCKET_EACCES);
+    }
+
     /** @group internet */
     public function testConnectorOkay()
     {
