Allow setting Server's AppId in constructor (#33)

CHANGELOG.md

@@ -13,10 +13,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Server::validateLogin(ChallengeProviderInterface, LoginResponseInterface, RegistrationInterface[]): RegistrationInterface (will replace Server::setRegistrations + Server::setSignRequests + Server::authenticate)
 - Server::validateRegistration(RegisterRequest, RegistrationResponseInterface): RegistrationInterface (will replace Server::setRegisterRequest + Server::register)
 
+### Changed
+- Server's constructor now can take `string $appId` as a parameter
+
 ### Deprecated
 - ChallengeProvider
 - Server::authenticate(LoginResponseInterface)
 - Server::register(RegistrationResponseInterface)
+- Server::setAppId(string)
 - Server::setRegisterRequest(RegisterRequest)
 - Server::setRegistrations(RegistrationInterface[])
 - Server::setSignRequests(SignRequest[])

README.md

@@ -62,9 +62,8 @@ All operations are performed by the U2F Server class, so it needs to be instanci
 
 ```php
 use Firehed\U2F\Server;
-$server = new Server();
-$server->setTrustedCAs(glob('path/to/certs/*.pem'))
- ->setAppId('u2f.example.com');
+$server = new Server('u2f.example.com');
+$server->setTrustedCAs(glob('path/to/certs/*.pem'));
 ```
 
 The trusted CAs are whitelisted vendors, and must be an array of absolute paths to PEM-formatted CA certs (as strings).
@@ -73,7 +72,7 @@ Some provider certificates are provided in the `CACerts/` directory in the repos
 You may also choose to disable CA verification, by calling `->disableCAVerification()` instead of `setTrustedCAs()`.
 This removes trust in the hardware vendors, but ensures that as new vendors issue tokens, they will be forward-compatible with your website.
 
-The URI provided to `setAppId()` must be the HTTPS domain component of your website.
+The URI provided to the constructor must be the HTTPS domain component of your website.
 See [FIDO U2F AppID and Facet Specification](https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-appid-and-facets.html#appid-example-1) for additional information.
 
 ### Registration

src/Server.php

@@ -64,8 +64,9 @@ class Server
  */
  private $signRequests = [];
 
- public function __construct()
+ public function __construct(string $appId = '')
  {
+ $this->appId = $appId;
  $overload = ini_get('mbstring.func_overload');
  // @codeCoverageIgnoreStart
  if ($overload > 0) {
@@ -409,6 +410,17 @@ public function generateSignRequests(array $registrations): array
  return array_values($requestsWithSameChallenge);
  }
 
+ /**
+ * @deprecated
+ *
+ * Re-implements the trait's version solely for deprecation warnings
+ */
+ public function setAppId(string $appId): self
+ {
+ $this->appId = $appId;
+ return $this;
+ }
+
  /**
  * Searches through the provided array of objects, and looks for a matching
  * key handle value. If one is found, it is returned; if not, this returns

tests/ServerTest.php

@@ -25,15 +25,26 @@ class ServerTest extends \PHPUnit\Framework\TestCase
 
  public function setUp(): void
  {
- $this->server = (new Server())
- ->disableCAVerification()
- ->setAppId(self::APP_ID);
+ $this->server = (new Server(self::APP_ID))
+ ->disableCAVerification();
  }
 
  public function testConstruct(): void
  {
- $server = new Server();
+ $server = new Server('test.example.com');
  $this->assertInstanceOf(Server::class, $server);
+ self::assertSame('test.example.com', $server->getAppId());
+ }
+
+ /**
+ * @deprecated
+ */
+ public function testSetAppId(): void
+ {
+ $server = new Server();
+ self::assertSame('', $server->getAppId());
+ $server->setAppId(self::APP_ID);
+ self::assertSame(self::APP_ID, $server->getAppId());
  }
 
  public function testDisableCAVerificationReturnsSelf(): void
@@ -267,7 +278,7 @@ public function testRegisterDefaultsToTryingEmptyCAList(): void
  // Should have CA verification enabled by default with an empty list,
  // meaning that an exception should be thrown unless either a)
  // a matching CA is provided or b) verification is explicitly disabled
- $server = (new Server())->setAppId(self::APP_ID);
+ $server = new Server(self::APP_ID);
  $server->validateRegistration($request, $response);
  }
 
@@ -621,14 +632,9 @@ public function testValidateLoginThrowsIfRequestIsSignedWithWrongKey(): void
 
  public function testRegistrationWithoutCidPubkeyBug14Case1(): void
  {
- $server = (new Server())
- ->disableCAVerification()
- ->setAppId('https://u2f.ericstern.com');
-
  $registerRequest = new RegisterRequest();
- $registerRequest->setAppId($server->getAppId())
+ $registerRequest->setAppId($this->server->getAppId())
  ->setChallenge('dNqjowssvlxx9zBhvsy03A');
- $server->setRegisterRequest($registerRequest);
 
  $json = '{"registrationData":"BQSFDYsZaHlRBQcdLyu4jZ-Bukb1vw6QtSfmvTQO'.
  'IXpjZpfqYptdtpBznuNBslzlZdodspfqRkqwJIt3a0W2P_HlQImHG1FoSkYdPwSzp'.
@@ -647,18 +653,14 @@ public function testRegistrationWithoutCidPubkeyBug14Case1(): void
  'uLmNvbSIsInR5cCI6Im5hdmlnYXRvci5pZC5maW5pc2hFbnJvbGxtZW50In0"}';
  $registerResponse = RegisterResponse::fromJson($json);
 
- $registration = $server->register($registerResponse);
+ $registration = $this->server->validateRegistration($registerRequest, $registerResponse);
  $this->assertInstanceOf(Registration::class, $registration);
  }
 
  public function testRegistrationWithoutCidPubkeyBug14Case2(): void
  {
- $server = (new Server())
- ->disableCAVerification()
- ->setAppId('https://u2f.ericstern.com');
-
  $registerRequest = new RegisterRequest();
- $registerRequest->setAppId($server->getAppId())
+ $registerRequest->setAppId($this->server->getAppId())
  ->setChallenge('E23usdC7VkxjN1mwRAeyjg');
 
  $json = '{"registrationData":"BQSTffB-e9hdFwhsfb2t-2ppwyxZAltnDf6TYwv4'.
@@ -678,7 +680,7 @@ public function testRegistrationWithoutCidPubkeyBug14Case2(): void
  '5maW5pc2hFbnJvbGxtZW50In0"}';
  $registerResponse = RegisterResponse::fromJson($json);
 
- $registration = $server->validateRegistration($registerRequest, $registerResponse);
+ $registration = $this->server->validateRegistration($registerRequest, $registerResponse);
  $this->assertInstanceOf(Registration::class, $registration);
  }