Checks whether return doc types can be made more specific.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Kunstmaan\AdminBundle\EventListener; |
||
4 | |||
5 | use Psr\Log\LoggerInterface; |
||
6 | use Symfony\Component\HttpFoundation\Request; |
||
7 | use Symfony\Component\HttpFoundation\Session\SessionInterface; |
||
8 | use Symfony\Component\HttpKernel\Event\FilterResponseEvent; |
||
9 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; |
||
10 | use Symfony\Component\HttpKernel\HttpKernelInterface; |
||
11 | |||
12 | class SessionSecurityListener |
||
13 | { |
||
14 | /** |
||
15 | * @var LoggerInterface |
||
16 | */ |
||
17 | private $logger; |
||
18 | |||
19 | /** |
||
20 | * @var bool |
||
21 | */ |
||
22 | private $ipCheck; |
||
23 | |||
24 | /** |
||
25 | * @var bool |
||
26 | */ |
||
27 | private $userAgentCheck; |
||
28 | |||
29 | /** |
||
30 | * @var string |
||
31 | */ |
||
32 | private $ip; |
||
33 | |||
34 | /** |
||
35 | * @var string |
||
36 | */ |
||
37 | private $userAgent; |
||
38 | |||
39 | /** |
||
40 | * @param bool $ipCheck |
||
41 | * @param bool $userAgentCheck |
||
42 | * @param LoggerInterface $logger |
||
43 | */ |
||
44 | 3 | public function __construct($ipCheck, $userAgentCheck, LoggerInterface $logger) |
|
45 | { |
||
46 | 3 | $this->ipCheck = $ipCheck; |
|
47 | 3 | $this->userAgentCheck = $userAgentCheck; |
|
48 | 3 | $this->logger = $logger; |
|
49 | 3 | } |
|
50 | |||
51 | /** |
||
52 | * @param FilterResponseEvent $event |
||
53 | */ |
||
54 | 2 | public function onKernelResponse(FilterResponseEvent $event) |
|
55 | { |
||
56 | 2 | if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { |
|
57 | 1 | return; |
|
58 | } |
||
59 | |||
60 | // Make sure the ip and user agent is stored in the session |
||
61 | 2 | $request = $event->getRequest(); |
|
62 | 2 | if ($request->hasSession() && $request->getSession()->isStarted()) { |
|
63 | 2 | $session = $request->getSession(); |
|
64 | 2 | if ($this->ipCheck && !$session->has('kuma_ip')) { |
|
65 | 2 | $session->set('kuma_ip', $this->getIp($request)); |
|
66 | } |
||
67 | 2 | if ($this->userAgentCheck && !$session->has('kuma_ua')) { |
|
68 | 2 | $session->set('kuma_ua', $this->getUserAgent($request)); |
|
69 | } |
||
70 | } |
||
71 | 2 | } |
|
72 | |||
73 | /** |
||
74 | * @param GetResponseEvent $event |
||
75 | */ |
||
76 | 1 | public function onKernelRequest(GetResponseEvent $event) |
|
77 | { |
||
78 | 1 | if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { |
|
79 | 1 | return; |
|
80 | } |
||
81 | |||
82 | 1 | $request = $event->getRequest(); |
|
83 | 1 | if ($request->hasSession() && $request->getSession()->isStarted()) { |
|
84 | 1 | $session = $request->getSession(); |
|
85 | |||
86 | // Check that the ip matches |
||
87 | 1 | View Code Duplication | if ($this->ipCheck && $session->has('kuma_ip') && $session->get('kuma_ip') != $this->getIp($request)) { |
88 | 1 | $this->logger->error(sprintf( |
|
89 | 1 | "Session ip '%s' does not match with request ip '%s', invalidating the current session", |
|
90 | 1 | $session->get('kuma_ip'), |
|
91 | 1 | $this->getIp($request) |
|
92 | )); |
||
93 | 1 | $this->invalidateSession($session, $request); |
|
94 | } |
||
95 | |||
96 | // Check that the user agent matches |
||
97 | 1 | View Code Duplication | if ($this->userAgentCheck && $session->has('kuma_ua') && $session->get('kuma_ua') != $this->getUserAgent($request)) { |
98 | 1 | $this->logger->error(sprintf( |
|
99 | 1 | "Session user agent '%s' does not match with request user agent '%s', invalidating the current session", |
|
100 | 1 | $session->get('kuma_ua'), |
|
101 | 1 | $this->getUserAgent($request) |
|
102 | )); |
||
103 | 1 | $this->invalidateSession($session, $request); |
|
104 | } |
||
105 | } |
||
106 | 1 | } |
|
107 | |||
108 | /** |
||
109 | * @param SessionInterface $session |
||
110 | * @param Request $request |
||
111 | */ |
||
112 | 1 | private function invalidateSession(SessionInterface $session, Request $request) |
|
113 | { |
||
114 | 1 | $session->invalidate(); |
|
115 | 1 | $session->set('kuma_ip', $this->getIp($request)); |
|
116 | 1 | $session->set('kuma_ua', $this->getUserAgent($request)); |
|
117 | 1 | } |
|
118 | |||
119 | /** |
||
120 | * @param Request $request |
||
121 | * |
||
122 | * @return string |
||
123 | */ |
||
124 | 3 | private function getIp(Request $request) |
|
125 | { |
||
126 | 3 | if (!$this->ip) { |
|
127 | 3 | $forwarded = $request->server->get('HTTP_X_FORWARDED_FOR'); |
|
128 | 3 | if (strlen($forwarded) > 0) { |
|
129 | 2 | $parts = explode(',', $forwarded); |
|
130 | 2 | $parts = array_map('trim', $parts); |
|
131 | 2 | $parts = array_filter($parts); |
|
132 | 2 | if (count($parts) > 0) { |
|
133 | 2 | $ip = $parts[0]; |
|
134 | } |
||
135 | } |
||
136 | 3 | if (empty($ip)) { |
|
137 | 1 | $ip = $request->getClientIp(); |
|
138 | } |
||
139 | 3 | $this->ip = $ip; |
|
140 | } |
||
141 | |||
142 | 3 | return $this->ip; |
|
143 | } |
||
144 | |||
145 | /** |
||
146 | * @param Request $request |
||
147 | * |
||
148 | * @return array|string |
||
0 ignored issues
–
show
|
|||
149 | */ |
||
150 | 3 | private function getUserAgent(Request $request) |
|
151 | { |
||
152 | 3 | if (!$this->userAgent) { |
|
153 | 3 | $this->userAgent = $request->headers->get('User-Agent'); |
|
154 | } |
||
155 | |||
156 | 3 | return $this->userAgent; |
|
157 | } |
||
158 | } |
||
159 |
This check looks for the generic type
array
as a return type and suggests a more specific type. This type is inferred from the actual code.