These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Kunstmaan\AdminBundle\EventListener; |
||
4 | |||
5 | use Psr\Log\LoggerInterface; |
||
6 | use Symfony\Component\HttpFoundation\Request; |
||
7 | use Symfony\Component\HttpFoundation\Session\SessionInterface; |
||
8 | use Symfony\Component\HttpKernel\Event\FilterResponseEvent; |
||
9 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; |
||
10 | use Symfony\Component\HttpKernel\Event\ResponseEvent; |
||
11 | use Symfony\Component\HttpKernel\HttpKernelInterface; |
||
12 | |||
13 | class SessionSecurityListener |
||
14 | { |
||
15 | /** |
||
16 | * @var LoggerInterface |
||
17 | */ |
||
18 | private $logger; |
||
19 | |||
20 | /** |
||
21 | * @var bool |
||
22 | */ |
||
23 | private $ipCheck; |
||
24 | |||
25 | /** |
||
26 | * @var bool |
||
27 | */ |
||
28 | private $userAgentCheck; |
||
29 | |||
30 | /** |
||
31 | * @var string |
||
32 | */ |
||
33 | private $ip; |
||
34 | |||
35 | /** |
||
36 | * @var string |
||
37 | */ |
||
38 | private $userAgent; |
||
39 | |||
40 | /** |
||
41 | * @param bool $ipCheck |
||
42 | * @param bool $userAgentCheck |
||
43 | */ |
||
44 | 3 | public function __construct($ipCheck, $userAgentCheck, LoggerInterface $logger) |
|
45 | { |
||
46 | 3 | $this->ipCheck = $ipCheck; |
|
47 | 3 | $this->userAgentCheck = $userAgentCheck; |
|
48 | 3 | $this->logger = $logger; |
|
49 | 3 | } |
|
50 | |||
51 | /** |
||
52 | * @param FilterResponseEvent|ResponseEvent $event |
||
53 | */ |
||
54 | 2 | public function onKernelResponse($event) |
|
55 | { |
||
56 | 2 | View Code Duplication | if (!$event instanceof FilterResponseEvent && !$event instanceof ResponseEvent) { |
0 ignored issues
–
show
|
|||
57 | throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : FilterResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event))); |
||
58 | } |
||
59 | |||
60 | 2 | if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { |
|
61 | 1 | return; |
|
62 | } |
||
63 | |||
64 | // Make sure the ip and user agent is stored in the session |
||
65 | 2 | $request = $event->getRequest(); |
|
66 | 2 | if ($request->hasSession() && $request->getSession()->isStarted()) { |
|
67 | 2 | $session = $request->getSession(); |
|
68 | 2 | if ($this->ipCheck && !$session->has('kuma_ip')) { |
|
69 | 2 | $session->set('kuma_ip', $this->getIp($request)); |
|
70 | } |
||
71 | 2 | if ($this->userAgentCheck && !$session->has('kuma_ua')) { |
|
72 | 2 | $session->set('kuma_ua', $this->getUserAgent($request)); |
|
73 | } |
||
74 | } |
||
75 | 2 | } |
|
76 | |||
77 | 1 | public function onKernelRequest(GetResponseEvent $event) |
|
78 | { |
||
79 | 1 | View Code Duplication | if (!$event instanceof GetResponseEvent && !$event instanceof ResponseEvent) { |
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
80 | throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : GetResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event))); |
||
81 | } |
||
82 | |||
83 | 1 | if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { |
|
84 | 1 | return; |
|
85 | } |
||
86 | |||
87 | 1 | $request = $event->getRequest(); |
|
88 | 1 | if ($request->hasSession() && $request->getSession()->isStarted()) { |
|
89 | 1 | $session = $request->getSession(); |
|
90 | |||
91 | // Check that the ip matches |
||
92 | 1 | View Code Duplication | if ($this->ipCheck && $session->has('kuma_ip') && $session->get('kuma_ip') != $this->getIp($request)) { |
93 | 1 | $this->logger->error(sprintf( |
|
94 | 1 | "Session ip '%s' does not match with request ip '%s', invalidating the current session", |
|
95 | 1 | $session->get('kuma_ip'), |
|
96 | 1 | $this->getIp($request) |
|
97 | )); |
||
98 | 1 | $this->invalidateSession($session, $request); |
|
99 | } |
||
100 | |||
101 | // Check that the user agent matches |
||
102 | 1 | View Code Duplication | if ($this->userAgentCheck && $session->has('kuma_ua') && $session->get('kuma_ua') != $this->getUserAgent($request)) { |
103 | 1 | $this->logger->error(sprintf( |
|
104 | 1 | "Session user agent '%s' does not match with request user agent '%s', invalidating the current session", |
|
105 | 1 | $session->get('kuma_ua'), |
|
106 | 1 | $this->getUserAgent($request) |
|
107 | )); |
||
108 | 1 | $this->invalidateSession($session, $request); |
|
109 | } |
||
110 | } |
||
111 | 1 | } |
|
112 | |||
113 | 1 | private function invalidateSession(SessionInterface $session, Request $request) |
|
114 | { |
||
115 | 1 | $session->invalidate(); |
|
116 | 1 | $session->set('kuma_ip', $this->getIp($request)); |
|
117 | 1 | $session->set('kuma_ua', $this->getUserAgent($request)); |
|
118 | 1 | } |
|
119 | |||
120 | /** |
||
121 | * @return string |
||
122 | */ |
||
123 | 3 | private function getIp(Request $request) |
|
124 | { |
||
125 | 3 | if (!$this->ip) { |
|
126 | 3 | $forwarded = $request->server->get('HTTP_X_FORWARDED_FOR'); |
|
127 | 3 | if (\strlen($forwarded) > 0) { |
|
128 | 2 | $parts = explode(',', $forwarded); |
|
129 | 2 | $parts = array_map('trim', $parts); |
|
130 | 2 | $parts = array_filter($parts); |
|
131 | 2 | if (\count($parts) > 0) { |
|
132 | 2 | $ip = $parts[0]; |
|
133 | } |
||
134 | } |
||
135 | 3 | if (empty($ip)) { |
|
136 | 1 | $ip = $request->getClientIp(); |
|
137 | } |
||
138 | 3 | $this->ip = $ip; |
|
139 | } |
||
140 | |||
141 | 3 | return $this->ip; |
|
142 | } |
||
143 | |||
144 | /** |
||
145 | * @return array|string |
||
146 | */ |
||
147 | 3 | private function getUserAgent(Request $request) |
|
148 | { |
||
149 | 3 | if (!$this->userAgent) { |
|
150 | 3 | $this->userAgent = $request->headers->get('User-Agent'); |
|
151 | } |
||
152 | |||
153 | 3 | return $this->userAgent; |
|
154 | } |
||
155 | } |
||
156 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.