|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright 2014 SURFnet bv |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
7
|
|
|
* you may not use this file except in compliance with the License. |
|
8
|
|
|
* You may obtain a copy of the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
14
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15
|
|
|
* See the License for the specific language governing permissions and |
|
16
|
|
|
* limitations under the License. |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Surfnet\StepupMiddleware\ApiBundle\Controller; |
|
20
|
|
|
|
|
21
|
|
|
use Surfnet\Stepup\Configuration\Value\InstitutionRole; |
|
22
|
|
|
use Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper; |
|
23
|
|
|
use Surfnet\Stepup\Identity\Value\IdentityId; |
|
24
|
|
|
use Surfnet\Stepup\Identity\Value\SecondFactorId; |
|
25
|
|
|
use Surfnet\StepupBundle\Value\SecondFactorType; |
|
26
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Authorization\Service\AuthorizationContextService; |
|
27
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Identity\Query\VerifiedSecondFactorOfIdentityQuery; |
|
28
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Identity\Query\VerifiedSecondFactorQuery; |
|
29
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\SecondFactorService; |
|
30
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Response\JsonCollectionResponse; |
|
31
|
|
|
use Symfony\Bundle\FrameworkBundle\Controller\Controller; |
|
32
|
|
|
use Symfony\Component\HttpFoundation\JsonResponse; |
|
33
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
34
|
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @SuppressWarnings(PHPMD.CouplingBetweenObjects) |
|
38
|
|
|
*/ |
|
39
|
|
|
class VerifiedSecondFactorController extends Controller |
|
|
|
|
|
|
40
|
|
|
{ |
|
41
|
|
|
/** |
|
42
|
|
|
* @var SecondFactorService |
|
43
|
|
|
*/ |
|
44
|
|
|
private $secondFactorService; |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* @var AuthorizationContextService |
|
48
|
|
|
*/ |
|
49
|
|
|
private $institutionAuthorizationService; |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* @var SecondFactorProvePossessionHelper |
|
53
|
|
|
*/ |
|
54
|
|
|
private $secondFactorProvePossessionHelper; |
|
55
|
|
|
|
|
56
|
|
|
|
|
57
|
|
|
public function __construct( |
|
58
|
|
|
SecondFactorService $secondFactorService, |
|
59
|
|
|
AuthorizationContextService $authorizationService, |
|
60
|
|
|
SecondFactorProvePossessionHelper $secondFactorProvePossessionHelper |
|
61
|
|
|
) { |
|
62
|
|
|
$this->secondFactorService = $secondFactorService; |
|
63
|
|
|
$this->institutionAuthorizationService = $authorizationService; |
|
64
|
|
|
$this->secondFactorProvePossessionHelper = $secondFactorProvePossessionHelper; |
|
65
|
|
|
} |
|
66
|
|
|
|
|
67
|
|
|
public function getAction($id) |
|
68
|
|
|
{ |
|
69
|
|
|
$this->denyAccessUnlessGranted(['ROLE_RA', 'ROLE_SS']); |
|
70
|
|
|
|
|
71
|
|
|
$secondFactor = $this->secondFactorService->findVerified(new SecondFactorId($id)); |
|
72
|
|
|
|
|
73
|
|
|
if ($secondFactor === null) { |
|
74
|
|
|
throw new NotFoundHttpException(sprintf("Verified second factor '%s' does not exist", $id)); |
|
75
|
|
|
} |
|
76
|
|
|
|
|
77
|
|
|
return new JsonResponse($secondFactor); |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
public function collectionAction(Request $request) |
|
81
|
|
|
{ |
|
82
|
|
|
$this->denyAccessUnlessGranted(['ROLE_RA']); |
|
83
|
|
|
|
|
84
|
|
|
$actorId = new IdentityId($request->get('actorId')); |
|
85
|
|
|
|
|
86
|
|
|
$query = new VerifiedSecondFactorQuery(); |
|
87
|
|
|
|
|
88
|
|
|
if ($request->get('identityId')) { |
|
89
|
|
|
$query->identityId = new IdentityId($request->get('identityId')); |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
if ($request->get('secondFactorId')) { |
|
93
|
|
|
$query->secondFactorId = new SecondFactorId($request->get('secondFactorId')); |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
$query->registrationCode = $request->get('registrationCode'); |
|
97
|
|
|
$query->pageNumber = (int) $request->get('p', 1); |
|
98
|
|
|
$query->authorizationContext = $this->institutionAuthorizationService->buildInstitutionAuthorizationContext( |
|
99
|
|
|
$actorId, |
|
100
|
|
|
new InstitutionRole(InstitutionRole::ROLE_USE_RA) |
|
101
|
|
|
); |
|
102
|
|
|
|
|
103
|
|
|
$paginator = $this->secondFactorService->searchVerifiedSecondFactors($query); |
|
104
|
|
|
|
|
105
|
|
|
return JsonCollectionResponse::fromPaginator($paginator); |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
|
|
public function collectionOfIdentityAction(Request $request) |
|
109
|
|
|
{ |
|
110
|
|
|
$this->denyAccessUnlessGranted(['ROLE_SS']); |
|
111
|
|
|
$query = new VerifiedSecondFactorOfIdentityQuery(); |
|
112
|
|
|
|
|
113
|
|
|
$query->identityId = new IdentityId($request->get('identityId')); |
|
114
|
|
|
$query->pageNumber = (int) $request->get('p', 1); |
|
115
|
|
|
|
|
116
|
|
|
$paginator = $this->secondFactorService->searchVerifiedSecondFactorsOfIdentity($query); |
|
117
|
|
|
|
|
118
|
|
|
return JsonCollectionResponse::fromPaginator($paginator); |
|
119
|
|
|
} |
|
120
|
|
|
|
|
121
|
|
|
public function getSkipVettingAction($id) |
|
122
|
|
|
{ |
|
123
|
|
|
$this->denyAccessUnlessGranted(['ROLE_RA']); |
|
124
|
|
|
|
|
125
|
|
|
$secondFactor = $this->secondFactorService->findVerified(new SecondFactorId($id)); |
|
126
|
|
|
|
|
127
|
|
|
if ($secondFactor === null) { |
|
128
|
|
|
throw new NotFoundHttpException(sprintf("Verified second factor '%s' does not exist", $id)); |
|
129
|
|
|
} |
|
130
|
|
|
|
|
131
|
|
|
$secondFactorType = new SecondFactorType($secondFactor->type); |
|
132
|
|
|
|
|
133
|
|
|
$skipVetting = $this->secondFactorProvePossessionHelper->canSkipProvePossession($secondFactorType); |
|
134
|
|
|
|
|
135
|
|
|
return new JsonResponse($skipVetting); |
|
136
|
|
|
} |
|
137
|
|
|
} |
|
138
|
|
|
|
OpenConext /
Stepup-Middleware
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.