|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This file is part of the login-cidadao project or it's bundles. |
|
4
|
|
|
* |
|
5
|
|
|
* (c) Guilherme Donato <guilhermednt on github> |
|
6
|
|
|
* |
|
7
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
8
|
|
|
* file that was distributed with this source code. |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
namespace LoginCidadao\RemoteClaimsBundle\Model; |
|
12
|
|
|
|
|
13
|
|
|
use Doctrine\ORM\EntityManagerInterface; |
|
14
|
|
|
use LoginCidadao\CoreBundle\Entity\Authorization; |
|
15
|
|
|
use LoginCidadao\CoreBundle\Model\PersonInterface; |
|
16
|
|
|
use LoginCidadao\OAuthBundle\Model\ClientInterface; |
|
17
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimAuthorization; |
|
18
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimAuthorizationRepository; |
|
19
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimRepository; |
|
20
|
|
|
|
|
21
|
|
|
class RemoteClaimManager implements RemoteClaimManagerInterface |
|
22
|
|
|
{ |
|
23
|
|
|
/** @var EntityManagerInterface */ |
|
24
|
|
|
private $em; |
|
25
|
|
|
|
|
26
|
|
|
/** @var RemoteClaimAuthorizationRepository */ |
|
27
|
|
|
private $remoteClaimAuthorizationRepository; |
|
28
|
|
|
|
|
29
|
|
|
/** @var RemoteClaimRepository */ |
|
30
|
|
|
private $remoteClaimRepository; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* RemoteClaimManager constructor. |
|
34
|
|
|
* @param EntityManagerInterface $em |
|
35
|
|
|
* @param RemoteClaimAuthorizationRepository $remoteClaimAuthorizationRepository |
|
36
|
|
|
* @param RemoteClaimRepository $remoteClaimRepository |
|
37
|
|
|
*/ |
|
38
|
|
|
public function __construct( |
|
39
|
|
|
EntityManagerInterface $em, |
|
40
|
|
|
RemoteClaimAuthorizationRepository $remoteClaimAuthorizationRepository, |
|
41
|
|
|
RemoteClaimRepository $remoteClaimRepository |
|
42
|
|
|
) { |
|
43
|
|
|
$this->em = $em; |
|
44
|
|
|
$this->remoteClaimAuthorizationRepository = $remoteClaimAuthorizationRepository; |
|
45
|
|
|
$this->remoteClaimRepository = $remoteClaimRepository; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
/** |
|
49
|
|
|
* {@inheritdoc} |
|
50
|
|
|
*/ |
|
51
|
|
|
public function enforceAuthorization(RemoteClaimAuthorizationInterface $authorization) |
|
52
|
|
|
{ |
|
53
|
|
|
$existingAuthorization = $this->remoteClaimAuthorizationRepository->findAuthorization($authorization); |
|
54
|
|
|
if ($existingAuthorization instanceof RemoteClaimAuthorizationInterface) { |
|
55
|
|
|
return $existingAuthorization; |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
$this->em->persist($authorization); |
|
59
|
|
|
|
|
60
|
|
|
return $authorization; |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* {@inheritdoc} |
|
65
|
|
|
*/ |
|
66
|
|
|
public function isAuthorized($claimName, PersonInterface $person, ClientInterface $client) |
|
67
|
|
|
{ |
|
68
|
|
|
if (!$claimName instanceof TagUri) { |
|
69
|
|
|
$claimName = TagUri::createFromString($claimName); |
|
70
|
|
|
} |
|
71
|
|
|
$authorization = (new RemoteClaimAuthorization()) |
|
72
|
|
|
->setClaimName($claimName) |
|
73
|
|
|
->setPerson($person) |
|
74
|
|
|
->setClient($client); |
|
75
|
|
|
$existingAuthorization = $this->remoteClaimAuthorizationRepository->findAuthorization($authorization); |
|
76
|
|
|
|
|
77
|
|
|
return $existingAuthorization instanceof RemoteClaimAuthorizationInterface; |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
/** |
|
81
|
|
|
* {@inheritdoc} |
|
82
|
|
|
*/ |
|
83
|
|
|
public function revokeAllAuthorizations(Authorization $authorization) |
|
84
|
|
|
{ |
|
85
|
|
|
$remoteClaimAuthorizations = $this->remoteClaimAuthorizationRepository |
|
86
|
|
|
->findAllByClientAndPerson($authorization->getClient(), $authorization->getPerson()); |
|
|
|
|
|
|
87
|
|
|
|
|
88
|
|
|
foreach ($remoteClaimAuthorizations as $remoteClaimAuthorization) { |
|
89
|
|
|
$this->em->remove($remoteClaimAuthorization); |
|
90
|
|
|
} |
|
91
|
|
|
$this->em->flush(); |
|
92
|
|
|
|
|
93
|
|
|
return true; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* {@inheritdoc} |
|
98
|
|
|
*/ |
|
99
|
|
|
public function filterRemoteClaims($scopes) |
|
100
|
|
|
{ |
|
101
|
|
|
$returnString = is_string($scopes); |
|
102
|
|
|
if ($returnString) { |
|
103
|
|
|
$scopes = explode(' ', $scopes); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
$response = []; |
|
107
|
|
|
foreach ($scopes as $scope) { |
|
108
|
|
|
try { |
|
109
|
|
|
TagUri::createFromString($scope); |
|
110
|
|
|
} catch (\InvalidArgumentException $e) { |
|
111
|
|
|
$response[] = $scope; |
|
112
|
|
|
} |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
if ($returnString) { |
|
116
|
|
|
return implode(' ', $response); |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
return $response; |
|
120
|
|
|
} |
|
121
|
|
|
|
|
122
|
|
|
/** |
|
123
|
|
|
* @inheritDoc |
|
124
|
|
|
*/ |
|
125
|
|
|
public function getRemoteClaimsFromAuthorization(Authorization $authorization) |
|
126
|
|
|
{ |
|
127
|
|
|
return $this->remoteClaimRepository |
|
128
|
|
|
->findByClientAndPerson($authorization->getClient(), $authorization->getPerson()); |
|
|
|
|
|
|
129
|
|
|
} |
|
130
|
|
|
|
|
131
|
|
|
/** |
|
132
|
|
|
* @inheritDoc |
|
133
|
|
|
*/ |
|
134
|
|
|
public function getRemoteClaimsAuthorizationsFromAuthorization(Authorization $authorization) |
|
135
|
|
|
{ |
|
136
|
|
|
return $this->remoteClaimAuthorizationRepository->findAllByClientAndPerson( |
|
137
|
|
|
$authorization->getClient(), $authorization->getPerson() |
|
|
|
|
|
|
138
|
|
|
); |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
|
/** |
|
142
|
|
|
* @inheritDoc |
|
143
|
|
|
*/ |
|
144
|
|
|
public function getRemoteClaimsWithTokens(ClientInterface $client, PersonInterface $person) |
|
145
|
|
|
{ |
|
146
|
|
|
/** @var RemoteClaimAuthorizationInterface[] $remoteClaimAuthorizations */ |
|
147
|
|
|
$remoteClaimAuthorizations = $this->remoteClaimAuthorizationRepository |
|
148
|
|
|
->findAllByClientAndPerson($client, $person); |
|
149
|
|
|
|
|
150
|
|
|
/** @var RemoteClaimInterface[] $remoteClaims */ |
|
151
|
|
|
$remoteClaims = $this->remoteClaimRepository->findByClientAndPerson($client, $person); |
|
152
|
|
|
|
|
153
|
|
|
$response = []; |
|
154
|
|
|
foreach ($remoteClaimAuthorizations as $authorization) { |
|
155
|
|
|
$tag = is_string($authorization->getClaimName()) ?: $authorization->getClaimName()->__toString(); |
|
156
|
|
|
$response[$tag]['authorization'] = $authorization; |
|
157
|
|
|
} |
|
158
|
|
|
foreach ($remoteClaims as $remoteClaim) { |
|
159
|
|
|
$tag = is_string($remoteClaim->getName()) ?: $remoteClaim->getName()->__toString(); |
|
160
|
|
|
$response[$tag]['remoteClaim'] = $remoteClaim; |
|
161
|
|
|
} |
|
162
|
|
|
|
|
163
|
|
|
return $response; |
|
164
|
|
|
} |
|
165
|
|
|
|
|
166
|
|
|
/** |
|
167
|
|
|
* @inheritDoc |
|
168
|
|
|
*/ |
|
169
|
|
|
public function getRemoteClaimAuthorizationByAccessToken(ClaimProviderInterface $claimProvider, $accessToken) |
|
170
|
|
|
{ |
|
171
|
|
|
return $this->remoteClaimAuthorizationRepository->findOneBy([ |
|
172
|
|
|
'claimProvider' => $claimProvider, |
|
173
|
|
|
'accessToken' => $accessToken, |
|
174
|
|
|
]); |
|
175
|
|
|
} |
|
176
|
|
|
} |
|
177
|
|
|
|
PROCERGS /
login-cidadao
Loading history...
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: