|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This file is part of the login-cidadao project or it's bundles. |
|
4
|
|
|
* |
|
5
|
|
|
* (c) Guilherme Donato <guilhermednt on github> |
|
6
|
|
|
* |
|
7
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
8
|
|
|
* file that was distributed with this source code. |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
namespace LoginCidadao\RemoteClaimsBundle\EventSubscriber; |
|
12
|
|
|
|
|
13
|
|
|
use LoginCidadao\LogBundle\Traits\LoggerAwareTrait; |
|
14
|
|
|
use LoginCidadao\OpenIDBundle\Event\AuthorizationEvent; |
|
15
|
|
|
use LoginCidadao\OpenIDBundle\LoginCidadaoOpenIDEvents; |
|
16
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimAuthorization; |
|
17
|
|
|
use LoginCidadao\RemoteClaimsBundle\Model\HttpUri; |
|
18
|
|
|
use LoginCidadao\RemoteClaimsBundle\Model\RemoteClaimFetcherInterface; |
|
19
|
|
|
use LoginCidadao\RemoteClaimsBundle\Model\RemoteClaimInterface; |
|
20
|
|
|
use LoginCidadao\RemoteClaimsBundle\Model\RemoteClaimManagerInterface; |
|
21
|
|
|
use LoginCidadao\RemoteClaimsBundle\Model\TagUri; |
|
22
|
|
|
use Psr\Log\LoggerAwareInterface; |
|
23
|
|
|
use Symfony\Component\EventDispatcher\EventSubscriberInterface; |
|
24
|
|
|
|
|
25
|
|
|
class AuthorizationSubscriber implements EventSubscriberInterface, LoggerAwareInterface |
|
26
|
|
|
{ |
|
27
|
|
|
use LoggerAwareTrait; |
|
28
|
|
|
|
|
29
|
|
|
/** @var RemoteClaimFetcherInterface */ |
|
30
|
|
|
private $claimFetcher; |
|
31
|
|
|
|
|
32
|
|
|
/** @var RemoteClaimInterface[] */ |
|
33
|
1 |
|
private $remoteClaims; |
|
34
|
|
|
|
|
35
|
1 |
|
/** @var RemoteClaimManagerInterface */ |
|
36
|
1 |
|
private $remoteClaimManager; |
|
37
|
|
|
|
|
38
|
15 |
|
/** |
|
39
|
|
|
* AuthorizationSubscriber constructor. |
|
40
|
|
|
* @param RemoteClaimManagerInterface $remoteClaimManager |
|
41
|
15 |
|
* @param RemoteClaimFetcherInterface $claimFetcher |
|
42
|
|
|
*/ |
|
43
|
|
|
public function __construct( |
|
44
|
|
|
RemoteClaimManagerInterface $remoteClaimManager, |
|
45
|
1 |
|
RemoteClaimFetcherInterface $claimFetcher |
|
46
|
|
|
) { |
|
47
|
1 |
|
$this->remoteClaimManager = $remoteClaimManager; |
|
48
|
1 |
|
$this->claimFetcher = $claimFetcher; |
|
49
|
1 |
|
} |
|
50
|
1 |
|
|
|
51
|
1 |
|
public static function getSubscribedEvents() |
|
52
|
|
|
{ |
|
53
|
|
|
return [ |
|
54
|
1 |
|
LoginCidadaoOpenIDEvents::NEW_AUTHORIZATION_REQUEST => 'onNewAuthorizationRequest', |
|
55
|
|
|
LoginCidadaoOpenIDEvents::NEW_AUTHORIZATION => 'onNewAuthorization', |
|
56
|
1 |
|
LoginCidadaoOpenIDEvents::UPDATE_AUTHORIZATION => 'onUpdateAuthorization', |
|
57
|
|
|
LoginCidadaoOpenIDEvents::REVOKE_AUTHORIZATION => 'onRevokeAuthorization', |
|
58
|
|
|
]; |
|
59
|
1 |
|
} |
|
60
|
|
|
|
|
61
|
1 |
|
public function onNewAuthorizationRequest(AuthorizationEvent $event) |
|
62
|
1 |
|
{ |
|
63
|
1 |
|
foreach ($event->getScope() as $scope) { |
|
64
|
|
|
if ($this->checkHttpUri($scope) || $this->checkTagUri($scope)) { |
|
65
|
|
|
try { |
|
66
|
|
|
$remoteClaim = $this->claimFetcher->getRemoteClaim($scope); |
|
67
|
1 |
|
$this->remoteClaims[] = $remoteClaim; |
|
68
|
|
|
$event->addRemoteClaim($remoteClaim); |
|
69
|
|
|
} catch (\Exception $e) { |
|
70
|
1 |
|
$this->error( |
|
71
|
|
|
"Error retrieving remote claim {$scope}: {$e->getMessage()}", |
|
72
|
1 |
|
['exception' => $e] |
|
73
|
1 |
|
); |
|
74
|
1 |
|
} |
|
75
|
|
|
} |
|
76
|
|
|
} |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
public function onNewAuthorization(AuthorizationEvent $event) |
|
80
|
|
|
{ |
|
81
|
|
|
$this->enforceRemoteClaims($event); |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
public function onUpdateAuthorization(AuthorizationEvent $event) |
|
85
|
|
|
{ |
|
86
|
|
|
$this->enforceRemoteClaims($event); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
public function onRevokeAuthorization(AuthorizationEvent $event) |
|
90
|
|
|
{ |
|
91
|
|
|
if (count($event->getRemoteClaims()) === 0) { |
|
92
|
|
|
return; |
|
93
|
|
|
} |
|
94
|
|
|
|
|
95
|
|
|
$this->remoteClaimManager->revokeAllAuthorizations($event->getAuthorization()); |
|
96
|
|
|
} |
|
97
|
|
|
|
|
98
|
|
|
private function checkHttpUri($uri) |
|
|
|
|
|
|
99
|
|
|
{ |
|
100
|
|
|
try { |
|
101
|
|
|
$http = HttpUri::createFromString($uri); |
|
102
|
|
|
|
|
103
|
|
|
return $http->getScheme() && $http->getHost(); |
|
104
|
|
|
} catch (\Exception $e) { |
|
105
|
|
|
return false; |
|
106
|
|
|
} |
|
107
|
|
|
} |
|
108
|
|
|
|
|
109
|
|
|
private function checkTagUri($uri) |
|
|
|
|
|
|
110
|
|
|
{ |
|
111
|
|
|
try { |
|
112
|
|
|
TagUri::createFromString($uri); |
|
113
|
|
|
|
|
114
|
|
|
return true; |
|
115
|
|
|
} catch (\Exception $e) { |
|
116
|
|
|
return false; |
|
117
|
|
|
} |
|
118
|
|
|
} |
|
119
|
|
|
|
|
120
|
|
|
private function enforceRemoteClaims(AuthorizationEvent $event) |
|
121
|
|
|
{ |
|
122
|
|
|
$remoteClaims = $event->getRemoteClaims(); |
|
123
|
|
|
|
|
124
|
|
|
foreach ($remoteClaims as $remoteClaim) { |
|
125
|
|
|
$claimName = $remoteClaim->getName(); |
|
126
|
|
|
if (is_string($claimName)) { |
|
127
|
|
|
$claimName = TagUri::createFromString($claimName); |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
$accessToken = bin2hex(random_bytes(20)); |
|
131
|
|
|
$authorization = (new RemoteClaimAuthorization()) |
|
132
|
|
|
->setClient($event->getClient()) |
|
133
|
|
|
->setClaimProvider($remoteClaim->getProvider()) |
|
134
|
|
|
->setPerson($event->getPerson()) |
|
135
|
|
|
->setClaimName($claimName) |
|
136
|
|
|
->setAccessToken($accessToken); |
|
137
|
|
|
|
|
138
|
|
|
$this->remoteClaimManager->enforceAuthorization($authorization); |
|
139
|
|
|
} |
|
140
|
|
|
} |
|
141
|
|
|
} |
|
142
|
|
|
|
PROCERGS /
login-cidadao
Loading history...
This check examines a number of code elements and verifies that they conform to the given naming conventions.
You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods.