|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App\Containers\Application\Middlewares; |
|
4
|
|
|
|
|
5
|
|
|
use App\Containers\Application\Exceptions\AuthenticationFailedException; |
|
6
|
|
|
use App\Containers\Application\Exceptions\UserNotPermittedException; |
|
7
|
|
|
use App\Containers\Application\Tasks\FindApplicationByIdTask; |
|
8
|
|
|
use App\Containers\Authentication\Adapters\JwtAuthAdapter; |
|
9
|
|
|
use Closure; |
|
10
|
|
|
use Dingo\Api\Auth\Auth as Authentication; |
|
11
|
|
|
use Dingo\Api\Routing\Router; |
|
12
|
|
|
use Illuminate\Auth\AuthManager; |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* Class ApplicationAuthentication |
|
16
|
|
|
* |
|
17
|
|
|
* @author Mahmoud Zalt <[email protected]> |
|
18
|
|
|
*/ |
|
19
|
|
|
class ApplicationAuthentication |
|
20
|
|
|
{ |
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* Router instance. |
|
24
|
|
|
* |
|
25
|
|
|
* @var \Dingo\Api\Routing\Router |
|
26
|
|
|
*/ |
|
27
|
|
|
protected $router; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* Authenticator instance. |
|
31
|
|
|
* |
|
32
|
|
|
* @var \Dingo\Api\Auth\Auth |
|
33
|
|
|
*/ |
|
34
|
|
|
protected $auth; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @var \App\Containers\Application\Tasks\FindApplicationByIdTask |
|
38
|
|
|
*/ |
|
39
|
|
|
private $findApplicationByIdTask; |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* @var \App\Containers\Authentication\Adapters\JwtAuthAdapter |
|
43
|
|
|
*/ |
|
44
|
|
|
private $jwtAuthAdapter; |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* @var \Illuminate\Auth\AuthManager |
|
48
|
|
|
*/ |
|
49
|
|
|
private $authManager; |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* ApplicationAuthentication constructor. |
|
53
|
|
|
* |
|
54
|
|
|
* @param \Dingo\Api\Routing\Router $router |
|
55
|
|
|
* @param \Dingo\Api\Auth\Auth $auth |
|
56
|
|
|
* @param \App\Containers\Application\Tasks\FindApplicationByIdTask $findApplicationByIdTask |
|
57
|
|
|
* @param \App\Containers\Authentication\Adapters\JwtAuthAdapter $jwtAuthAdapter |
|
58
|
|
|
* @param \Illuminate\Auth\AuthManager $authManager |
|
59
|
|
|
*/ |
|
60
|
|
|
public function __construct( |
|
61
|
|
|
Router $router, |
|
62
|
|
|
Authentication $auth, |
|
63
|
|
|
FindApplicationByIdTask $findApplicationByIdTask, |
|
64
|
|
|
JwtAuthAdapter $jwtAuthAdapter, |
|
65
|
|
|
AuthManager $authManager |
|
66
|
|
|
) { |
|
67
|
|
|
$this->router = $router; |
|
68
|
|
|
$this->auth = $auth; |
|
69
|
|
|
$this->findApplicationByIdTask = $findApplicationByIdTask; |
|
70
|
|
|
$this->jwtAuthAdapter = $jwtAuthAdapter; |
|
71
|
|
|
$this->authManager = $authManager; |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* @param $request |
|
76
|
|
|
* @param \Closure $next |
|
77
|
|
|
* |
|
78
|
|
|
* @return mixed |
|
79
|
|
|
*/ |
|
80
|
|
|
public function handle($request, Closure $next) |
|
81
|
|
|
{ |
|
82
|
|
|
$token = str_replace('Bearer ', '', $request->header('authorization')); |
|
83
|
|
|
|
|
84
|
|
|
$user = $this->jwtAuthAdapter->toUser($token); |
|
85
|
|
|
|
|
86
|
|
|
// NOTE: You can remove this condition of you are not using roles for this purpose. |
|
87
|
|
|
// check if the user has developer role, in case accessing an endpoint from his own user account instead of App |
|
88
|
|
|
// prevent his access unless he is an approved developer. |
|
89
|
|
|
if (!$user || !$user->hasRole('developer')) { |
|
90
|
|
|
throw new UserNotPermittedException(); |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
$request->user = $user; |
|
94
|
|
|
|
|
95
|
|
|
// get App ID from the token payload custom claim `ApplicationId` |
|
96
|
|
|
if ($applicationId = $this->jwtAuthAdapter->getPayload($token)->get('ApplicationId')) { |
|
|
|
|
|
|
97
|
|
|
|
|
98
|
|
|
// find that App in the database |
|
99
|
|
|
$application = $this->findApplicationByIdTask->run($applicationId); |
|
100
|
|
|
|
|
101
|
|
|
// also validate the owner of that App is the same making this request and using the token |
|
102
|
|
|
if (!$application || ($application->user->id != $user->id)) { |
|
103
|
|
|
throw new AuthenticationFailedException(); |
|
104
|
|
|
} |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
// make the user accessible on the requests objects when using `$request->user()` |
|
108
|
|
|
$this->authManager->setUser($user); |
|
109
|
|
|
|
|
110
|
|
|
return $next($request); |
|
111
|
|
|
} |
|
112
|
|
|
|
|
113
|
|
|
} |
|
114
|
|
|
|
Porto-SAP /
Hello-API
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignorePhpDoc annotation to the duplicate definition and it will be ignored.