|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* strategy for validating auth through the ip address. |
|
4
|
|
|
*/ |
|
5
|
|
|
|
|
6
|
|
|
namespace Graviton\SecurityBundle\Authentication\Strategies; |
|
7
|
|
|
|
|
8
|
|
|
use Graviton\SecurityBundle\Entities\SecurityUser; |
|
9
|
|
|
use Symfony\Component\HttpFoundation\IpUtils; |
|
10
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* Class SameSubnetStrategy |
|
14
|
|
|
* |
|
15
|
|
|
* @author List of contributors <https://github.com/libgraviton/graviton/graphs/contributors> |
|
16
|
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License |
|
17
|
|
|
* @link http://swisscom.ch |
|
18
|
|
|
*/ |
|
19
|
|
|
class SameSubnetStrategy extends AbstractHttpStrategy |
|
20
|
|
|
{ |
|
21
|
|
|
/** @var String */ |
|
22
|
|
|
protected $subnet; |
|
23
|
|
|
|
|
24
|
|
|
/** @var String */ |
|
25
|
|
|
protected $headerField; |
|
26
|
|
|
|
|
27
|
|
|
/** @var bool pass through by default */ |
|
28
|
|
|
protected $stopPropagation = false; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* @param String $subnet Subnet to be checked (e.g. 10.2.0.0/24) |
|
32
|
|
|
* @param String $headerField Http header field to be searched for the 'username' |
|
33
|
|
|
*/ |
|
34
|
4 |
|
public function __construct($subnet, $headerField = 'x-graviton-authentication') |
|
35
|
|
|
{ |
|
36
|
4 |
|
$this->subnet= $subnet; |
|
37
|
4 |
|
$this->headerField = $headerField; |
|
38
|
4 |
|
} |
|
39
|
|
|
|
|
40
|
|
|
/** |
|
41
|
|
|
* Ip subnet check |
|
42
|
|
|
* @param string $subnet IpAddress |
|
43
|
|
|
* @return void |
|
44
|
|
|
*/ |
|
45
|
|
|
public function setSubnetIp($subnet) |
|
46
|
|
|
{ |
|
47
|
|
|
$this->subnet = $subnet; |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
/** |
|
51
|
|
|
* Applies the defined strategy on the provided request. |
|
52
|
|
|
* |
|
53
|
|
|
* @param Request $request request to handle |
|
54
|
|
|
* |
|
55
|
|
|
* @return string |
|
|
|
|
|
|
56
|
|
|
*/ |
|
57
|
|
|
public function apply(Request $request) |
|
58
|
|
|
{ |
|
59
|
|
|
if (IpUtils::checkIp($request->getClientIp(), $this->subnet)) { |
|
60
|
|
|
$name = $this->determineName($request); |
|
|
|
|
|
|
61
|
|
|
if (!empty($name)) { |
|
62
|
|
|
$this->stopPropagation = true; |
|
63
|
|
|
return $name; |
|
64
|
|
|
} |
|
65
|
|
|
} |
|
66
|
|
|
|
|
67
|
|
|
throw new \InvalidArgumentException('Provided request information are not valid.'); |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
/** |
|
71
|
|
|
* Decider to stop other strategies running after from being considered. |
|
72
|
|
|
* |
|
73
|
|
|
* @return boolean |
|
74
|
|
|
*/ |
|
75
|
|
|
public function stopPropagation() |
|
76
|
|
|
{ |
|
77
|
|
|
return $this->stopPropagation; |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
/** |
|
81
|
|
|
* Provides the list of registered roles. |
|
82
|
|
|
* |
|
83
|
|
|
* @return Role[] |
|
84
|
|
|
*/ |
|
85
|
|
|
public function getRoles() |
|
86
|
|
|
{ |
|
87
|
|
|
return [SecurityUser::ROLE_USER, SecurityUser::ROLE_SUBNET]; |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Finds the username either from a http header filed or returns a default. |
|
92
|
|
|
* |
|
93
|
|
|
* @param Request $request Current http request |
|
94
|
|
|
* |
|
95
|
|
|
* @return string |
|
|
|
|
|
|
96
|
|
|
*/ |
|
97
|
|
|
private function determineName(Request $request) |
|
98
|
|
|
{ |
|
99
|
|
|
if ($request->headers->has($this->headerField)) { |
|
100
|
|
|
return $request->headers->get($this->headerField); |
|
101
|
|
|
} |
|
102
|
|
|
|
|
103
|
|
|
return ''; |
|
104
|
|
|
} |
|
105
|
|
|
} |
|
106
|
|
|
|
libgraviton /
graviton
Loading history...
This check compares the return type specified in the
@returnannotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.If the return type contains the type array, this check recommends the use of a more specific type like
String[]orarray<String>.