1 | <?php |
||
2 | |||
3 | /* |
||
4 | * @copyright 2014 Mautic Contributors. All rights reserved |
||
5 | * @author Mautic |
||
6 | * |
||
7 | * @link http://mautic.org |
||
8 | * |
||
9 | * @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html |
||
10 | */ |
||
11 | |||
12 | namespace Mautic\ApiBundle\EventListener; |
||
13 | |||
14 | use Doctrine\ORM\EntityManager; |
||
15 | use FOS\OAuthServerBundle\Event\OAuthEvent; |
||
16 | use Mautic\CoreBundle\Security\Permissions\CorePermissions; |
||
17 | use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
||
18 | use Symfony\Component\Translation\TranslatorInterface; |
||
19 | |||
20 | class OAuthEventListener |
||
21 | { |
||
22 | /** |
||
23 | * @var \Doctrine\ORM\EntityManager |
||
24 | */ |
||
25 | private $em; |
||
26 | |||
27 | /** |
||
28 | * @var \Mautic\CoreBundle\Security\Permissions\CorePermissions |
||
29 | */ |
||
30 | private $mauticSecurity; |
||
31 | |||
32 | /** |
||
33 | * @var \Symfony\Bundle\FrameworkBundle\Translation\Translator |
||
34 | */ |
||
35 | private $translator; |
||
36 | |||
37 | /** |
||
38 | * OAuthEventListener constructor. |
||
39 | */ |
||
40 | public function __construct(EntityManager $entityManager, CorePermissions $corePermissions, TranslatorInterface $translator) |
||
41 | { |
||
42 | $this->em = $entityManager; |
||
43 | $this->mauticSecurity = $corePermissions; |
||
44 | $this->translator = $translator; |
||
0 ignored issues
–
show
|
|||
45 | } |
||
46 | |||
47 | /** |
||
48 | * @throws AccessDeniedException |
||
49 | */ |
||
50 | public function onPreAuthorizationProcess(OAuthEvent $event) |
||
51 | { |
||
52 | if ($user = $this->getUser($event)) { |
||
53 | //check to see if user has api access |
||
54 | if (!$this->mauticSecurity->isGranted('api:access:full')) { |
||
55 | throw new AccessDeniedException($this->translator->trans('mautic.core.error.accessdenied', [], 'flashes')); |
||
56 | } |
||
57 | $client = $event->getClient(); |
||
58 | $event->setAuthorizedClient( |
||
59 | $client->isAuthorizedClient($user, $this->em) |
||
60 | ); |
||
61 | } |
||
62 | } |
||
63 | |||
64 | public function onPostAuthorizationProcess(OAuthEvent $event) |
||
65 | { |
||
66 | if ($event->isAuthorizedClient()) { |
||
67 | if (null !== $client = $event->getClient()) { |
||
68 | $user = $this->getUser($event); |
||
69 | $client->addUser($user); |
||
70 | $this->em->persist($client); |
||
71 | $this->em->flush(); |
||
72 | } |
||
73 | } |
||
74 | } |
||
75 | |||
76 | /** |
||
77 | * @return mixed |
||
78 | */ |
||
79 | protected function getUser(OAuthEvent $event) |
||
80 | { |
||
81 | return $this->em->getRepository('MauticUserBundle:User')->findOneByUsername($event->getUser()->getUsername()); |
||
82 | } |
||
83 | } |
||
84 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly.
Either this assignment is in error or an instanceof check should be added for that assignment.