1 | <?php |
||
2 | |||
3 | /* |
||
4 | * @copyright 2014 Mautic Contributors. All rights reserved |
||
5 | * @author Mautic |
||
6 | * |
||
7 | * @link http://mautic.org |
||
8 | * |
||
9 | * @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html |
||
10 | */ |
||
11 | |||
12 | namespace Mautic\ApiBundle\Security\OAuth1\Authentication\Provider; |
||
13 | |||
14 | use Bazinga\OAuthServerBundle\Security\Authentification\Token\OAuthToken; |
||
15 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
||
16 | use Symfony\Component\Security\Core\Exception\AuthenticationException; |
||
17 | use Symfony\Component\Translation\TranslatorInterface; |
||
18 | |||
19 | /** |
||
20 | * Class OAuthProvider. |
||
21 | */ |
||
22 | class OAuthProvider extends \Bazinga\OAuthServerBundle\Security\Authentification\Provider\OAuthProvider |
||
23 | { |
||
24 | /** |
||
25 | * @var \Symfony\Bundle\FrameworkBundle\Translation\Translator |
||
26 | */ |
||
27 | private $translator; |
||
28 | |||
29 | public function setTranslator(TranslatorInterface $translator) |
||
30 | { |
||
31 | $this->translator = $translator; |
||
0 ignored issues
–
show
|
|||
32 | } |
||
33 | |||
34 | /** |
||
35 | * {@inheritdoc} |
||
36 | */ |
||
37 | public function authenticate(TokenInterface $token) |
||
38 | { |
||
39 | if (!$this->supports($token)) { |
||
40 | return null; |
||
41 | } |
||
42 | |||
43 | $requestParameters = $token->getRequestParameters(); |
||
44 | $requestMethod = $token->getRequestMethod(); |
||
45 | $requestUrl = $token->getRequestUrl(); |
||
46 | |||
47 | if ($this->serverService->validateRequest($requestParameters, $requestMethod, $requestUrl)) { |
||
48 | $accessToken = $this->tokenProvider->loadAccessTokenByToken($requestParameters['oauth_token']); |
||
49 | $user = $accessToken->getUser(); |
||
50 | |||
51 | if (null !== $user) { |
||
52 | //Recreate token to include user roles in order to be able to avoid CSRF checks with forms |
||
53 | $token = new OAuthToken($user->getRoles()); |
||
54 | $token->setRequestParameters($requestParameters); |
||
55 | $token->setRequestMethod($requestMethod); |
||
56 | $token->setRequestUrl($requestUrl); |
||
57 | $token->setAuthenticated(true); |
||
58 | $token->setUser($user); |
||
59 | } |
||
60 | |||
61 | return $token; |
||
62 | } |
||
63 | |||
64 | throw new AuthenticationException($this->translator->trans('mautic.api.oauth.auth.failed')); |
||
65 | } |
||
66 | |||
67 | /** |
||
68 | * {@inheritdoc} |
||
69 | */ |
||
70 | public function supports(TokenInterface $token) |
||
71 | { |
||
72 | return $token instanceof OAuthToken; |
||
73 | } |
||
74 | } |
||
75 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly.
Either this assignment is in error or an instanceof check should be added for that assignment.