vendor/hwi/oauth-bundle/src/Security/Http/Firewall/OAuthListener.php line 31

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the HWIOAuthBundle package.
  5. *
  6. * (c) Hardware Info <opensource@hardware.info>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace HWI\Bundle\OAuthBundle\Security\Http\Firewall;
  14. use HWI\Bundle\OAuthBundle\OAuth\ResourceOwnerInterface;
  15. use HWI\Bundle\OAuthBundle\OAuth\State\State;
  16. use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
  17. use HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMapInterface;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\HttpFoundation\Response;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  23. use Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener;
  25. /**
  26. * @author Geoffrey Bachelet <geoffrey.bachelet@gmail.com>
  27. * @author Alexander <iam.asm89@gmail.com>
  28. *
  29. * @internal
  30. */
  31. class OAuthListener extends AbstractAuthenticationListener
  32. {
  33. private ResourceOwnerMapInterface $resourceOwnerMap;
  35. /**
  36. * @var array<int, string>
  37. */
  38. private array $checkPaths;
  40. public function setResourceOwnerMap(ResourceOwnerMapInterface $resourceOwnerMap): void
  41. {
  42. $this->resourceOwnerMap = $resourceOwnerMap;
  43. }
  45. public function setCheckPaths(array $checkPaths): void
  46. {
  47. $this->checkPaths = $checkPaths;
  48. }
  50. /**
  51. * {@inheritdoc}
  52. */
  53. public function requiresAuthentication(Request $request): bool
  54. {
  55. // Check if the route matches one of the check paths
  56. foreach ($this->checkPaths as $checkPath) {
  57. if ($this->httpUtils->checkRequestPath($request, $checkPath)) {
  58. return true;
  59. }
  60. }
  62. return false;
  63. }
  65. /**
  66. * @return TokenInterface|Response|null
  67. */
  68. protected function attemptAuthentication(Request $request)
  69. {
  70. /* @var ResourceOwnerInterface $resourceOwner */
  71. [$resourceOwner, $checkPath] = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
  73. if (!$resourceOwner) {
  74. throw new AuthenticationException('No resource owner match the request.');
  75. }
  77. if (!$resourceOwner->handles($request)) {
  78. throw new AuthenticationException('No oauth code in the request.');
  79. }
  81. // If resource owner supports only one url authentication, call redirect
  82. if ($request->query->has('authenticated') && $resourceOwner->getOption('auth_with_one_url')) {
  83. $request->attributes->set('service', $resourceOwner->getName());
  85. return new RedirectResponse(sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code')));
  86. }
  88. $resourceOwner->isCsrfTokenValid(
  89. $this->extractCsrfTokenFromState($request->get('state'))
  90. );
  92. $accessToken = $resourceOwner->getAccessToken(
  93. $request,
  94. $this->httpUtils->createRequest($request, $checkPath)->getUri()
  95. );
  97. $token = new OAuthToken($accessToken);
  98. $token->setResourceOwnerName($resourceOwner->getName());
  100. return $this->authenticationManager->authenticate($token);
  101. }
  103. private function extractCsrfTokenFromState(?string $stateParameter): ?string
  104. {
  105. $state = new State($stateParameter);
  107. return $state->getCsrfToken() ?: $stateParameter;
  108. }
  109. }