|
|
@@ -4,7 +4,7 @@ namespace AuthBundle\Security\Firewall;
|
|
|
|
|
|
use AuthBundle\Services\AccessTokenService;
|
|
|
use Base\OAuthClientBundle\Security\Core\User\CustomOAuthUser;
|
|
|
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
|
|
|
+use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
|
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
|
|
|
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
|
|
@@ -62,20 +62,30 @@ class OAuthProxyListener implements ListenerInterface
|
|
|
$username = $request->headers->get("php-auth-user");
|
|
|
$password = $request->headers->get("php-auth-pw");
|
|
|
$token = $this->accessTokenService->getToken($username, $password);
|
|
|
+ unset($token['user_info']);
|
|
|
+ $accessToken = $token;
|
|
|
$auth_info = $this->accessTokenService->getUserInfo($username, $password);
|
|
|
} elseif ($request->headers->has("authorization")) {
|
|
|
$authorization = $request->headers->get("authorization");
|
|
|
+ $pieces = explode(' ', $authorization);
|
|
|
+ $accessToken = array(
|
|
|
+ 'access_token' => $pieces[1],
|
|
|
+ );
|
|
|
$auth_info = $this->accessTokenService->requestUserInfo($authorization);
|
|
|
if (isset($auth_info['username'])) {
|
|
|
$username = $auth_info['username'];
|
|
|
} else {
|
|
|
- return;
|
|
|
+ return $this->deny($event);
|
|
|
}
|
|
|
} elseif ($request->getClientIp()) {
|
|
|
$username = $clientIp = $request->getClientIp();
|
|
|
if (\AuthBundle\Utils\IpUtils::checkIp($clientIp) === false) {
|
|
|
- return;
|
|
|
+ return $this->deny($event);
|
|
|
}
|
|
|
+ // @TODO: Generar access token para el caso de IP valida
|
|
|
+ $accessToken = array(
|
|
|
+ 'access_token' => '',
|
|
|
+ );
|
|
|
$auth_info['roles'] = array('ROLE_USER');
|
|
|
// @TODO: Traer la tenencia Base de la app Base
|
|
|
$tenancy = array(
|
|
|
@@ -84,7 +94,7 @@ class OAuthProxyListener implements ListenerInterface
|
|
|
);
|
|
|
$auth_info['tenancies'] = $auth_info['tenancyCurrent'] = $tenancy;
|
|
|
} else {
|
|
|
- return;
|
|
|
+ return $this->deny($event);
|
|
|
}
|
|
|
|
|
|
$user = new CustomOAuthUser($username);
|
|
|
@@ -92,29 +102,32 @@ class OAuthProxyListener implements ListenerInterface
|
|
|
$user->setTenancies($auth_info['tenancies']);
|
|
|
$user->setTenancyCurrent($auth_info['tenancyCurrent']);
|
|
|
|
|
|
- $token = new UsernamePasswordToken($user, null, "api", $user->getRoles());
|
|
|
-
|
|
|
+ $token = new OAuthToken($accessToken, $user->getRoles());
|
|
|
+ $token->setUser($user);
|
|
|
try {
|
|
|
$authToken = $this->authenticationManager->authenticate($token);
|
|
|
$this->tokenStorage->setToken($authToken);
|
|
|
|
|
|
return;
|
|
|
} catch (AuthenticationException $failed) {
|
|
|
- // ... you might log something here
|
|
|
- // To deny the authentication clear the token. This will redirect to the login page.
|
|
|
- // Make sure to only clear your token, not those of other authentication listeners.
|
|
|
- $token = $this->tokenStorage->getToken();
|
|
|
- if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) {
|
|
|
- $this->tokenStorage->setToken(null);
|
|
|
- }
|
|
|
-
|
|
|
- return;
|
|
|
+ var_dump($failed->getMessage());
|
|
|
}
|
|
|
|
|
|
- // By default deny authorization
|
|
|
+ $this->deny($event);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * @param GetResponseEvent $event
|
|
|
+ */
|
|
|
+ private function deny(GetResponseEvent $event)
|
|
|
+ {
|
|
|
+ $this->tokenStorage->setToken(null);
|
|
|
+
|
|
|
$response = new Response();
|
|
|
$response->setStatusCode(Response::HTTP_FORBIDDEN);
|
|
|
$event->setResponse($response);
|
|
|
+
|
|
|
+ return;
|
|
|
}
|
|
|
|
|
|
}
|
Guillermo Espinoza