Página inicial Explorar Ajuda
Registrar Entrar
VendorSoftwareFlowdat3
/
AuthBundle
2
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

OAuthProxyListener

Guillermo Espinoza 7 anos atrás
pai
271d2bb7e6
commit
56942a8392
3 arquivos alterados com 109 adições e 10 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 29 4
      Security/Firewall/OAuthProxyListener.php
  2. 17 6
      Services/AccessTokenService.php
  3. 63 0
      Utils/IpUtils.php

+ 29 - 4
Security/Firewall/OAuthProxyListener.php
Ver arquivo 

@@ -45,6 +45,12 @@ class OAuthProxyListener implements ListenerInterface
 
     }
 
 
     /**
 
+     * Se crea el User y Token mediante alguno de los métodos
 
+     * 
+     * 1. Http Basic
 
+     * 2. Authorization
 
+     * 3. Client Ip
 
+     * 
      * @param GetResponseEvent $event
 
      * 
      * @return type
 
@@ -52,16 +58,35 @@ class OAuthProxyListener implements ListenerInterface
 
     public function handle(GetResponseEvent $event)
 
     {
 
         $request = $event->getRequest();
 
-
 
+        $auth_info = array();
 
         if ($request->headers->has("php-auth-user") && $request->headers->has("php-auth-pw")) {
 
             $username = $request->headers->get("php-auth-user");
 
             $password = $request->headers->get("php-auth-pw");
 
+            $token = $this->accessTokenService->getToken($username, $password);
 
+            $auth_info = $this->accessTokenService->getUserInfo($username, $password);
 
+        } elseif ($request->headers->has("authorization")) {
 
+            $authorization = $request->headers->get("authorization");
 
+            $auth_info = $this->accessTokenService->requestUserInfo($authorization);
 
+            if (isset($auth_info['username'])) {
 
+                $username = $auth_info['username'];
 
+            } else {
 
+                return;
 
+            }
 
+        } elseif ($request->getClientIp()) {
 
+            $username = $clientIp = $request->getClientIp();
 
+            if (\AuthBundle\Utils\IpUtils::checkIp($clientIp) === false) {
 
+                return;
 
+            }
 
+            $auth_info['roles'] = array('ROLE_USER');
 
+            // @TODO: Traer la tenencia Base de la app Base
 
+            $tenancy = array(
 
+                'id' => 1,
 
+                'name' => 'Tenencia Base',
 
+            );
 
+            $auth_info['tenancies'] = $auth_info['tenancyCurrent'] = $tenancy;
 
         } else {
 
             return;
 
         }
 
-        
-        $token = $this->accessTokenService->getToken($username, $password);
 
-        $auth_info = $this->accessTokenService->getUserInfo($username, $password);
 
                 
         $user = new CustomOAuthUser($username);
 
         $user->setRoles($auth_info['roles']);

+ 17 - 6
Services/AccessTokenService.php
Ver arquivo 

@@ -119,16 +119,27 @@ class AccessTokenService
 
      */
 
     private function updateUserInfo($username, $password, $token)
 
     {
 
-        $oauth_headers = [
 
-            "Authorization" => ucfirst($token["token_type"]) . " " . $token["access_token"],
 
-        ];
 
-        $browser = new \Buzz\Browser();
 
-        $response = $browser->get($this->user_info_url, $oauth_headers);
 
-        $auth_info = json_decode($response->getContent(), true);
 
+        $auth_info = $this->requestUserInfo(ucfirst($token["token_type"]) . " " . $token["access_token"]);
 
         $token["user_info"] = $auth_info;
 
         file_put_contents("/tmp/." . base64_encode($username . ":" . $password), json_encode($token));
 
 
         return $auth_info;
 
     }
 
+    
+    /**
 
+     * @param string $authorization
 
+     * 
+     * @return array
 
+     */
 
+    public function requestUserInfo($authorization)
 
+    {
 
+        $oauth_headers = [
 
+            "Authorization" => $authorization,
 
+        ];
 
+        $browser = new \Buzz\Browser();
 
+        $response = $browser->get($this->user_info_url, $oauth_headers);
 
+        
+        return json_decode($response->getContent(), true);
 
+    }
 
 
 }

+ 63 - 0
Utils/IpUtils.php
Ver arquivo 

@@ -0,0 +1,63 @@
 
+<?php
 
+
 
+namespace AuthBundle\Utils;
 
+
 
+use Symfony\Component\HttpFoundation\IpUtils as SfIpUtils;
 
+
 
+class IpUtils
 
+{
 
+
 
+    /**
 
+     * @param string $clientIp
 
+     * @param array $ips
 
+     * 
+     * @return boolean
 
+     */
 
+    public function checkIp($clientIp, $ips = array())
 
+    {
 
+        // existe la variable de entorno API_CIDR ?
 
+        // ej. API_CIDR = 127.0.0.1, 127.0.0.1-127.0.0.10, 127.0.0.1/24
 
+        if (getenv("API_CIDR") !== false) {
 
+            $API_CIDR = getenv("API_CIDR");
 
+            $pieces = array_map('trim', explode(',', $API_CIDR));
 
+            foreach ($pieces as $ip) {
 
+                if (strpos($ip, '-') !== false) {
 
+                    $this->getIpRange($ip, $ips);
 
+                } else {
 
+                    $ips[] = $ip;
 
+                }
 
+            }
 
+        }
 
+        foreach ($ips as $ip) {
 
+            if (SfIpUtils::checkIp($clientIp, $ip)) {
 
+                return true;
 
+            }
 
+        }
 
+
 
+        return false;
 
+    }
 
+    
+    /**
 
+     * @param string $ipRange
 
+     * @param array $ips
 
+     * 
+     * @return array
 
+     */
 
+    public function getIpRange($ipRange, $ips = array())
 
+    {
 
+        $pieces = array_map('trim', explode('-', $ipRange));
 
+        if (isset($pieces[0]) && isset($pieces[1])) {
 
+            $firstIp = $ip = ip2long($pieces[0]);
 
+            $lastIp = ip2long($pieces[1]);
 
+            while ($ip <= $lastIp) {
 
+                $ips[] = long2ip($ip);
 
+                $ip++;
 
+            }
 
+        } elseif (isset($pieces[0])) {
 
+            $ips[] = $pieces[0];
 
+        }
 
+        
+        return $ips;
 
+    }
 
+
 
+}