7 tahun lalu · 56942a8392
--- a/Security/Firewall/OAuthProxyListener.php
+++ b/Security/Firewall/OAuthProxyListener.php
@@ -45,6 +45,12 @@ class OAuthProxyListener implements ListenerInterface
 
																     }
															
 
																     /**
															
 
																+     * Se crea el User y Token mediante alguno de los métodos
															
 
																+     * 
															
 
																+     * 1. Http Basic
															
 
																+     * 2. Authorization
															
 
																+     * 3. Client Ip
															
 
																+     * 
															
 
																      * @param GetResponseEvent $event
															
 
																      * 
															
 
																      * @return type
															
@@ -52,16 +58,35 @@ class OAuthProxyListener implements ListenerInterface
 
																     public function handle(GetResponseEvent $event)
															
 
																     {
															
 
																         $request = $event->getRequest();
															
 
																-
															
 
																+        $auth_info = array();
															
 
																         if ($request->headers->has("php-auth-user") && $request->headers->has("php-auth-pw")) {
															
 
																             $username = $request->headers->get("php-auth-user");
															
 
																             $password = $request->headers->get("php-auth-pw");
															
 
																+            $token = $this->accessTokenService->getToken($username, $password);
															
 
																+            $auth_info = $this->accessTokenService->getUserInfo($username, $password);
															
 
																+        } elseif ($request->headers->has("authorization")) {
															
 
																+            $authorization = $request->headers->get("authorization");
															
 
																+            $auth_info = $this->accessTokenService->requestUserInfo($authorization);
															
 
																+            if (isset($auth_info['username'])) {
															
 
																+                $username = $auth_info['username'];
															
 
																+            } else {
															
 
																+                return;
															
 
																+            }
															
 
																+        } elseif ($request->getClientIp()) {
															
 
																+            $username = $clientIp = $request->getClientIp();
															
 
																+            if (\AuthBundle\Utils\IpUtils::checkIp($clientIp) === false) {
															
 
																+                return;
															
 
																+            }
															
 
																+            $auth_info['roles'] = array('ROLE_USER');
															
 
																+            // @TODO: Traer la tenencia Base de la app Base
															
 
																+            $tenancy = array(
															
 
																+                'id' => 1,
															
 
																+                'name' => 'Tenencia Base',
															
 
																+            );
															
 
																+            $auth_info['tenancies'] = $auth_info['tenancyCurrent'] = $tenancy;
															
 
																         } else {
															
 
																             return;
															
 
																         }
															
 
																-        
															
 
																-        $token = $this->accessTokenService->getToken($username, $password);
															
 
																-        $auth_info = $this->accessTokenService->getUserInfo($username, $password);
															
 
																         $user = new CustomOAuthUser($username);
															
 
																         $user->setRoles($auth_info['roles']);
															
--- a/Services/AccessTokenService.php
+++ b/Services/AccessTokenService.php
@@ -119,16 +119,27 @@ class AccessTokenService
 
																      */
															
 
																     private function updateUserInfo($username, $password, $token)
															
 
																     {
															
 
																-        $oauth_headers = [
															
 
																-            "Authorization" => ucfirst($token["token_type"]) . " " . $token["access_token"],
															
 
																-        ];
															
 
																-        $browser = new \Buzz\Browser();
															
 
																-        $response = $browser->get($this->user_info_url, $oauth_headers);
															
 
																-        $auth_info = json_decode($response->getContent(), true);
															
 
																+        $auth_info = $this->requestUserInfo(ucfirst($token["token_type"]) . " " . $token["access_token"]);
															
 
																         $token["user_info"] = $auth_info;
															
 
																         file_put_contents("/tmp/." . base64_encode($username . ":" . $password), json_encode($token));
															
 
																         return $auth_info;
															
 
																     }
															
 
																+    
															
 
																+    /**
															
 
																+     * @param string $authorization
															
 
																+     * 
															
 
																+     * @return array
															
 
																+     */
															
 
																+    public function requestUserInfo($authorization)
															
 
																+    {
															
 
																+        $oauth_headers = [
															
 
																+            "Authorization" => $authorization,
															
 
																+        ];
															
 
																+        $browser = new \Buzz\Browser();
															
 
																+        $response = $browser->get($this->user_info_url, $oauth_headers);
															
 
																+        
															
 
																+        return json_decode($response->getContent(), true);
															
 
																+    }
															
 
																 }
															
--- a/Utils/IpUtils.php
+++ b/Utils/IpUtils.php
@@ -0,0 +1,63 @@
 
																+<?php
															
 
																+
															
 
																+namespace AuthBundle\Utils;
															
 
																+
															
 
																+use Symfony\Component\HttpFoundation\IpUtils as SfIpUtils;
															
 
																+
															
 
																+class IpUtils
															
 
																+{
															
 
																+
															
 
																+    /**
															
 
																+     * @param string $clientIp
															
 
																+     * @param array $ips
															
 
																+     * 
															
 
																+     * @return boolean
															
 
																+     */
															
 
																+    public function checkIp($clientIp, $ips = array())
															
 
																+    {
															
 
																+        // existe la variable de entorno API_CIDR ?
															
 
																+        // ej. API_CIDR = 127.0.0.1, 127.0.0.1-127.0.0.10, 127.0.0.1/24
															
 
																+        if (getenv("API_CIDR") !== false) {
															
 
																+            $API_CIDR = getenv("API_CIDR");
															
 
																+            $pieces = array_map('trim', explode(',', $API_CIDR));
															
 
																+            foreach ($pieces as $ip) {
															
 
																+                if (strpos($ip, '-') !== false) {
															
 
																+                    $this->getIpRange($ip, $ips);
															
 
																+                } else {
															
 
																+                    $ips[] = $ip;
															
 
																+                }
															
 
																+            }
															
 
																+        }
															
 
																+        foreach ($ips as $ip) {
															
 
																+            if (SfIpUtils::checkIp($clientIp, $ip)) {
															
 
																+                return true;
															
 
																+            }
															
 
																+        }
															
 
																+
															
 
																+        return false;
															
 
																+    }
															
 
																+    
															
 
																+    /**
															
 
																+     * @param string $ipRange
															
 
																+     * @param array $ips
															
 
																+     * 
															
 
																+     * @return array
															
 
																+     */
															
 
																+    public function getIpRange($ipRange, $ips = array())
															
 
																+    {
															
 
																+        $pieces = array_map('trim', explode('-', $ipRange));
															
 
																+        if (isset($pieces[0]) && isset($pieces[1])) {
															
 
																+            $firstIp = $ip = ip2long($pieces[0]);
															
 
																+            $lastIp = ip2long($pieces[1]);
															
 
																+            while ($ip <= $lastIp) {
															
 
																+                $ips[] = long2ip($ip);
															
 
																+                $ip++;
															
 
																+            }
															
 
																+        } elseif (isset($pieces[0])) {
															
 
																+            $ips[] = $pieces[0];
															
 
																+        }
															
 
																+        
															
 
																+        return $ips;
															
 
																+    }
															
 
																+
															
 
																+}