tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->accessTokenService = $accessTokenService; } /** * @param Logger $logger */ public function setLogger(Logger $logger) { $this->logger = $logger; } /** * Se crea el User y Token mediante alguno de los métodos * * 1. Http Basic * 2. Authorization * 3. Client Ip * 4. Firewalls * * @param GetResponseEvent $event * @return type * */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $messageLog = ""; // verifico si la ip esta bloqueada. Se utiliza la variable API_CIDR_DENY para almacenar las ip o rangos de ip if (\AuthBundle\Utils\IpUtils::checkIpDeny($request->getClientIp())) { $messageLog = "Deny IP: " . $request->getClientIp(); $error = true; } else if (($this->tokenStorage != null && $this->tokenStorage->getToken() != null && $this->tokenStorage->getToken() instanceof OAuthToken)) { // como los firewalls comparten info a traves del context no tengo que hacer nada, ya esta logueado. $messageLog = "Firewalls (IP: " . $request->getClientIp() . ")"; $error = false; } else if ($request->headers->has("php-auth-user") && $request->headers->has("php-auth-pw")) { $messageLog = "PHP-AUTH (IP: " . $request->getClientIp() . ")"; // el header contiene php-auth-user && php-auth-pw $error = !$this->PHPAuth($request); } else if($request->headers->has("microservice") && $request->headers->has("authorization")){ $messageLog = "AUTHORIZATION A (IP: " . $request->getClientIp() . ")"; $error = !$this->PHPMicroservice($request); } elseif ($request->headers->has("authorization") && !$request->headers->has("microservice")) { $messageLog = "AUTHORIZATION A (IP: " . $request->getClientIp() . ")"; // el header contiene authorization $error = !$this->PHPAuthorization($request); } elseif ($request->getClientIp()) { $messageLog = "AUTHORIZATION B (IP: " . $request->getClientIp() . ")"; $error = !$this->clientIp($request); } else { $messageLog = "NO REFERENCE. DENY ALL."; $error = true; } if ($error) { $this->logger->info("ERROR - " . $messageLog); $this->deny($event); } else { $this->logger->info("OK - " . $messageLog); } } /** * @param GetResponseEvent $event */ private function deny(GetResponseEvent $event) { $this->tokenStorage->setToken(null); $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); echo 'The OAuth authentication failed.' . PHP_EOL; return; } /** * @param Request $request * @return bool Retorna TRUE si pudo crear y setear el CustomOAuthUser */ private function PHPAuth(Request $request) { $username = $request->headers->get("php-auth-user"); $password = $request->headers->get("php-auth-pw"); $token = $this->accessTokenService->getToken($username, $password); unset($token['user_info']); $accessToken = $token; $auth_info = $this->accessTokenService->getUserInfo($username, $password); return $this->createCustomOAuthUser($username, $accessToken, $auth_info); } /** * @param Request $request * @return bool Retorna TRUE si pudo crear y setear el CustomOAuthUser */ private function PHPMicroservice($request) { $authorization = $request->headers->get("authorization"); $clientId = $request->headers->get('clientid'); $clientSecret = $request->headers->get('clientsecret'); $pieces = explode(' ', $authorization); $accessToken = array( 'access_token' => $pieces[1], ); if(getenv('OAUTH_CLIENT_ID') != $clientId || getenv('OAUTH_CLIENT_SECRET') != $clientSecret){ return false; } $auth_info = [ 'username' => 'Microservice', 'roles' => [ 'ROLE_USER' ], 'hasIntercom' => false, 'tenancyCurrent' => null, 'tenancies' => [] ]; if (isset($auth_info['username'])) { $username = $auth_info['username']; return $this->createCustomOAuthUser($username, $accessToken, $auth_info); } else { return false; } } /** * Crea el custom user. * @param string $username * @param array $accessToken * @param array $auth_info * @return bool Retorna TRUE si pudo crear el CustomOAuthUser */ private function createCustomOAuthUser(string $username, array $accessToken, array $auth_info) { try { $user = new CustomOAuthUser($username); if (count($auth_info)) { $user->setRoles($auth_info['roles']); $user->setTenancies($auth_info['tenancies']); $user->setTenancyCurrent($auth_info['tenancyCurrent']); $user->setHasIntercom($auth_info['hasIntercom']); } $token = new OAuthToken($accessToken, $user->getRoles()); $token->setUser($user); $authToken = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($authToken); return true; } catch (\Exception $failed) { //var_dump($failed->getMessage()); return false; } } /** * @param Request $request * @return bool Retorna TRUE si pudo crear y setear el CustomOAuthUser */ private function PHPAuthorization($request) { $authorization = $request->headers->get("authorization"); $pieces = explode(' ', $authorization); $accessToken = array( 'access_token' => $pieces[1], ); $auth_info = $this->accessTokenService->requestUserInfo($authorization); if (isset($auth_info['username'])) { $username = $auth_info['username']; return $this->createCustomOAuthUser($username, $accessToken, $auth_info); } else { return false; } } /** * @param Request $request * @return bool Retorna TRUE si pudo crear y setear el CustomOAuthUser */ private function clientIp($request) { $username = $clientIp = $request->getClientIp(); if (\AuthBundle\Utils\IpUtils::checkIp($clientIp) === false) { return false; } // @TODO: Generar access token para el caso de IP valida $accessToken = array( 'access_token' => '', ); $auth_info['roles'] = array('ROLE_USER'); // @TODO: Traer la tenencia Base de la app Base $filter = $request->query->get('filters'); if(isset($filter['tenancyId']) && $filter['tenancyId'] != 1) { $tenancy = array( array('id' => 1,'name' => 'Tenencia Base',), array('id' => (int) $filter['tenancyId'], 'name' => 'Tenancy Fix')); } else { $tenancy = array(array( 'id' => 1, 'name' => 'Tenencia Base', )); } $auth_info['tenancies'] = $tenancy; $auth_info['tenancyCurrent'] = end($tenancy); return $this->createCustomOAuthUser($username, $accessToken, $auth_info); } }