vendor/hwi/oauth-bundle/Controller/ConnectController.php line 279

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the HWIOAuthBundle package.
  5.  *
  6.  * (c) Hardware.Info <opensource@hardware.info>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace HWI\Bundle\OAuthBundle\Controller;
  14. use HWI\Bundle\OAuthBundle\Event\FilterUserResponseEvent;
  15. use HWI\Bundle\OAuthBundle\Event\FormEvent;
  16. use HWI\Bundle\OAuthBundle\Event\GetResponseUserEvent;
  17. use HWI\Bundle\OAuthBundle\HWIOAuthEvents;
  18. use HWI\Bundle\OAuthBundle\OAuth\ResourceOwnerInterface;
  19. use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
  20. use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
  21. use HWI\Bundle\OAuthBundle\Security\Core\Exception\AccountNotLinkedException;
  22. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  23. use Symfony\Component\Form\Extension\Core\Type\FormType;
  24. use Symfony\Component\Form\FormInterface;
  25. use Symfony\Component\HttpFoundation\RedirectResponse;
  26. use Symfony\Component\HttpFoundation\Request;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  29. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  30. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  31. use Symfony\Component\Security\Core\Exception\AccountStatusException;
  32. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  33. use Symfony\Component\Security\Core\Security;
  34. use Symfony\Component\Security\Core\User\UserInterface;
  35. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  36. use Symfony\Component\Security\Http\SecurityEvents;
  38. /**
  39.  * @author Alexander <iam.asm89@gmail.com>
  40.  */
  41. class ConnectController extends Controller
  42. {
  43.     /**
  44.      * Action that handles the login 'form'. If connecting is enabled the
  45.      * user will be redirected to the appropriate login urls or registration forms.
  46.      *
  47.      * @param Request $request
  48.      *
  49.      * @throws \LogicException
  50.      *
  51.      * @return Response
  52.      */
  53.     public function connectAction(Request $request)
  54.     {
  55.         $connect $this->container->getParameter('hwi_oauth.connect');
  56.         $hasUser $this->getUser() ? $this->isGranted($this->container->getParameter('hwi_oauth.grant_rule')) : false;
  58.         $error $this->getErrorForRequest($request);
  60.         // if connecting is enabled and there is no user, redirect to the registration form
  61.         if ($connect && !$hasUser && $error instanceof AccountNotLinkedException) {
  62.             $key time();
  63.             $session $request->getSession();
  64.             if (!$session->isStarted()) {
  65.                 $session->start();
  66.             }
  68.             $session->set('_hwi_oauth.registration_error.'.$key$error);
  70.             return $this->redirectToRoute('hwi_oauth_connect_registration', array('key' => $key));
  71.         }
  73.         if ($error) {
  74.             if ($error instanceof AuthenticationException) {
  75.                 $error $error->getMessageKey();
  76.             } else {
  77.                 $error $error->getMessage();
  78.             }
  79.         }
  81.         return $this->render('@HWIOAuth/Connect/login.html.twig', array(
  82.             'error' => $error,
  83.         ));
  84.     }
  86.     /**
  87.      * Shows a registration form if there is no user logged in and connecting
  88.      * is enabled.
  89.      *
  90.      * @param Request $request a request
  91.      * @param string  $key     key used for retrieving the right information for the registration form
  92.      *
  93.      * @return Response
  94.      *
  95.      * @throws NotFoundHttpException if `connect` functionality was not enabled
  96.      * @throws AccessDeniedException if any user is authenticated
  97.      * @throws \RuntimeException
  98.      */
  99.     public function registrationAction(Request $request$key)
  100.     {
  101.         $connect $this->container->getParameter('hwi_oauth.connect');
  102.         if (!$connect) {
  103.             throw new NotFoundHttpException();
  104.         }
  106.         $hasUser $this->isGranted($this->container->getParameter('hwi_oauth.grant_rule'));
  107.         if ($hasUser) {
  108.             throw new AccessDeniedException('Cannot connect already registered account.');
  109.         }
  111.         $session $request->getSession();
  112.         if (!$session->isStarted()) {
  113.             $session->start();
  114.         }
  116.         $error $session->get('_hwi_oauth.registration_error.'.$key);
  117.         $session->remove('_hwi_oauth.registration_error.'.$key);
  119.         if (!$error instanceof AccountNotLinkedException) {
  120.             throw new \RuntimeException('Cannot register an account.'0$error instanceof \Exception $error null);
  121.         }
  123.         $userInformation $this
  124.             ->getResourceOwnerByName($error->getResourceOwnerName())
  125.             ->getUserInformation($error->getRawToken())
  126.         ;
  128.         /* @var $form FormInterface */
  129.         if ($this->container->getParameter('hwi_oauth.fosub_enabled')) {
  130.             // enable compatibility with FOSUserBundle 1.3.x and 2.x
  131.             if (interface_exists('FOS\UserBundle\Form\Factory\FactoryInterface')) {
  132.                 $form $this->container->get('hwi_oauth.registration.form.factory')->createForm();
  133.             } else {
  134.                 $form $this->container->get('hwi_oauth.registration.form');
  135.             }
  136.         } else {
  137.             $form $this->container->get('hwi_oauth.registration.form');
  138.         }
  140.         $formHandler $this->container->get('hwi_oauth.registration.form.handler');
  141.         if ($formHandler->process($request$form$userInformation)) {
  142.             $event = new FormEvent($form$request);
  143.             $this->get('event_dispatcher')->dispatch(HWIOAuthEvents::REGISTRATION_SUCCESS$event);
  145.             $this->container->get('hwi_oauth.account.connector')->connect($form->getData(), $userInformation);
  147.             // Authenticate the user
  148.             $this->authenticateUser($request$form->getData(), $error->getResourceOwnerName(), $error->getAccessToken());
  150.             if (null === $response $event->getResponse()) {
  151.                 if ($targetPath $this->getTargetPath($session)) {
  152.                     $response $this->redirect($targetPath);
  153.                 } else {
  154.                     $response $this->render('@HWIOAuth/Connect/registration_success.html.twig', array(
  155.                         'userInformation' => $userInformation,
  156.                     ));
  157.                 }
  158.             }
  160.             $event = new FilterUserResponseEvent($form->getData(), $request$response);
  161.             $this->get('event_dispatcher')->dispatch(HWIOAuthEvents::REGISTRATION_COMPLETED$event);
  163.             return $response;
  164.         }
  166.         // reset the error in the session
  167.         $session->set('_hwi_oauth.registration_error.'.$key$error);
  169.         $event = new GetResponseUserEvent($form->getData(), $request);
  170.         $this->get('event_dispatcher')->dispatch(HWIOAuthEvents::REGISTRATION_INITIALIZE$event);
  172.         if ($response $event->getResponse()) {
  173.             return $response;
  174.         }
  176.         return $this->render('@HWIOAuth/Connect/registration.html.twig', array(
  177.             'key' => $key,
  178.             'form' => $form->createView(),
  179.             'userInformation' => $userInformation,
  180.         ));
  181.     }
  183.     /**
  184.      * Connects a user to a given account if the user is logged in and connect is enabled.
  185.      *
  186.      * @param Request $request the active request
  187.      * @param string  $service name of the resource owner to connect to
  188.      *
  189.      * @throws \Exception
  190.      *
  191.      * @return Response
  192.      *
  193.      * @throws NotFoundHttpException if `connect` functionality was not enabled
  194.      * @throws AccessDeniedException if no user is authenticated
  195.      */
  196.     public function connectServiceAction(Request $request$service)
  197.     {
  198.         $connect $this->container->getParameter('hwi_oauth.connect');
  199.         if (!$connect) {
  200.             throw new NotFoundHttpException();
  201.         }
  203.         $hasUser $this->isGranted($this->container->getParameter('hwi_oauth.grant_rule'));
  204.         if (!$hasUser) {
  205.             throw new AccessDeniedException('Cannot connect an account.');
  206.         }
  208.         // Get the data from the resource owner
  209.         $resourceOwner $this->getResourceOwnerByName($service);
  211.         $session $request->getSession();
  212.         if (!$session->isStarted()) {
  213.             $session->start();
  214.         }
  216.         $key $request->query->get('key'time());
  218.         if ($resourceOwner->handles($request)) {
  219.             $accessToken $resourceOwner->getAccessToken(
  220.                 $request,
  221.                 $this->container->get('hwi_oauth.security.oauth_utils')->getServiceAuthUrl($request$resourceOwner)
  222.             );
  224.             // save in session
  225.             $session->set('_hwi_oauth.connect_confirmation.'.$key$accessToken);
  226.         } else {
  227.             $accessToken $session->get('_hwi_oauth.connect_confirmation.'.$key);
  228.         }
  230.         // Redirect to the login path if the token is empty (Eg. User cancelled auth)
  231.         if (null === $accessToken) {
  232.             if ($this->container->getParameter('hwi_oauth.failed_use_referer') && $targetPath $this->getTargetPath($session'failed_target_path')) {
  233.                 return $this->redirect($targetPath);
  234.             }
  236.             return $this->redirectToRoute($this->container->getParameter('hwi_oauth.failed_auth_path'));
  237.         }
  239.         // Show confirmation page?
  240.         if (!$this->container->getParameter('hwi_oauth.connect.confirmation')) {
  241.             return $this->getConfirmationResponse($request$accessToken$service);
  242.         }
  244.         // Symfony <3.0 BC
  245.         /** @var $form FormInterface */
  246.         $form method_exists('Symfony\Component\Form\AbstractType''getBlockPrefix')
  247.             ? $this->createForm(FormType::class)
  248.             : $this->createForm('form');
  249.         // Handle the form
  250.         $form->handleRequest($request);
  252.         if ($form->isSubmitted() && $form->isValid()) {
  253.             return $this->getConfirmationResponse($request$accessToken$service);
  254.         }
  256.         $event = new GetResponseUserEvent($this->getUser(), $request);
  257.         $this->get('event_dispatcher')->dispatch(HWIOAuthEvents::CONNECT_INITIALIZE$event);
  259.         if ($response $event->getResponse()) {
  260.             return $response;
  261.         }
  263.         return $this->render('@HWIOAuth/Connect/connect_confirm.html.twig', array(
  264.             'key' => $key,
  265.             'service' => $service,
  266.             'form' => $form->createView(),
  267.             'userInformation' => $resourceOwner->getUserInformation($accessToken),
  268.         ));
  269.     }
  271.     /**
  272.      * @param Request $request
  273.      * @param string  $service
  274.      *
  275.      * @throws NotFoundHttpException
  276.      *
  277.      * @return RedirectResponse
  278.      */
  279.     public function redirectToServiceAction(Request $request$service)
  280.     {
  281.         try {
  282.             $authorizationUrl $this->container->get('hwi_oauth.security.oauth_utils')->getAuthorizationUrl($request$service);
  283.         } catch (\RuntimeException $e) {
  284.             throw new NotFoundHttpException($e->getMessage(), $e);
  285.         }
  287.         $session $request->getSession();
  289.         // Check for a return path and store it before redirect
  290.         if (null !== $session) {
  291.             // initialize the session for preventing SessionUnavailableException
  292.             if (!$session->isStarted()) {
  293.                 $session->start();
  294.             }
  296.             foreach ($this->container->getParameter('hwi_oauth.firewall_names') as $providerKey) {
  297.                 $sessionKey '_security.'.$providerKey.'.target_path';
  298.                 $sessionKeyFailure '_security.'.$providerKey.'.failed_target_path';
  300.                 $param $this->container->getParameter('hwi_oauth.target_path_parameter');
  301.                 if (!empty($param) && $targetUrl $request->get($param)) {
  302.                     $session->set($sessionKey$targetUrl);
  303.                 }
  305.                 if ($this->container->getParameter('hwi_oauth.failed_use_referer') && !$session->has($sessionKeyFailure) && ($targetUrl $request->headers->get('Referer')) && $targetUrl !== $authorizationUrl) {
  306.                     $session->set($sessionKeyFailure$targetUrl);
  307.                 }
  309.                 if ($this->container->getParameter('hwi_oauth.use_referer') && !$session->has($sessionKey) && ($targetUrl $request->headers->get('Referer')) && $targetUrl !== $authorizationUrl) {
  310.                     $session->set($sessionKey$targetUrl);
  311.                 }
  312.             }
  313.         }
  315.         return $this->redirect($authorizationUrl);
  316.     }
  318.     /**
  319.      * Get the security error for a given request.
  320.      *
  321.      * @param Request $request
  322.      *
  323.      * @return string|\Exception
  324.      */
  325.     protected function getErrorForRequest(Request $request)
  326.     {
  327.         $authenticationErrorKey Security::AUTHENTICATION_ERROR;
  329.         if ($request->attributes->has($authenticationErrorKey)) {
  330.             return $request->attributes->get($authenticationErrorKey);
  331.         }
  333.         $session $request->getSession();
  334.         if (null !== $session && $session->has($authenticationErrorKey)) {
  335.             $error $session->get($authenticationErrorKey);
  336.             $session->remove($authenticationErrorKey);
  338.             return $error;
  339.         }
  341.         return '';
  342.     }
  344.     /**
  345.      * Get a resource owner by name.
  346.      *
  347.      * @param string $name
  348.      *
  349.      * @return ResourceOwnerInterface
  350.      *
  351.      * @throws NotFoundHttpException if there is no resource owner with the given name
  352.      */
  353.     protected function getResourceOwnerByName($name)
  354.     {
  355.         foreach ($this->container->getParameter('hwi_oauth.firewall_names') as $firewall) {
  356.             $id 'hwi_oauth.resource_ownermap.'.$firewall;
  357.             if (!$this->container->has($id)) {
  358.                 continue;
  359.             }
  361.             $ownerMap $this->container->get($id);
  362.             if ($resourceOwner $ownerMap->getResourceOwnerByName($name)) {
  363.                 return $resourceOwner;
  364.             }
  365.         }
  367.         throw new NotFoundHttpException(sprintf("No resource owner with name '%s'."$name));
  368.     }
  370.     /**
  371.      * Generates a route.
  372.      *
  373.      * @deprecated since version 0.4. Will be removed in 1.0.
  374.      *
  375.      * @param string $route    Route name
  376.      * @param array  $params   Route parameters
  377.      * @param bool   $absolute absolute url or note
  378.      *
  379.      * @return string
  380.      */
  381.     protected function generate($route, array $params = array(), $absolute false)
  382.     {
  383.         @trigger_error('The '.__METHOD__.' method is deprecated since version 0.4 and will be removed in 1.0. Use Symfony\Bundle\FrameworkBundle\Controller\Controller::generateUrl instead.'E_USER_DEPRECATED);
  385.         return $this->container->get('router')->generate($route$params$absolute);
  386.     }
  388.     /**
  389.      * Authenticate a user with Symfony Security.
  390.      *
  391.      * @param Request       $request
  392.      * @param UserInterface $user
  393.      * @param string        $resourceOwnerName
  394.      * @param string        $accessToken
  395.      * @param bool          $fakeLogin
  396.      */
  397.     protected function authenticateUser(Request $requestUserInterface $user$resourceOwnerName$accessToken$fakeLogin true)
  398.     {
  399.         try {
  400.             $this->container->get('hwi_oauth.user_checker')->checkPreAuth($user);
  401.             $this->container->get('hwi_oauth.user_checker')->checkPostAuth($user);
  402.         } catch (AccountStatusException $e) {
  403.             // Don't authenticate locked, disabled or expired users
  404.             return;
  405.         }
  407.         $token = new OAuthToken($accessToken$user->getRoles());
  408.         $token->setResourceOwnerName($resourceOwnerName);
  409.         $token->setUser($user);
  410.         $token->setAuthenticated(true);
  412.         $this->get('security.token_storage')->setToken($token);
  414.         if ($fakeLogin) {
  415.             // Since we're "faking" normal login, we need to throw our INTERACTIVE_LOGIN event manually
  416.             $this->container->get('event_dispatcher')->dispatch(
  417.                 SecurityEvents::INTERACTIVE_LOGIN,
  418.                 new InteractiveLoginEvent($request$token)
  419.             );
  420.         }
  421.     }
  423.     /**
  424.      * @param SessionInterface $session
  425.      *
  426.      * @return string|null
  427.      */
  428.     private function getTargetPath(SessionInterface $session)
  429.     {
  430.         foreach ($this->container->getParameter('hwi_oauth.firewall_names') as $providerKey) {
  431.             $sessionKey '_security.'.$providerKey.'.target_path';
  432.             if ($session->has($sessionKey)) {
  433.                 return $session->get($sessionKey);
  434.             }
  435.         }
  437.         return null;
  438.     }
  440.     /**
  441.      * @param Request $request     The active request
  442.      * @param array   $accessToken The access token
  443.      * @param string  $service     Name of the resource owner to connect to
  444.      *
  445.      * @return Response
  446.      *
  447.      * @throws NotFoundHttpException if there is no resource owner with the given name
  448.      */
  449.     private function getConfirmationResponse(Request $request, array $accessToken$service)
  450.     {
  451.         /** @var $currentToken OAuthToken */
  452.         $currentToken $this->container->get('security.token_storage')->getToken();
  453.         /** @var $currentUser UserInterface */
  454.         $currentUser $currentToken->getUser();
  456.         /** @var $resourceOwner ResourceOwnerInterface */
  457.         $resourceOwner $this->getResourceOwnerByName($service);
  458.         /** @var $userInformation UserResponseInterface */
  459.         $userInformation $resourceOwner->getUserInformation($accessToken);
  461.         $event = new GetResponseUserEvent($currentUser$request);
  462.         $this->get('event_dispatcher')->dispatch(HWIOAuthEvents::CONNECT_CONFIRMED$event);
  464.         $this->container->get('hwi_oauth.account.connector')->connect($currentUser$userInformation);
  466.         if ($currentToken instanceof OAuthToken) {
  467.             // Update user token with new details
  468.             $newToken =
  469.                 is_array($accessToken) &&
  470.                 (isset($accessToken['access_token']) || isset($accessToken['oauth_token'])) ?
  471.                     $accessToken $currentToken->getRawToken();
  473.             $this->authenticateUser($request$currentUser$service$newTokenfalse);
  474.         }
  476.         if (null === $response $event->getResponse()) {
  477.             if ($targetPath $this->getTargetPath($request->getSession())) {
  478.                 $response $this->redirect($targetPath);
  479.             } else {
  480.                 $response $this->render('@HWIOAuth/Connect/connect_success.html.twig', array(
  481.                     'userInformation' => $userInformation,
  482.                     'service' => $service,
  483.                 ));
  484.             }
  485.         }
  487.         $event = new FilterUserResponseEvent($currentUser$request$response);
  488.         $this->get('event_dispatcher')->dispatch(HWIOAuthEvents::CONNECT_COMPLETED$event);
  490.         return $response;
  491.     }
  492. }