src/Mm/Escmid/EaaBundle/EventListener/AuthListener.php line 29

Open in your IDE?
  1. <?php
  3. namespace Mm\Escmid\EaaBundle\EventListener;
  5. use Mm\Escmid\EaaBundle\Controller\ApiControllerInterface;
  6. use Mm\Escmid\EaaBundle\Controller\AuthenticatedControllerInterface;
  7. use Mm\Escmid\EaaBundle\Controller\LegacyController;
  8. use Mm\Escmid\EaaBundle\Platform\Security\AccessDeniedHttpException;
  9. use Mm\Escmid\EaaBundle\Platform\Security\AuthenticationException;
  10. use Symfony\Bundle\FrameworkBundle\Controller\RedirectController;
  11. use Symfony\Bundle\WebProfilerBundle\Controller\ExceptionPanelController;
  12. use Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController;
  13. use Symfony\Bundle\WebProfilerBundle\Controller\RouterController;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  16. use Symfony\Component\HttpKernel\KernelEvents;
  18. class AuthListener implements EventSubscriberInterface
  19. {
  20. private $controllersWhitelist = [
  21. 'Mm\\Escmid\\ApiBundle\\',
  22. ];
  24. /**
  25. * AuthListener constructor.
  26. */
  27. public function __construct()
  28. {
  29. }
  31. public function onKernelController(ControllerEvent $event): void
  32. {
  33. /** @var Controller[] */
  34. $controllers = $event->getController();
  36. /*
  37. * $controller passed can be either a class or a Closure. This is not usual in Symfony but it may happen.
  38. * If it is a class, it comes in array format.
  39. */
  40. if (!is_array($controllers)) {
  41. return;
  42. }
  44. if ($controllers[0] instanceof AuthenticatedControllerInterface) {
  45. $controllers[0]->setRequest($event->getRequest());
  46. $this->checkController($controllers[0]);
  47. } elseif (($controllers[0] instanceof ProfilerController)
  48. || ($controllers[0] instanceof RouterController)
  49. ) {
  50. /*
  51. * allow access for Symfony WebProfilerBundle controllers
  52. */
  53. } elseif ($controllers[0] instanceof ApiControllerInterface) {
  54. // allow access to API
  55. } elseif ($controllers[0] instanceof RedirectController) {
  56. // allow redirects
  57. } elseif ($controllers[0] instanceof ExceptionPanelController) {
  58. // allow handling exceptions
  59. } else {
  60. $unknown = true;
  61. foreach ($this->controllersWhitelist as $className) {
  62. if (
  63. $controllers[0] instanceof $className
  64. || str_starts_with(get_class($controllers[0]), $className)
  65. ) {
  66. $unknown = false;
  67. break;
  68. }
  69. }
  71. if ($unknown) {
  72. throw new \Exception("Invalid controller '".$controllers[0]::class."', must be instance of either one of these:
  73. \n* Mm\\Escmid\\EaaBundle\\Controller\\AuthenticatedControllerInterface\n
  74. * Symfony\\Bundle\\WebProfilerBundle\\Controller\\ProfilerController\n
  75. * Symfony\\Bundle\\WebProfilerBundle\\Controller\\RouterController\n
  76. * Mm\\Escmid\\EaaBundle\\Controller\\ApiControllerInterface\n
  77. * Symfony\\Bundle\\FrameworkBundle\\Controller\\RedirectController\n
  78. * Symfony\\Bundle\\WebProfilerBundle\\Controller\\ExceptionPanelController\n".'* '.implode("\n* ", $this->controllersWhitelist));
  79. }
  80. }
  81. }
  83. public function checkController(AuthenticatedControllerInterface $controller): void
  84. {
  85. $principal = $controller->getPrincipal();
  87. $controller->refreshLastSessionActivity();
  89. if ($controller->requiresLogin() || LegacyController::class === $controller::class) {
  90. if (null === $principal || !$principal->isLoggedIn()) {
  91. throw new AuthenticationException('Not logged in.');
  92. }
  93. }
  95. if (!$controller->checkAreaPermissions()) {
  96. $path = $controller->getCurrentPath();
  97. throw new AccessDeniedHttpException(sprintf('Area Access denied for path %s.', $path));
  98. }
  100. if (!$controller->checkPermissions()) {
  101. throw new AccessDeniedHttpException('Access denied.');
  102. }
  103. }
  105. /**
  106. * @return array<string, mixed>
  107. */
  108. public static function getSubscribedEvents(): array
  109. {
  110. return [
  111. KernelEvents::CONTROLLER => 'onKernelController'
  112. ];
  113. }
  114. }