src/Mm/Escmid/EaaBundle/EventListener/AuthListener.php line 29

Open in your IDE?
  1. <?php
  3. namespace Mm\Escmid\EaaBundle\EventListener;
  5. use Mm\Escmid\EaaBundle\Controller\ApiControllerInterface;
  6. use Mm\Escmid\EaaBundle\Controller\AuthenticatedControllerInterface;
  7. use Mm\Escmid\EaaBundle\Controller\LegacyController;
  8. use Mm\Escmid\EaaBundle\Platform\Security\AccessDeniedHttpException;
  9. use Mm\Escmid\EaaBundle\Platform\Security\AuthenticationException;
  10. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  11. use Symfony\Bundle\FrameworkBundle\Controller\RedirectController;
  12. use Symfony\Bundle\WebProfilerBundle\Controller\ExceptionPanelController;
  13. use Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController;
  14. use Symfony\Bundle\WebProfilerBundle\Controller\RouterController;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  18. class AuthListener implements EventSubscriberInterface
  19. {
  20. private $controllersWhitelist = [];
  22. /**
  23. * AuthListener constructor.
  24. */
  25. public function __construct()
  26. {
  27. }
  29. public function onKernelController(ControllerEvent $event): void
  30. {
  31. /** @var Controller[] */
  32. $controllers = $event->getController();
  34. /*
  35. * $controller passed can be either a class or a Closure. This is not usual in Symfony but it may happen.
  36. * If it is a class, it comes in array format.
  37. */
  38. if (!is_array($controllers)) {
  39. return;
  40. }
  42. if ($controllers[0] instanceof AuthenticatedControllerInterface) {
  43. $controllers[0]->setRequest($event->getRequest());
  44. $this->checkController($controllers[0]);
  45. } elseif (($controllers[0] instanceof ProfilerController)
  46. || ($controllers[0] instanceof RouterController)
  47. ) {
  48. /*
  49. * allow access for Symfony WebProfilerBundle controllers
  50. */
  51. } elseif ($controllers[0] instanceof ApiControllerInterface) {
  52. // allow access to API
  53. } elseif ($controllers[0] instanceof RedirectController) {
  54. // allow redirects
  55. } elseif ($controllers[0] instanceof ExceptionPanelController) {
  56. // allow handling exceptions
  57. } else {
  58. $unknown = true;
  59. foreach ($this->controllersWhitelist as $className) {
  60. if ($controllers[0] instanceof $className) {
  61. $unknown = false;
  62. break;
  63. }
  64. }
  66. if ($unknown) {
  67. throw new \Exception("Invalid controller '".$controllers[0]::class."', must be instance of either one of these:
  68. \n* Mm\\Escmid\\EaaBundle\\Controller\\AuthenticatedControllerInterface\n
  69. * Symfony\\Bundle\\WebProfilerBundle\\Controller\\ProfilerController\n
  70. * Symfony\\Bundle\\WebProfilerBundle\\Controller\\RouterController\n
  71. * Mm\\Escmid\\EaaBundle\\Controller\\ApiControllerInterface\n
  72. * Symfony\\Bundle\\FrameworkBundle\\Controller\\RedirectController\n
  73. * Symfony\\Bundle\\WebProfilerBundle\\Controller\\ExceptionPanelController\n".'* '.implode("\n* ", $this->controllersWhitelist));
  74. }
  75. }
  76. }
  78. public function checkController(AuthenticatedControllerInterface $controller): void
  79. {
  80. $principal = $controller->getPrincipal();
  82. $controller->refreshLastSessionActivity();
  84. if ($controller->requiresLogin() || LegacyController::class === $controller::class) {
  85. if (null == $principal || !$principal->isLoggedIn()) {
  86. throw new AuthenticationException('Not logged in.');
  87. }
  88. }
  90. if (!$controller->checkAreaPermissions()) {
  91. $path = $controller->getCurrentPath();
  92. throw new AccessDeniedHttpException(sprintf('Area Access denied for path %s.', $path));
  93. }
  95. if (!$controller->checkPermissions()) {
  96. throw new AccessDeniedHttpException('Access denied.');
  97. }
  98. }
  100. /**
  101. * @return array<string, mixed>
  102. */
  103. public static function getSubscribedEvents(): array
  104. {
  105. return [\Symfony\Component\HttpKernel\KernelEvents::CONTROLLER => 'onKernelController'];
  106. }
  107. }