src/Hitso/Bundle/CommonBundle/EventListener/SecurityListener.php line 217

Open in your IDE?
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4.  * @author Maciej Kaczmarek <maciej.kaczmarek@autentika.pl>
  5.  */
  7. namespace Hitso\Bundle\CommonBundle\EventListener;
  9. use Anyx\LoginGateBundle\Service\BruteForceChecker;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use FOS\UserBundle\Event\UserEvent;
  12. use FOS\UserBundle\FOSUserEvents;
  13. use Hitso\Bundle\CommonBundle\Entity\Log\Security;
  14. use Hitso\Bundle\CommonBundle\Entity\User;
  15. use Hitso\Bundle\CommonBundle\Entity\UserConnection;
  16. use Hitso\Bundle\CommonBundle\Entity\UserLogEntry;
  17. use Hitso\Bundle\CommonBundle\Security\Event\OAuthEvent;
  18. use Hitso\Bundle\MultiSiteBundle\MultiSite\SiteContext;
  19. use Hitso\Bundle\MultiSiteBundle\Router\MultiSiteRouter;
  20. use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
  21. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  22. use Symfony\Component\HttpFoundation\RedirectResponse;
  23. use Symfony\Component\HttpFoundation\Request;
  24. use Symfony\Component\HttpFoundation\Response;
  25. use Symfony\Component\HttpFoundation\Session\Session;
  26. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  27. use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
  28. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  30. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  31. use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
  32. use Symfony\Component\Security\Http\ParameterBagUtils;
  33. use Symfony\Component\Security\Http\SecurityEvents;
  35. /**
  36.  * Class SecurityListener
  37.  *
  38.  * @codeCoverageIgnore
  39.  */
  40. class SecurityListener implements EventSubscriberInterfaceLogoutHandlerInterfaceAuthenticationSuccessHandlerInterface
  41. {
  42.     /**
  43.      * @var EntityManagerInterface
  44.      */
  45.     private $manager;
  47.     /**
  48.      * @var $router MultiSiteRouter
  49.      */
  50.     protected $router;
  52.     /**
  53.      * @var $session Session
  54.      */
  55.     protected $session;
  57.     /**
  58.      * @var UserConnection
  59.      */
  60.     private $connection;
  62.     /**
  63.      * @var SiteContext
  64.      */
  65.     private $context;
  67.     /**
  68.      * @var BruteForceChecker
  69.      */
  70.     private $bruteForceChecker;
  72.     /**
  73.      * SecurityListener constructor.
  74.      *
  75.      * @param EntityManagerInterface $manager
  76.      * @param MultiSiteRouter        $router
  77.      * @param SessionInterface       $session
  78.      * @param SiteContext            $context
  79.      */
  80.     public function __construct(
  81.         EntityManagerInterface $manager,
  82.         MultiSiteRouter $router,
  83.         SessionInterface $session,
  84.         SiteContext $context,
  85.         BruteForceChecker $bruteForceChecker
  86.     ) {
  87.         $this->manager           $manager;
  88.         $this->router            $router;
  89.         $this->session           $session;
  90.         $this->context           $context;
  91.         $this->bruteForceChecker $bruteForceChecker;
  92.     }
  94.     /**
  95.      * @inheritdoc
  96.      */
  97.     public static function getSubscribedEvents()
  98.     {
  99.         return [
  100.             SecurityEvents::INTERACTIVE_LOGIN        => 'onInteractiveLogin',
  101.             FOSUserEvents::SECURITY_IMPLICIT_LOGIN   => 'onImplicitLogin',
  102.             FOSUserEvents::REGISTRATION_COMPLETED    => 'onRegisterComplete',
  103.             FOSUserEvents::REGISTRATION_CONFIRMED    => 'onRegisterConfirmed',
  104.             FOSUserEvents::RESETTING_RESET_COMPLETED => 'onResetComplete',
  105.             OAuthEvent::EVENT_NAME                   => 'onOAuthEvent',
  106.         ];
  107.     }
  109.     /**
  110.      * Listens to interactive login event fired by Symfony Security component and logs:
  111.      *   - OAuth login
  112.      *   - interactive login
  113.      *
  114.      * @param InteractiveLoginEvent $e
  115.      *
  116.      * @throws \Hitso\Bundle\CommonBundle\Exception\InvalidArgumentException
  117.      * @throws \Hitso\Bundle\MultiSiteBundle\Exception\InvalidArgumentException
  118.      */
  119.     public function onInteractiveLogin(InteractiveLoginEvent $e)
  120.     {
  121.         $token $e->getAuthenticationToken();
  123.         $this->setDefaultLocale($token);
  125.         if ($token instanceof OAuthToken) {
  126.             $this->log(
  127.                 new Security(
  128.                     Security::ACTION_LOGIN,
  129.                     Security::METHOD_OAUTH,
  130.                     $token->getResourceOwnerName(),
  131.                     $this->connection $this->connection->getIdentifier() : null
  132.                 ),
  133.                 $token
  134.             );
  135.         } elseif ($token instanceof RememberMeToken) {
  136.             $this->log(new Security(Security::ACTION_LOGINSecurity::METHOD_REMEMBER_ME), $token);
  137.         } else {
  138.             $this->log(new Security(Security::ACTION_LOGINSecurity::METHOD_INTERACTIVE), $token);
  139.         }
  140.     }
  142.     /**
  143.      * Save a log entry to the database.
  144.      *
  145.      * @param UserLogEntry $entry
  146.      * @param null         $tokenOrUser
  147.      */
  148.     private function log(UserLogEntry $entry$tokenOrUser null)
  149.     {
  150.         $user $this->getUserFromToken($tokenOrUser);
  151.         if ($user instanceof User) {
  152.             $entry->setUser($user);
  153.             $entry->setExtraData([
  154.                 'device' => $user->getLastLoginDevice(),
  155.             ]);
  156.         }
  158.         if (null !== $entry->getUser()) {
  159.             $this->manager->persist($entry);
  160.             $this->manager->flush();
  161.         }
  162.     }
  164.     /**
  165.      * @param null $tokenOrUser
  166.      *
  167.      * @throws \Hitso\Bundle\CommonBundle\Exception\InvalidArgumentException
  168.      * @throws \Hitso\Bundle\MultiSiteBundle\Exception\InvalidArgumentException
  169.      */
  170.     private function setDefaultLocale($tokenOrUser null)
  171.     {
  172.         $user  $this->getUserFromToken($tokenOrUser);
  173.         $sites $this->context->getSites();
  174.         if ($sites->has($user->getDefaultLocale())) {
  175.             $site $sites->get($user->getDefaultLocale());
  176.             if (isset($user$site)) {
  177.                 $this->context->setContentSite($site);
  178.             }
  179.         }
  180.     }
  182.     /**
  183.      * @param null $tokenOrUser
  184.      *
  185.      * @return mixed|null
  186.      */
  187.     private function getUserFromToken($tokenOrUser null)
  188.     {
  189.         if ($tokenOrUser instanceof TokenInterface) {
  190.             return $tokenOrUser->getUser();
  191.         } elseif ($tokenOrUser instanceof User) {
  192.             return $tokenOrUser;
  193.         }
  195.         return null;
  196.     }
  198.     /**
  199.      * Listens to implicit login event fired by FOSUserBundle.
  200.      *
  201.      * @param UserEvent $e
  202.      *
  203.      * @throws \Hitso\Bundle\CommonBundle\Exception\InvalidArgumentException
  204.      * @throws \Hitso\Bundle\MultiSiteBundle\Exception\InvalidArgumentException
  205.      */
  206.     public function onImplicitLogin(UserEvent $e)
  207.     {
  208.         $this->setDefaultLocale($e->getUser());
  209.         $this->log(new Security(Security::ACTION_LOGINSecurity::METHOD_IMPLICIT), $e->getUser());
  210.     }
  212.     /**
  213.      * Listens to register complete event fired by FOSUserBundle.
  214.      *
  215.      * @param UserEvent $e
  216.      */
  217.     public function onRegisterComplete(UserEvent $e)
  218.     {
  219.         $this->log(new Security(Security::ACTION_REGISTERSecurity::METHOD_INTERACTIVE), $e->getUser());
  220.     }
  222.     /**
  223.      * Listens to register confirmed event fired by FOSUserBundle.
  224.      *
  225.      * @param UserEvent $e
  226.      */
  227.     public function onRegisterConfirmed(UserEvent $e)
  228.     {
  229.         $this->log(new Security(Security::ACTION_REGISTER_CONFIRMEDSecurity::METHOD_INTERACTIVE), $e->getUser());
  230.     }
  232.     /**
  233.      * Listens to reset complete event fired by FOSUserBundle.
  234.      *
  235.      * @param UserEvent $e
  236.      */
  237.     public function onResetComplete(UserEvent $e)
  238.     {
  239.         $this->log(new Security(Security::ACTION_RESET_PASSWORDSecurity::METHOD_INTERACTIVE), $e->getUser());
  240.     }
  242.     /**
  243.      * Listens to OAuth event fired by Hitso's OAuth user provider.
  244.      *
  245.      * @param OAuthEvent $e
  246.      *
  247.      * @throws \Hitso\Bundle\CommonBundle\Exception\InvalidArgumentException
  248.      * @throws \Hitso\Bundle\MultiSiteBundle\Exception\InvalidArgumentException
  249.      */
  250.     public function onOAuthEvent(OAuthEvent $e)
  251.     {
  252.         $this->connection $connection $e->getConnection();
  254.         $this->setDefaultLocale($e->getUser());
  256.         if ($e->isNewUser()) {
  257.             $this->log(
  258.                 new Security(
  259.                     Security::ACTION_REGISTER,
  260.                     Security::METHOD_OAUTH,
  261.                     $connection->getProvider(),
  262.                     $connection->getIdentifier()
  263.                 ),
  264.                 $e->getUser()
  265.             );
  267.             if ($e->getUser()->isEnabled()) {
  268.                 $this->log(
  269.                     new Security(
  270.                         Security::ACTION_REGISTER_CONFIRMEDSecurity::METHOD_IMPLICIT
  271.                     ),
  272.                     $e->getUser()
  273.                 );
  274.             }
  275.         }
  277.         if ($e->isNewConnection()) {
  278.             $this->log(
  279.                 new Security(
  280.                     Security::ACTION_CONNECT,
  281.                     Security::METHOD_OAUTH,
  282.                     $connection->getProvider(),
  283.                     $connection->getIdentifier()
  284.                 ),
  285.                 $e->getUser()
  286.             );
  287.         }
  288.     }
  290.     /**
  291.      * This method is called by the LogoutListener when a user has requested
  292.      * to be logged out. Usually, you would unset session variables, or remove
  293.      * cookies, etc.
  294.      *
  295.      * @param Request        $request
  296.      * @param Response       $response
  297.      * @param TokenInterface $token
  298.      */
  299.     public function logout(Request $requestResponse $responseTokenInterface $token)
  300.     {
  301.         $securityLog = new Security(Security::ACTION_LOGOUT);
  302.         $this->log($securityLog$token);
  303.     }
  306.     /**
  307.      * @param InteractiveLoginEvent $event
  308.      *
  309.      * @throws \Hitso\Bundle\CommonBundle\Exception\InvalidArgumentException
  310.      * @throws \Hitso\Bundle\MultiSiteBundle\Exception\InvalidArgumentException
  311.      */
  312.     public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
  313.     {
  314.         $token   $event->getAuthenticationToken();
  315.         $request $event->getRequest();
  316.         $this->setDefaultLocale($token);
  317.         $this->onAuthenticationSuccess($request$token);
  318.     }
  320.     /**
  321.      * @param Request        $request
  322.      * @param TokenInterface $token
  323.      *
  324.      * @return RedirectResponse|Response
  325.      */
  326.     public function onAuthenticationSuccess(Request $requestTokenInterface $token)
  327.     {
  328.         $targetUrl urldecode(ParameterBagUtils::getRequestParameterValue($request'_target_path'));
  329.         if ($targetUrl === '') {
  330.             $targetUrl $this->router->getRouteCollection()->get('homepage') ? $this->router->generate('homepage') : '/';
  331.         }
  333.         $this->bruteForceChecker->getStorage()->clearCountAttempts($request);
  335.         return new RedirectResponse($targetUrl);
  336.     }
  337. }