vendor/hwi/oauth-bundle/Controller/RedirectToServiceController.php line 76

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the HWIOAuthBundle package.
  5. *
  6. * (c) Hardware Info <[email protected]>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace HWI\Bundle\OAuthBundle\Controller;
  14. use HWI\Bundle\OAuthBundle\Security\OAuthUtils;
  15. use HWI\Bundle\OAuthBundle\Util\DomainWhitelist;
  16. use RuntimeException;
  17. use Symfony\Component\HttpFoundation\RedirectResponse;
  18. use Symfony\Component\HttpFoundation\Request;
  19. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  20. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  22. /**
  23. * @author Alexander <[email protected]>
  24. */
  25. final class RedirectToServiceController
  26. {
  27. /**
  28. * @var OAuthUtils
  29. */
  30. private $oauthUtils;
  32. /**
  33. * @var DomainWhitelist
  34. */
  35. private $domainWhitelist;
  37. /**
  38. * @var array
  39. */
  40. private $firewallNames;
  42. /**
  43. * @var string|null
  44. */
  45. private $targetPathParameter;
  47. /**
  48. * @var bool
  49. */
  50. private $failedUseReferer;
  52. /**
  53. * @var bool
  54. */
  55. private $useReferer;
  57. public function __construct(
  58. OAuthUtils $oauthUtils,
  59. DomainWhitelist $domainWhitelist,
  60. array $firewallNames,
  61. ?string $targetPathParameter,
  62. bool $failedUseReferer,
  63. bool $useReferer
  64. ) {
  65. $this->oauthUtils = $oauthUtils;
  66. $this->domainWhitelist = $domainWhitelist;
  67. $this->firewallNames = $firewallNames;
  68. $this->targetPathParameter = $targetPathParameter;
  69. $this->failedUseReferer = $failedUseReferer;
  70. $this->useReferer = $useReferer;
  71. }
  73. /**
  74. * @throws NotFoundHttpException
  75. */
  76. public function redirectToServiceAction(Request $request, string $service): RedirectResponse
  77. {
  78. try {
  79. $authorizationUrl = $this->oauthUtils->getAuthorizationUrl($request, $service);
  80. } catch (RuntimeException $e) {
  81. throw new NotFoundHttpException($e->getMessage(), $e);
  82. }
  84. $this->storeReturnPath($request, $authorizationUrl);
  86. return new RedirectResponse($authorizationUrl);
  87. }
  89. private function storeReturnPath(Request $request, string $authorizationUrl): void
  90. {
  91. $session = $request->getSession();
  93. if (null === $session) {
  94. return;
  95. }
  97. $param = $this->targetPathParameter;
  99. foreach ($this->firewallNames as $providerKey) {
  100. $sessionKey = '_security.'.$providerKey.'.target_path';
  101. $sessionKeyFailure = '_security.'.$providerKey.'.failed_target_path';
  103. if (!empty($param) && $targetUrl = $request->get($param)) {
  104. if (!$this->domainWhitelist->isValidTargetUrl($targetUrl)) {
  105. throw new AccessDeniedHttpException('Not allowed to redirect to '.$targetUrl);
  106. }
  108. $session->set($sessionKey, $targetUrl);
  109. }
  111. if ($this->failedUseReferer && !$session->has($sessionKeyFailure) && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $authorizationUrl) {
  112. $session->set($sessionKeyFailure, $targetUrl);
  113. }
  115. if ($this->useReferer && !$session->has($sessionKey) && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $authorizationUrl) {
  116. $session->set($sessionKey, $targetUrl);
  117. }
  118. }
  119. }
  120. }