refactor: consent checks are performed in AbstractProvider and not in…

… child classes
maelgangloff · Oct 31, 2024 · c7a50ee · c7a50ee
1 parent 5be9024
commit c7a50ee
Show file tree

Hide file tree

Showing 29 changed files with 928 additions and 889 deletions.
diff --git a/composer.lock b/composer.lock
diff --git a/src/Config/WebhookScheme.php b/src/Config/WebhookScheme.php
@@ -41,7 +41,7 @@ public function getChatTransportFactory(): string
             WebhookScheme::ZULIP => ZulipTransportFactory::class,
             WebhookScheme::PUSHOVER => PushoverTransportFactory::class,
             WebhookScheme::NTFY => NtfyTransportFactory::class,
-            WebhookScheme::ENGAGESPOT => EngagespotTransportFactory::class
+            WebhookScheme::ENGAGESPOT => EngagespotTransportFactory::class,
         };
     }
 }
diff --git a/src/Controller/ConnectorController.php b/src/Controller/ConnectorController.php
@@ -24,7 +24,7 @@ public function __construct(
         private readonly EntityManagerInterface $em,
         private readonly LoggerInterface $logger,
         #[Autowire(service: 'service_container')]
-        private ContainerInterface $locator
+        private ContainerInterface $locator,
     ) {
     }
 

diff --git a/src/Controller/DomainRefreshController.php b/src/Controller/DomainRefreshController.php
@@ -25,7 +25,7 @@ public function __construct(private readonly DomainRepository $domainRepository,
         private readonly RDAPService $RDAPService,
         private readonly RateLimiterFactory $rdapRequestsLimiter,
         private readonly MessageBusInterface $bus,
-        private readonly LoggerInterface $logger, private readonly KernelInterface $kernel
+        private readonly LoggerInterface $logger, private readonly KernelInterface $kernel,
     ) {
     }
 

diff --git a/src/Controller/RegistrationController.php b/src/Controller/RegistrationController.php
@@ -32,7 +32,7 @@ public function __construct(
         private readonly EntityManagerInterface $em,
         private readonly SerializerInterface $serializer,
         private readonly LoggerInterface $logger,
-        private readonly KernelInterface $kernel
+        private readonly KernelInterface $kernel,
     ) {
     }
 

diff --git a/src/Controller/StatisticsController.php b/src/Controller/StatisticsController.php
@@ -16,7 +16,7 @@ public function __construct(
         private readonly CacheItemPoolInterface $pool,
         private readonly DomainRepository $domainRepository,
         private readonly WatchListRepository $watchListRepository,
-        private readonly KernelInterface $kernel
+        private readonly KernelInterface $kernel,
     ) {
     }
 

diff --git a/src/Controller/WatchListController.php b/src/Controller/WatchListController.php
@@ -51,7 +51,7 @@ public function __construct(
         private readonly LoggerInterface $logger,
         private readonly ChatNotificationService $chatNotificationService,
         #[Autowire(service: 'service_container')]
-        private ContainerInterface $locator
+        private ContainerInterface $locator,
     ) {
     }
 

diff --git a/src/Message/OrderDomain.php b/src/Message/OrderDomain.php
@@ -7,7 +7,7 @@ final class OrderDomain
     public function __construct(
         public string $watchListToken,
         public string $ldhName,
-        public \DateTimeImmutable $updatedAt
+        public \DateTimeImmutable $updatedAt,
     ) {
     }
 }
diff --git a/src/Message/SendDomainEventNotif.php b/src/Message/SendDomainEventNotif.php
@@ -7,7 +7,7 @@ final class SendDomainEventNotif
     public function __construct(
         public string $watchListToken,
         public string $ldhName,
-        public \DateTimeImmutable $updatedAt
+        public \DateTimeImmutable $updatedAt,
     ) {
     }
 }
diff --git a/src/MessageHandler/OrderDomainHandler.php b/src/MessageHandler/OrderDomainHandler.php
@@ -38,7 +38,7 @@ public function __construct(
         private StatService $statService,
         private ChatNotificationService $chatNotificationService,
         #[Autowire(service: 'service_container')]
-        private ContainerInterface $locator
+        private ContainerInterface $locator,
     ) {
         $this->sender = new Address($mailerSenderEmail, $mailerSenderName);
     }

diff --git a/src/MessageHandler/ProcessWatchListsTriggerHandler.php b/src/MessageHandler/ProcessWatchListsTriggerHandler.php
@@ -16,7 +16,7 @@
 {
     public function __construct(
         private WatchListRepository $watchListRepository,
-        private MessageBusInterface $bus
+        private MessageBusInterface $bus,
     ) {
     }
 

diff --git a/src/MessageHandler/SendDomainEventNotifHandler.php b/src/MessageHandler/SendDomainEventNotifHandler.php
@@ -34,7 +34,7 @@ public function __construct(
         private StatService $statService,
         private DomainRepository $domainRepository,
         private WatchListRepository $watchListRepository,
-        private ChatNotificationService $chatNotificationService
+        private ChatNotificationService $chatNotificationService,
     ) {
         $this->sender = new Address($mailerSenderEmail, $mailerSenderName);
     }

diff --git a/src/MessageHandler/UpdateDomainsFromWatchlistHandler.php b/src/MessageHandler/UpdateDomainsFromWatchlistHandler.php
@@ -36,7 +36,7 @@ public function __construct(
         string $mailerSenderName,
         private MessageBusInterface $bus,
         private WatchListRepository $watchListRepository,
-        private LoggerInterface $logger
+        private LoggerInterface $logger,
     ) {
         $this->sender = new Address($mailerSenderEmail, $mailerSenderName);
     }

diff --git a/src/MessageHandler/UpdateRdapServersHandler.php b/src/MessageHandler/UpdateRdapServersHandler.php
@@ -17,7 +17,7 @@
 {
     public function __construct(
         private RDAPService $RDAPService,
-        private ParameterBagInterface $bag
+        private ParameterBagInterface $bag,
     ) {
     }
 

diff --git a/src/Notifier/DomainOrderErrorNotification.php b/src/Notifier/DomainOrderErrorNotification.php
@@ -17,7 +17,7 @@ class DomainOrderErrorNotification extends DomainWatchdogNotification
 {
     public function __construct(
         private readonly Address $sender,
-        private readonly Domain $domain
+        private readonly Domain $domain,
     ) {
         parent::__construct();
     }

diff --git a/src/Notifier/DomainOrderNotification.php b/src/Notifier/DomainOrderNotification.php
@@ -19,7 +19,7 @@ class DomainOrderNotification extends DomainWatchdogNotification
     public function __construct(
         private readonly Address $sender,
         private readonly Domain $domain,
-        private readonly Connector $connector
+        private readonly Connector $connector,
     ) {
         parent::__construct();
     }

diff --git a/src/Notifier/DomainUpdateErrorNotification.php b/src/Notifier/DomainUpdateErrorNotification.php
@@ -16,7 +16,7 @@ class DomainUpdateErrorNotification extends DomainWatchdogNotification
 {
     public function __construct(
         private readonly Address $sender,
-        private readonly Domain $domain
+        private readonly Domain $domain,
     ) {
         parent::__construct();
     }

diff --git a/src/Notifier/DomainUpdateNotification.php b/src/Notifier/DomainUpdateNotification.php
@@ -17,7 +17,7 @@ class DomainUpdateNotification extends DomainWatchdogNotification
 {
     public function __construct(
         private readonly Address $sender,
-        private readonly DomainEvent $domainEvent
+        private readonly DomainEvent $domainEvent,
     ) {
         parent::__construct();
     }

diff --git a/src/Security/EmailVerifier.php b/src/Security/EmailVerifier.php
@@ -15,7 +15,7 @@
     public function __construct(
         private VerifyEmailHelperInterface $verifyEmailHelper,
         private MailerInterface $mailer,
-        private EntityManagerInterface $entityManager
+        private EntityManagerInterface $entityManager,
     ) {
     }
 

diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
@@ -22,7 +22,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
     public function __construct(
         protected JWTTokenManagerInterface $jwtManager,
         protected EventDispatcherInterface $dispatcher,
-        protected KernelInterface $kernel
+        protected KernelInterface $kernel,
     ) {
     }
 

diff --git a/src/Security/OAuthAuthenticator.php b/src/Security/OAuthAuthenticator.php
@@ -27,7 +27,7 @@ public function __construct(
         private readonly UserRepository $userRepository,
         private readonly EntityManagerInterface $em,
         private readonly RouterInterface $router,
-        private readonly JWTTokenManagerInterface $JWTManager
+        private readonly JWTTokenManagerInterface $JWTManager,
     ) {
     }
 

diff --git a/src/Service/ChatNotificationService.php b/src/Service/ChatNotificationService.php
@@ -15,7 +15,7 @@
 readonly class ChatNotificationService
 {
     public function __construct(
-        private LoggerInterface $logger
+        private LoggerInterface $logger,
     ) {
     }
 

diff --git a/src/Service/Connector/AbstractProvider.php b/src/Service/Connector/AbstractProvider.php
@@ -3,8 +3,11 @@
 namespace App\Service\Connector;
 
 use App\Entity\Domain;
+use Exception;
 use Psr\Cache\CacheItemInterface;
 use Psr\Cache\CacheItemPoolInterface;
+use Symfony\Component\DependencyInjection\Attribute\Autoconfigure;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 
 /**
  * The typical flow of a provider will go as follows:
@@ -13,21 +16,65 @@
  * $provider->authenticate($authData);
  * $provider->orderDomain($domain, $dryRun);
  */
+#[Autoconfigure(public: true)]
 abstract class AbstractProvider
 {
     protected array $authData;
 
     public function __construct(
-        protected CacheItemPoolInterface $cacheItemPool
+        protected CacheItemPoolInterface $cacheItemPool,
     ) {
     }
 
     /**
+     * Perform a static check of the connector data.
+     * To be valid, the data fields must match the Provider and the conditions must be accepted.
+     * User consent is checked here.
+     *
      * @param array $authData raw authentication data as supplied by the user
      *
      * @return array a cleaned up version of the authentication data
+     *
+     * @throws HttpException when the user does not accept the necessary conditions
+     */
+    public function verifyAuthData(array $authData): array
+    {
+        return [
+            ...$this->verifySpecificAuthData($this->verifyLegalAuthData($authData)),
+            'acceptConditions' => $authData['acceptConditions'],
+            'ownerLegalAge' => $authData['ownerLegalAge'],
+            'waiveRetractationPeriod' => $authData['waiveRetractationPeriod'],
+        ];
+    }
+
+    /**
+     * @param array $authData raw authentication data as supplied by the user
+     *
+     * @return array specific authentication data
+     */
+    abstract protected function verifySpecificAuthData(array $authData): array;
+
+    /**
+     * @param array $authData raw authentication data as supplied by the user
+     *
+     * @return array raw authentication data as supplied by the user
+     *
+     * @throws HttpException when the user does not accept the necessary conditions
      */
-    abstract public function verifyAuthData(array $authData): array;
+    private function verifyLegalAuthData(array $authData): array
+    {
+        $acceptConditions = $authData['acceptConditions'];
+        $ownerLegalAge = $authData['ownerLegalAge'];
+        $waiveRetractationPeriod = $authData['waiveRetractationPeriod'];
+
+        if (true !== $acceptConditions
+            || true !== $ownerLegalAge
+            || true !== $waiveRetractationPeriod) {
+            throw new HttpException(451, 'The user has not given explicit consent');
+        }
+
+        return $authData;
+    }
 
     /**
      * @throws \Exception when the registrar denies the authentication

diff --git a/src/Service/Connector/AutodnsProvider.php b/src/Service/Connector/AutodnsProvider.php
@@ -6,17 +6,18 @@
 use Psr\Cache\CacheItemInterface;
 use Psr\Cache\CacheItemPoolInterface;
 use Psr\Cache\InvalidArgumentException;
+use Symfony\Component\DependencyInjection\Attribute\Autoconfigure;
 use Symfony\Component\HttpClient\HttpOptions;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
-use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Contracts\HttpClient\Exception\ClientExceptionInterface;
 use Symfony\Contracts\HttpClient\Exception\DecodingExceptionInterface;
 use Symfony\Contracts\HttpClient\Exception\RedirectionExceptionInterface;
 use Symfony\Contracts\HttpClient\Exception\ServerExceptionInterface;
 use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
 use Symfony\Contracts\HttpClient\HttpClientInterface;
 
+#[Autoconfigure(public: true)]
 class AutodnsProvider extends AbstractProvider
 {
     public function __construct(CacheItemPoolInterface $cacheItemPool, private readonly HttpClientInterface $client)
@@ -166,15 +167,11 @@ public function registerZone(Domain $domain, bool $dryRun = false): void
         }
     }
 
-    public function verifyAuthData(array $authData): array
+    public function verifySpecificAuthData(array $authData): array
     {
         $username = $authData['username'];
         $password = $authData['password'];
 
-        $acceptConditions = $authData['acceptConditions'];
-        $ownerLegalAge = $authData['ownerLegalAge'];
-        $waiveRetractationPeriod = $authData['waiveRetractationPeriod'];
-
         if (empty($authData['context'])) {
             $authData['context'] = 4;
         }
@@ -185,22 +182,10 @@ public function verifyAuthData(array $authData): array
             throw new BadRequestHttpException('Bad authData schema');
         }
 
-        if (
-            true !== $acceptConditions
-            || true !== $authData['ownerConfirm']
-            || true !== $ownerLegalAge
-            || true !== $waiveRetractationPeriod
-        ) {
-            throw new HttpException(451, 'The user has not given explicit consent');
-        }
-
         return [
             'username' => $authData['username'],
             'password' => $authData['password'],
-            'acceptConditions' => $authData['acceptConditions'],
-            'ownerLegalAge' => $authData['ownerLegalAge'],
             'ownerConfirm' => $authData['ownerConfirm'],
-            'waiveRetractationPeriod' => $authData['waiveRetractationPeriod'],
             'context' => $authData['context'],
         ];
     }

diff --git a/src/Service/Connector/GandiProvider.php b/src/Service/Connector/GandiProvider.php
@@ -5,6 +5,7 @@
 use App\Entity\Domain;
 use Psr\Cache\CacheItemInterface;
 use Psr\Cache\CacheItemPoolInterface;
+use Symfony\Component\DependencyInjection\Attribute\Autoconfigure;
 use Symfony\Component\HttpClient\HttpOptions;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
@@ -16,6 +17,7 @@
 use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
 use Symfony\Contracts\HttpClient\HttpClientInterface;
 
+#[Autoconfigure(public: true)]
 class GandiProvider extends AbstractProvider
 {
     private const BASE_URL = 'https://api.gandi.net';
@@ -82,31 +84,18 @@ public function orderDomain(Domain $domain, bool $dryRun = false): void
         }
     }
 
-    public function verifyAuthData(array $authData): array
+    public function verifySpecificAuthData(array $authData): array
     {
         $token = $authData['token'];
 
-        $acceptConditions = $authData['acceptConditions'];
-        $ownerLegalAge = $authData['ownerLegalAge'];
-        $waiveRetractationPeriod = $authData['waiveRetractationPeriod'];
-
         if (!is_string($token) || empty($token)
             || (array_key_exists('sharingId', $authData) && !is_string($authData['sharingId']))
         ) {
             throw new BadRequestHttpException('Bad authData schema');
         }
 
-        if (true !== $acceptConditions
-            || true !== $ownerLegalAge
-            || true !== $waiveRetractationPeriod) {
-            throw new HttpException(451, 'The user has not given explicit consent');
-        }
-
         $authDataReturned = [
             'token' => $token,
-            'acceptConditions' => $acceptConditions,
-            'ownerLegalAge' => $ownerLegalAge,
-            'waiveRetractationPeriod' => $waiveRetractationPeriod,
         ];
 
         if (array_key_exists('sharingId', $authData)) {