Skip to content

Commit

Permalink
Refine Voter system
Browse files Browse the repository at this point in the history
  • Loading branch information
mattamon committed Mar 5, 2024
1 parent 0f64b3e commit 61fb8de
Show file tree
Hide file tree
Showing 8 changed files with 109 additions and 17 deletions.
2 changes: 1 addition & 1 deletion config/api_platform/resources/asset.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
resources:
Pimcore\Bundle\StudioApiBundle\Dto\Asset:
#security: 'is_granted("API_PLATFORM")'
security: 'is_granted("API_PLATFORM")'
operations:
ApiPlatform\Metadata\GetCollection:
filters:
Expand Down
24 changes: 24 additions & 0 deletions src/Exception/NoAuthTokenFound.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/

namespace Pimcore\Bundle\StudioApiBundle\Exception;

use RuntimeException;

final class NoAuthTokenFound extends RuntimeException
{

}
20 changes: 20 additions & 0 deletions src/Exception/NoRequestException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<?php
declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under following license:
* - Pimcore Commercial License (PCL)
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license PCL
*/

namespace Pimcore\Bundle\StudioApiBundle\Exception;

use RuntimeException;

final class NoRequestException extends RuntimeException
{
}
53 changes: 53 additions & 0 deletions src/Security/Trait/RequestTrait.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/

namespace Pimcore\Bundle\StudioApiBundle\Security\Trait;

use Pimcore\Bundle\StudioApiBundle\Exception\NoAuthTokenFound;
use Pimcore\Bundle\StudioApiBundle\Exception\NoRequestException;
use Symfony\Component\HttpFoundation\Request;

trait RequestTrait
{
private const BEARER_PREFIX = 'Bearer ';

private const AUTHORIZATION_HEADER = 'Authorization';

private function getAuthToken(Request $request): string
{
$authToken = $request->headers->get(self::AUTHORIZATION_HEADER);
if($authToken === null) {
throw new NoAuthTokenFound('Full authentication is required to access this resource.');
}

return $this->removeBearerPrefix($authToken);
}

private function getCurrentRequest(): Request
{
$request = $this->requestStack->getCurrentRequest();
if(!$request) {
throw new NoRequestException('No request found');
}

return $request;
}

private function removeBearerPrefix(string $token): string
{
return str_replace(self::BEARER_PREFIX, '', $token);
}
}
19 changes: 7 additions & 12 deletions src/Security/Voter/TokenVoter.php
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,15 @@

namespace Pimcore\Bundle\StudioApiBundle\Security\Voter;

use Pimcore\Bundle\StudioApiBundle\Security\Trait\RequestTrait;
use Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

final class TokenVoter extends Voter
{
private const BEARER_PREFIX = 'Bearer ';

private const AUTHORIZATION_HEADER = 'Authorization';
use RequestTrait;

private const SUPPORTED_ATTRIBUTE = 'API_PLATFORM';

Expand Down Expand Up @@ -53,16 +52,12 @@ protected function voteOnAttribute(string $attribute, mixed $subject, TokenInter
return false;
}

$authToken = $this->requestStack->getCurrentRequest()->headers->get(self::AUTHORIZATION_HEADER);
if($authToken === null) {
return false;
}
$request = $this->getCurrentRequest();

return $this->securityService->isAllowed($this->removeBearerPrefix($authToken));
}
$authToken = $this->getAuthToken($request);

private function removeBearerPrefix(string $token): string
{
return str_replace(self::BEARER_PREFIX, '', $token);
return $this->securityService->checkAuthToken($authToken);
}


}
2 changes: 1 addition & 1 deletion src/Service/SecurityService.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ public function authenticateUser(Create $token): PasswordAuthenticatedUserInterf
return $user;
}

public function isAllowed(string $token): bool
public function checkAuthToken(string $token): bool
{
$entry = $this->tmpStoreResolver->get($token);

Expand Down
2 changes: 1 addition & 1 deletion src/Service/SecurityServiceInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ interface SecurityServiceInterface
{
public function authenticateUser(Create $token): PasswordAuthenticatedUserInterface;

public function isAllowed(string $token): bool;
public function checkAuthToken(string $token): bool;
}
4 changes: 2 additions & 2 deletions tests/Unit/Service/Security/SecurityServiceTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public function testTokenAllowedTrue(): void
{
$securityService = $this->mockSecurityService(false, false);

$this->assertTrue($securityService->isAllowed('test'));
$this->assertTrue($securityService->checkAuthToken('test'));
}

/**
Expand All @@ -81,7 +81,7 @@ public function testTokenAllowedFalse(): void
{
$securityService = $this->mockSecurityService(false, false, false);

$this->assertFalse($securityService->isAllowed('test'));
$this->assertFalse($securityService->checkAuthToken('test'));
}

/**
Expand Down

0 comments on commit 61fb8de

Please sign in to comment.