Skip to content

Commit

Permalink
Add security service
Browse files Browse the repository at this point in the history
  • Loading branch information
mattamon committed Mar 5, 2024
1 parent 22d58c4 commit d5c0b61
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 27 deletions.
15 changes: 4 additions & 11 deletions config/services.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ services:

# Processors
Pimcore\Bundle\StudioApiBundle\State\ResetPasswordProcessor: ~
Pimcore\Bundle\StudioApiBundle\State\TranslationProcessor: ~
Pimcore\Bundle\StudioApiBundle\State\Token\Create\Processor: ~
Pimcore\Bundle\StudioApiBundle\State\Token\Refresh\Processor: ~
Pimcore\Bundle\StudioApiBundle\State\TranslationProcessor: ~

# Filters
Pimcore\Bundle\StudioApiBundle\Filter\AssetParentIdFilter:
Expand Down Expand Up @@ -89,29 +89,22 @@ services:
Pimcore\Bundle\StudioApiBundle\Service\TranslatorServiceInterface:
class: Pimcore\Bundle\StudioApiBundle\Service\TranslatorService

#Voters
Pimcore\Bundle\StudioApiBundle\Security\Voter\PublicTokenVoter:
arguments: [ '@request_stack' ]
tags:
- { name: security.voter }

Pimcore\Bundle\StudioApiBundle\Service\TokenServiceInterface:
class: Pimcore\Bundle\StudioApiBundle\Service\TokenService

Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface:
class: Pimcore\Bundle\StudioApiBundle\Service\SecurityService


#Voters
Pimcore\Bundle\StudioApiBundle\Security\Voter\TokenVoter:
arguments: ['@request_stack']
tags:
- { name: security.voter }

Pimcore\Bundle\StudioApiBundle\Security\Voter\PublicTokenVoter:
arguments: [ '@request_stack' ]
tags:
- { name: security.voter }
arguments: [ '@request_stack' ]
tags:
- { name: security.voter }

#Decorators
Pimcore\Bundle\StudioApiBundle\ApiPlatform\OpenApiFactoryDecorator:
Expand Down
23 changes: 23 additions & 0 deletions src/Exception/NonPublicTranslationException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/

namespace Pimcore\Bundle\StudioApiBundle\Exception;

use RuntimeException;

final class NonPublicTranslationException extends RuntimeException
{
}
12 changes: 6 additions & 6 deletions src/Security/Trait/PublicTranslationTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@

namespace Pimcore\Bundle\StudioApiBundle\Security\Trait;

use Pimcore\Bundle\StudioApiBundle\Exception\NonPublicTranslationException;
use Pimcore\Bundle\StudioApiBundle\Util\Constants\PublicTranslations;
use Symfony\Component\HttpFoundation\InputBag;

Expand All @@ -23,15 +24,14 @@ trait PublicTranslationTrait
private function voteOnTranslation(InputBag $payload): bool
{
$parameters = $payload->all();
if(!array_key_exists(self::ARRAY_KEYS_INDEX, $parameters)) {
if (!array_key_exists(self::ARRAY_KEYS_INDEX, $parameters)) {
return false;
}

foreach($parameters[self::ARRAY_KEYS_INDEX] as $key) {
// Allow only public keys
if(!in_array($key, PublicTranslations::PUBLIC_KEYS, true)) {
return false;
}
$nonPublicTranslations = array_diff($parameters[self::ARRAY_KEYS_INDEX], PublicTranslations::PUBLIC_KEYS);

if (!empty($nonPublicTranslations)) {
throw new NonPublicTranslationException(sprintf('You have requested non public keys: %s', implode(',', $nonPublicTranslations)));

Check warning on line 34 in src/Security/Trait/PublicTranslationTrait.php

View workflow job for this annotation

GitHub Actions / Qodana for PHP

Line is longer than allowed by code style

Line is longer than allowed by code style (\> 120 columns)

Check warning on line 34 in src/Security/Trait/PublicTranslationTrait.php

View workflow job for this annotation

GitHub Actions / Qodana for PHP

Line is longer than allowed by code style

Line is longer than allowed by code style (\> 120 columns)

Check warning on line 34 in src/Security/Trait/PublicTranslationTrait.php

View workflow job for this annotation

GitHub Actions / Qodana for PHP

Line is longer than allowed by code style

Line is longer than allowed by code style (\> 120 columns)

Check warning on line 34 in src/Security/Trait/PublicTranslationTrait.php

View workflow job for this annotation

GitHub Actions / Qodana for PHP

Line is longer than allowed by code style

Line is longer than allowed by code style (\> 120 columns)
}

return true;
Expand Down
19 changes: 9 additions & 10 deletions src/Security/Voter/PublicTokenVoter.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,16 @@

use Pimcore\Bundle\StudioApiBundle\Exception\NoRequestException;

Check notice on line 16 in src/Security/Voter/PublicTokenVoter.php

View workflow job for this annotation

GitHub Actions / Qodana for PHP

Unused import

Import 'Pimcore\\Bundle\\StudioApiBundle\\Exception\\NoRequestException' is never used

Check notice on line 16 in src/Security/Voter/PublicTokenVoter.php

View workflow job for this annotation

GitHub Actions / Qodana for PHP

Unused import

Import 'Pimcore\\Bundle\\StudioApiBundle\\Exception\\NoRequestException' is never used
use Pimcore\Bundle\StudioApiBundle\Security\Trait\PublicTranslationTrait;
use Pimcore\Bundle\StudioApiBundle\Security\Trait\RequestTrait;
use Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

final class PublicTokenVoter extends Voter
{
use RequestTrait;
use PublicTranslationTrait;

private const SUPPORTED_ATTRIBUTE = 'PUBLIC_API_PLATFORM';
Expand All @@ -30,6 +33,7 @@ final class PublicTokenVoter extends Voter

public function __construct(
private readonly RequestStack $requestStack,
private readonly SecurityServiceInterface $securityService
) {
}

Expand All @@ -41,20 +45,15 @@ protected function supports(string $attribute, mixed $subject): bool
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{

$request = $this->getCurrentRequest();
$request = $this->getCurrentRequest($this->requestStack);

// TODO Add security service once merged with PR#5
return $this->voteOnRequest($request, $subject);
}
$authToken = $this->getAuthToken($request);

private function getCurrentRequest(): Request
{
$request = $this->requestStack->getCurrentRequest();
if(!$request) {
throw new NoRequestException('No request found');
if ($this->securityService->checkAuthToken($authToken)) {
return true;
}

return $request;
return $this->voteOnRequest($request, $subject);
}

private function voteOnRequest(Request $request, string $subject): bool
Expand Down

0 comments on commit d5c0b61

Please sign in to comment.