/**
* {@inheritdoc}
*/
public function execute(BlockContextInterface $blockContext, Response $response = null)
{
$criteria = array();
if ('admin' !== $blockContext->getSetting('mode')) {
$criteria['customer'] = $this->customerManager->findOneBy(array('user' => $this->securityContext->getToken()->getUser()));
}
return $this->renderPrivateResponse($blockContext->getTemplate(), array('context' => $blockContext, 'settings' => $blockContext->getSettings(), 'block' => $blockContext->getBlock(), 'orders' => $this->orderManager->findBy($criteria, array('createdAt' => 'DESC'), $blockContext->getSetting('number'))), $response);
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (!$request->headers->has('cookie')) {
return;
}
if (strstr($request->headers->get('cookie'), 'SimpleSAMLAuthToken') === false) {
return;
}
if (!$request->query->has('csrf-token')) {
$this->logger->notice('Ssp Firewall: Auth Token cookie but no CSRF Token');
return;
}
$csrfToken = $request->query->getAlnum('csrf-token');
if (!$this->csrfProvider->isCsrfTokenValid('api', $csrfToken)) {
$this->logger->notice('Ssp Firewall: Invalid CSRF token for api use: ' . $csrfToken);
return;
}
try {
$authToken = $this->authenticationManager->authenticate(new SspToken());
$this->securityContext->setToken($authToken);
} catch (AuthenticationException $failed) {
$this->logger->warning('Ssp Firewall: failed:' . $failed->getMessage());
$token = $this->securityContext->getToken();
if ($token instanceof SspToken) {
$this->securityContext->setToken(null);
}
return;
}
}
/**
* @return \Symfony\Component\Security\Core\User\UserInterface
*/
private function getUser()
{
if (is_null($this->user)) {
$this->user = $this->securityContext->getToken()->getUser();
}
return $this->user;
}
/**
* If user is logged-in in legacy_mode (e.g. legacy admin interface),
* will inject currently logged-in user in the repository.
*
* @param GetResponseEvent $event
*/
public function onKernelRequest( GetResponseEvent $event )
{
/** @var \eZ\Publish\Core\MVC\ConfigResolverInterface $configResolver */
$request = $event->getRequest();
$session = $request->getSession();
if (
$event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST
|| !$this->configResolver->getParameter( 'legacy_mode' )
|| !( $session->isStarted() && $session->has( 'eZUserLoggedInID' ) )
)
{
return;
}
try
{
$apiUser = $this->repository->getUserService()->loadUser( $session->get( 'eZUserLoggedInID' ) );
$this->repository->setCurrentUser( $apiUser );
$token = $this->securityContext->getToken();
if ( $token instanceof TokenInterface )
{
$token->setUser( new User( $apiUser ) );
$token->setAuthenticated( true );
}
}
catch ( NotFoundException $e )
{
// Invalid user ID, the user may have been removed => invalidate the token and the session.
$this->securityContext->setToken( null );
$session->invalidate();
}
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$apiKey = $request->headers->get('Authorization', $request->query->get('api_key'));
if (!$apiKey) {
if (true === $this->forceApiKey) {
$response = new Response();
$response->setStatusCode(401);
$event->setResponse($response);
}
return;
}
$token = new ApiKeyUserToken();
$token->setApiKey($apiKey);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$token = $this->securityContext->getToken();
if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) {
$this->securityContext->setToken(null);
}
$message = $failed->getMessage();
}
if ($this->isJsonRequest($request)) {
$response = new JsonResponse(array('error' => $message));
} else {
$response = new Response();
$response->setContent($message);
}
$response->setStatusCode(401);
$event->setResponse($response);
}
public function onKernelController(FilterControllerEvent $event)
{
if (!is_array($controller = $event->getController())) {
return;
}
$className = class_exists('Doctrine\\Common\\Util\\ClassUtils') ? ClassUtils::getClass($controller[0]) : get_class($controller[0]);
$object = new \ReflectionClass($className);
$method = $object->getMethod($controller[1]);
/**
* @var UserType\UserTypeInterface[] $requiredUserTypes
*/
$requiredUserTypes = array_merge($this->getConfigurations($this->reader->getClassAnnotations($object)), $this->getConfigurations($this->reader->getMethodAnnotations($method)));
if (count($requiredUserTypes) === 0) {
return;
}
$token = $this->securityContext->getToken();
if (null === $token) {
throw new AccessDeniedException(sprintf("You are not authenticated, a known user type is required for access."));
}
$user = $token->getUser();
foreach ($requiredUserTypes as $userType) {
$userClass = $userType->getUserClass();
if (!interface_exists($userClass) && !class_exists($userClass)) {
throw new RuntimeException(sprintf("The user type class '%s' does not exist", $userClass));
}
if (!$user instanceof $userClass) {
throw new AccessDeniedException(sprintf("You do not have the required user type. A user type of '%s' is required.", $userClass));
}
unset($userType, $userClass);
}
}
/**
* {@inheritdoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if ($this->securityContext->getToken() !== null) {
return;
}
if ($request->getRequestUri() == '/app_dev.php/api/login' || $request->getRequestUri() == '/api/login') {
return;
}
//Try to reach token from HTTP headers
if ($request->headers->has('X-Auth-Token')) {
$tokenId = $request->headers->get('X-Auth-Token');
} else {
$tokenId = $request->get('token');
}
//by token
if (isset($tokenId)) {
$user = $this->userProvider->findUserByToken($tokenId);
if (!$user) {
throw new BadCredentialsException();
}
try {
$token = new ApiToken([], $this->providerId, $this->key);
$token->setUser($user);
$authenticatedToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authenticatedToken);
} catch (AuthenticationException $e) {
//log something
}
}
}
public function isVisible()
{
if ($this->securityContext === null) {
return true;
}
return !$this->securityContext->getToken();
}
/**
* Checking request and response and decide whether we need a redirect
*
* @param FilterResponseEvent $event
*/
public function onResponse(FilterResponseEvent $event)
{
$request = $event->getRequest();
$response = $event->getResponse();
if ($request->get(self::HASH_NAVIGATION_HEADER) || $request->headers->get(self::HASH_NAVIGATION_HEADER)) {
$location = '';
$isFullRedirect = false;
if ($response->isRedirect()) {
$location = $response->headers->get('location');
if ($request->attributes->get('_fullRedirect') || !is_object($this->security->getToken())) {
$isFullRedirect = true;
}
}
if ($response->isNotFound() || $response->getStatusCode() == 503 && !$this->isDebug) {
$location = $request->getUri();
$isFullRedirect = true;
}
if ($location) {
$response = $this->templating->renderResponse('OroNavigationBundle:HashNav:redirect.html.twig', array('full_redirect' => $isFullRedirect, 'location' => $location));
}
// disable cache for ajax navigation pages and change content type to json
$response->headers->set('Content-Type', 'application/json');
$response->headers->addCacheControlDirective('no-cache', true);
$response->headers->addCacheControlDirective('max-age', 0);
$response->headers->addCacheControlDirective('must-revalidate', true);
$response->headers->addCacheControlDirective('no-store', true);
$event->setResponse($response);
}
}
/**
* Assigns the Security token's user to the vote.
*
* @param VoteEvent $vote
* @return void
*/
public function blame(VoteEvent $event)
{
$vote = $event->getVote();
if (null === $this->securityContext) {
if ($this->logger) {
$this->logger->debug("Vote Blamer did not receive the security.context service.");
}
return;
}
if (!$vote instanceof SignedVoteInterface) {
if ($this->logger) {
$this->logger->debug("Vote does not implement SignedVoteInterface, skipping");
}
return;
}
if (null === $this->securityContext->getToken()) {
if ($this->logger) {
$this->logger->debug("There is no firewall configured. We cant get a user.");
}
return;
}
if ($this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$vote->setVoter($this->securityContext->getToken()->getUser());
}
}
/**
* Process form
*
* @param AccountUser $accountUser
* @return bool True on successful processing, false otherwise
*/
public function process(AccountUser $accountUser)
{
if (in_array($this->request->getMethod(), ['POST', 'PUT'], true)) {
$this->form->submit($this->request);
if ($this->form->isValid()) {
if (!$accountUser->getId()) {
if ($this->form->get('passwordGenerate')->getData()) {
$generatedPassword = $this->userManager->generatePassword(10);
$accountUser->setPlainPassword($generatedPassword);
}
if ($this->form->get('sendEmail')->getData()) {
$this->userManager->sendWelcomeEmail($accountUser);
}
}
$token = $this->securityContext->getToken();
if ($token instanceof OrganizationContextTokenInterface) {
$organization = $token->getOrganizationContext();
$accountUser->setOrganization($organization)->addOrganization($organization);
}
$this->userManager->updateUser($accountUser);
return true;
}
}
return false;
}
/**
* Gets customer based on currently logged user.
*
* @return CustomerInterface|null
*/
public function getCustomer()
{
if ($this->securityContext->getToken() && $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED') && $this->securityContext->getToken()->getUser() instanceof UserInterface) {
return $this->securityContext->getToken()->getUser()->getCustomer();
}
return null;
}
/**
* @param GetResponseEvent $event
*/
public function onCoreRequest(GetResponseEvent $event)
{
if (HttpKernel::MASTER_REQUEST != $event->getRequestType()) {
return;
}
$token = $this->securityContext->getToken();
if (!$token) {
return;
}
if (!$token instanceof UsernamePasswordToken) {
return;
}
$key = $this->helper->getSessionKey($this->securityContext->getToken());
$request = $event->getRequest();
$session = $event->getRequest()->getSession();
$user = $this->securityContext->getToken()->getUser();
if (!$session->has($key)) {
return;
}
if ($session->get($key) === true) {
return;
}
$state = 'init';
if ($request->getMethod() == 'POST') {
if ($this->helper->checkCode($user, $request->get('_code')) == true) {
$session->set($key, true);
return;
}
$state = 'error';
}
$event->setResponse($this->templating->renderResponse('SonataUserBundle:Admin:Security/two_step_form.html.twig', array('state' => $state)));
}
/**
* Get the customer.
*
* @throws \RuntimeException
*
* @return \Sonata\Component\Customer\CustomerInterface
*/
public function get()
{
$customer = null;
$user = null;
if (true === $this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
// user is authenticated
$user = $this->securityContext->getToken()->getUser();
if (!$user instanceof UserInterface) {
throw new \RuntimeException('User must be an instance of FOS\\UserBundle\\Model\\UserInterface');
}
$customer = $this->customerManager->findOneBy(array('user' => $user->getId()));
}
if (!$customer) {
$basket = $this->getBasket();
if ($basket && $basket->getCustomer()) {
$customer = $basket->getCustomer();
}
}
if (!$customer) {
$customer = $this->customerManager->create();
}
if (!$customer->getLocale()) {
$customer->setLocale($this->locale);
}
if ($user && $customer) {
$customer->setUser($user);
}
return $customer;
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (!$this->keyExtractor->hasKey($request)) {
$response = new Response();
$response->setStatusCode(401);
$event->setResponse($response);
return;
}
$apiKey = $this->keyExtractor->extractKey($request);
$token = new ApiKeyUserToken();
$token->setApiKey($apiKey);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$token = $this->securityContext->getToken();
if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) {
$this->securityContext->setToken(null);
}
$message = $failed->getMessage();
}
$response = new Response();
$response->setContent($message);
$response->setStatusCode(403);
$event->setResponse($response);
}
public function __construct(ItemFactory $navigationItemFactory, SecurityContextInterface $securityContext, EntityManager $entityManager, TitleServiceInterface $titleService)
{
$this->navItemFactory = $navigationItemFactory;
$this->user = !$securityContext->getToken() || is_string($securityContext->getToken()->getUser()) ? null : $securityContext->getToken()->getUser();
$this->em = $entityManager;
$this->titleService = $titleService;
}
/**
* Refresh organization context in token
*
* @param GetResponseEvent $event
*/
public function onKernelRequest(GetResponseEvent $event)
{
$token = $this->context->getToken();
if ($token instanceof OrganizationContextTokenInterface) {
$token->setOrganizationContext($this->manager->getOrganizationById($token->getOrganizationContext()->getId()));
}
}
/**
* Handles the authentication for user.
*
* @param GetResponseEvent $event The response event.
*
* @throws AuthenticationException When the request is not authenticated.
*
* @return void
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
return;
}
$token = new WsseUserToken($this->providerKey);
$token->setUser($matches[1]);
$token->setDigest($matches[2]);
$token->setNonce($matches[3]);
$token->setCreated($matches[4]);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Because: ' . $failed->getMessage();
$token = $this->securityContext->getToken();
if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
$this->securityContext->setToken(null);
}
// deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
return;
}
// by default deny authorization
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
/**
* Methode qui est déclenché après l'événement InteractiveLogin
* qui est l'action de login dans la sécurité
* @param InteractiveLoginEvent $event
*/
public function onAuthenticationSuccess(InteractiveLoginEvent $event)
{
$now = new \DateTime('now');
// récupére l'utilisateur courant connecté
$user = $this->securityContext->getToken()->getUser();
//recupere tous les produits de l'utilisateur via le repository ProductRepository
// et via getProductsQuantityIsLower() qui on une quantité < 5
$products = $this->em->getRepository('StoreBackendBundle:Product')->getProductsQuantityIsLower($user);
//pour chaque produit
foreach ($products as $product) {
// si la quantité du produit est égal à 1
if ($product->getQuantity() == 1) {
$this->notification->notify($product->getId(), 'Attention, votre produit ' . $product->getTitle() . ' a une seule quantité', 'product', 'danger');
} else {
$this->notification->notify($product->getId(), 'Attention, votre produit ' . $product->getTitle() . ' a quantité bientot épuisé', 'product', 'warning');
}
}
// declencher une notification dans mes produits
$date = $user->getDateAuth();
$oldyear = new \DateTime('-2 month');
$route = 'store_backend_index';
// Long time to control use account
if ($date < $oldyear || !$date) {
$this->session->set('first', true);
$route = 'store_backend_jeweler_myaccount';
}
// met à jour la date de connexion de l'utilisateur
$user->setDateAuth($now);
//enregistre mon utilisateur avec sa date modifié
$this->em->persist($user);
$this->em->flush();
return new RedirectResponse($this->router->generate($route));
}
/**
* @param string $attributes
* @param $object
*
* @return bool
*/
public function isGranted($attributes, $object)
{
if (!is_object($object) && !is_string($object)) {
return false;
}
$objectIdentity = null;
/** @var Owned $object */
if (is_object($object)) {
$objectIdentity = get_class($object);
$user = $this->securityContext->getToken()->getUser();
$objectOwner = $object->getOwner();
if ($attributes == 'EDIT' || $attributes == 'DELETE' || $attributes == 'VIEW') {
if ($objectOwner->isDiamanteUser()) {
$ownerId = $this->diamanteUserRepository->findUserByEmail($user->getUserName())->getId();
if ($ownerId != $objectOwner->getId()) {
return false;
}
}
}
}
if (is_string($object)) {
$objectIdentity = $object;
}
if (array_key_exists($objectIdentity, $this->permissionsMap)) {
if (in_array($attributes, $this->permissionsMap[$objectIdentity])) {
return true;
}
}
return false;
}
/**
* Handles basic authentication.
*
* @param GetResponseEvent $event A GetResponseEvent instance
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (false === ($username = $request->headers->get('PHP_AUTH_USER', false))) {
return;
}
if (null !== ($token = $this->securityContext->getToken())) {
if ($token instanceof OrganizationContextTokenInterface && $token->isAuthenticated() && $token->getUsername() === $username) {
return;
}
}
$this->logProcess($username);
try {
$organizationId = $request->headers->get('PHP_AUTH_ORGANIZATION');
if ($organizationId) {
$authToken = new UsernamePasswordOrganizationToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey, $this->manager->getOrganizationById($organizationId));
} else {
$authToken = new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey);
}
$this->securityContext->setToken($this->authenticationManager->authenticate($authToken));
} catch (AuthenticationException $failed) {
$token = $this->securityContext->getToken();
if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) {
$this->securityContext->setToken(null);
}
$this->logError($username, $failed->getMessage());
if ($this->ignoreFailure) {
return;
}
$event->setResponse($this->authenticationEntryPoint->start($request, $failed));
}
}
/**
* @param GenerateKeyEvent $event
*/
public function onGenerateKey(GenerateKeyEvent $event)
{
$token = $this->securityContext->getToken();
if (!$token instanceof \FOS\OAuthServerBundle\Security\Authentication\Token\OAuthToken) {
return;
}
$event->addToKey($token->getToken());
}
public function isOroUser()
{
$token = $this->securityContext->getToken();
if (!$token) {
return false;
}
return $token->getUser() instanceof User;
}
protected function initAdminListConfigurator()
{
$this->em = $this->getEntityManager();
$this->locale = $this->getRequest()->getLocale();
$this->securityContext = $this->container->get('security.context');
$this->user = $this->securityContext->getToken()->getUser();
$this->aclHelper = $this->container->get('kunstmaan_admin.acl.helper');
}
/**
* Gets logged user object or null
*
* @return mixed
*/
public function getLoggedUser()
{
if (null === ($token = $this->securityContext->getToken())) {
return null;
}
$user = $token->getUser();
return $user;
}
/**
* Get a user from the Security Context
*
* @return \Symfony\Component\Security\Core\User\UserInterface|null
*
* @see Symfony\Component\Security\Core\Authentication\Token\TokenInterface::getUser()
*/
protected function getUser()
{
$token = $this->securityContext->getToken();
if (null === $token || !is_object($user = $token->getUser())) {
return null;
}
return $user;
}
/**
* @return UserInterface
* @throws AccessDeniedException
*/
public function getAuthenticatedUser()
{
$user = $this->securityContext->getToken()->getUser();
if (!$user instanceof UserInterface) {
throw new AccessDeniedException('Must be logged in with a User instance');
}
return $user;
}
/**
* {@inheritdoc}
*/
public function execute(BlockContextInterface $blockContext, Response $response = null)
{
$user_current = $this->securityContext->getToken()->getUser();
$info = $this->em->getRepository("ApplicationSonataUserBundle:Matching")->lastMatchingFromUser($user_current);
// merge settings
$settings = array_merge($this->getDefaultSettings(), $blockContext->getSettings());
return $this->renderResponse($blockContext->getTemplate(), array('block' => $blockContext->getBlock(), 'base_template' => $this->pool->getTemplate('layout'), 'info' => $info, 'settings' => $blockContext->getSettings()), $response);
}
/**
* @param FormInterface $form
* @param string $entityName
*/
protected function fillEmailTemplateChoices(FormInterface $form, $entityName)
{
/** @var UsernamePasswordOrganizationToken $token */
$token = $this->securityContext->getToken();
FormUtils::replaceField($form, 'template', ['selectedEntity' => $entityName, 'query_builder' => function (EmailTemplateRepository $templateRepository) use($entityName, $token) {
return $templateRepository->getEntityTemplatesQueryBuilder($entityName, $token->getOrganizationContext());
}], ['choice_list', 'choices']);
}
/**
* Gets the current authenticated user
*
* @return ParticipantInterface
*/
public function getAuthenticatedParticipant()
{
$participant = $this->securityContext->getToken()->getUser();
if (!$participant instanceof ParticipantInterface) {
throw new AccessDeniedException('Must be logged in with a ParticipantInterface instance');
}
return $participant;
}
