public function onKernelRequest(GetResponseEvent $event)
{
if ($this->kernel->getEnvironment() != "dev") {
if (preg_match("/\\/api\\//", $event->getRequest()->getUri())) {
$requestUri = $event->getRequest()->getUri();
$requestMethod = $event->getRequest()->getMethod();
if ($requestMethod !== "GET") {
$token = $this->context->getToken();
if (isset($token)) {
$user = $token->getUser();
if (!isset($user) || "anon." === $user) {
if (!$event->getRequest()->query->has('api_key')) {
$event->setResponse(new Response(json_encode(array("code" => 401, "message" => "The request requires user authentication")), 401));
}
}
} else {
$event->setResponse(new Response(json_encode(array("code" => 401, "message" => "The request requires user authentication")), 401));
}
}
}
}
$request = $event->getRequest();
if (!count($request->request->all()) && in_array($request->getMethod(), array('POST', 'PUT', 'PATCH', 'DELETE'))) {
$contentType = $request->headers->get('Content-Type');
$format = null === $contentType ? $request->getRequestFormat() : $request->getFormat($contentType);
if (!$this->decoderProvider->supports($format)) {
return;
}
$decoder = $this->decoderProvider->getDecoder($format);
$data = $decoder->decode($request->getContent(), $format);
if (is_array($data)) {
$request->request = new ParameterBag($data);
}
}
}
/**
* Update the user "lastActivity" on each request
*
* @param FilterControllerEvent $event
*/
public function onCoreController(FilterControllerEvent $event)
{
// Here we are checking that the current request is a "MASTER_REQUEST",
// and ignore any
// subrequest in the process (for example when
// doing a render() in a twig template)
if ($event->getRequestType() !== HttpKernel::MASTER_REQUEST) {
return;
}
// We are checking a token authentification is available before using
// the User
if ($this->securityContext->getToken()) {
$user = $this->securityContext->getToken()->getUser();
// We are using a delay during wich the user will be considered as
// still active, in order to
// avoid too much UPDATE in the
// database
// $delay = new \DateTime ();
// $delay->setTimestamp (strtotime ('2 minutes ago'));
// We are checking the Admin class in order to be certain we can
// call "getLastActivity".
// && $user->getLastActivity() < $delay) {
if ($user instanceof User) {
$user->isActiveNow();
$this->em->persist($user);
$this->em->flush();
}
}
}
public function onFilterController(FilterControllerEvent $event)
{
list($object, $method) = $event->getController();
// the controller could be a proxy
$className = ClassUtils::getClass($object);
$reflectionClass = new \ReflectionClass($className);
$reflectionMethod = $reflectionClass->getMethod($method);
$allControllerAnnotations = $this->annotationReader->getClassAnnotations($reflectionClass);
$allMethodAnnotations = $this->annotationReader->getMethodAnnotations($reflectionMethod);
$guardAnnotationsFilter = function ($annotation) {
return $annotation instanceof Guard;
};
$controllerGuardAnnotations = array_filter($allControllerAnnotations, $guardAnnotationsFilter);
$methodGuardAnnotations = array_filter($allMethodAnnotations, $guardAnnotationsFilter);
$guardAnnotations = array_merge($controllerGuardAnnotations, $methodGuardAnnotations);
$permissions = [];
foreach ($guardAnnotations as $guardAnnotation) {
$value = $guardAnnotation->value;
if (!is_array($value)) {
$value = [$value];
}
$permissions = array_merge($value, $permissions);
}
$permissions = array_unique($permissions);
if (!empty($permissions) && !$this->security->isGranted($permissions)) {
$e = new PermissionRequiredException();
$e->setRequiredPermissions($permissions)->setCurrentPermissions($this->security->getToken()->getUser()->getPermissions());
throw $e;
}
}
public function testGetSetToken()
{
$context = new SecurityContext($this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationManagerInterface'), $this->getMock('Symfony\\Component\\Security\\Core\\Authorization\\AccessDecisionManagerInterface'));
$this->assertNull($context->getToken());
$context->setToken($token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface'));
$this->assertSame($token, $context->getToken());
}
/**
* Listener for comments' votes persistence to avoid voting for own comments
* and multiple voting for comments
*
* @param VotePersistEvent $event
* @return void
*/
public function avoidIncorrectVoting(VotePersistEvent $event)
{
try {
if (!$this->context->isGranted(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED)) {
throw new \Exception('Avoid voting if user is not authenticated');
}
/** @var $vote SignedVoteInterface */
$vote = $event->getVote();
/** @var $user User */
$user = $this->context->getToken()->getUser();
if ($vote->getVoter() !== $user) {
throw new \Exception('Attempt to vote for different user');
}
if ($vote->getComment()->getAuthor() === $user) {
throw new \Exception('Attempt to vote for own comment');
}
$existingVote = $this->voteManager->findVoteBy(array('comment' => $vote->getComment(), 'voter' => $user));
if ($existingVote) {
throw new \Exception('Attempt to vote multiple times for same comment');
}
} catch (\Exception $e) {
$event->abortPersistence();
$event->stopPropagation();
}
}
public function isOwnerOrAdmin(User $user = null)
{
if ($this->isAdmin()) {
return true;
}
return $user && $user === $this->context->getToken()->getUser();
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$user = $this->securityContext->getToken()->getUser();
if ($user === 'anon.') {
$user = false;
}
$builder->add('clientFirstName', null, array('attr' => array('placeholder' => 'Иван', 'class' => 'input_block'), 'label' => 'Имя', 'data' => $user ? $user->getFirstname() : ''))->add('clientLastName', null, array('attr' => array('placeholder' => 'Иванов', 'class' => 'input_block'), 'label' => 'Фамилия', 'data' => $user ? $user->getLastname() : ''))->add('telephone', null, array('attr' => array('placeholder' => '+7 910 001 10 10', 'class' => 'input_block'), 'label' => 'Телефон', 'data' => $user ? $user->getPhone() : ''))->add('email', EmailType::class, array('attr' => array('placeholder' => '*****@*****.**', 'class' => 'input_block'), 'label' => 'E-mail', 'data' => $user ? $user->getEmail() : ''))->add('address', new AddressOrderType(), array('label' => false, 'required' => false, 'data_class' => 'ShopBundle\\Entity\\AddressOrder'))->add('wishes', null, array('label' => 'Ваши пожелания'))->add('deliveryType', 'hidden', array('data' => DeliveryType::PICKUP))->add('products', 'hidden', array('data' => $this->session->get('ids')))->add('summ', 'hidden', array('data' => $this->session->get('basketSumm')))->add('bonus', 'hidden', array('data' => 0));
}
/**
* Return current user's entity or null if not logged in
*
* @return null|App/UserBundle/Entity/User
*/
public function getCurrentUser()
{
$user = $this->security->getToken()->getUser();
if ($user === 'anon.') {
return null;
}
return $user;
}
/**
* Get the user entity, if applicable
*
* @return User|null
*/
public function getUser()
{
$token = $this->token_storage->getToken();
if (!$token || !$token->getUsername()) {
return null;
}
return $this->getUserByUsername($token->getUsername());
}
/**
* @return CustomerInterface null
*/
protected function getCustomer()
{
$customer = null;
if ($user = $this->securityContext->getToken()->getUser()) {
$customer = $user->getCustomer();
}
return $customer;
}
/**
* @param FormBuilderInterface $builder
* @param array $options
*/
public function buildForm(FormBuilderInterface $builder, array $options)
{
$user = $this->securityContext->getToken()->getUser();
$builder->add('srcCard', 'entity', array('label' => 'account.main.card.issuing.loyalty', 'required' => false, 'class' => 'SehBundle:Customer\\AccentCard', 'property' => 'number', 'empty_value' => false, 'multiple' => false, 'expanded' => false, 'query_builder' => function (EntityRepository $er) use($user) {
return $er->createQueryBuilder('u')->where('u.customer = :user')->andWhere('u.status = :active')->setParameters(array('user' => $user, 'active' => AccentCard::ACTIF));
}))->add('destCard', 'entity', array('label' => 'account.main.receiving.loyalty.card', 'required' => false, 'class' => 'SehBundle:Customer\\AccentCard', 'property' => 'number', 'empty_value' => false, 'multiple' => false, 'expanded' => false, 'query_builder' => function (EntityRepository $er) use($user) {
return $er->createQueryBuilder('u')->where('u.customer = :user')->andWhere('u.status = :active')->setParameters(array('user' => $user, 'active' => AccentCard::ACTIF));
}))->add('nbPoints', 'text', array('label' => 'account.main.point.transferred', 'required' => false));
}
/**
* @param EntityManager $entityManager
* @param TranslatorInterface $translator
* @param SecurityContext $securityContext
* @param ServiceLink $securityFacadeLink
* @param EmailManager $emailManager
*/
public function __construct(EntityManager $entityManager, TranslatorInterface $translator, SecurityContext $securityContext, ServiceLink $securityFacadeLink, EmailManager $emailManager)
{
$this->entityManager = $entityManager;
$this->translator = $translator;
$this->securityContext = $securityContext;
$this->user = $this->securityContext->getToken()->getUser();
$this->securityFacade = $securityFacadeLink->getService();
$this->emailManager = $emailManager;
}
/**
* {@inheritdoc}
*/
protected function configureFormFields(FormMapper $formMapper)
{
$formMapper->with('General')->add('username')->add('email')->add('plainPassword', 'text', array('required' => false))->end()->with('Groups')->add('groups', 'sonata_type_model', array('required' => false, 'expanded' => true, 'multiple' => true))->end()->with('Profile')->add('firstname', null, array('required' => false))->add('lastname', null, array('required' => false))->add('phone', null, array('required' => false))->end();
/** @var $user \Application\Sonata\UserBundle\Entity\User */
$user = $this->security_context->getToken()->getUser();
if ($user->hasRole('ROLE_SUPER_ADMIN')) {
$formMapper->with('Management')->add('roles', 'sonata_security_roles', array('expanded' => true, 'multiple' => true, 'required' => false))->add('locked', null, array('required' => false))->add('expired', null, array('required' => false))->add('enabled', null, array('required' => false, 'attr' => array('checked' => 'yes')))->add('credentialsExpired', null, array('required' => false))->end();
}
$formMapper->with('Security')->add('token', null, array('required' => false))->add('twoStepVerificationCode', null, array('required' => false))->end();
}
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
$user = $this->securityContext->getToken() ? $this->securityContext->getToken()->getUser() : null;
if (!$user instanceof User) {
if ($request->get('_route') != null && $request->get('_route') != "login" && $request->get('_route') != "login_check" && $request->get('_route') != "logout" && $request->get('_route') != "fos_user_security_login" && $request->get('_route') != "index" && $request->get('_route') != "api_logo") {
$event->setResponse(new RedirectResponse($this->router->generate('login')));
}
}
}
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
$user = $this->securityContext->getToken() ? $this->securityContext->getToken()->getUser() : null;
if (!$user instanceof User) {
if ($request->get('_route') != null && $request->get('_route') != "esn_login_homepage" && $request->get('_route') != "esn_login_check" && $request->get('_route') != "fos_user_security_login" && $request->get('_route') != "esn_hr_recruitment_create" && $request->get('_route') != "esn_hr_recruitment_create_short") {
$event->setResponse(new RedirectResponse($this->router->generate('esn_login_homepage')));
}
}
}
/**
* Get requested reminders
*
* @return string
*/
public function getRequestedRemindersData()
{
/** @var User|null */
$user = $this->securityContext->getToken() ? $this->securityContext->getToken()->getUser() : null;
if (is_object($user) && $user instanceof User) {
$reminders = $this->entityManager->getRepository('OroReminderBundle:Reminder')->findRequestedReminders($user);
return $this->messageParamsProvider->getMessageParamsForReminders($reminders);
}
return array();
}
/**
* Get a user from the Security Context
* Borrowed from Silex\Application\SecurityTrait
*
* @return mixed
*
* @see TokenInterface::getUser()
*/
public function getUser()
{
if (null === ($token = $this->security->getToken())) {
return null;
}
$user = $token->getUser();
if (!is_object($user)) {
return null;
}
return $user;
}
/**
* Do the magic.
*
* @param InteractiveLoginEvent $event
*/
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
{
if ($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
$user = $this->securityContext->getToken()->getUser();
if ($user instanceof User) {
$user->setLastLoginAt(new DateTime());
$this->em->persist($user);
$this->em->flush($user);
}
}
}
/**
* Grants access to ajaxfilemanager
*
* @param array $authorizedRoles
* @return void
*/
public function authorize(array $authorizedRoles)
{
$authorized = false;
if ($token = $this->securityContext->getToken()) {
$user = $token->getUser();
if ($user != 'anon.' && count(array_intersect($user->getRoles(), $authorizedRoles)) > 0) {
$authorized = true;
}
}
$this->session->set('authorized', $authorized);
}
public function closeAccount(Response $response)
{
$user = $this->securityContext->getToken()->getUser();
$user->setEnabled(false);
$this->userManager->updateUser($user);
$cookieHandler = new CookieClearingLogoutHandler($this->request->cookies->all());
$cookieHandler->logout($this->request, $response, $this->securityContext->getToken());
$sessionHandler = new SessionLogoutHandler();
$sessionHandler->logout($this->request, $response, $this->securityContext->getToken());
$this->securityContext->setToken(null);
}
/**
* onKernelRequest
*
* @param GetResponseEvent $event
*/
public function onKernelRequest(GetResponseEvent $event)
{
$url = $event->getRequest()->getRequestUri();
$token = $this->context->getToken();
if ($token && $this->isAdminToken($this->providerKey, $token) && $this->isAdminRoute($url)) {
$locale = $token->getUser()->getAdminLocale();
if (!$locale) {
$locale = $this->defaultAdminLocale;
}
$this->translator->setLocale($locale);
}
}
/**
* Handles access authorization.
*
* @param GetResponseEvent $event An Event instance
*/
public function handle(GetResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
if ($this->securityContext) {
$token = $this->securityContext->getToken();
if ($token && $token->isAuthenticated()) {
$this->auditConfiguration->setCurrentUsername($token->getUsername());
}
}
}
private function markAsModified(PreUpdateEventArgs $args)
{
$entity = $args->getEntity();
$securityToken = $this->securityContext->getToken();
if (!$entity instanceof Advertisement || null == $securityToken) {
return;
}
$user = $securityToken->getUser();
if (($args->hasChangedField('description') || $args->hasChangedField('title')) && $user instanceof Advertiser && $user->getId() == $entity->getAdvertiser()->getId()) {
$entity->markAsModified();
$args->getEntityManager()->getUnitOfWork()->computeChangeSet($args->getEntityManager()->getClassMetadata(get_class($entity)), $entity);
}
}
/**
* Remove media item from user's watchlist
*
* @param Media $media
*/
public function removeItem(Media $media)
{
$user = $this->securityContext->getToken()->getUser();
if (!$user->getWatchlist()->contains($media)) {
$this->session->getFlashBag()->add('watchlist_notice', "you didn't have it!");
return;
}
$user->removeWatchlist($media);
$this->entityManager->persist($user);
$this->entityManager->flush();
$this->session->getFlashBag()->add('watchlist_notice', 'successfully removed!');
return;
}
public function getUser()
{
if (!$this->security) {
throw new \LogicException('The SecurityBundle is not registered in your application.');
}
if (null === ($token = $this->security->getToken())) {
return;
}
if (!is_object($user = $token->getUser())) {
return;
}
return $user;
}
/**
* @param Request $request
*
* @return \Knp\Menu\ItemInterface
*/
public function createUserMenu(Request $request)
{
$menu = $this->factory->createItem('user');
if (false === $this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
$menu->addChild('login', ['route' => 'fos_user_security_login', 'label' => $this->translator->trans('login', [], 'menu')]);
} else {
$user = $this->securityContext->getToken()->getUser();
$currentUserMenu = $menu->addChild('current_user', ['label' => $user->getUsername()]);
$currentUserMenu->addChild('profile', ['route' => 'fos_user_profile_show', 'label' => '.icon-user ' . $this->translator->trans('profile', [], 'menu')]);
$currentUserMenu->addChild('logout', ['route' => 'fos_user_security_logout', 'label' => '.icon-off ' . $this->translator->trans('logout', [], 'menu')]);
}
return $menu;
}
/**
* Event to find subscriptions on page laod
*/
public function onKernelRequest()
{
$layer = new UserLayer($this->securityContext->getToken()->getUser());
$subscriptions = array();
if ($layer->isUser()) {
/** @var $em EntityManager */
$em = $this->doctrine->getManager();
$subscriptions = $em->getRepository('EtuCoreBundle:Subscription')->findBy(array('user' => $layer->getUser()));
}
$this->globalAccessor->set('notifs', new ArrayCollection());
$this->globalAccessor->get('notifs')->set('subscriptions', $subscriptions);
$this->globalAccessor->get('notifs')->set('new', []);
$this->globalAccessor->get('notifs')->set('new_count', 0);
}
/**
* @TODO: Move below to config
*
* @param Request $request
*
* @return \Knp\Menu\ItemInterface
*/
public function createMainMenu(Request $request)
{
$menu = $this->factory->createItem('root');
$menu->setChildrenAttributes(array('class' => 'navbar-nav nav'));
$menu->addChild('nav.home', array('route' => 'quickstart_app_homepage'));
if ($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
$menu->addChild($this->securityContext->getToken()->getUser()->getEmail(), array('route' => 'quickstart_app_account'));
$menu->addChild('nav.logout', array('route' => 'fos_user_security_logout'));
} else {
$menu->addChild('nav.register', array('route' => 'fos_user_registration_register'));
$menu->addChild('nav.login', array('route' => 'fos_user_security_login'));
}
return $menu;
}
/**
* Switches the security context to the given user
*
* @param User $user
*
* @return TokenInterface|null The previous security token
*
* @throws \UnexpectedValueException
* @throws AccessDeniedException
*/
protected function impersonateUser(User $user)
{
$currentToken = $this->securityContext->getToken();
if (!$currentToken instanceof OrganizationContextTokenInterface) {
throw new \UnexpectedValueException('The current security token must be aware of the organization.');
}
$organization = $currentToken->getOrganizationContext();
// check if new user has access to the current organization
if (!$user->hasOrganization($organization)) {
throw new AccessDeniedException();
}
$this->securityContext->setToken(new ImpersonationToken($user, $organization, $user->getRoles()));
return $currentToken;
}
/**
* {@inheritdoc}
*/
public function finishView(FormView $view, FormInterface $form, array $options)
{
$data = $form->getData();
if ($data) {
/** @var UsernamePasswordOrganizationToken $token */
$token = $this->securityContext->getToken();
$currentOrganization = $token->getOrganizationContext();
if ($data->getId() == $currentOrganization->getId()) {
$view->children['enabled']->vars['required'] = false;
$view->children['enabled']->vars['disabled'] = true;
$view->children['enabled']->vars['value'] = true;
}
}
}
