protected function setupOAuth2Provider(Synapse\Application $app)
{
// reset oauth storage
$app['oauth.storage'] = $this->getMockBuilder('\\Application\\OAuth2\\Storage\\ZendDb')->disableOriginalConstructor()->getMock();
$this->setMocks(['oauth2Provider' => 'Synapse\\Security\\Authentication\\OAuth2Provider', 'oauth2Listener' => 'Synapse\\Security\\Firewall\\OAuth2Listener', 'oauth2OptionalListener' => 'Synapse\\Security\\Firewall\\OAuth2OptionalListener']);
$app['security.authentication_listener.factory.oauth'] = $app->protect(function ($name, $options) use($app) {
$app['security.authentication_provider.' . $name . '.oauth'] = $app->share(function ($app) {
return $this->mocks['oauth2Provider'];
});
$app['security.authentication_listener.' . $name . '.oauth'] = $app->share(function ($app) {
return new Synapse\Security\Firewall\OAuth2Listener($app['security'], $app['security.authentication_manager']);
});
return ['security.authentication_provider.' . $name . '.oauth', 'security.authentication_listener.' . $name . '.oauth', null, 'pre_auth'];
});
$app['security.authentication_listener.factory.oauth-optional'] = $app->protect(function ($name, $options) use($app) {
$app['security.authentication_provider.' . $name . '.oauth-optional'] = $app->share(function ($app) {
return $this->mocks['oauth2Provider'];
});
$app['security.authentication_listener.' . $name . '.oauth-optional'] = $app->share(function ($app) {
return new Synapse\Security\Firewall\OAuth2OptionalListener($app['security'], $app['security.authentication_manager']);
});
return ['security.authentication_provider.' . $name . '.oauth-optional', 'security.authentication_listener.' . $name . '.oauth-optional', null, 'pre_auth'];
});
}
/**
* Register the security firewalls for use with the Security Context in SecurityServiceProvider
*
* How to add application-specific firewalls:
*
* $app->extend('security.firewalls', function ($firewalls, $app) {
* $newFirewalls = [...];
*
* return array_merge($newFirewalls, $firewalls);
* });
*
* It's important to return an array with $firewalls at the end, as in the example,
* so that the catch-all 'base.api' firewall does not preclude more specific firewalls.
*
* Application-specific firewalls should only be needed to allow passthrough
* for public endpoints, since 'base.api' requires authentication.
*
* Firewalls available include:
* - oauth
* - Requires the user to be logged in
* - oauth-optional
* - Does not require the user to be logged in
* - If the user is logged in, sets their token on the security context so that their info can be accessed
* - anonymous
* - Does not require the user to be logged in
* - Does not attempt to retrieve user's information if Authentication header is sent
*
* The same can be done with security.access_rules, which are used to restrict
* sections of the application based on a user's role:
*
* $app->extend('security.access_rules', function ($rules, $app) {
* $newRules = [...];
*
* return array_merge($newRules, $rules);
* });
*
* @link http://silex.sensiolabs.org/doc/providers/security.html#defining-more-than-one-firewall
* @link http://silex.sensiolabs.org/doc/providers/security.html#defining-access-rules
*
* @param Application $app
*/
public function registerSecurityFirewalls(Application $app)
{
$app['security.firewalls'] = $app->share(function () {
return ['base.api' => ['pattern' => '^/', 'oauth' => true]];
});
$app['security.access_rules'] = $app->share(function () {
return [];
});
}
/**
* Register the config service
*
* Config is a bit of a special-case service provider and needs to be
* registered before all the others (so that they can access it)
*
* @param Application $app
*/
protected function registerConfig(Application $app)
{
$app->register(new ConfigServiceProvider(), array('config_dirs' => array(APPDIR . '/config/', APPDIR . '/config/' . $app['environment'] . '/')));
}
