/**
* @param \Zend\Mvc\MvcEvent $oEvent
* @param \BoilerAppAccessControl\Entity\AuthAccessEntity $oAuthenticatedAuthAccess
* @param string $sSessionId
* @return \BoilerAppLogger\LoggerService
*/
public function initialize(\Zend\Mvc\MvcEvent $oEvent, \BoilerAppAccessControl\Entity\AuthAccessEntity $oAuthenticatedAuthAccess = null, $sSessionId)
{
if (!($oRequest = $oEvent->getRequest()) instanceof \Zend\Http\Request) {
return $this;
}
//Create and persist log entity
$oCurrentLog = new \BoilerAppLogger\Entity\LogEntity();
if ($oAuthenticatedAuthAccess) {
$oCurrentLog->setLogAuthAccess($oAuthenticatedAuthAccess);
}
//Retrieve remote address
$oRemoteAddress = new \Zend\Http\PhpEnvironment\RemoteAddress();
if ($oAuthenticatedAuthAccess) {
$oCurrentLog->setLogAuthAccess($oAuthenticatedAuthAccess);
}
$this->setCurrentLog($this->getLogRepository()->create($oCurrentLog->setLogRequestMethod($oRequest->getMethod())->setLogRequestUri($oRequest->getUriString())->setLogSessionId($sSessionId ?: null)->setLogIPAddress($oRemoteAddress->getIpAddress() ?: null)->setLogRequestHeaders($oRequest->getHeaders())));
//Initialize loggers
foreach ($this->getConfiguration()->getLoggers() as $oLogger) {
$oLogger->setLogRepository($this->getLogRepository())->initialize($oEvent, $this->getCurrentLog());
}
return $this;
}
/**
* Check if the requester's IP is in any known IP address range and cache the
* result
*
* @return bool
*/
protected function getIpInRange()
{
if ($this->ipInRange !== null) {
return $this->ipInRange;
}
$this->ipInRange = false;
$remoteAddress = new \Zend\Http\PhpEnvironment\RemoteAddress();
$remoteIp = $remoteAddress->getIpAddress();
// Iterate all permissions with ipRanges. We'll accept any range for now.
foreach ($this->permissions as $permission) {
if (empty($permission['ipRange'])) {
continue;
}
$ranges = [];
foreach ($permission['ipRange']->toArray() as $range) {
list($ip) = explode('#', $range, 2);
$ranges = array_merge($ranges, array_map('trim', explode(',', $ip)));
}
if ($this->ipAddressUtils->isInRange($remoteIp, $ranges)) {
$this->ipInRange = true;
break;
}
}
return $this->ipInRange;
}
/**
* Check if the requester's IP is in any known IP address range and cache the
* result
*
* @return bool
*/
protected function getIpInRange()
{
if ($this->ipInRange !== null) {
return $this->ipInRange;
}
$this->ipInRange = false;
$remoteAddress = new \Zend\Http\PhpEnvironment\RemoteAddress();
$remoteIp = $remoteAddress->getIpAddress();
// Iterate all permissions with ipRanges. We'll accept any range for now.
foreach ($this->permissions as $permission) {
if (empty($permission['ipRange'])) {
continue;
}
if ($this->ipAddressUtils->isInRange($remoteIp, (array) $permission['ipRange'])) {
$this->ipInRange = true;
break;
}
}
return $this->ipInRange;
}
/**
* Get service configuration.
*
* @return array Service configuration
*/
public function getServiceConfig()
{
return ['aliases' => ['Zend\\Authentication\\AuthenticationService' => 'user_auth_service'], 'invokables' => ['user_auth_storage' => 'Zend\\Authentication\\Storage\\Session', 'user_service_user' => 'User\\Service\\User', 'user_service_apiuser' => 'User\\Service\\ApiUser', 'user_service_email' => 'User\\Service\\Email'], 'factories' => ['user_bcrypt' => function ($sm) {
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$config = $sm->get('config');
$bcrypt->setCost($config['bcrypt_cost']);
return $bcrypt;
}, 'user_hydrator' => function ($sm) {
return new \DoctrineModule\Stdlib\Hydrator\DoctrineObject($sm->get('user_doctrine_em'));
}, 'user_form_activate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_register' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_login' => function ($sm) {
return new \User\Form\Login($sm->get('translator'));
}, 'user_form_password' => function ($sm) {
return new \User\Form\Password($sm->get('translator'));
}, 'user_form_passwordreset' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_passwordactivate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_apitoken' => function ($sm) {
$form = new \User\Form\ApiToken($sm->get('translator'));
$form->setHydrator($sm->get('user_hydrator'));
return $form;
}, 'user_mapper_user' => function ($sm) {
return new \User\Mapper\User($sm->get('user_doctrine_em'));
}, 'user_mapper_newuser' => function ($sm) {
return new \User\Mapper\NewUser($sm->get('user_doctrine_em'));
}, 'user_mapper_apiuser' => function ($sm) {
return new \User\Mapper\ApiUser($sm->get('user_doctrine_em'));
}, 'user_mail_transport' => function ($sm) {
$config = $sm->get('config');
$config = $config['email'];
$class = '\\Zend\\Mail\\Transport\\' . $config['transport'];
$optionsClass = '\\Zend\\Mail\\Transport\\' . $config['transport'] . 'Options';
$transport = new $class();
$transport->setOptions(new $optionsClass($config['options']));
return $transport;
}, 'user_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\Mapper($sm->get('user_bcrypt'), $sm->get('application_service_legacy'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_pin_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\PinMapper($sm->get('application_service_legacy'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_auth_adapter'));
}, 'user_pin_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_pin_auth_adapter'));
}, 'user_remoteaddress' => function ($sm) {
$remote = new \Zend\Http\PhpEnvironment\RemoteAddress();
return $remote->getIpAddress();
}, 'user_role' => function ($sm) {
$authService = $sm->get('user_auth_service');
if ($authService->hasIdentity()) {
return $authService->getIdentity();
}
$apiService = $sm->get('user_service_apiuser');
if ($apiService->hasIdentity()) {
return 'apiuser';
}
$range = $sm->get('config')['tue_range'];
if (strpos($sm->get('user_remoteaddress'), $range) === 0) {
return 'tueguest';
}
return 'guest';
}, 'acl' => function ($sm) {
// initialize the ACL
$acl = new Acl();
/**
* Define all basic roles.
*
* - guest: everyone gets at least this access level
* - tueguest: guest from the TU/e
* - user: GEWIS-member
* - apiuser: Automated tool given access by an admin
* - admin: Defined administrators
*/
$acl->addRole(new Role('guest'));
$acl->addRole(new Role('tueguest'), 'guest');
$acl->addRole(new Role('user'), 'tueguest');
$acl->addrole(new Role('apiuser'), 'guest');
$acl->addrole(new Role('sosuser'), 'apiuser');
$acl->addrole(new Role('active_member'), 'user');
$acl->addRole(new Role('admin'));
$user = $sm->get('user_role');
// add user to registry
if ($user instanceof User) {
$roles = $user->getRoleNames();
// if the user has no roles, add the 'user' role by default
if (empty($roles)) {
$roles = ['user'];
}
// TODO: change this to getActiveOrganInstalltions() once 529 is fixed
if (count($user->getMember()->getOrganInstallations()) > 0) {
$roles[] = 'active_member';
}
$acl->addRole($user, $roles);
}
// admins are allowed to do everything
$acl->allow('admin');
// board members also are admins
$acl->allow('user', null, null, new \User\Permissions\Assertion\IsBoardMember());
// configure the user ACL
$acl->addResource(new Resource('apiuser'));
$acl->addResource(new Resource('user'));
$acl->allow('user', 'user', ['password_change']);
// sosusers can't do anything
$acl->deny('sosuser');
return $acl;
}, 'user_doctrine_em' => function ($sm) {
return $sm->get('doctrine.entitymanager.orm_default');
}], 'shared' => ['user_role' => false]];
}
