/** * @param \Zend\Mvc\MvcEvent $oEvent * @param \BoilerAppAccessControl\Entity\AuthAccessEntity $oAuthenticatedAuthAccess * @param string $sSessionId * @return \BoilerAppLogger\LoggerService */ public function initialize(\Zend\Mvc\MvcEvent $oEvent, \BoilerAppAccessControl\Entity\AuthAccessEntity $oAuthenticatedAuthAccess = null, $sSessionId) { if (!($oRequest = $oEvent->getRequest()) instanceof \Zend\Http\Request) { return $this; } //Create and persist log entity $oCurrentLog = new \BoilerAppLogger\Entity\LogEntity(); if ($oAuthenticatedAuthAccess) { $oCurrentLog->setLogAuthAccess($oAuthenticatedAuthAccess); } //Retrieve remote address $oRemoteAddress = new \Zend\Http\PhpEnvironment\RemoteAddress(); if ($oAuthenticatedAuthAccess) { $oCurrentLog->setLogAuthAccess($oAuthenticatedAuthAccess); } $this->setCurrentLog($this->getLogRepository()->create($oCurrentLog->setLogRequestMethod($oRequest->getMethod())->setLogRequestUri($oRequest->getUriString())->setLogSessionId($sSessionId ?: null)->setLogIPAddress($oRemoteAddress->getIpAddress() ?: null)->setLogRequestHeaders($oRequest->getHeaders()))); //Initialize loggers foreach ($this->getConfiguration()->getLoggers() as $oLogger) { $oLogger->setLogRepository($this->getLogRepository())->initialize($oEvent, $this->getCurrentLog()); } return $this; }
/** * Check if the requester's IP is in any known IP address range and cache the * result * * @return bool */ protected function getIpInRange() { if ($this->ipInRange !== null) { return $this->ipInRange; } $this->ipInRange = false; $remoteAddress = new \Zend\Http\PhpEnvironment\RemoteAddress(); $remoteIp = $remoteAddress->getIpAddress(); // Iterate all permissions with ipRanges. We'll accept any range for now. foreach ($this->permissions as $permission) { if (empty($permission['ipRange'])) { continue; } $ranges = []; foreach ($permission['ipRange']->toArray() as $range) { list($ip) = explode('#', $range, 2); $ranges = array_merge($ranges, array_map('trim', explode(',', $ip))); } if ($this->ipAddressUtils->isInRange($remoteIp, $ranges)) { $this->ipInRange = true; break; } } return $this->ipInRange; }
/** * Check if the requester's IP is in any known IP address range and cache the * result * * @return bool */ protected function getIpInRange() { if ($this->ipInRange !== null) { return $this->ipInRange; } $this->ipInRange = false; $remoteAddress = new \Zend\Http\PhpEnvironment\RemoteAddress(); $remoteIp = $remoteAddress->getIpAddress(); // Iterate all permissions with ipRanges. We'll accept any range for now. foreach ($this->permissions as $permission) { if (empty($permission['ipRange'])) { continue; } if ($this->ipAddressUtils->isInRange($remoteIp, (array) $permission['ipRange'])) { $this->ipInRange = true; break; } } return $this->ipInRange; }
/** * Get service configuration. * * @return array Service configuration */ public function getServiceConfig() { return ['aliases' => ['Zend\\Authentication\\AuthenticationService' => 'user_auth_service'], 'invokables' => ['user_auth_storage' => 'Zend\\Authentication\\Storage\\Session', 'user_service_user' => 'User\\Service\\User', 'user_service_apiuser' => 'User\\Service\\ApiUser', 'user_service_email' => 'User\\Service\\Email'], 'factories' => ['user_bcrypt' => function ($sm) { $bcrypt = new \Zend\Crypt\Password\Bcrypt(); $config = $sm->get('config'); $bcrypt->setCost($config['bcrypt_cost']); return $bcrypt; }, 'user_hydrator' => function ($sm) { return new \DoctrineModule\Stdlib\Hydrator\DoctrineObject($sm->get('user_doctrine_em')); }, 'user_form_activate' => function ($sm) { return new \User\Form\Activate($sm->get('translator')); }, 'user_form_register' => function ($sm) { return new \User\Form\Register($sm->get('translator')); }, 'user_form_login' => function ($sm) { return new \User\Form\Login($sm->get('translator')); }, 'user_form_password' => function ($sm) { return new \User\Form\Password($sm->get('translator')); }, 'user_form_passwordreset' => function ($sm) { return new \User\Form\Register($sm->get('translator')); }, 'user_form_passwordactivate' => function ($sm) { return new \User\Form\Activate($sm->get('translator')); }, 'user_form_apitoken' => function ($sm) { $form = new \User\Form\ApiToken($sm->get('translator')); $form->setHydrator($sm->get('user_hydrator')); return $form; }, 'user_mapper_user' => function ($sm) { return new \User\Mapper\User($sm->get('user_doctrine_em')); }, 'user_mapper_newuser' => function ($sm) { return new \User\Mapper\NewUser($sm->get('user_doctrine_em')); }, 'user_mapper_apiuser' => function ($sm) { return new \User\Mapper\ApiUser($sm->get('user_doctrine_em')); }, 'user_mail_transport' => function ($sm) { $config = $sm->get('config'); $config = $config['email']; $class = '\\Zend\\Mail\\Transport\\' . $config['transport']; $optionsClass = '\\Zend\\Mail\\Transport\\' . $config['transport'] . 'Options'; $transport = new $class(); $transport->setOptions(new $optionsClass($config['options'])); return $transport; }, 'user_auth_adapter' => function ($sm) { $adapter = new \User\Authentication\Adapter\Mapper($sm->get('user_bcrypt'), $sm->get('application_service_legacy')); $adapter->setMapper($sm->get('user_mapper_user')); return $adapter; }, 'user_pin_auth_adapter' => function ($sm) { $adapter = new \User\Authentication\Adapter\PinMapper($sm->get('application_service_legacy')); $adapter->setMapper($sm->get('user_mapper_user')); return $adapter; }, 'user_auth_service' => function ($sm) { return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_auth_adapter')); }, 'user_pin_auth_service' => function ($sm) { return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_pin_auth_adapter')); }, 'user_remoteaddress' => function ($sm) { $remote = new \Zend\Http\PhpEnvironment\RemoteAddress(); return $remote->getIpAddress(); }, 'user_role' => function ($sm) { $authService = $sm->get('user_auth_service'); if ($authService->hasIdentity()) { return $authService->getIdentity(); } $apiService = $sm->get('user_service_apiuser'); if ($apiService->hasIdentity()) { return 'apiuser'; } $range = $sm->get('config')['tue_range']; if (strpos($sm->get('user_remoteaddress'), $range) === 0) { return 'tueguest'; } return 'guest'; }, 'acl' => function ($sm) { // initialize the ACL $acl = new Acl(); /** * Define all basic roles. * * - guest: everyone gets at least this access level * - tueguest: guest from the TU/e * - user: GEWIS-member * - apiuser: Automated tool given access by an admin * - admin: Defined administrators */ $acl->addRole(new Role('guest')); $acl->addRole(new Role('tueguest'), 'guest'); $acl->addRole(new Role('user'), 'tueguest'); $acl->addrole(new Role('apiuser'), 'guest'); $acl->addrole(new Role('sosuser'), 'apiuser'); $acl->addrole(new Role('active_member'), 'user'); $acl->addRole(new Role('admin')); $user = $sm->get('user_role'); // add user to registry if ($user instanceof User) { $roles = $user->getRoleNames(); // if the user has no roles, add the 'user' role by default if (empty($roles)) { $roles = ['user']; } // TODO: change this to getActiveOrganInstalltions() once 529 is fixed if (count($user->getMember()->getOrganInstallations()) > 0) { $roles[] = 'active_member'; } $acl->addRole($user, $roles); } // admins are allowed to do everything $acl->allow('admin'); // board members also are admins $acl->allow('user', null, null, new \User\Permissions\Assertion\IsBoardMember()); // configure the user ACL $acl->addResource(new Resource('apiuser')); $acl->addResource(new Resource('user')); $acl->allow('user', 'user', ['password_change']); // sosusers can't do anything $acl->deny('sosuser'); return $acl; }, 'user_doctrine_em' => function ($sm) { return $sm->get('doctrine.entitymanager.orm_default'); }], 'shared' => ['user_role' => false]]; }