private function checkSessionInvalidation(GetTasksEvent $event)
{
if (!$this->authChecker->isGranted('FEATURE_INVALIDATE_SESSIONS')) {
return;
}
$person = $this->tokenStorage->getToken()->getUser();
$repo = $this->invalidateSessionRequestRepository;
$request = $repo->findMostRecent($person);
$sessionCreation = $event->getRequest()->getSession()->getMetadataBag()->getCreated();
if ($request === null || $sessionCreation > $request->getRequestedAt()->getTimestamp()) {
return;
}
$event->addTask(new InvalidateSessionTask());
}
/**
* @param GetTasksEvent $event
*/
public function onGetTasks(GetTasksEvent $event, $eventName, EventDispatcherInterface $dispatcher)
{
try {
/** @var PersonInterface $user */
$user = $this->tokenStorage->getToken()->getUser();
if (!$user instanceof PersonInterface) {
return;
}
} catch (\Exception $e) {
return;
}
$request = $event->getRequest();
$route = $request->get('_route');
$clientId = $request->get('client_id', $request->attributes->get('clientId'));
if (!$clientId) {
return;
}
if ($this->skipCompletionTaskIfAuthorized && $this->isAuthorizedClient($dispatcher, $clientId)) {
return;
}
$task = new CompleteUserInfoTask($clientId);
$scopes = $request->get('scope', false);
$skipped = $task->isSkipRoute($route);
if ($route !== '_authorize_validate' && !$skipped && (false === $task->isTaskRoute($route) || !$scopes)) {
return;
}
$scopes = explode(' ', $scopes);
$emptyClaims = [];
foreach ($scopes as $scope) {
if ($this->checkScope($user, $scope)) {
continue;
}
$emptyClaims[] = $scope;
}
if (count($emptyClaims) > 0 || $skipped) {
$task->setScope($emptyClaims);
$event->addTask($task);
}
}
