app/Plugin/Api/EventListener/AuthorizationRequestResolveListener.php line 62

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Plugin\Api\EventListener;
  16. use Eccube\Entity\Master\Authority;
  17. use Eccube\Entity\Member;
  18. use League\OAuth2\Server\Exception\OAuthServerException;
  19. use Plugin\Api\Form\Type\Admin\OAuth2AuthorizationType;
  20. use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
  21. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  22. use Symfony\Component\Form\FormFactoryInterface;
  23. use Symfony\Component\HttpFoundation\RequestStack;
  24. use Symfony\Component\HttpFoundation\Response;
  25. use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
  26. use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
  27. use Twig\Environment as Twig;
  29. final class AuthorizationRequestResolveListener implements EventSubscriberInterface
  30. {
  31.     /** @var Twig */
  32.     protected $twig;
  34.     /** @var PsrHttpFactory */
  35.     protected $psr7Factory;
  37.     /** @var FormFactoryInterface */
  38.     protected $formFactory;
  40.     /** @var RequestStack */
  41.     protected $requestStack;
  43.     public function __construct(
  44.         Twig $twig,
  45.         PsrHttpFactory $psr7Factory,
  46.         FormFactoryInterface $formFactory,
  47.         RequestStack $requestStack
  48.     ) {
  49.         $this->twig $twig;
  50.         $this->psr7Factory $psr7Factory;
  51.         $this->formFactory $formFactory;
  52.         $this->requestStack $requestStack;
  53.     }
  55.     public static function getSubscribedEvents(): array
  56.     {
  57.         return [
  58.             OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => 'onAuthorizationRequestResolve',
  59.         ];
  60.     }
  62.     public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $event): void
  63.     {
  64.         $user $event->getUser();
  65.         $request $this->requestStack->getMasterRequest();
  67.         // システム管理者以外は承認しない
  68.         if (!$user instanceof Member || $user->getAuthority()->getId() !== Authority::ADMIN) {
  69.             $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  71.             return;
  72.         }
  74.         if (!$request->query->has('redirect_uri')) {
  75.             // redirect_uri_mismatch を返すべきだが OAuthServerException ではサポートされていない
  76.             // http://openid-foundation-japan.github.io/draft-ietf-oauth-v2.ja.html#auth-error-codes
  77.             throw OAuthServerException::invalidRequest('redirect_uri');
  78.         }
  80.         if (!$event->isAuthorizationApproved()) {
  81.             $builder $this->formFactory->createBuilder(OAuth2AuthorizationType::class);
  82.             $form $builder->getForm();
  84.             $form['client_id']->setData($event->getClient()->getIdentifier());
  85.             $form['client_secret']->setData($event->getClient()->getSecret());
  86.             $form['redirect_uri']->setData($event->getRedirectUri());
  87.             $form['state']->setData($event->getState());
  88.             $form['scope']->setData(join(' '$event->getScopes()));
  89.             $content $this->twig->render(
  90.                 '@Api/admin/OAuth/authorization.twig',
  91.                 [
  92.                     'scopes' => $event->getScopes(),
  93.                     'form' => $form->createView(),
  94.                 ]
  95.             );
  97.             if ('POST' === $request->getMethod()) {
  98.                 $form->handleRequest($request);
  99.                 if ($form->isSubmitted() && $form->isValid()) {
  100.                     if ($form->get('approve')->isClicked()) {
  101.                         $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
  102.                     }
  103.                 } else {
  104.                     $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  105.                 }
  106.             } else {
  107.                 $Response $this->psr7Factory->createResponse(Response::create($content));
  108.                 $event->setResponse($Response);
  109.             }
  110.         }
  111.     }
  112. }