app/Plugin/Api42/EventListener/AuthorizationRequestResolveListener.php line 56

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Plugin\Api42\EventListener;
  16. use Eccube\Entity\Master\Authority;
  17. use Eccube\Entity\Member;
  18. use League\OAuth2\Server\Exception\OAuthServerException;
  19. use Plugin\Api42\Form\Type\Admin\OAuth2AuthorizationType;
  20. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  21. use Symfony\Component\Form\FormFactoryInterface;
  22. use Symfony\Component\HttpFoundation\RequestStack;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use League\Bundle\OAuth2ServerBundle\Event\AuthorizationRequestResolveEvent;
  25. use League\Bundle\OAuth2ServerBundle\OAuth2Events;
  26. use Twig\Environment as Twig;
  28. final class AuthorizationRequestResolveListener implements EventSubscriberInterface
  29. {
  30.     /** @var Twig */
  31.     protected $twig;
  33.     /** @var FormFactoryInterface */
  34.     protected $formFactory;
  36.     /** @var RequestStack */
  37.     protected $requestStack;
  39.     public function __construct(
  40.         Twig $twig,
  41.         FormFactoryInterface $formFactory,
  42.         RequestStack $requestStack
  43.     ) {
  44.         $this->twig $twig;
  45.         $this->formFactory $formFactory;
  46.         $this->requestStack $requestStack;
  47.     }
  49.     public static function getSubscribedEvents(): array
  50.     {
  51.         return [
  52.             OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => 'onAuthorizationRequestResolve',
  53.         ];
  54.     }
  56.     public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $event): void
  57.     {
  58.         $user $event->getUser();
  59.         $request $this->requestStack->getMainRequest();
  61.         // システム管理者以外は承認しない
  62.         if (!$user instanceof Member || $user->getAuthority()->getId() !== Authority::ADMIN) {
  63.             $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  65.             return;
  66.         }
  68.         if (!$request->query->has('redirect_uri')) {
  69.             // redirect_uri_mismatch を返すべきだが OAuthServerException ではサポートされていない
  70.             // http://openid-foundation-japan.github.io/draft-ietf-oauth-v2.ja.html#auth-error-codes
  71.             throw OAuthServerException::invalidRequest('redirect_uri');
  72.         }
  74.         if (!$event->isAuthorizationApproved()) {
  75.             $builder $this->formFactory->createBuilder(OAuth2AuthorizationType::class);
  76.             $form $builder->getForm();
  78.             $form['client_id']->setData($event->getClient()->getIdentifier());
  79.             $form['client_secret']->setData($event->getClient()->getSecret());
  80.             $form['redirect_uri']->setData($event->getRedirectUri());
  81.             $form['state']->setData($event->getState());
  82.             $form['scope']->setData(join(' '$event->getScopes()));
  83.             $content $this->twig->render(
  84.                 '@Api42/admin/OAuth/authorization.twig',
  85.                 [
  86.                     'scopes' => $event->getScopes(),
  87.                     'form' => $form->createView(),
  88.                 ]
  89.             );
  91.             if ('POST' === $request->getMethod()) {
  92.                 $form->handleRequest($request);
  93.                 if ($form->isSubmitted() && $form->isValid()) {
  94.                     if ($form->get('approve')->isClicked()) {
  95.                         $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
  96.                     }
  97.                 } else {
  98.                     $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  99.                 }
  100.             } else {
  101.                 $event->setResponse(Response::create($content));
  102.             }
  103.         }
  104.     }
  105. }