vendor/hwi/oauth-bundle/src/Controller/RedirectToServiceController.php line 44

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the HWIOAuthBundle package.
  5. *
  6. * (c) Hardware Info <opensource@hardware.info>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace HWI\Bundle\OAuthBundle\Controller;
  14. use HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMapLocator;
  15. use HWI\Bundle\OAuthBundle\Security\OAuthUtils;
  16. use HWI\Bundle\OAuthBundle\Util\DomainWhitelist;
  17. use RuntimeException;
  18. use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException;
  19. use Symfony\Component\HttpFoundation\RedirectResponse;
  20. use Symfony\Component\HttpFoundation\Request;
  21. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  22. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  24. /**
  25. * @author Alexander <iam.asm89@gmail.com>
  26. *
  27. * @internal
  28. */
  29. final class RedirectToServiceController
  30. {
  31. public function __construct(
  32. private readonly OAuthUtils $oauthUtils,
  33. private readonly DomainWhitelist $domainWhitelist,
  34. private readonly ResourceOwnerMapLocator $resourceOwnerMapLocator,
  35. private readonly ?string $targetPathParameter,
  36. private readonly bool $failedUseReferer,
  37. private readonly bool $useReferer,
  38. ) {
  39. }
  41. /**
  42. * @throws NotFoundHttpException
  43. */
  44. public function redirectToServiceAction(Request $request, string $service): RedirectResponse
  45. {
  46. try {
  47. $authorizationUrl = $this->oauthUtils->getAuthorizationUrl($request, $service);
  48. } catch (RuntimeException $e) {
  49. throw new NotFoundHttpException($e->getMessage(), $e);
  50. }
  52. $this->storeReturnPath($request, $authorizationUrl);
  54. return new RedirectResponse($authorizationUrl);
  55. }
  57. private function storeReturnPath(Request $request, string $authorizationUrl): void
  58. {
  59. try {
  60. $session = $request->getSession();
  61. } catch (SessionNotFoundException $e) {
  62. return;
  63. }
  65. $param = $this->targetPathParameter;
  67. foreach ($this->resourceOwnerMapLocator->getFirewallNames() as $firewallName) {
  68. $sessionKey = '_security.'.$firewallName.'.target_path';
  69. $sessionKeyFailure = '_security.'.$firewallName.'.failed_target_path';
  71. if (!empty($param) && $targetUrl = $request->get($param)) {
  72. if (!$this->domainWhitelist->isValidTargetUrl($targetUrl)) {
  73. throw new AccessDeniedHttpException('Not allowed to redirect to '.$targetUrl);
  74. }
  76. $session->set($sessionKey, $targetUrl);
  77. }
  79. if ($this->failedUseReferer && !$session->has($sessionKeyFailure) && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $authorizationUrl) {
  80. $session->set($sessionKeyFailure, $targetUrl);
  81. }
  83. if ($this->useReferer && !$session->has($sessionKey) && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $authorizationUrl) {
  84. $session->set($sessionKey, $targetUrl);
  85. }
  86. }
  87. }
  88. }