src/AdminBundle/Security/ApiKeyGuard.php line 34

Open in your IDE?
  1. <?php
  3. namespace AdminBundle\Security;
  5. use AdminBundle\Entity\User;
  6. use AdminBundle\Entity\Driver;
  7. use AdminBundle\Entity\Settings;
  8. use AdminBundle\Security\ApiKeyUserProvider;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Component\DependencyInjection\ContainerInterface;
  12. use Symfony\Component\HttpFoundation\JsonResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  16. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  17. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  18. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  19. use Symfony\Component\Security\Core\User\UserInterface;
  20. use Symfony\Component\Security\Core\User\UserProviderInterface;
  21. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  23. class ApiKeyGuard extends AbstractGuardAuthenticator
  24. {
  25. private $em;
  27. private $keyParam = 'apikey';
  29. public function __construct(
  30. ContainerInterface $container,
  31. EntityManagerInterface $em
  32. ) {
  33. $this->em = $em;
  34. $this->container = $container;
  35. }
  38. private function recursiveVerifyDriver(
  39. array $verify,
  40. $driver,
  41. $limit
  42. ) {
  43. $response = null;
  44. foreach ($verify as $function => $object) {
  45. if (is_array($object)) {
  46. $response = $this->recursiveVerifyDriver(
  47. $object,
  48. $driver->$function(),
  49. $limit
  50. );
  51. }
  52. if ($object == 'Insurance') {
  53. $insurance_time_lock = $this->em->getRepository(
  54. Settings::class
  55. )->findOneBy([
  56. 'key' => 'vehicle_insurance_time_lock'
  57. ]);
  58. if (!empty($insurance_time_lock)) {
  59. $db_insurance = $driver->$function();
  60. $diff = $db_insurance->diff($limit);
  61. $hours = $diff->h + $diff->days * 24;
  62. $expiresIn = $limit > $db_insurance ? -$hours : $hours;
  63. if ($expiresIn <= $insurance_time_lock->getValue()) {
  64. return $object;
  65. }
  66. } else {
  67. if ($driver->$function() <= $limit) {
  68. return $object;
  69. }
  70. }
  71. } else {
  72. if ($driver->$function() <= $limit) {
  73. return $object;
  74. }
  75. }
  76. }
  77. return $response;
  78. }
  81. /**
  82. * Called on every request to decide if this authenticator should be
  83. * used for the request. Returning `false` will cause this authenticator
  84. * to be skipped.
  85. */
  86. public function supports(Request $request): bool {
  87. $targetUrl = '/api';
  88. if (
  89. strpos($targetUrl, $request->getPathInfo()) == 0 &&
  90. strpos($targetUrl, $request->getPathInfo()) !== false
  91. ) {
  92. return false;
  93. }
  94. if ($request->get('_route') === 'api_reset_password') {
  95. return false;
  96. };
  97. // 1. check if exist header apikey
  98. // 2. if not exist header check if exist _GET parameter apiKey
  99. if ($request->headers->has($this->keyParam)) {
  100. return true;
  101. } else {
  102. return $request->query->has($this->keyParam);
  103. }
  104. }
  106. /**
  107. * Called on every request. Return whatever credentials you want to
  108. * be passed to getUser() as $credentials.
  109. */
  110. public function getCredentials(Request $request) {
  111. // 1. check if exist header apikey
  112. // 2. if not exist header check if exist _GET parameter apiKey
  113. return $request->headers->get(
  114. $this->keyParam,
  115. $request->query->get(
  116. $this->keyParam
  117. )
  118. );
  119. }
  121. public function getUser(
  122. $credentials,
  123. UserProviderInterface $userProvider
  124. ): ?UserInterface {
  125. if (!$userProvider instanceof ApiKeyUserProvider) {
  126. throw new \InvalidArgumentException(
  127. sprintf(
  128. 'The user provider must be an instance of ApiKeyUserProvider (%s was given).',
  129. get_class($userProvider)
  130. )
  131. );
  132. }
  133. if (null === $credentials) {
  134. throw new BadCredentialsException();
  135. // Authentication fails with HTTP Status
  136. // Code 401 "Unauthorized"
  137. // return null;
  138. }
  139. $user = $this->em->getRepository(User::class)->findOneBy([
  140. 'apiKey' => $credentials
  141. ]);
  142. if (!$user) {
  143. throw new CustomUserMessageAuthenticationException(
  144. sprintf(
  145. 'Invalid api key. API Key "%s" does not exist.',
  146. $credentials
  147. )
  148. );
  149. }
  150. $user->addRole('ROLE_API');
  151. // The "username" in this case is the apiToken, see the key `property`
  152. // of `your_db_provider` in `security.yaml`.
  153. // If this returns a user, checkCredentials() is called next:
  154. // return $userProvider->loadUserByUsername($credentials);
  155. return $user;
  156. }
  158. public function checkCredentials(
  159. $credentials,
  160. UserInterface $user
  161. ): bool {
  162. if (!$user->isEnabled()) {
  163. throw new CustomUserMessageAuthenticationException(
  164. 'Your account is disabled. '.
  165. 'Please contact office to restore your access.Thank you'
  166. );
  167. }
  168. if (in_array(User::ROLE_DRIVER, $user->getRoles())) {
  169. $driver = $user->getDriver();
  170. if ($driver->getStatus() == Driver::STATUS_SUSPENDED) {
  171. throw new CustomUserMessageAuthenticationException(
  172. 'Invalid driver status.'
  173. );
  174. }
  175. if ($driver->isDeactivated()) {
  176. $deactivatedDate = $driver->getDeactivatedUntil()->format('Y-m-d H:i:s');
  177. throw new CustomUserMessageAuthenticationException(
  178. 'Your account was deactiaved until '. $deactivatedDate. '. '.
  179. 'Please contact office to restore your access.Thank you'
  180. );
  181. }
  182. $main_location = $this->container->getParameter('main_location');
  183. $verifyExpiring = [];
  184. if ($main_location == 'UK') {
  185. $verifyExpiring = [
  186. 'getCar' => [
  187. 'getInsuranceExpirationDate' => 'Insurance',
  188. 'getMotExpiryDate' => 'MOT',
  189. 'getPhvExpireDate' => 'PHV',
  190. ],
  191. 'getLicenseExpireDate' => 'Driving License',
  192. 'getPublicCarriageOfficeExpiryDate' => 'PCO Licence',
  193. ];
  194. }
  195. if ($main_location == 'US') {
  196. $verifyExpiring = [
  197. 'getCar' => [
  198. 'getInsuranceExpirationDate' => 'Insurance',
  199. 'getVehicleInspectionExpiryDate' => 'Vehicle Inspection',
  200. 'getLimoLicenseExpiryDate' => 'Limo License',
  201. ],
  202. 'getLicenseExpireDate' => 'Driving License',
  203. 'getHackLicenseExpirationDate' => 'Hack Licence',
  204. ];
  205. }
  206. /** @var Driver $driver */
  207. if ($driver->getCar()) {
  208. $expired = $this->recursiveVerifyDriver(
  209. $verifyExpiring, $driver, new \DateTime()
  210. );
  211. if (!empty($expired)) {
  212. throw new CustomUserMessageAuthenticationException(
  213. 'Expired '. $expired. '. '.
  214. 'Please contact Office and upload documents in your account.'
  215. );
  216. }
  217. }
  218. }
  219. // Return `true` to cause authentication success
  220. return true;
  221. }
  223. public function onAuthenticationSuccess(
  224. Request $request,
  225. TokenInterface $token,
  226. $providerKey
  227. ): ?Response {
  228. // on success, let the request continue
  229. return null;
  230. }
  232. public function onAuthenticationFailure(
  233. Request $request,
  234. AuthenticationException $exception
  235. ): ?Response {
  236. $data = [
  237. // you may want to customize or obfuscate the message first
  238. 'message' => strtr(
  239. $exception->getMessageKey(),
  240. $exception->getMessageData()
  241. )
  242. // or to translate this message
  243. // $this->translator->trans(
  244. // $exception->getMessageKey(),
  245. // $exception->getMessageData()
  246. // )
  247. ];
  248. return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
  249. }
  251. /**
  252. * Called when authentication is needed, but it's not sent
  253. */
  254. public function start(
  255. Request $request,
  256. ?AuthenticationException $authException = null
  257. ): Response {
  258. $data = [
  259. // you might translate this message
  260. 'message' => 'Authentication Required'
  261. ];
  262. return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
  263. }
  265. public function supportsRememberMe(): bool {
  266. return false;
  267. }
  269. }