Dav: implements JWT extraction from the URL, and add the access_token in dav urls

2025-08-25 00:53:48 +00:00 · 2023-09-14 21:54:30 +02:00
parent 146e0090fb
commit 6f6683f549
10 changed files with 193 additions and 39 deletions
--- a/src/Bundle/ChillDocStoreBundle/Security/Guard/DavOnUrlTokenExtractor.php
+++ b/src/Bundle/ChillDocStoreBundle/Security/Guard/DavOnUrlTokenExtractor.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Security\Guard;
+
+use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+final readonly class DavOnUrlTokenExtractor implements TokenExtractorInterface
+{
+    public function __construct(
+        private LoggerInterface $logger,
+    ) {}
+
+    public function extract(Request $request): string|false
+    {
+        $uri = $request->getRequestUri();
+
+        $segments = array_values(
+            array_filter(
+                explode('/', $uri),
+                fn ($item) => '' !== trim($item)
+            )
+        );
+
+        if (2 > count($segments)) {
+            $this->logger->info("not enough segment for parsing URL");
+
+            return false;
+        }
+
+        if ('dav' !== $segments[0]) {
+            $this->logger->info("the first segment of the url must be DAV");
+
+            return false;
+        }
+
+        return $segments[1];
+    }
+}
--- a/src/Bundle/ChillDocStoreBundle/Security/Guard/JWTOnDavUrlAuthenticator.php
+++ b/src/Bundle/ChillDocStoreBundle/Security/Guard/JWTOnDavUrlAuthenticator.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Security\Guard;
+
+use Lexik\Bundle\JWTAuthenticationBundle\Security\Guard\JWTTokenAuthenticator;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
+use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+class JWTOnDavUrlAuthenticator extends JWTTokenAuthenticator
+{
+    public function __construct(
+        JWTTokenManagerInterface $jwtManager,
+        EventDispatcherInterface $dispatcher,
+        TokenExtractorInterface $tokenExtractor,
+        TokenStorageInterface $preAuthenticationTokenStorage,
+        TranslatorInterface $translator = null,
+        private readonly DavOnUrlTokenExtractor $davOnUrlTokenExtractor,
+    ) {
+        parent::__construct($jwtManager, $dispatcher, $tokenExtractor, $preAuthenticationTokenStorage, $translator);
+    }
+
+    protected function getTokenExtractor()
+    {
+        return $this->davOnUrlTokenExtractor;
+    }
+}