mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-08-26 01:23:49 +00:00
apply more cs rules for php-cs
This commit is contained in:
@@ -11,14 +11,8 @@ declare(strict_types=1);
|
||||
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
|
||||
use function get_class;
|
||||
use function in_array;
|
||||
|
||||
use const E_USER_DEPRECATED;
|
||||
|
||||
/**
|
||||
* Voter for Chill software.
|
||||
*
|
||||
|
||||
@@ -20,11 +20,6 @@ use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
|
||||
use Chill\MainBundle\Security\Resolver\ScopeResolverDispatcher;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Traversable;
|
||||
use UnexpectedValueException;
|
||||
|
||||
use function array_merge;
|
||||
use function get_class;
|
||||
|
||||
/**
|
||||
* Helper for authorizations.
|
||||
@@ -44,7 +39,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
/**
|
||||
* Filter an array of centers, return only center which are reachable.
|
||||
*
|
||||
* @param User $user The user
|
||||
* @param User $user The user
|
||||
* @param array $centers a list of centers which are going to be filtered
|
||||
*/
|
||||
public function filterReachableCenters(User $user, array $centers, mixed $role): array
|
||||
@@ -63,10 +58,9 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
/**
|
||||
* @deprecated use UserACLAwareRepositoryInterface::findUsersByReachedACL instead
|
||||
*
|
||||
*
|
||||
* @return User[]
|
||||
*/
|
||||
public function findUsersReaching(string $role, array|\Chill\MainBundle\Entity\Center $center, null|array|\Chill\MainBundle\Entity\Scope $scope = null, bool $onlyEnabled = true): array
|
||||
public function findUsersReaching(string $role, array|\Chill\MainBundle\Entity\Center $center, array|\Chill\MainBundle\Entity\Scope $scope = null, bool $onlyEnabled = true): array
|
||||
{
|
||||
return $this->userACLAwareRepository
|
||||
->findUsersByReachedACL($role, $center, $scope, $onlyEnabled);
|
||||
@@ -91,7 +85,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
*
|
||||
* @return list<Center>
|
||||
*/
|
||||
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array
|
||||
public function getReachableCenters(UserInterface $user, string $role, Scope $scope = null): array
|
||||
{
|
||||
if (!$user instanceof User) {
|
||||
return [];
|
||||
@@ -102,9 +96,9 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
|
||||
foreach ($user->getGroupCenters() as $groupCenter) {
|
||||
$permissionGroup = $groupCenter->getPermissionsGroup();
|
||||
//iterate on roleScopes
|
||||
// iterate on roleScopes
|
||||
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
|
||||
//check that the role is in the reachable roles
|
||||
// check that the role is in the reachable roles
|
||||
if ($this->isRoleReached($role, $roleScope->getRole())) {
|
||||
if (null === $scope) {
|
||||
$centers[spl_object_hash($groupCenter->getCenter())] = $groupCenter->getCenter();
|
||||
@@ -128,6 +122,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
* Return all reachable circle for a given user, center and role.
|
||||
*
|
||||
* @param Center|Center[] $center
|
||||
*
|
||||
* @return Scope[]
|
||||
*/
|
||||
public function getReachableCircles(UserInterface $user, string $role, array|\Chill\MainBundle\Entity\Center $center)
|
||||
@@ -136,7 +131,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
|
||||
if (is_iterable($center)) {
|
||||
foreach ($center as $c) {
|
||||
$scopes = array_merge($scopes, $this->getReachableCircles($user, $role, $c));
|
||||
$scopes = \array_merge($scopes, $this->getReachableCircles($user, $role, $c));
|
||||
}
|
||||
|
||||
return $scopes;
|
||||
@@ -144,11 +139,11 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
|
||||
foreach ($user->getGroupCenters() as $groupCenter) {
|
||||
if ($center->getId() === $groupCenter->getCenter()->getId()) {
|
||||
//iterate on permissionGroup
|
||||
// iterate on permissionGroup
|
||||
$permissionGroup = $groupCenter->getPermissionsGroup();
|
||||
//iterate on roleScopes
|
||||
// iterate on roleScopes
|
||||
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
|
||||
//check that the role is in the reachable roles
|
||||
// check that the role is in the reachable roles
|
||||
if ($this->isRoleReached($role, $roleScope->getRole())) {
|
||||
$scopes[] = $roleScope->getScope();
|
||||
}
|
||||
@@ -174,7 +169,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
*/
|
||||
public function userCanReachCenter(User $user, array|\Chill\MainBundle\Entity\Center $center): bool
|
||||
{
|
||||
if ($center instanceof Traversable) {
|
||||
if ($center instanceof \Traversable) {
|
||||
foreach ($center as $c) {
|
||||
if ($c->userCanReachCenter($user, $c)) {
|
||||
return true;
|
||||
@@ -194,13 +189,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
return false;
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException(
|
||||
sprintf(
|
||||
'The entity given is not an instance of %s or an array of centers, %s given',
|
||||
Center::class,
|
||||
gettype($center)
|
||||
)
|
||||
);
|
||||
throw new \UnexpectedValueException(sprintf('The entity given is not an instance of %s or an array of centers, %s given', Center::class, gettype($center)));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -229,7 +218,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
/**
|
||||
* Test if a parent role may give access to a given child role.
|
||||
*
|
||||
* @param string $childRole The role we want to test if he is reachable
|
||||
* @param string $childRole The role we want to test if he is reachable
|
||||
* @param string $parentRole The role which should give access to $childRole
|
||||
*
|
||||
* @return bool true if the child role is granted by parent role
|
||||
@@ -255,11 +244,11 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
// we cannot compare the objects: we must compare the ids here
|
||||
if ($groupCenter->getCenter()->getId() === $center->getId()) {
|
||||
$permissionGroup = $groupCenter->getPermissionsGroup();
|
||||
//iterate on roleScopes
|
||||
// iterate on roleScopes
|
||||
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
|
||||
//check that the role allow to reach the required role
|
||||
// check that the role allow to reach the required role
|
||||
if ($this->isRoleReached($attribute, $roleScope->getRole())) {
|
||||
//if yes, we have a right on something...
|
||||
// if yes, we have a right on something...
|
||||
// perform check on scope if necessary
|
||||
if ($this->scopeResolverDispatcher->isConcerned($entity)) {// here, we should also check that the role need a scope
|
||||
$scope = $this->scopeResolverDispatcher->resolveScope($entity);
|
||||
|
||||
@@ -19,7 +19,7 @@ class AuthorizationHelperForCurrentUser implements AuthorizationHelperForCurrent
|
||||
{
|
||||
public function __construct(private readonly AuthorizationHelperInterface $authorizationHelper, private readonly Security $security) {}
|
||||
|
||||
public function getReachableCenters(string $role, ?Scope $scope = null): array
|
||||
public function getReachableCenters(string $role, Scope $scope = null): array
|
||||
{
|
||||
if (!$this->security->getUser() instanceof User) {
|
||||
return [];
|
||||
|
||||
@@ -22,10 +22,11 @@ interface AuthorizationHelperForCurrentUserInterface
|
||||
*
|
||||
* @return Center[]
|
||||
*/
|
||||
public function getReachableCenters(string $role, ?Scope $scope = null): array;
|
||||
public function getReachableCenters(string $role, Scope $scope = null): array;
|
||||
|
||||
/**
|
||||
* @param list<Center>|Center $center
|
||||
*
|
||||
* @return list<Scope>
|
||||
*/
|
||||
public function getReachableScopes(string $role, array|Center $center): array;
|
||||
|
||||
@@ -23,10 +23,11 @@ interface AuthorizationHelperInterface
|
||||
*
|
||||
* @return list<Center>
|
||||
*/
|
||||
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array;
|
||||
public function getReachableCenters(UserInterface $user, string $role, Scope $scope = null): array;
|
||||
|
||||
/**
|
||||
* @param Center|array<Center> $center
|
||||
*
|
||||
* @return list<Scope>
|
||||
*/
|
||||
public function getReachableScopes(UserInterface $user, string $role, array|Center $center): array;
|
||||
|
||||
@@ -12,9 +12,6 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
|
||||
|
||||
use function in_array;
|
||||
|
||||
final readonly class DefaultVoterHelper implements VoterHelperInterface
|
||||
{
|
||||
@@ -27,11 +24,11 @@ final readonly class DefaultVoterHelper implements VoterHelperInterface
|
||||
{
|
||||
foreach ($this->configuration as [$attributes, $subj]) {
|
||||
if (null === $subj) {
|
||||
if (null === $subject && in_array($attribute, $attributes, true)) {
|
||||
if (null === $subject && \in_array($attribute, $attributes, true)) {
|
||||
return true;
|
||||
}
|
||||
} elseif ($subject instanceof $subj) {
|
||||
return in_array($attribute, $attributes, true);
|
||||
return \in_array($attribute, $attributes, true);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,8 +11,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
|
||||
|
||||
class DefaultVoterHelperFactory implements VoterHelperFactoryInterface
|
||||
{
|
||||
public function __construct(protected AuthorizationHelper $authorizationHelper) {}
|
||||
|
||||
@@ -16,8 +16,6 @@ use Chill\MainBundle\Workflow\EntityWorkflowManager;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
use UnexpectedValueException;
|
||||
use function in_array;
|
||||
|
||||
class EntityWorkflowVoter extends Voter
|
||||
{
|
||||
@@ -33,12 +31,11 @@ class EntityWorkflowVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject)
|
||||
{
|
||||
return $subject instanceof EntityWorkflow && in_array($attribute, self::getRoles(), true);
|
||||
return $subject instanceof EntityWorkflow && \in_array($attribute, self::getRoles(), true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param EntityWorkflow $subject
|
||||
* @param mixed $attribute
|
||||
*/
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
@@ -72,10 +69,10 @@ class EntityWorkflowVoter extends Voter
|
||||
return false;
|
||||
|
||||
case self::DELETE:
|
||||
return $subject->getStep() === 'initial';
|
||||
return 'initial' === $subject->getStep();
|
||||
|
||||
case self::SHOW_ENTITY_LINK:
|
||||
if ($subject->getStep() === 'initial') {
|
||||
if ('initial' === $subject->getStep()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -88,7 +85,7 @@ class EntityWorkflowVoter extends Voter
|
||||
return $currentStep->getPrevious()->getTransitionBy() === $this->security->getUser();
|
||||
|
||||
default:
|
||||
throw new UnexpectedValueException("attribute {$attribute} not supported");
|
||||
throw new \UnexpectedValueException("attribute {$attribute} not supported");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,6 @@ use Chill\MainBundle\Entity\NotificationComment;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use UnexpectedValueException;
|
||||
|
||||
final class NotificationVoter extends Voter
|
||||
{
|
||||
@@ -42,7 +41,6 @@ final class NotificationVoter extends Voter
|
||||
|
||||
/**
|
||||
* @param string $attribute
|
||||
* @param mixed $subject
|
||||
*/
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
@@ -59,7 +57,7 @@ final class NotificationVoter extends Voter
|
||||
),
|
||||
self::NOTIFICATION_SEE, self::NOTIFICATION_TOGGLE_READ_STATUS => $subject->getSender() === $user || $subject->getAddressees()->contains($user),
|
||||
self::NOTIFICATION_UPDATE => $subject->getSender() === $user && false === $subject->isSystem(),
|
||||
default => throw new UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
default => throw new \UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
};
|
||||
} elseif ($subject instanceof NotificationComment) {
|
||||
return match ($attribute) {
|
||||
@@ -67,10 +65,10 @@ final class NotificationVoter extends Voter
|
||||
$subject->getNotification()->getAddressees()->contains($user) || $subject->getNotification()->getSender() === $user
|
||||
),
|
||||
self::COMMENT_EDIT => $subject->getCreatedBy() === $user && false === $subject->getNotification()->isSystem(),
|
||||
default => throw new UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
default => throw new \UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
};
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException();
|
||||
throw new \UnexpectedValueException();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,8 +14,6 @@ namespace Chill\MainBundle\Security\Authorization;
|
||||
use Chill\MainBundle\Entity\SavedExport;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use UnexpectedValueException;
|
||||
use function in_array;
|
||||
|
||||
class SavedExportVoter extends Voter
|
||||
{
|
||||
@@ -33,14 +31,14 @@ class SavedExportVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject): bool
|
||||
{
|
||||
return $subject instanceof SavedExport && in_array($attribute, self::ALL, true);
|
||||
return $subject instanceof SavedExport && \in_array($attribute, self::ALL, true);
|
||||
}
|
||||
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
return match ($attribute) {
|
||||
self::DELETE, self::EDIT, self::GENERATE => $subject->getUser() === $token->getUser(),
|
||||
default => throw new UnexpectedValueException('attribute not supported: ' . $attribute),
|
||||
default => throw new \UnexpectedValueException('attribute not supported: '.$attribute),
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,8 +14,8 @@ namespace Chill\MainBundle\Security\Authorization;
|
||||
interface VoterGeneratorInterface
|
||||
{
|
||||
/**
|
||||
* @param string $class The FQDN of a class
|
||||
* @param array $attributes an array of attributes
|
||||
* @param string $class The FQDN of a class
|
||||
* @param array $attributes an array of attributes
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
|
||||
@@ -12,12 +12,8 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Repository\Workflow\EntityWorkflowRepository;
|
||||
use Chill\MainBundle\Workflow\EntityWorkflowHandlerInterface;
|
||||
use RuntimeException;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use function in_array;
|
||||
use function is_object;
|
||||
|
||||
class WorkflowEntityDeletionVoter extends Voter
|
||||
{
|
||||
@@ -28,13 +24,13 @@ class WorkflowEntityDeletionVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject)
|
||||
{
|
||||
if (!is_object($subject)) {
|
||||
if (!\is_object($subject)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
foreach ($this->handlers as $handler) {
|
||||
if ($handler->isObjectSupported($subject)
|
||||
&& in_array($attribute, $handler->getDeletionRoles($subject), true)) {
|
||||
&& \in_array($attribute, $handler->getDeletionRoles($subject), true)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -52,6 +48,6 @@ class WorkflowEntityDeletionVoter extends Voter
|
||||
}
|
||||
}
|
||||
|
||||
throw new RuntimeException('no handlers found');
|
||||
throw new \RuntimeException('no handlers found');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,9 +15,6 @@ use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
|
||||
use Symfony\Component\Security\Core\Role\Role;
|
||||
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
||||
|
||||
use function array_keys;
|
||||
use function in_array;
|
||||
|
||||
/**
|
||||
* Helper which traverse all role to find parents.
|
||||
*/
|
||||
@@ -50,12 +47,12 @@ class ParentRoleHelper
|
||||
{
|
||||
$parentRoles = [$role];
|
||||
// transform the roles from role hierarchy from string to Role
|
||||
$roles = array_keys($this->hierarchy);
|
||||
$roles = \array_keys($this->hierarchy);
|
||||
|
||||
foreach ($roles as $r) {
|
||||
$childRoles = $this->roleHierarchy->getReachableRoleNames([$r]);
|
||||
|
||||
if (in_array($role, $childRoles, true)) {
|
||||
if (\in_array($role, $childRoles, true)) {
|
||||
$parentRoles[] = $r;
|
||||
}
|
||||
}
|
||||
@@ -66,7 +63,7 @@ class ParentRoleHelper
|
||||
/**
|
||||
* Test if a parent role may give access to a given child role.
|
||||
*
|
||||
* @param string $childRole The role we want to test if he is reachable
|
||||
* @param string $childRole The role we want to test if he is reachable
|
||||
* @param string $parentRole The role which should give access to $childRole
|
||||
*
|
||||
* @return bool true if the child role is granted by parent role
|
||||
@@ -76,6 +73,6 @@ class ParentRoleHelper
|
||||
$reachableRoles = $this->roleHierarchy
|
||||
->getReachableRoleNames([$parentRole]);
|
||||
|
||||
return in_array($childRole, $reachableRoles, true);
|
||||
return \in_array($childRole, $reachableRoles, true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,6 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\PasswordRecover;
|
||||
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Symfony\Component\EventDispatcher\Event;
|
||||
|
||||
class PasswordRecoverEvent extends \Symfony\Contracts\EventDispatcher\Event
|
||||
{
|
||||
@@ -23,8 +22,8 @@ class PasswordRecoverEvent extends \Symfony\Contracts\EventDispatcher\Event
|
||||
final public const INVALID_TOKEN = 'chill_main.password_recover_invalid_token';
|
||||
|
||||
/**
|
||||
* @param bool $safelyGenerated true if generated safely (from console command, etc.)
|
||||
* @param null|mixed $ip
|
||||
* @param bool $safelyGenerated true if generated safely (from console command, etc.)
|
||||
* @param mixed|null $ip
|
||||
*/
|
||||
public function __construct(
|
||||
private readonly ?string $token = null,
|
||||
@@ -46,7 +45,7 @@ class PasswordRecoverEvent extends \Symfony\Contracts\EventDispatcher\Event
|
||||
return $this->token;
|
||||
}
|
||||
|
||||
public function getUser(): ?\Chill\MainBundle\Entity\User
|
||||
public function getUser(): ?User
|
||||
{
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
@@ -12,9 +12,7 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\PasswordRecover;
|
||||
|
||||
use Chill\MainBundle\Redis\ChillRedis;
|
||||
use LogicException;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use UnexpectedValueException;
|
||||
|
||||
class PasswordRecoverLocker
|
||||
{
|
||||
@@ -75,7 +73,7 @@ class PasswordRecoverLocker
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $usage 'invalid_token_global' or ...
|
||||
* @param string $usage 'invalid_token_global' or ...
|
||||
* @param mixed|null $discriminator
|
||||
*/
|
||||
public static function generateLockKey($usage, int $number, $discriminator = null)
|
||||
@@ -86,7 +84,7 @@ class PasswordRecoverLocker
|
||||
'ask_token_invalid_form_global' => sprintf('ask_token_invalid_form_global_%d', $number),
|
||||
'ask_token_invalid_form_by_ip' => sprintf('ask_token_invalid_form_by_ip_%s_%d', $discriminator, $number),
|
||||
'ask_token_success_by_user' => sprintf('ask_token_success_by_user_%s_%d', $discriminator->getId(), $number),
|
||||
default => throw new LogicException('this usage is not implemented'),
|
||||
default => throw new \LogicException('this usage is not implemented'),
|
||||
};
|
||||
}
|
||||
|
||||
@@ -98,7 +96,7 @@ class PasswordRecoverLocker
|
||||
'ask_token_invalid_form_global' => self::MAX_ASK_TOKEN_INVALID_FORM_GLOBAL,
|
||||
'ask_token_invalid_form_by_ip' => self::MAX_ASK_TOKEN_INVALID_FORM_BY_IP,
|
||||
'ask_token_success_by_user' => self::MAX_ASK_TOKEN_BY_USER,
|
||||
default => throw new UnexpectedValueException("this usage '{$usage}' is not yet implemented"),
|
||||
default => throw new \UnexpectedValueException("this usage '{$usage}' is not yet implemented"),
|
||||
};
|
||||
}
|
||||
|
||||
@@ -108,7 +106,7 @@ class PasswordRecoverLocker
|
||||
'invalid_token_global', 'invalid_token_by_ip' => self::INVALID_TOKEN_TTL,
|
||||
'ask_token_invalid_form_global', 'ask_token_invalid_form_by_ip' => self::ASK_TOKEN_INVALID_FORM_TTL,
|
||||
'ask_token_success_by_user' => self::ASK_TOKEN_INVALID_FORM_TTL * 24,
|
||||
default => throw new UnexpectedValueException("this usage '{$usage}' is not yet implemented"),
|
||||
default => throw new \UnexpectedValueException("this usage '{$usage}' is not yet implemented"),
|
||||
};
|
||||
}
|
||||
|
||||
@@ -119,7 +117,7 @@ class PasswordRecoverLocker
|
||||
for ($i = 0; $i < $max; ++$i) {
|
||||
$key = self::generateLockKey($usage, $i, $discriminator);
|
||||
|
||||
if ($this->chillRedis->exists($key) === 0) {
|
||||
if (0 === $this->chillRedis->exists($key)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,8 +16,6 @@ use Symfony\Component\HttpFoundation\RequestStack;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
|
||||
use function in_array;
|
||||
|
||||
class PasswordRecoverVoter extends Voter
|
||||
{
|
||||
final public const ASK_TOKEN = 'CHILL_PASSWORD_ASK_TOKEN';
|
||||
@@ -47,7 +45,7 @@ class PasswordRecoverVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject): bool
|
||||
{
|
||||
if (!in_array($attribute, $this->supported, true)) {
|
||||
if (!\in_array($attribute, $this->supported, true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -12,14 +12,10 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\PasswordRecover;
|
||||
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Notification\Mailer;
|
||||
use DateTimeInterface;
|
||||
use Symfony\Bridge\Twig\Mime\TemplatedEmail;
|
||||
use Symfony\Component\Mailer\MailerInterface;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
|
||||
use function array_merge;
|
||||
|
||||
class RecoverPasswordHelper
|
||||
{
|
||||
final public const RECOVER_PASSWORD_ROUTE = 'password_recover';
|
||||
@@ -27,16 +23,16 @@ class RecoverPasswordHelper
|
||||
public function __construct(private readonly TokenManager $tokenManager, private readonly UrlGeneratorInterface $urlGenerator, private readonly MailerInterface $mailer) {}
|
||||
|
||||
/**
|
||||
* @param bool $absolute
|
||||
* @param bool $absolute
|
||||
* @param array $parameters additional parameters to url
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function generateUrl(User $user, DateTimeInterface $expiration, $absolute = true, array $parameters = [])
|
||||
public function generateUrl(User $user, \DateTimeInterface $expiration, $absolute = true, array $parameters = [])
|
||||
{
|
||||
return $this->urlGenerator->generate(
|
||||
self::RECOVER_PASSWORD_ROUTE,
|
||||
array_merge(
|
||||
\array_merge(
|
||||
$this->tokenManager->generate($user, $expiration),
|
||||
$parameters
|
||||
),
|
||||
@@ -46,7 +42,7 @@ class RecoverPasswordHelper
|
||||
|
||||
public function sendRecoverEmail(
|
||||
User $user,
|
||||
DateTimeInterface $expiration,
|
||||
\DateTimeInterface $expiration,
|
||||
$template = '@ChillMain/Password/recover_email.txt.twig',
|
||||
array $templateParameters = [],
|
||||
$force = false,
|
||||
@@ -54,7 +50,7 @@ class RecoverPasswordHelper
|
||||
$emailSubject = 'Recover your password'
|
||||
) {
|
||||
if (null === $user->getEmail() || '' === trim($user->getEmail())) {
|
||||
throw new \UnexpectedValueException("No emaail associated to the user");
|
||||
throw new \UnexpectedValueException('No emaail associated to the user');
|
||||
}
|
||||
|
||||
$email = (new TemplatedEmail())
|
||||
@@ -64,7 +60,7 @@ class RecoverPasswordHelper
|
||||
->context([
|
||||
'user' => $user,
|
||||
'url' => $this->generateUrl($user, $expiration, true, $additionalUrlParameters),
|
||||
...$templateParameters
|
||||
...$templateParameters,
|
||||
]);
|
||||
|
||||
$this->mailer->send($email);
|
||||
|
||||
@@ -12,18 +12,7 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\PasswordRecover;
|
||||
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use DateTime;
|
||||
use DateTimeImmutable;
|
||||
use DateTimeInterface;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use UnexpectedValueException;
|
||||
|
||||
use function bin2hex;
|
||||
use function hash;
|
||||
use function hex2bin;
|
||||
use function random_bytes;
|
||||
use function strlen;
|
||||
use function trim;
|
||||
|
||||
class TokenManager
|
||||
{
|
||||
@@ -50,21 +39,21 @@ class TokenManager
|
||||
$this->logger = $logger;
|
||||
}
|
||||
|
||||
public function generate(User $user, DateTimeInterface $expiration)
|
||||
public function generate(User $user, \DateTimeInterface $expiration)
|
||||
{
|
||||
$token = random_bytes(self::TOKEN_LENGTH);
|
||||
$token = \random_bytes(self::TOKEN_LENGTH);
|
||||
$username = $user->getUsernameCanonical();
|
||||
|
||||
if (empty($username)) {
|
||||
throw new UnexpectedValueException('username should not be empty to generate a token');
|
||||
throw new \UnexpectedValueException('username should not be empty to generate a token');
|
||||
}
|
||||
|
||||
$timestamp = (string) $expiration->getTimestamp();
|
||||
$hash = hash('sha1', $token . $username . $timestamp . $this->secret);
|
||||
$hash = \hash('sha1', $token.$username.$timestamp.$this->secret);
|
||||
|
||||
return [
|
||||
self::HASH => $hash,
|
||||
self::TOKEN => bin2hex($token),
|
||||
self::TOKEN => \bin2hex($token),
|
||||
self::TIMESTAMP => $timestamp,
|
||||
self::USERNAME_CANONICAL => $username,
|
||||
];
|
||||
@@ -72,23 +61,23 @@ class TokenManager
|
||||
|
||||
public function verify($hash, $token, User $user, string $timestamp)
|
||||
{
|
||||
$token = hex2bin(trim((string) $token));
|
||||
$token = \hex2bin(\trim((string) $token));
|
||||
|
||||
if (strlen($token) !== self::TOKEN_LENGTH) {
|
||||
if (self::TOKEN_LENGTH !== \strlen($token)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$username = $user->getUsernameCanonical();
|
||||
$date = DateTimeImmutable::createFromFormat('U', $timestamp);
|
||||
$date = \DateTimeImmutable::createFromFormat('U', $timestamp);
|
||||
|
||||
if ($date < new DateTime('now')) {
|
||||
if ($date < new \DateTime('now')) {
|
||||
$this->logger->info('receiving a password recover token with expired '
|
||||
. 'validity');
|
||||
.'validity');
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
$expected = hash('sha1', $token . $username . $timestamp . $this->secret);
|
||||
$expected = \hash('sha1', $token.$username.$timestamp.$this->secret);
|
||||
|
||||
if ($expected !== $hash) {
|
||||
return false;
|
||||
|
||||
@@ -12,10 +12,6 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\Resolver;
|
||||
|
||||
use Chill\MainBundle\Entity\Center;
|
||||
use UnexpectedValueException;
|
||||
|
||||
use function get_class;
|
||||
use function is_array;
|
||||
|
||||
final readonly class CenterResolverManager implements CenterResolverManagerInterface
|
||||
{
|
||||
@@ -38,16 +34,11 @@ final readonly class CenterResolverManager implements CenterResolverManagerInter
|
||||
return [$resolved];
|
||||
}
|
||||
|
||||
if (is_array($resolved)) {
|
||||
if (\is_array($resolved)) {
|
||||
return $resolved;
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException(sprintf(
|
||||
'the return type of a %s should be an instance of %s, an array or null. Resolver is %s',
|
||||
CenterResolverInterface::class,
|
||||
Center::class,
|
||||
$resolver::class
|
||||
));
|
||||
throw new \UnexpectedValueException(sprintf('the return type of a %s should be an instance of %s, an array or null. Resolver is %s', CenterResolverInterface::class, Center::class, $resolver::class));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,6 @@ namespace Chill\MainBundle\Security\Resolver;
|
||||
|
||||
use Chill\MainBundle\Entity\HasCenterInterface;
|
||||
use Chill\MainBundle\Entity\HasCentersInterface;
|
||||
use UnexpectedValueException;
|
||||
|
||||
class DefaultCenterResolver implements CenterResolverInterface
|
||||
{
|
||||
@@ -24,7 +23,6 @@ class DefaultCenterResolver implements CenterResolverInterface
|
||||
|
||||
/**
|
||||
* @param HasCenterInterface $entity
|
||||
* @param array $options
|
||||
*/
|
||||
public function resolveCenter($entity, ?array $options = [])
|
||||
{
|
||||
@@ -36,7 +34,7 @@ class DefaultCenterResolver implements CenterResolverInterface
|
||||
return $entity->getCenters();
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException('should be an instanceof');
|
||||
throw new \UnexpectedValueException('should be an instanceof');
|
||||
}
|
||||
|
||||
public function supports($entity, ?array $options = []): bool
|
||||
|
||||
@@ -13,7 +13,6 @@ namespace Chill\MainBundle\Security\Resolver;
|
||||
|
||||
use Chill\MainBundle\Entity\HasScopeInterface;
|
||||
use Chill\MainBundle\Entity\HasScopesInterface;
|
||||
use UnexpectedValueException;
|
||||
|
||||
class DefaultScopeResolver implements ScopeResolverInterface
|
||||
{
|
||||
@@ -40,13 +39,7 @@ class DefaultScopeResolver implements ScopeResolverInterface
|
||||
return $entity->getScopes();
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException(
|
||||
sprintf(
|
||||
'should be an instanceof %s or %s',
|
||||
HasScopesInterface::class,
|
||||
HasScopeInterface::class
|
||||
)
|
||||
);
|
||||
throw new \UnexpectedValueException(sprintf('should be an instanceof %s or %s', HasScopesInterface::class, HasScopeInterface::class));
|
||||
}
|
||||
|
||||
public function supports($entity, ?array $options = []): bool
|
||||
|
||||
@@ -27,8 +27,6 @@ final class ResolverTwigExtension extends \Twig\Extension\AbstractExtension
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $entity
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function isScopeConcerned($entity, ?array $options = [])
|
||||
@@ -45,8 +43,6 @@ final class ResolverTwigExtension extends \Twig\Extension\AbstractExtension
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $entity
|
||||
*
|
||||
* @return array|\Chill\MainBundle\Entity\Scope|\Chill\MainBundle\Entity\Scope[]
|
||||
*/
|
||||
public function resolveScope($entity, ?array $options = []): array|\Chill\MainBundle\Entity\Scope
|
||||
|
||||
@@ -33,7 +33,6 @@ final readonly class ScopeResolverDispatcher
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array|null $options
|
||||
* @return Scope|iterable<Scope>|Scope|null
|
||||
*/
|
||||
public function resolveScope(mixed $entity, ?array $options = []): null|\Chill\MainBundle\Entity\Scope|iterable
|
||||
|
||||
@@ -26,24 +26,18 @@ interface ScopeResolverInterface
|
||||
|
||||
/**
|
||||
* Return true if the entity is concerned by scope, false otherwise.
|
||||
*
|
||||
* @param mixed $entity
|
||||
*/
|
||||
public function isConcerned($entity, ?array $options = []): bool;
|
||||
|
||||
/**
|
||||
* Will return the scope for the entity.
|
||||
*
|
||||
* @param mixed $entity
|
||||
*
|
||||
* @return array|Scope|Scope[]
|
||||
*/
|
||||
public function resolveScope($entity, ?array $options = []);
|
||||
|
||||
/**
|
||||
* Return true if this resolve is able to decide "something" on this entity.
|
||||
*
|
||||
* @param mixed $entity
|
||||
*/
|
||||
public function supports($entity, ?array $options = []): bool;
|
||||
}
|
||||
|
||||
@@ -11,9 +11,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace Chill\MainBundle\Security;
|
||||
|
||||
use function array_fill_keys;
|
||||
use function array_key_exists;
|
||||
|
||||
class RoleProvider
|
||||
{
|
||||
/**
|
||||
@@ -44,9 +41,7 @@ class RoleProvider
|
||||
$roles = [];
|
||||
|
||||
foreach ($this->providers as $provider) {
|
||||
if ($provider->getRoles() !== null) {
|
||||
$roles = array_merge($roles, $provider->getRoles());
|
||||
}
|
||||
$roles = array_merge($roles, $provider->getRoles());
|
||||
}
|
||||
|
||||
return $roles;
|
||||
@@ -57,9 +52,7 @@ class RoleProvider
|
||||
$roles = [];
|
||||
|
||||
foreach ($this->providers as $provider) {
|
||||
if ($provider->getRolesWithoutScope() !== null) {
|
||||
$roles = array_merge($roles, $provider->getRolesWithoutScope());
|
||||
}
|
||||
$roles = array_merge($roles, $provider->getRolesWithoutScope());
|
||||
}
|
||||
|
||||
return $roles;
|
||||
@@ -76,7 +69,7 @@ class RoleProvider
|
||||
{
|
||||
$this->initializeRolesTitlesCache();
|
||||
|
||||
if (!array_key_exists($role, $this->rolesTitlesCache)) {
|
||||
if (!\array_key_exists($role, $this->rolesTitlesCache)) {
|
||||
// this case might happens when the role is not described in
|
||||
// `getRolesWithHierarchy`
|
||||
return null;
|
||||
@@ -103,12 +96,10 @@ class RoleProvider
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ($provider->getRoles() !== null) {
|
||||
$this->rolesTitlesCache = array_merge(
|
||||
$this->rolesTitlesCache,
|
||||
array_fill_keys($provider->getRoles(), null)
|
||||
);
|
||||
}
|
||||
$this->rolesTitlesCache = array_merge(
|
||||
$this->rolesTitlesCache,
|
||||
\array_fill_keys($provider->getRoles(), null)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,19 +28,15 @@ class UserProvider implements UserProviderInterface
|
||||
try {
|
||||
$user = $this->em->createQuery(sprintf(
|
||||
'SELECT u FROM %s u '
|
||||
. 'WHERE u.usernameCanonical = UNACCENT(LOWER(:pattern)) '
|
||||
. 'OR '
|
||||
. 'u.emailCanonical = UNACCENT(LOWER(:pattern))',
|
||||
.'WHERE u.usernameCanonical = UNACCENT(LOWER(:pattern)) '
|
||||
.'OR '
|
||||
.'u.emailCanonical = UNACCENT(LOWER(:pattern))',
|
||||
User::class
|
||||
))
|
||||
->setParameter('pattern', $username)
|
||||
->getSingleResult();
|
||||
} catch (NoResultException $e) {
|
||||
throw new UsernameNotFoundException(
|
||||
'Bad credentials.',
|
||||
0,
|
||||
$e
|
||||
);
|
||||
throw new UsernameNotFoundException('Bad credentials.', 0, $e);
|
||||
}
|
||||
|
||||
return $user;
|
||||
|
||||
Reference in New Issue
Block a user