src/Listener/AuthorizationCodeListener.php line 30

Open in your IDE?
  1. <?php
  3. namespace App\Listener;
  5. use Nyholm\Psr7\Response;
  6. use Symfony\Component\HttpFoundation\RequestStack;
  7. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  8. use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
  9. use Symfony\Component\Security\Core\Security;
  10. use Twig\Environment;
  12. final class AuthorizationCodeListener
  13. {
  14.     private $urlGenerator;
  15.     private $requestStack;
  16.     private $twig;
  18.     public function __construct(
  19.         UrlGeneratorInterface $urlGenerator,
  20.         RequestStack $requestStack,
  21.         Environment $twig,
  22.         Security $security
  23.     ) {
  24.         $this->urlGenerator $urlGenerator;
  25.         $this->requestStack $requestStack;
  26.         $this->twig         $twig;
  27.         $this->security     $security;
  28.     }
  30.     public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $event): void
  31.     {
  32.         $request $this->requestStack->getCurrentRequest();
  34.         // only handle post requests for logged-in users:
  35.         // get requests will be intercepted and shown the login form
  36.         // other verbs we will handle as an authorization denied
  37.         // and this implementation ensures a user is set at this point already
  38.         if (!\Empire\Core\Login::isLoggedIn()) {
  39.             $event->setResponse(
  40.                             new Response(
  41.                                 302,
  42.                                 [
  43.                                     'Location' => $this->urlGenerator->generate(
  44.                                         'login',
  45.                                         [
  46.                                             'client'    => "Forum"
  47.                                             'returnUrl' => $this->requestStack->getMasterRequest()->getUri(),
  48.                                         ]
  49.                                     ),
  50.                                 ]
  51.                             )
  52.                         );
  53.             return;
  54.         }
  56.         if (!$request->request->has('action')) {
  57.             // 1. successful login, goes to grant page
  58.             $user $this->security->getUser()->initialize();
  59.             preg_match('~https?:\/\/(.*?[^\/])/~s'$request->query->get('redirect_uri'), $cancelUrl);
  60.             $content $this->twig->render('security/grant.html.twig', [
  61.                 'scopes' => $event->getScopes(),
  62.                 'client' => $event->getClient(),
  63.                 'grant'  => AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED,
  64.                 // very simple way to ensure user gets to this point in the
  65.                 // flow when granting or denying is to pre-add their credentials
  66.                 'name' => $request->request->get('name'),
  67.                 'cancelUrl' => $cancelUrl[0],
  68.                 'user' => $user,
  69.             ]);
  71.             $response = new Response(200, [], $content);
  72.             $event->setResponse($response);
  73.         } else {
  74.             // 2. grant operation, either grants or denies
  75.             if ($request->request->get('action') == AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED) {
  76.                 $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
  77.             } else {
  78.                 $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  79.             }
  80.         }
  81.     }
  82. }