src/Service/Authorization/MybizRequestAuthorizationChecker.php line 59

Open in your IDE?
  1. <?php
  3. namespace App\Service\Authorization;
  5. use App\Dto\Authorization\AuthorizationHeaderDto;
  6. use App\Entity\Space;
  7. use App\Exception\Authorization\MybizApplicationVersionNotSupportedException;
  8. use App\Exception\Authorization\MybizAuthorizationException;
  9. use App\Exception\Maintenance\MaintenanceException;
  10. use App\Repository\ApplicationRepository;
  11. use App\Repository\ApplicationVersionRepository;
  12. use App\Repository\SpaceRepository;
  13. use App\Service\Lock\MaintenanceLocker;
  14. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  15. use Symfony\Component\HttpFoundation\JsonResponse;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Contracts\Translation\TranslatorInterface;
  20. class MybizRequestAuthorizationChecker
  21. {
  22.     private ParameterBagInterface $parameter;
  23.     private TranslatorInterface $translator;
  25.     private ApplicationRepository $applicationRepository;
  26.     private ApplicationVersionRepository $applicationVersionRepository;
  27.     private SpaceRepository $spaceRepository;
  28.     private MaintenanceLocker $maintenanceLocker;
  30.     public function __construct(
  31.         ParameterBagInterface        $parameter,
  32.         TranslatorInterface          $translator,
  34.         ApplicationRepository        $applicationRepository,
  35.         ApplicationVersionRepository $applicationVersionRepository,
  36.         SpaceRepository              $spaceRepository,
  37.         MaintenanceLocker            $maintenanceLocker
  38.     )
  39.     {
  40.         $this->maintenanceLocker $maintenanceLocker;
  41.         $this->parameter $parameter;
  42.         $this->translator $translator;
  44.         $this->applicationRepository $applicationRepository;
  45.         $this->applicationVersionRepository $applicationVersionRepository;
  46.         $this->spaceRepository $spaceRepository;
  47.     }
  49.     /**
  50.      * @param Request $request
  51.      * @return void
  52.      * @throws MybizApplicationVersionNotSupportedException
  53.      * @throws MybizAuthorizationException
  54.      */
  55.     public function checkAuthorization(
  56.         Request $request
  57.     ): void
  58.     {
  59.         $this->checkHeaderValidity(AuthorizationHeaderDto::generateFromRequest($request));
  60.     }
  62.     /**
  63.      * @param AuthorizationHeaderDto $authorizationHeaderDto
  64.      * @throws MybizApplicationVersionNotSupportedException
  65.      * @throws MybizAuthorizationException
  66.      */
  67.     public function checkHeaderValidity(
  68.         AuthorizationHeaderDto $authorizationHeaderDto
  69.     ): void
  70.     {
  71.         if ($this->maintenanceLocker->isLocked()) {
  72.             throw new MaintenanceException($this->translator->trans("authorization.maintenance", [], "authorization"$authorizationHeaderDto->getLanguage()));
  73.         }
  74.         $space $this->spaceRepository->findOneBy([
  75.             "name" => $authorizationHeaderDto->getName()
  76.         ]);
  78.         if (null === $space) {
  79.             throw new MybizAuthorizationException($this->translator->trans("authorization.space.not_found", [], "authorization"$authorizationHeaderDto->getLanguage()));
  80.         }
  82.         if (false === $space->isEnabled()) {
  83.             throw new MybizAuthorizationException($this->translator->trans("authorization.space.inactive", [], "authorization"$authorizationHeaderDto->getLanguage()));
  84.         }
  86.         // On va checker les versions (uniquement sur la partie mobile)
  87.         try{
  88.             $this->checkMobileApplicationVersion(
  89.                 $space,
  90.                 $authorizationHeaderDto
  91.             );
  92.         }catch (\Throwable $e){
  93.             throw new MybizAuthorizationException($e->getMessage());
  94.         }
  96.         if (true === $this->parameter->get("app_mybiz_api_check_bearer")) {
  97.             $calculatedBearer AuthorizationHashedStringProvider::getAuthorizationHashedString($space->getToken(), $authorizationHeaderDto);
  98.             if ($calculatedBearer !== $authorizationHeaderDto->getToken()) {
  99.                 throw new MybizAuthorizationException($this->translator->trans("authorization.token_invalid", [], "authorization"$authorizationHeaderDto->getLanguage()));
  100.             }
  101.         }
  102.     }
  104.     /**
  105.      * @param Space $space
  106.      * @param AuthorizationHeaderDto $authorizationHeaderDto
  107.      * @return void
  108.      */
  109.     private function checkMobileApplicationVersion(
  110.         Space $space,
  111.         AuthorizationHeaderDto $authorizationHeaderDto
  112.     ): void
  113.     {
  114.         // Si le provider contient "web" alors on ne check pas la version
  115.         if (str_contains($authorizationHeaderDto->getProvider(), "web")) {
  116.             return;
  117.         }
  119.         $application $this->applicationRepository->findOneBy([
  120.             "space" => $space,
  121.             "name" => $authorizationHeaderDto->getProvider()
  122.         ]);
  124.         if (null === $application) {
  125.             throw new MybizAuthorizationException($this->translator->trans("authorization.application.not_found", [], "authorization"$authorizationHeaderDto->getLanguage()));
  126.         }
  128.         if (false === $application->isEnabled()) {
  129.             throw new MybizAuthorizationException($this->translator->trans("authorization.application.inactive", [], "authorization"$authorizationHeaderDto->getLanguage()));
  130.         }
  132.         $applicationVersion $this->applicationVersionRepository->findOneBy([
  133.             "application" => $application,
  134.             "versionNumber" => $authorizationHeaderDto->getVersionNumber()
  135.         ]);
  137.         if (null === $applicationVersion) {
  138.             throw new MybizAuthorizationException($this->translator->trans("authorization.application_version.not_found", [], "authorization"$authorizationHeaderDto->getLanguage()));
  139.         }
  141.         if (false === $applicationVersion->isEnabled()) {
  142.             throw new MybizApplicationVersionNotSupportedException($this->translator->trans("authorization.application_version.inactive", [], "authorization"$authorizationHeaderDto->getLanguage()));
  143.         }
  144.     }
  146.     /**
  147.      * @param \Throwable $e
  148.      * @return JsonResponse
  149.      */
  150.     public function getDefaultErrorMessage(\Throwable $e): JsonResponse
  151.     {
  152.         return new JsonResponse([
  153.             "exception" => $e->getMessage(),
  154.             "error" => $this->translator->trans("authorization.generic_error", [], "authorization"// Par défaut en anglais
  155.         ], Response::HTTP_FORBIDDEN);
  156.     }
  158.     /**
  159.      * @return JsonResponse
  160.      */
  161.     public function getUnknownJWTErrorMessage(): JsonResponse
  162.     {
  163.         return new JsonResponse([
  164.             "error" => $this->translator->trans("authorization.jwt_error", [], "authorization"// Par défaut en anglais
  165.         ], Response::HTTP_UNAUTHORIZED);
  166.     }
  168.     /**
  169.      * @param \Throwable $e
  170.      * @return JsonResponse
  171.      */
  172.     public function getParseErrorMessage(\Throwable $e): JsonResponse
  173.     {
  174.         return new JsonResponse([
  175.             "exception" => $e->getMessage(),
  176.             "error" => $this->translator->trans("authorization.generic_parse_error", [], "authorization"// Par défaut en anglais
  177.         ], Response::HTTP_FORBIDDEN);
  178.     }
  179. }