-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d37159b
commit b1d3fed
Showing
12 changed files
with
370 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
<?php | ||
|
||
namespace Shoplo\ShoploBundle\DependencyInjection\Security\Factory; | ||
|
||
use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
use Symfony\Component\DependencyInjection\Reference; | ||
use Symfony\Component\DependencyInjection\DefinitionDecorator; | ||
use Symfony\Component\Config\Definition\Builder\NodeDefinition; | ||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; | ||
|
||
class HmacFactory implements SecurityFactoryInterface | ||
{ | ||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) | ||
{ | ||
$providerId = 'security.authentication.provider.wsse.' . $id; | ||
$container | ||
->setDefinition($providerId, new DefinitionDecorator('shoplo.security.authentication.provider')) | ||
->replaceArgument(0, new Reference($userProvider)); | ||
|
||
$listenerId = 'security.authentication.listener.wsse.' . $id; | ||
$container->setDefinition($listenerId, new DefinitionDecorator('shoplo.security.authentication.listener')); | ||
|
||
return [$providerId, $listenerId, $defaultEntryPoint]; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getPosition() | ||
{ | ||
return 'pre_auth'; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getKey() | ||
{ | ||
return 'shoplo_hmac'; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function addConfiguration(NodeDefinition $node) | ||
{ | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
<?php | ||
|
||
namespace Shoplo\ShoploBundle\Entity; | ||
|
||
use Doctrine\ORM\Mapping as ORM; | ||
use Symfony\Component\Security\Core\User\UserInterface; | ||
|
||
/** | ||
* Shop | ||
* | ||
* @ORM\Table(name="shoplo_shops") | ||
* @ORM\Entity(repositoryClass="Shoplo\ShoploBundle\Repository\ShopRepository") | ||
*/ | ||
class Shop implements UserInterface | ||
{ | ||
/** | ||
* @var int | ||
* | ||
* @ORM\Column(name="id", type="integer") | ||
* @ORM\Id | ||
* @ORM\GeneratedValue(strategy="AUTO") | ||
*/ | ||
private $id; | ||
|
||
public function getId() : int | ||
{ | ||
return $this->id; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getRoles() | ||
{ | ||
return [ | ||
'ROLE_USER', | ||
]; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getPassword() | ||
{ | ||
return ''; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getSalt() | ||
{ | ||
return null; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getUsername() | ||
{ | ||
return $this->getId(); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function eraseCredentials() | ||
{ | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
ShoploBundle | ||
============ | ||
|
||
Shoplo bundle for Symfony 2 | ||
Shoplo bundle for Symfony |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<?php | ||
|
||
namespace Shoplo\ShoploBundle\Repository; | ||
|
||
use Doctrine\ORM\EntityRepository; | ||
|
||
class ShopRepository extends EntityRepository | ||
{ | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
services: | ||
shoplo.security.authentication.provider: | ||
class: Shoplo\ShoploBundle\Security\Authentication\Provider\HmacProvider | ||
arguments: | ||
- '' | ||
- '%shoplo_app_secret%' | ||
public: false | ||
|
||
shoplo.security.authentication.listener: | ||
class: Shoplo\ShoploBundle\Security\Firewall\HmacListener | ||
arguments: ['@security.token_storage', '@security.authentication.manager'] | ||
public: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
<?php | ||
|
||
namespace Shoplo\ShoploBundle\Security\Authentication\Provider; | ||
|
||
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | ||
use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
use Shoplo\ShoploBundle\Security\Authentication\Token\HmacUserToken; | ||
|
||
class HmacProvider implements AuthenticationProviderInterface | ||
{ | ||
/** | ||
* @var UserProviderInterface | ||
*/ | ||
private $userProvider; | ||
|
||
/** | ||
* @var string | ||
*/ | ||
private $secret; | ||
|
||
/** | ||
* @param UserProviderInterface $userProvider | ||
* @param string $secret | ||
*/ | ||
public function __construct(UserProviderInterface $userProvider, $secret) | ||
{ | ||
$this->userProvider = $userProvider; | ||
$this->secret = $secret; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function authenticate(TokenInterface $token) | ||
{ | ||
$user = $this->userProvider->loadUserByUsername($token->getUsername()); | ||
|
||
/** @var HmacUserToken $token */ | ||
if ($user && $this->validateDigest($token->getDigest(), $token->getPayload())) { | ||
$authenticatedToken = new HmacUserToken($user->getRoles()); | ||
$authenticatedToken->setUser($user); | ||
|
||
return $authenticatedToken; | ||
} | ||
|
||
throw new AuthenticationException('The HMAC authentication failed.'); | ||
} | ||
|
||
/** | ||
* Validate HMAC digest | ||
* | ||
* @param string $digest | ||
* @param array $payload | ||
* | ||
* @see https://docs.shoplo.com/api/webhook | ||
* | ||
* @return bool | ||
*/ | ||
protected function validateDigest($digest, array $payload) | ||
{ | ||
$algo = 'sha256'; | ||
$data = http_build_query($payload); | ||
$key = $this->secret; | ||
$hash = hash_hmac($algo, $data, $key); | ||
$expected = base64_encode($hash); | ||
|
||
return hash_equals($expected, $digest); | ||
} | ||
|
||
public function supports(TokenInterface $token) | ||
{ | ||
return $token instanceof HmacUserToken; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
<?php | ||
|
||
namespace Shoplo\ShoploBundle\Security\Authentication\Token; | ||
|
||
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; | ||
|
||
class HmacUserToken extends AbstractToken | ||
{ | ||
/** | ||
* @var string | ||
*/ | ||
private $digest; | ||
|
||
/** | ||
* @var array | ||
*/ | ||
private $payload = []; | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function __construct(array $roles = []) | ||
{ | ||
parent::__construct($roles); | ||
|
||
$this->setAuthenticated(count($roles) > 0); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getCredentials() | ||
{ | ||
return ''; | ||
} | ||
|
||
/** | ||
* @return string | ||
*/ | ||
public function getDigest() | ||
{ | ||
return $this->digest; | ||
} | ||
|
||
/** | ||
* @param string $digest | ||
*/ | ||
public function setDigest($digest) | ||
{ | ||
$this->digest = $digest; | ||
} | ||
|
||
/** | ||
* @return array | ||
*/ | ||
public function getPayload() | ||
{ | ||
return $this->payload; | ||
} | ||
|
||
/** | ||
* @param array $payload | ||
*/ | ||
public function setPayload(array $payload) | ||
{ | ||
$this->payload = $payload; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
<?php | ||
|
||
namespace Shoplo\ShoploBundle\Security\Firewall; | ||
|
||
use Symfony\Component\HttpFoundation\Response; | ||
use Symfony\Component\HttpKernel\Event\GetResponseEvent; | ||
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; | ||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
use Symfony\Component\Security\Http\Firewall\ListenerInterface; | ||
use Shoplo\ShoploBundle\Security\Authentication\Token\HmacUserToken; | ||
|
||
class HmacListener implements ListenerInterface | ||
{ | ||
protected $tokenStorage; | ||
protected $authenticationManager; | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager) | ||
{ | ||
$this->tokenStorage = $tokenStorage; | ||
$this->authenticationManager = $authenticationManager; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function handle(GetResponseEvent $event) | ||
{ | ||
$request = $event->getRequest(); | ||
|
||
if (!$request->headers->has('shoplo-shop-id') || !$request->headers->has('shoplo-hmac-sha256')) { | ||
return; | ||
} | ||
|
||
$token = new HmacUserToken(); | ||
$token->setUser($request->headers->get('shoplo-shop-id')); | ||
$token->setDigest($request->headers->get('shoplo-hmac-sha256')); | ||
$token->setPayload($request->request->all()); | ||
|
||
try { | ||
$authToken = $this->authenticationManager->authenticate($token); | ||
$this->tokenStorage->setToken($authToken); | ||
|
||
return; | ||
} catch (AuthenticationException $failed) { | ||
} | ||
|
||
// By default deny authorization | ||
$response = new Response(); | ||
$response->setStatusCode(Response::HTTP_FORBIDDEN); | ||
$event->setResponse($response); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.