PhpbbSessionsAuthBundle/Authentication/phpBBSessionAuthenticator.php at 79cb8f3d670ffda51cf526452fa2880e2663dd44 · phpbb/PhpbbSessionsAuthBundle · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
<?php
/**
 *
 * @package phpBBSessionsAuthBundle
 * @copyright (c) phpBB Limited <https://www.phpbb.com>
 * @license MIT
 *
 */
namespace phpBB\SessionsAuthBundle\Authentication;


use Doctrine\ORM\EntityManager;
use phpBB\SessionsAuthBundle\Authentication\Provider\phpBBUserProvider;
use phpBB\SessionsAuthBundle\Entity\Session;
use phpBB\SessionsAuthBundle\Tokens\phpBBToken;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;

class phpBBSessionAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface
{
    const ANONYMOUS = 1;

    /** @var  string */
    private $cookieName;

    /** @var  string */
    private $boardUrl;

    /** @var  string */
    private $loginPage;

    /** @var RequestStack  */
    private $requestStack;

    /** @var ContainerInterface  */
    private $container;

    /** @var  string */
    private $dbConnection;

    /**
     * @param $cookiename string
     * @param $boardurl  string
     * @param $loginpage string
     * @param $requestStack RequestStack
     * @param ContainerInterface $container
     */
    public function __construct($cookiename, $boardurl, $loginpage, $dbconnection,
                                RequestStack $requestStack, ContainerInterface $container)
    {
        $this->cookieName   = $cookiename;
        $this->boardUrl     = $boardurl;
        $this->loginPage    = $loginpage;
        $this->dbConnection = $dbconnection;
        $this->requestStack = $requestStack;
        $this->container    = $container;
    }

    /**
     * @param TokenInterface $token
     * @param UserProviderInterface $userProvider
     * @param $providerKey
     * @return null|phpBBToken
     */
    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
    {
        if (!$userProvider instanceof phpBBUserProvider)
        {
            throw new \InvalidArgumentException(
                sprintf(
                    'The user provider must be an instance of phpBBUserProvider (%s was given).',
                    get_class($userProvider)
                )
            );
        }

        $sessionId = $this->requestStack->getCurrentRequest()->cookies->get($this->cookieName . '_sid');
        $userId    = $this->requestStack->getCurrentRequest()->cookies->get($this->cookieName . '_u');

        if (empty($sessionId))
        {
            return null; // We can't authenticate if no SID is available.
        }

        /** @var EntityManager $em */
        $em = $this->container->get('doctrine')->getManager($this->dbConnection);

        /** @var Session $session */
        $session = $em->getRepository('phpbbSessionsAuthBundle:Session')->findById($sessionId);


        if (!$session ||
            $session->getUser() == null ||
            ($session->getUser() != null && $session->getUser()->getId() == self::ANONYMOUS) ||
            $session->getUser()->getId() != $userId)
        {
            return null;
        }

        $userIp = $this->requestStack->getCurrentRequest()->getClientIp();

        if (strpos($userIp, ':') !== false && strpos($session->getIp(), ':') !== false)
        {
            $s_ip = $this->shortIpv6($session->getIp(), 3);
            $u_ip = $this->shortIpv6($userIp, 3);
        }
        else
        {
            $s_ip = implode('.', array_slice(explode('.', $session->getIp()), 0, 3));
            $u_ip = implode('.', array_slice(explode('.', $userIp), 0, 3));
        }

        // Assume session length of 3600
        if ($u_ip === $s_ip && $session->getTime() < time() - 3600 + 60)
        {
            // We have a valid user, which is not the guest user.

            $roles = array();

            if ($session->getUser()->isBot()) {
                $roles[] = 'ROLE_BOT';
            }
            else
            {

            }

            $token = new phpBBToken($session->getUser(), $providerKey, $roles);

            return $token;
        }
        return null;

    }

    /**
     * @param TokenInterface $token
     * @param $providerKey
     * @return bool
     */
    public function supportsToken(TokenInterface $token, $providerKey)
    {
        return $token instanceof phpBBToken && $token->getProviderKey() === $providerKey;
    }

    /**
     * @param Request $request
     * @param $providerKey
     * @return phpBBToken
     */
    public function createToken(Request $request, $providerKey)
    {
        return new phpBBToken('anon.', $providerKey);
    }

    /**
     * On a authentication failure we redirect to the phpBB Login page.
     *
     * @param Request $request
     * @param AuthenticationException $exception
     * @return RedirectResponse
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        return new RedirectResponse($this->boardUrl . $this->loginPage);
    }

    /**
     * Returns the first block of the specified IPv6 address and as many additional
     * ones as specified in the length paramater.
     * If length is zero, then an empty string is returned.
     * If length is greater than 3 the complete IP will be returned
     *
     * @copyright (c) phpBB Limited <https://www.phpbb.com>
     * @license GNU General Public License, version 2 (GPL-2.0)
     *
     * @param $ip
     * @param $length
     * @return mixed|string
     */
    private function shortIpv6($ip, $length)
    {
        if ($length < 1)
        {
            return '';
        }

        // extend IPv6 addresses
        $blocks = substr_count($ip, ':') + 1;
        if ($blocks < 9)
        {
            $ip = str_replace('::', ':' . str_repeat('0000:', 9 - $blocks), $ip);
        }
        if ($ip[0] == ':')
        {
            $ip = '0000' . $ip;
        }
        if ($length < 4)
        {
            $ip = implode(':', array_slice(explode(':', $ip), 0, 1 + $length));
        }

        return $ip;
    }

}