From 8642b9a1204225f8f74da7e4ebadc7525715f3f0 Mon Sep 17 00:00:00 2001
From: Tobias Gross-Vogt <tgros@tugraz.at>
Date: Thu, 6 Oct 2022 11:10:21 +0200
Subject: [PATCH] moved Rechtemanagement logics to cure bundle
---
.../AuthorizationDataProviderInterface.php | 24 -----
src/Authenticator/BearerUser.php | 88 ++-----------------
src/Authenticator/BearerUserProvider.php | 18 +---
src/DbpRelayAuthBundle.php | 4 -
src/Resources/config/services.yaml | 5 --
5 files changed, 8 insertions(+), 131 deletions(-)
delete mode 100644 src/API/AuthorizationDataProviderInterface.php
diff --git a/src/API/AuthorizationDataProviderInterface.php b/src/API/AuthorizationDataProviderInterface.php
deleted file mode 100644
index 359d061..0000000
--- a/src/API/AuthorizationDataProviderInterface.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace Dbp\Relay\AuthBundle\API;
-
-interface AuthorizationDataProviderInterface
-{
- /**
- * @return string[]
- */
- public function getAvailableRoles(): array;
-
- /**
- * @return string[]
- */
- public function getAvailableAttributes(): array;
-
- /**
- * @param string[] $userRoles
- * @param mixed[] $userAttributes
- */
- public function getUserData(string $userId, array &$userRoles, array &$userAttributes): void;
-}
diff --git a/src/Authenticator/BearerUser.php b/src/Authenticator/BearerUser.php
index 1cb0664..6ae8f99 100644
--- a/src/Authenticator/BearerUser.php
+++ b/src/Authenticator/BearerUser.php
@@ -4,35 +4,24 @@ declare(strict_types=1);
namespace Dbp\Relay\AuthBundle\Authenticator;
-use Dbp\Relay\AuthBundle\API\AuthorizationDataProviderInterface;
-use Dbp\Relay\CoreBundle\API\UserInterface as DbpUserInterface;
-use Symfony\Component\Security\Core\User\UserInterface as SymfonyUserInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
-class BearerUser implements DbpUserInterface, SymfonyUserInterface
+class BearerUser implements UserInterface
{
- /** @var string[] */
+ /**
+ * @var string[]
+ *
+ * @deprecated
+ */
private $rolesDeprecated;
/** @var string|null */
private $identifier;
- /** @var array */
- private $roles;
-
- /** @var array */
- private $attributes;
-
- /** @var iterable */
- private $authorizationDataProviders;
-
public function __construct(?string $identifier, array $rolesDeprecated)
{
$this->rolesDeprecated = $rolesDeprecated;
$this->identifier = $identifier;
-
- $this->roles = [];
- $this->attributes = [];
- $this->authorizationDataProviders = [];
}
public function getRoles(): array
@@ -63,67 +52,4 @@ class BearerUser implements DbpUserInterface, SymfonyUserInterface
public function eraseCredentials()
{
}
-
- public function setAuthorizationDataProviders(iterable $authorizationDataProviders)
- {
- $this->authorizationDataProviders = $authorizationDataProviders;
- }
-
- public function hasRole(string $roleName): bool
- {
- if (array_key_exists($roleName, $this->roles) === false) {
- $this->loadRole($roleName);
- }
-
- return $this->roles[$roleName] ?? false;
- }
-
- /**
- * @return mixed|null
- */
- public function getAttribute(string $attributeName)
- {
- if (array_key_exists($attributeName, $this->attributes) === false) {
- $this->loadAttributes($attributeName);
- }
-
- return $this->attributes[$attributeName] ?? null;
- }
-
- private function loadRole(string $roleName)
- {
- foreach ($this->authorizationDataProviders as $authorizationDataProvider) {
- $availableRoles = $authorizationDataProvider->getAvailableRoles();
- if (in_array($roleName, $availableRoles, true)) {
- $this->loadUserDataFromAuthorizationProvider($authorizationDataProvider);
- break;
- }
- }
- }
-
- private function loadAttributes(string $attributeName)
- {
- foreach ($this->authorizationDataProviders as $authorizationDataProvider) {
- $availableAttributes = $authorizationDataProvider->getAvailableAttributes();
- if (in_array($attributeName, $availableAttributes, true)) {
- $this->loadUserDataFromAuthorizationProvider($authorizationDataProvider);
- break;
- }
- }
- }
-
- private function loadUserDataFromAuthorizationProvider(AuthorizationDataProviderInterface $authorizationDataProvider)
- {
- $userRoles = [];
- $userAttributes = [];
- $authorizationDataProvider->getUserData($this->identifier, $userRoles, $userAttributes);
-
- foreach ($authorizationDataProvider->getAvailableAttributes() as $availableAttribute) {
- $this->attributes[$availableAttribute] = $userAttributes[$availableAttribute] ?? null;
- }
-
- foreach ($authorizationDataProvider->getAvailableRoles() as $availableRole) {
- $this->roles[$availableRole] = in_array($availableRole, $userRoles, true);
- }
- }
}
diff --git a/src/Authenticator/BearerUserProvider.php b/src/Authenticator/BearerUserProvider.php
index 1469c33..e209d48 100644
--- a/src/Authenticator/BearerUserProvider.php
+++ b/src/Authenticator/BearerUserProvider.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
namespace Dbp\Relay\AuthBundle\Authenticator;
-use Dbp\Relay\AuthBundle\Authorization\AuthorizationDataProviderProvider;
use Dbp\Relay\AuthBundle\OIDC\OIDProvider;
use Dbp\Relay\CoreBundle\API\UserSessionInterface;
use Psr\Log\LoggerAwareInterface;
@@ -19,7 +18,6 @@ class BearerUserProvider implements BearerUserProviderInterface, LoggerAwareInte
private $config;
private $userSession;
private $oidProvider;
- private $authorizationDataProviders;
public function __construct(UserSessionInterface $userSession, OIDProvider $oidProvider)
{
@@ -28,14 +26,6 @@ class BearerUserProvider implements BearerUserProviderInterface, LoggerAwareInte
$this->oidProvider = $oidProvider;
}
- /**
- * @required
- */
- public function injectAuthorizationDataProvders(AuthorizationDataProviderProvider $provider): void
- {
- $this->authorizationDataProviders = $provider->getAuthorizationDataProviders();
- }
-
public function setConfig(array $config)
{
$this->config = $config;
@@ -92,15 +82,9 @@ class BearerUserProvider implements BearerUserProviderInterface, LoggerAwareInte
$identifier = $session->getUserIdentifier();
$userRoles = $session->getUserRoles();
- $user = new BearerUser(
+ return new BearerUser(
$identifier,
$userRoles
);
-
- if ($this->authorizationDataProviders !== null) {
- $user->setAuthorizationDataProviders($this->authorizationDataProviders);
- }
-
- return $user;
}
}
diff --git a/src/DbpRelayAuthBundle.php b/src/DbpRelayAuthBundle.php
index 7f99b1e..3440136 100644
--- a/src/DbpRelayAuthBundle.php
+++ b/src/DbpRelayAuthBundle.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
namespace Dbp\Relay\AuthBundle;
-use Dbp\Relay\AuthBundle\API\AuthorizationDataProviderInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\HttpKernel\Bundle\Bundle;
@@ -12,8 +11,5 @@ class DbpRelayAuthBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
- // add tag to all services implementing the interface
- $container->registerForAutoconfiguration(AuthorizationDataProviderInterface::class)
- ->addTag('auth.authorization_data_provider');
}
}
diff --git a/src/Resources/config/services.yaml b/src/Resources/config/services.yaml
index 046bee2..756ea62 100644
--- a/src/Resources/config/services.yaml
+++ b/src/Resources/config/services.yaml
@@ -34,8 +34,3 @@ services:
Dbp\Relay\AuthBundle\API\UserRolesInterface:
'@Dbp\Relay\AuthBundle\Service\DefaultUserRoles'
-
- Dbp\Relay\AuthBundle\Authorization\AuthorizationDataProviderProvider:
- autowire: true
- autoconfigure: true
- arguments: [!tagged auth.authorization_data_provider]
--
GitLab