vendor/kunstmaan/admin-bundle/EventListener/SessionSecurityListener.php line 55

Open in your IDE?
  1. <?php
  3. namespace Kunstmaan\AdminBundle\EventListener;
  5. use Psr\Log\LoggerInterface;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  8. use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
  9. use Symfony\Component\HttpKernel\Event\GetResponseEvent;
  10. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  11. use Symfony\Component\HttpKernel\HttpKernelInterface;
  13. class SessionSecurityListener
  14. {
  15.     /**
  16.      * @var LoggerInterface
  17.      */
  18.     private $logger;
  20.     /**
  21.      * @var bool
  22.      */
  23.     private $ipCheck;
  25.     /**
  26.      * @var bool
  27.      */
  28.     private $userAgentCheck;
  30.     /**
  31.      * @var string
  32.      */
  33.     private $ip;
  35.     /**
  36.      * @var string
  37.      */
  38.     private $userAgent;
  40.     /**
  41.      * @param bool            $ipCheck
  42.      * @param bool            $userAgentCheck
  43.      * @param LoggerInterface $logger
  44.      */
  45.     public function __construct($ipCheck$userAgentCheckLoggerInterface $logger)
  46.     {
  47.         $this->ipCheck $ipCheck;
  48.         $this->userAgentCheck $userAgentCheck;
  49.         $this->logger $logger;
  50.     }
  52.     /**
  53.      * @param FilterResponseEvent|ResponseEvent $event
  54.      */
  55.     public function onKernelResponse($event)
  56.     {
  57.         if (!$event instanceof FilterResponseEvent && !$event instanceof ResponseEvent) {
  58.             throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : FilterResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event)));
  59.         }
  61.         if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
  62.             return;
  63.         }
  65.         // Make sure the ip and user agent is stored in the session
  66.         $request $event->getRequest();
  67.         if ($request->hasSession() && $request->getSession()->isStarted()) {
  68.             $session $request->getSession();
  69.             if ($this->ipCheck && !$session->has('kuma_ip')) {
  70.                 $session->set('kuma_ip'$this->getIp($request));
  71.             }
  72.             if ($this->userAgentCheck && !$session->has('kuma_ua')) {
  73.                 $session->set('kuma_ua'$this->getUserAgent($request));
  74.             }
  75.         }
  76.     }
  78.     /**
  79.      * @param GetResponseEvent $event
  80.      */
  81.     public function onKernelRequest(GetResponseEvent $event)
  82.     {
  83.         if (!$event instanceof GetResponseEvent && !$event instanceof ResponseEvent) {
  84.             throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : GetResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event)));
  85.         }
  87.         if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
  88.             return;
  89.         }
  91.         $request $event->getRequest();
  92.         if ($request->hasSession() && $request->getSession()->isStarted()) {
  93.             $session $request->getSession();
  95.             // Check that the ip matches
  96.             if ($this->ipCheck && $session->has('kuma_ip') && $session->get('kuma_ip') != $this->getIp($request)) {
  97.                 $this->logger->error(sprintf(
  98.                     "Session ip '%s' does not match with request ip '%s', invalidating the current session",
  99.                     $session->get('kuma_ip'),
  100.                     $this->getIp($request)
  101.                 ));
  102.                 $this->invalidateSession($session$request);
  103.             }
  105.             // Check that the user agent matches
  106.             if ($this->userAgentCheck && $session->has('kuma_ua') && $session->get('kuma_ua') != $this->getUserAgent($request)) {
  107.                 $this->logger->error(sprintf(
  108.                     "Session user agent '%s' does not match with request user agent '%s', invalidating the current session",
  109.                     $session->get('kuma_ua'),
  110.                     $this->getUserAgent($request)
  111.                 ));
  112.                 $this->invalidateSession($session$request);
  113.             }
  114.         }
  115.     }
  117.     /**
  118.      * @param SessionInterface $session
  119.      * @param Request          $request
  120.      */
  121.     private function invalidateSession(SessionInterface $sessionRequest $request)
  122.     {
  123.         $session->invalidate();
  124.         $session->set('kuma_ip'$this->getIp($request));
  125.         $session->set('kuma_ua'$this->getUserAgent($request));
  126.     }
  128.     /**
  129.      * @param Request $request
  130.      *
  131.      * @return string
  132.      */
  133.     private function getIp(Request $request)
  134.     {
  135.         if (!$this->ip) {
  136.             $forwarded $request->server->get('HTTP_X_FORWARDED_FOR');
  137.             if (\strlen($forwarded) > 0) {
  138.                 $parts explode(','$forwarded);
  139.                 $parts array_map('trim'$parts);
  140.                 $parts array_filter($parts);
  141.                 if (\count($parts) > 0) {
  142.                     $ip $parts[0];
  143.                 }
  144.             }
  145.             if (empty($ip)) {
  146.                 $ip $request->getClientIp();
  147.             }
  148.             $this->ip $ip;
  149.         }
  151.         return $this->ip;
  152.     }
  154.     /**
  155.      * @param Request $request
  156.      *
  157.      * @return array|string
  158.      */
  159.     private function getUserAgent(Request $request)
  160.     {
  161.         if (!$this->userAgent) {
  162.             $this->userAgent $request->headers->get('User-Agent');
  163.         }
  165.         return $this->userAgent;
  166.     }
  167. }