Badgeuse : être plus libre dans le choix des IP + refactoring (#1082)

* Move isLocationOk to new helper * Use startswith instead of equals * fix import
elefan-grenoble · Dec 6, 2023 · 8452443 · 8452443
1 parent b258ab8
commit 8452443
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 36 deletions.
diff --git a/src/AppBundle/Helper/PlaceIP.php b/src/AppBundle/Helper/PlaceIP.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace AppBundle\Helper;
+
+use Symfony\Component\DependencyInjection\ContainerInterface as Container;
+
+class PlaceIP {
+
+    private $container;
+
+    public function __construct(Container $container) {
+        $this->container = $container;
+    }
+
+    /**
+     * If enable_place_local_ip_address_check is true & place_local_ip_address is set
+     * Then we check the client's IP against the IP list
+     */
+    public function isLocationOk()
+    {
+        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
+
+        if (isset($checkIps) and $checkIps) {
+            $whitelist_ips = $this->container->getParameter('place_local_ip_address');
+            $whitelist_ips = explode(',', $whitelist_ips);
+            $current_ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
+
+            $current_ip_in_whitelist_ips = array_filter($whitelist_ips, function($whitelist_ip) use ($current_ip) {
+                return str_starts_with($current_ip, $whitelist_ip);
+            });
+            if (count($current_ip_in_whitelist_ips)) {
+                return True;
+            }
+        }
+
+        return False;
+    }
+}
diff --git a/src/AppBundle/Security/CodeVoter.php b/src/AppBundle/Security/CodeVoter.php
@@ -4,6 +4,7 @@
 
 use AppBundle\Entity\Code;
 use AppBundle\Entity\User;
+use AppBundle\Helper\PlaceIP;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
@@ -99,7 +100,7 @@ private function canAdd(Code $code, User $user)
         $now = new \DateTime('now');
         if ($this->canView($code, $user)) { //can add only if last code can be seen
             if ($code->getRegistrar() != $user || $code->getCreatedAt()->format('Y m d') != ($now->format('Y m d'))) { // on ne change pas son propre code
-                if ($this->isLocationOk()) { // et si l'utilisateur est physiquement à l'épicerie
+                if ($this->container->get(PlaceIP::class)->isLocationOk()) { // et si l'utilisateur est physiquement à l'épicerie
                     return true;
                 }
             }
@@ -145,14 +146,4 @@ private function canDelete(Code $code, User $user)
     {
         return false;
     }
-
-    //\AppBundle\Security\UserVoter::isLocationOk DUPLICATED
-    private function isLocationOk()
-    {
-        $ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
-        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
-        $ips = $this->container->getParameter('place_local_ip_address');
-        $ips = explode(',', $ips);
-        return (isset($checkIps) and !$checkIps) or (isset($ip) and in_array($ip, $ips));
-    }
 }
diff --git a/src/AppBundle/Security/MembershipVoter.php b/src/AppBundle/Security/MembershipVoter.php
@@ -4,6 +4,7 @@
 
 use AppBundle\Entity\Membership;
 use AppBundle\Entity\User;
+use AppBundle\Helper\PlaceIP;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -96,7 +97,7 @@ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
             case self::ACCESS_TOOLS:
             case self::BENEFICIARY_ADD:
             case self::CREATE:
-                return $this->isLocationOk();
+                return $this->container->get(PlaceIP::class)->isLocationOk();
             case self::VIEW:
             case self::ANNOTATE:
                 return $this->canView($subject, $token);
@@ -156,15 +157,5 @@ private function canEdit(Membership $subject, TokenInterface $token)
         }
 
         return false;
-
-    }
-
-    private function isLocationOk()
-    {
-        $ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
-        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
-        $ips = $this->container->getParameter('place_local_ip_address');
-        $ips = explode(',', $ips);
-        return (isset($checkIps) and !$checkIps) or (isset($ip) and in_array($ip, $ips));
     }
 }
diff --git a/src/AppBundle/Security/UserVoter.php b/src/AppBundle/Security/UserVoter.php
@@ -3,6 +3,7 @@
 namespace AppBundle\Security;
 
 use AppBundle\Entity\User;
+use AppBundle\Helper\PlaceIP;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
@@ -51,8 +52,8 @@ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
         $user = $token->getUser();
 
         if (!$user instanceof User) {
-            if ($attribute == self::CARD_READER){
-                return $this->isLocationOk();
+            if ($attribute == self::CARD_READER) {
+                return $this->container->get(PlaceIP::class)->isLocationOk();
             }
             // the user must be logged in; if not, deny access
             return false;
@@ -82,7 +83,7 @@ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
                 return true;
             case self::ACCESS_TOOLS:
             case self::CREATE:
-                return $this->isLocationOk();
+                return $this->container->get(PlaceIP::class)->isLocationOk();
             case self::VIEW:
             case self::ANNOTATE:
                 return $this->canView($subject, $token);
@@ -119,7 +120,7 @@ private function canEdit(User $subject, TokenInterface $token)
     {
         $user = $token->getUser();
 
-        if ($this->isLocationOk()) {
+        if ($this->container->get(PlaceIP::class)->isLocationOk()) {
             if ($this->decisionManager->decide($token, ['ROLE_USER_MANAGER'])) {
                 return true;
             }
@@ -131,13 +132,4 @@ private function canEdit(User $subject, TokenInterface $token)
         return false;
 
     }
-
-    private function isLocationOk()
-    {
-        $ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
-        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
-        $ips = $this->container->getParameter('place_local_ip_address');
-        $ips = explode(',', $ips);
-        return (isset($checkIps) and !$checkIps) or (isset($ip) and in_array($ip, $ips));
-    }
-}
+}