From 845244369826776fc94332338679cfdffa7c5288 Mon Sep 17 00:00:00 2001
From: Raphael Odini <raphodn@users.noreply.github.com>
Date: Wed, 6 Dec 2023 11:35:26 +0100
Subject: [PATCH] =?UTF-8?q?Badgeuse=20:=20=C3=AAtre=20plus=20libre=20dans?=
 =?UTF-8?q?=20le=20choix=20des=20IP=20+=20refactoring=20(#1082)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Move isLocationOk to new helper

* Use startswith instead of equals

* fix import
---
 src/AppBundle/Helper/PlaceIP.php           | 38 ++++++++++++++++++++++
 src/AppBundle/Security/CodeVoter.php       | 13 ++------
 src/AppBundle/Security/MembershipVoter.php | 13 ++------
 src/AppBundle/Security/UserVoter.php       | 20 ++++--------
 4 files changed, 48 insertions(+), 36 deletions(-)
 create mode 100644 src/AppBundle/Helper/PlaceIP.php

diff --git a/src/AppBundle/Helper/PlaceIP.php b/src/AppBundle/Helper/PlaceIP.php
new file mode 100644
index 000000000..a3b28a82b
--- /dev/null
+++ b/src/AppBundle/Helper/PlaceIP.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace AppBundle\Helper;
+
+use Symfony\Component\DependencyInjection\ContainerInterface as Container;
+
+class PlaceIP {
+
+    private $container;
+
+    public function __construct(Container $container) {
+        $this->container = $container;
+    }
+
+    /**
+     * If enable_place_local_ip_address_check is true & place_local_ip_address is set
+     * Then we check the client's IP against the IP list
+     */
+    public function isLocationOk()
+    {
+        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
+
+        if (isset($checkIps) and $checkIps) {
+            $whitelist_ips = $this->container->getParameter('place_local_ip_address');
+            $whitelist_ips = explode(',', $whitelist_ips);
+            $current_ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
+
+            $current_ip_in_whitelist_ips = array_filter($whitelist_ips, function($whitelist_ip) use ($current_ip) {
+                return str_starts_with($current_ip, $whitelist_ip);
+            });
+            if (count($current_ip_in_whitelist_ips)) {
+                return True;
+            }
+        }
+
+        return False;
+    }
+}
diff --git a/src/AppBundle/Security/CodeVoter.php b/src/AppBundle/Security/CodeVoter.php
index 7244d08a2..62d6bf8a1 100644
--- a/src/AppBundle/Security/CodeVoter.php
+++ b/src/AppBundle/Security/CodeVoter.php
@@ -4,6 +4,7 @@
 
 use AppBundle\Entity\Code;
 use AppBundle\Entity\User;
+use AppBundle\Helper\PlaceIP;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
@@ -99,7 +100,7 @@ private function canAdd(Code $code, User $user)
         $now = new \DateTime('now');
         if ($this->canView($code, $user)) { //can add only if last code can be seen
             if ($code->getRegistrar() != $user || $code->getCreatedAt()->format('Y m d') != ($now->format('Y m d'))) { // on ne change pas son propre code
-                if ($this->isLocationOk()) { // et si l'utilisateur est physiquement à l'épicerie
+                if ($this->container->get(PlaceIP::class)->isLocationOk()) { // et si l'utilisateur est physiquement à l'épicerie
                     return true;
                 }
             }
@@ -145,14 +146,4 @@ private function canDelete(Code $code, User $user)
     {
         return false;
     }
-
-    //\AppBundle\Security\UserVoter::isLocationOk DUPLICATED
-    private function isLocationOk()
-    {
-        $ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
-        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
-        $ips = $this->container->getParameter('place_local_ip_address');
-        $ips = explode(',', $ips);
-        return (isset($checkIps) and !$checkIps) or (isset($ip) and in_array($ip, $ips));
-    }
 }
diff --git a/src/AppBundle/Security/MembershipVoter.php b/src/AppBundle/Security/MembershipVoter.php
index 32010a3ee..5e5a45ac9 100644
--- a/src/AppBundle/Security/MembershipVoter.php
+++ b/src/AppBundle/Security/MembershipVoter.php
@@ -4,6 +4,7 @@
 
 use AppBundle\Entity\Membership;
 use AppBundle\Entity\User;
+use AppBundle\Helper\PlaceIP;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -96,7 +97,7 @@ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
             case self::ACCESS_TOOLS:
             case self::BENEFICIARY_ADD:
             case self::CREATE:
-                return $this->isLocationOk();
+                return $this->container->get(PlaceIP::class)->isLocationOk();
             case self::VIEW:
             case self::ANNOTATE:
                 return $this->canView($subject, $token);
@@ -156,15 +157,5 @@ private function canEdit(Membership $subject, TokenInterface $token)
         }
 
         return false;
-
-    }
-
-    private function isLocationOk()
-    {
-        $ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
-        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
-        $ips = $this->container->getParameter('place_local_ip_address');
-        $ips = explode(',', $ips);
-        return (isset($checkIps) and !$checkIps) or (isset($ip) and in_array($ip, $ips));
     }
 }
diff --git a/src/AppBundle/Security/UserVoter.php b/src/AppBundle/Security/UserVoter.php
index 4da518938..0aa1581b4 100644
--- a/src/AppBundle/Security/UserVoter.php
+++ b/src/AppBundle/Security/UserVoter.php
@@ -3,6 +3,7 @@
 namespace AppBundle\Security;
 
 use AppBundle\Entity\User;
+use AppBundle\Helper\PlaceIP;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
@@ -51,8 +52,8 @@ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
         $user = $token->getUser();
 
         if (!$user instanceof User) {
-            if ($attribute == self::CARD_READER){
-                return $this->isLocationOk();
+            if ($attribute == self::CARD_READER) {
+                return $this->container->get(PlaceIP::class)->isLocationOk();
             }
             // the user must be logged in; if not, deny access
             return false;
@@ -82,7 +83,7 @@ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
                 return true;
             case self::ACCESS_TOOLS:
             case self::CREATE:
-                return $this->isLocationOk();
+                return $this->container->get(PlaceIP::class)->isLocationOk();
             case self::VIEW:
             case self::ANNOTATE:
                 return $this->canView($subject, $token);
@@ -119,7 +120,7 @@ private function canEdit(User $subject, TokenInterface $token)
     {
         $user = $token->getUser();
 
-        if ($this->isLocationOk()) {
+        if ($this->container->get(PlaceIP::class)->isLocationOk()) {
             if ($this->decisionManager->decide($token, ['ROLE_USER_MANAGER'])) {
                 return true;
             }
@@ -131,13 +132,4 @@ private function canEdit(User $subject, TokenInterface $token)
         return false;
 
     }
-
-    private function isLocationOk()
-    {
-        $ip = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
-        $checkIps = $this->container->getParameter('enable_place_local_ip_address_check');
-        $ips = $this->container->getParameter('place_local_ip_address');
-        $ips = explode(',', $ips);
-        return (isset($checkIps) and !$checkIps) or (isset($ip) and in_array($ip, $ips));
-    }
-}
\ No newline at end of file
+}