gist/app/bootstrap.php.d/70-security.php

<?php

use Gist\Service\UserProvider;
use Silex\Provider\SecurityServiceProvider;
use Silex\Provider\RememberMeServiceProvider;
use Gist\Service\SaltGenerator;
use Gist\Security\AuthenticationProvider;
use Gist\Security\AuthenticationListener;
use Gist\Security\LogoutSuccessHandler;
use Silex\Provider\SessionServiceProvider;

$securitySettings = $app['settings']['security'];

$app['token'] = $securitySettings['token'];

$app['salt_generator'] = $app->share(function ($app) {
    return new SaltGenerator();
});

$app['user.provider'] = $app->share(function ($app) {
    return new UserProvider(
        $app['security.encoder.digest'],
        $app['salt_generator']
    );
});

$app['security.authentication_listener.factory.form'] = $app->protect(function ($name, $options) use ($app) {
    $app['security.authentication_provider.'.$name.'.form'] = $app->share(function ($app) {
        return new AuthenticationProvider($app['user.provider']);
    });

    $app['security.authentication_listener.'.$name.'.form'] = $app->share(function ($app) use ($name) {
        return new AuthenticationListener(
            $app['security.token_storage'],
            $app['security.authentication_provider.'.$name.'.form']
        );
    });

    return [
        'security.authentication_provider.'.$name.'.form',
        'security.authentication_listener.'.$name.'.form',
        null,
        'pre_auth',
    ];
});

$firewall = [
    'security.firewalls' => [
        'default' => [
            'pattern' => '^/',
            'anonymous' => true,
            'form' => [
                'login_path' => '_login',
                'check_path' => '/login_check',
                'always_use_default_target_path' => false,
                'default_target_path' => '/',
            ],
            'logout' => [
                'path' => '/logout',
            ],
            'users' => $app->share(function () use ($app) {
                return $app['user.provider'];
            }),
            'remember_me' => [
                'key' => $app['token'],
                'path' => '/',
                'always_remember_me' => false,
            ],
        ],
    ],
    'security.access_rules' => [
        ['^/[a-z]{2}/my.*$', 'ROLE_USER'],
    ],
];

if ($securitySettings['login_required_to_edit_gist'] || $securitySettings['login_required_to_view_gist'] || $securitySettings['login_required_to_view_embeded_gist']) {
    $exceptedUriPattern = ['login', 'register'];

    if ($securitySettings['login_required_to_view_gist'] === true) {
        $firewall['security.access_rules'][] = ['^/[a-z]{2}/view.*$', 'ROLE_USER'];
        $firewall['security.access_rules'][] = ['^/[a-z]{2}/revs.*$', 'ROLE_USER'];
    } else {
        $exceptedUriPattern[] = 'view';
        $exceptedUriPattern[] = 'revs';
    }

    if ($securitySettings['login_required_to_view_embeded_gist'] === true) {
        $firewall['security.access_rules'][] = ['^/[a-z]{2}/embed.*$', 'ROLE_USER'];
    } else {
        $exceptedUriPattern[] = 'embed';
    }

    if ($securitySettings['login_required_to_edit_gist'] === true) {
        $firewall['security.access_rules'][] = ['^/[a-z]{2}/(?!('.implode('|', $exceptedUriPattern).')).*$', 'ROLE_USER'];
    }
}

$app->register(new SecurityServiceProvider(), $firewall);
$app->register(new SessionServiceProvider());
$app->register(new RememberMeServiceProvider());

$app['security.authentication.logout_handler._proto'] = $app->protect(function ($name, $options) use ($app) {
    return $app->share(function () use ($name, $options, $app) {
        return new LogoutSuccessHandler(
            $app['security.http_utils'],
            isset($options['target_url']) ? $options['target_url'] : '/'
        );
    });
});
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00			`<?php`

			`use Gist\Service\UserProvider;`
			`use Silex\Provider\SecurityServiceProvider;`
#5 Remember me feature 2016-05-31 22:20:17 +02:00			`use Silex\Provider\RememberMeServiceProvider;`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00			`use Gist\Service\SaltGenerator;`
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00			`use Gist\Security\AuthenticationProvider;`
			`use Gist\Security\AuthenticationListener;`
default locale 2015-11-24 18:57:06 +01:00			`use Gist\Security\LogoutSuccessHandler;`
			`use Silex\Provider\SessionServiceProvider;`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00
New configuration file 2017-04-24 01:11:39 +02:00			`$securitySettings = $app['settings']['security'];`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00
New configuration file 2017-04-24 01:11:39 +02:00			`$app['token'] = $securitySettings['token'];`
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00
Form to change the password 2016-12-23 10:28:09 +01:00			`$app['salt_generator'] = $app->share(function ($app) {`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00			`return new SaltGenerator();`
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00			`});`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00			`$app['user.provider'] = $app->share(function ($app) {`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00			`return new UserProvider(`
authentification 2015-11-21 18:28:48 +01:00			`$app['security.encoder.digest'],`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00			`$app['salt_generator']`
			`);`
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00			`});`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00
authentication done 2015-11-23 20:28:09 +01:00			`$app['security.authentication_listener.factory.form'] = $app->protect(function ($name, $options) use ($app) {`
			`$app['security.authentication_provider.'.$name.'.form'] = $app->share(function ($app) {`
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00			`return new AuthenticationProvider($app['user.provider']);`
authentification 2015-11-21 18:28:48 +01:00			`});`
Form to change the password 2016-12-23 10:28:09 +01:00
authentication done 2015-11-23 20:28:09 +01:00			`$app['security.authentication_listener.'.$name.'.form'] = $app->share(function ($app) use ($name) {`
Security: user authentication (still buging) Service: refatoring Translations 2015-11-23 11:53:24 +01:00			`return new AuthenticationListener(`
Form to change the password 2016-12-23 10:28:09 +01:00			`$app['security.token_storage'],`
authentication done 2015-11-23 20:28:09 +01:00			`$app['security.authentication_provider.'.$name.'.form']`
authentification 2015-11-21 18:28:48 +01:00			`);`
			`});`
default locale 2015-11-24 18:57:06 +01:00
authentification 2015-11-21 18:28:48 +01:00			`return [`
authentication done 2015-11-23 20:28:09 +01:00			`'security.authentication_provider.'.$name.'.form',`
			`'security.authentication_listener.'.$name.'.form',`
			`null,`
Form to change the password 2016-12-23 10:28:09 +01:00			`'pre_auth',`
authentification 2015-11-21 18:28:48 +01:00			`];`
			`});`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00
			`$firewall = [`
			`'security.firewalls' => [`
			`'default' => [`
			`'pattern' => '^/',`
			`'anonymous' => true,`
			`'form' => [`
			`'login_path' => '_login',`
			`'check_path' => '/login_check',`
			`'always_use_default_target_path' => false,`
			`'default_target_path' => '/',`
			`],`
			`'logout' => [`
			`'path' => '/logout',`
			`],`
			`'users' => $app->share(function () use ($app) {`
			`return $app['user.provider'];`
			`}),`
			`'remember_me' => [`
			`'key' => $app['token'],`
			`'path' => '/',`
			`'always_remember_me' => false,`
User model, SaltGenerator, UserProvider, UserCreateCommand 2015-11-21 14:27:53 +01:00			`],`
			`],`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`],`
			`'security.access_rules' => [`
			`['^/[a-z]{2}/my.*$', 'ROLE_USER'],`
Form to change the password 2016-12-23 10:28:09 +01:00			`],`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`];`

New configuration file 2017-04-24 01:11:39 +02:00			`if ($securitySettings['login_required_to_edit_gist'] \|\| $securitySettings['login_required_to_view_gist'] \|\| $securitySettings['login_required_to_view_embeded_gist']) {`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`$exceptedUriPattern = ['login', 'register'];`
Form to change the password 2016-12-23 10:28:09 +01:00
New configuration file 2017-04-24 01:11:39 +02:00			`if ($securitySettings['login_required_to_view_gist'] === true) {`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`$firewall['security.access_rules'][] = ['^/[a-z]{2}/view.*$', 'ROLE_USER'];`
			`$firewall['security.access_rules'][] = ['^/[a-z]{2}/revs.*$', 'ROLE_USER'];`
			`} else {`
			`$exceptedUriPattern[] = 'view';`
			`$exceptedUriPattern[] = 'revs';`
			`}`
Form to change the password 2016-12-23 10:28:09 +01:00
New configuration file 2017-04-24 01:11:39 +02:00			`if ($securitySettings['login_required_to_view_embeded_gist'] === true) {`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`$firewall['security.access_rules'][] = ['^/[a-z]{2}/embed.*$', 'ROLE_USER'];`
			`} else {`
			`$exceptedUriPattern[] = 'embed';`
			`}`
default locale 2015-11-24 18:57:06 +01:00
New configuration file 2017-04-24 01:11:39 +02:00			`if ($securitySettings['login_required_to_edit_gist'] === true) {`
Form to change the password 2016-12-23 10:28:09 +01:00			`$firewall['security.access_rules'][] = ['^/[a-z]{2}/(?!('.implode('\|', $exceptedUriPattern).')).*$', 'ROLE_USER'];`
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`}`
			`}`
Form to change the password 2016-12-23 10:28:09 +01:00
Fix issue #5 - Enforce registration 2016-09-19 15:12:53 +02:00			`$app->register(new SecurityServiceProvider(), $firewall);`
#5 Remember me feature 2016-05-31 22:20:17 +02:00			`$app->register(new SessionServiceProvider());`
			`$app->register(new RememberMeServiceProvider());`

default locale 2015-11-24 18:57:06 +01:00			`$app['security.authentication.logout_handler._proto'] = $app->protect(function ($name, $options) use ($app) {`
			`return $app->share(function () use ($name, $options, $app) {`
			`return new LogoutSuccessHandler(`
			`$app['security.http_utils'],`
			`isset($options['target_url']) ? $options['target_url'] : '/'`
			`);`
			`});`
			`});`