~fkooman/vpn-user-portal

ref: 2.3.10 vpn-user-portal/src/UpdateSessionInfoHook.php -rw-r--r-- 2.5 KiB
e0bd9cc0François Kooman prepare for release 1 year, 19 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php

/*
 * eduVPN - End-user friendly VPN.
 *
 * Copyright: 2016-2019, The Commons Conservancy eduVPN Programme
 * SPDX-License-Identifier: AGPL-3.0+
 */

namespace LC\Portal;

use DateInterval;
use DateTime;
use LC\Common\Http\BeforeHookInterface;
use LC\Common\Http\Exception\HttpException;
use LC\Common\Http\Request;
use LC\Common\Http\Service;
use LC\Common\Http\SessionInterface;
use LC\Common\HttpClient\ServerClient;
use LC\Common\Json;

/**
 * This hook is used to update the session info in vpn-server-api.
 */
class UpdateSessionInfoHook implements BeforeHookInterface
{
    /** @var \LC\Common\Http\SessionInterface */
    private $session;

    /** @var \LC\Common\HttpClient\ServerClient */
    private $serverClient;

    /** @var \DateTime */
    private $dateTime;

    /** @var \DateInterval */
    private $sessionExpiry;

    public function __construct(SessionInterface $session, ServerClient $serverClient, DateInterval $sessionExpiry)
    {
        $this->session = $session;
        $this->serverClient = $serverClient;
        $this->dateTime = new DateTime();
        $this->sessionExpiry = $sessionExpiry;
    }

    /**
     * @return false|void
     */
    public function executeBefore(Request $request, array $hookData)
    {
        $whiteList = [
            'POST' => [
                '/_form/auth/verify',
                '/_logout',
            ],
        ];
        if (Service::isWhitelisted($request, $whiteList)) {
            return false;
        }

        if ('yes' === $this->session->get('_update_session_info')) {
            // only sent the ping once per browser session, not on every
            // request
            return false;
        }

        if (!\array_key_exists('auth', $hookData)) {
            throw new HttpException('authentication hook did not run before', 500);
        }

        /** @var \LC\Common\Http\UserInfo */
        $userInfo = $hookData['auth'];

        // check if the authentication backend wants to override the sessionExpiry
        if (null === $sessionExpiresAt = $userInfo->getSessionExpiresAt()) {
            $sessionExpiresAt = date_add(clone $this->dateTime, $this->sessionExpiry);
        }

        $this->serverClient->post(
            'user_update_session_info',
            [
                'user_id' => $userInfo->getUserId(),
                'session_expires_at' => $sessionExpiresAt->format(DateTime::ATOM),
                'permission_list' => Json::encode($userInfo->getPermissionList()),
            ]
        );
        $this->session->set('_update_session_info', 'yes');
    }
}