app/Plugin/TwoFactorAuthCustomer42/EventListener/CustomerTwoFactorAuthListener.php line 206

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Plugin\TwoFactorAuthCustomer42\EventListener;
  16. use Eccube\Common\EccubeConfig;
  17. use Eccube\Entity\BaseInfo;
  18. use Eccube\Entity\Customer;
  19. use Eccube\Entity\Master\CustomerStatus;
  20. use Eccube\Repository\BaseInfoRepository;
  21. use Eccube\Request\Context;
  22. use Plugin\TwoFactorAuthCustomer42\Repository\TwoFactorAuthTypeRepository;
  23. use Plugin\TwoFactorAuthCustomer42\Repository\TwoFactorAuthCustomerCookieRepository;
  24. use Plugin\TwoFactorAuthCustomer42\Service\CustomerTwoFactorAuthService;
  25. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  26. use Symfony\Component\HttpFoundation\RedirectResponse;
  27. use Symfony\Component\HttpFoundation\Session\Session;
  28. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  29. use Symfony\Component\HttpKernel\Event\ControllerArgumentsEvent;
  30. use Symfony\Component\HttpKernel\KernelEvents;
  31. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  32. use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
  33. use Symfony\Component\Security\Http\Event\LogoutEvent;
  34. use Symfony\Contracts\EventDispatcher\Event;
  36. class CustomerTwoFactorAuthListener implements EventSubscriberInterface
  37. {
  38.     /**
  39.      * @var EccubeConfig
  40.      */
  41.     protected $eccubeConfig;
  42.     /**
  43.      * @var Context
  44.      */
  45.     protected $requestContext;
  46.     /**
  47.      * @var UrlGeneratorInterface
  48.      */
  49.     protected $router;
  50.     /**
  51.      * @var CustomerTwoFactorAuthService
  52.      */
  53.     protected $customerTwoFactorAuthService;
  54.     /**
  55.      * @var TwoFactorAuthTypeRepository
  56.      */
  57.     protected TwoFactorAuthTypeRepository $twoFactorAuthTypeRepository;
  58.     /**
  59.      * @var TwoFactorAuthCustomerCookieRepository
  60.      */
  61.     protected TwoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository;
  62.     /**
  63.      * @var BaseInfo|object|null
  64.      */
  65.     protected $baseInfo;
  66.     /**
  67.      * @var Session
  68.      */
  69.     protected $session;
  70.     /**
  71.      * 通常(ログイン・マイページ)ルート.
  72.      */
  73.     protected $default_routes;
  74.     /**
  75.      * 重要操作ルート.
  76.      */
  77.     protected $include_routes;
  79.     /**
  80.      * @param Context $requestContext
  81.      * @param UrlGeneratorInterface $router
  82.      * @param CustomerTwoFactorAuthService $customerTwoFactorAuthService
  83.      * @param TwoFactorAuthTypeRepository $twoFactorAuthTypeRepository
  84.      * @param TwoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository
  85.      * @param BaseInfoRepository $baseInfoRepository
  86.      * @param SessionInterface $session
  87.      */
  88.     public function __construct(
  89.         Context $requestContext,
  90.         UrlGeneratorInterface $router,
  91.         CustomerTwoFactorAuthService $customerTwoFactorAuthService,
  92.         TwoFactorAuthTypeRepository $twoFactorAuthTypeRepository,
  93.         TwoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository,
  94.         BaseInfoRepository $baseInfoRepository,
  95.         SessionInterface $session
  96.     ) {
  97.         $this->requestContext $requestContext;
  98.         $this->router $router;
  99.         $this->customerTwoFactorAuthService $customerTwoFactorAuthService;
  100.         $this->baseInfo $baseInfoRepository->find(1);
  101.         $this->twoFactorAuthTypeRepository $twoFactorAuthTypeRepository;
  102.         $this->twoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository;
  103.         $this->session $session;
  105.         $this->default_routes $this->customerTwoFactorAuthService->getDefaultAuthRoutes();
  106.         $this->include_routes $this->customerTwoFactorAuthService->getIncludeRoutes();
  107.     }
  109.     /**
  110.      * @return array
  111.      */
  112.     public static function getSubscribedEvents(): array
  113.     {
  114.         return [
  115.             KernelEvents::CONTROLLER_ARGUMENTS => ['onKernelController'7],
  116.             LoginSuccessEvent::class => ['onLoginSuccess'],
  117.             LogoutEvent::class => 'logoutEvent',
  118.         ];
  119.     }
  121.     /**
  122.      * リクエスト受信時イベントハンドラ.
  123.      *
  124.      * @param ControllerArgumentsEvent $event
  125.      */
  126.     public function onKernelController(ControllerArgumentsEvent $event)
  127.     {
  128.         if (!$event->isMainRequest()) {
  129.             // サブリクエストの場合、処理なし
  130.             return;
  131.         }
  133.         if ($this->requestContext->isAdmin()) {
  134.             // バックエンドURLの場合、処理なし
  135.             return;
  136.         }
  138.         if (!$this->baseInfo->isTwoFactorAuthUse()) {
  139.             // 2段階認証使用しない場合は処理なし
  140.             return;
  141.         }
  143.         $route $event->getRequest()->attributes->get('_route');
  144.         $uri $event->getRequest()->getRequestUri();
  146.         $Customer $this->requestContext->getCurrentUser();
  148.         if ($Customer instanceof Customer) {
  149.             if ($Customer->getStatus()->getId() !== CustomerStatus::REGULAR) {
  150.                 // ログインしていない場合、処理なし
  151.                 return;
  152.             }
  154.             if (!$this->isDefaultRoute($route$uri) && !$this->isIncludeRoute($route$uri)) {
  155.                 // 重要操作指定ではなく、マイページ系列ではない場合、処理なし
  156.                 return;
  157.             }
  159.             $this->multiFactorAuth($event$Customer$route);
  160.         }
  161.     }
  163.     /**
  164.      * ログイン完了 イベントハンドラ.
  165.      *
  166.      * @param LoginSuccessEvent $event
  167.      *
  168.      * @return RedirectResponse|void
  169.      */
  170.     public function onLoginSuccess(LoginSuccessEvent $event)
  171.     {
  172.         if ($this->requestContext->isAdmin()) {
  173.             // バックエンドURLの場合処理なし
  174.             return;
  175.         }
  177.         if (!$this->baseInfo->isTwoFactorAuthUse()) {
  178.             // 2段階認証使用しない場合は処理なし
  179.             return;
  180.         }
  182.         if ($this->requestContext->getCurrentUser() === null) {
  183.             // ログインしていない場合は処理なし
  184.             return;
  185.         }
  187.         if ($this->requestContext->getCurrentUser()->getTwoFactorAuthType() !== null &&
  188.             $this->requestContext->getCurrentUser()->getTwoFactorAuthType()->isDisabled()) {
  189.             // ユーザーが選択した2段階認証方式は無効になっている場合、ログアウトさせる。
  190.             return new RedirectResponse($this->router->generate('logout'), 302);
  191.         }
  193.         $this->multiFactorAuth(
  194.             $event,
  195.             $this->requestContext->getCurrentUser(),
  196.             $event->getRequest()->attributes->get('_route'));
  197.     }
  199.     /**
  200.      * ログアウトする前に全ての2FA認証クッキーを消す
  201.      *
  202.      * @param LogoutEvent $logoutEvent ログアウトイベント
  203.      *
  204.      * @return void
  205.      */
  206.     public function logoutEvent(LogoutEvent $logoutEvent)
  207.     {
  208.         $this->customerTwoFactorAuthService->clear2AuthCookies($logoutEvent->getRequest(), $logoutEvent->getResponse());
  209.         $Customer $this->requestContext->getCurrentUser();
  210.         if ($Customer !== null) {
  211.             $this->twoFactorAuthCustomerCookieRepository->deleteByCustomer($Customer);
  212.         }
  213.     }
  216.     /**
  217.      * ルート・URIが個別認証対象かチェック.
  218.      *
  219.      * @param string $route
  220.      * @param string $uri
  221.      *
  222.      * @return bool
  223.      */
  224.     private function isDefaultRoute(string $routestring $uri): bool
  225.     {
  226.         return $this->isTargetRoute($this->default_routes$route$uri);
  227.     }
  229.     /**
  230.      * ルート・URIが対象であるかチェック.
  231.      *
  232.      * @param array $targetRoutes
  233.      * @param string $route
  234.      * @param string $uri
  235.      *
  236.      * @return bool
  237.      */
  238.     private function isTargetRoute(array $targetRoutesstring $routestring $uri): bool
  239.     {
  240.         // ルートで認証
  241.         if (in_array($route$targetRoutes)) {
  242.             return true;
  243.         }
  245.         // URIで認証
  246.         foreach ($targetRoutes as $r) {
  247.             if ($r != '' && $r !== '/' && strpos($uri$r) === 0) {
  248.                 return true;
  249.             }
  250.         }
  252.         return false;
  253.     }
  255.     /**
  256.      * ルート・URIが個別認証対象かチェック.
  257.      *
  258.      * @param string $route
  259.      * @param string $uri
  260.      *
  261.      * @return bool
  262.      */
  263.     private function isIncludeRoute(string $routestring $uri): bool
  264.     {
  265.         return $this->isTargetRoute($this->include_routes$route$uri);
  266.     }
  268.     /**
  269.      * 多要素認証.
  270.      *
  271.      * @param Event $event
  272.      * @param Customer $Customer
  273.      * @param string $route
  274.      *
  275.      * @return mixed
  276.      */
  277.     private function multiFactorAuth($event$Customer$route)
  278.     {
  279.         if (!$this->baseInfo->isTwoFactorAuthUse()) {
  280.             // MFA無効の場合処理なし
  281.             return;
  282.         }
  284.         if (count($this->twoFactorAuthTypeRepository->findBy(['isDisabled' => false])) == 0) {
  285.             // 2段階認証プラグインが有効化されていない場合処理なし
  286.             return;
  287.         }
  289.         // [会員] ログイン時2段階認証状態
  290.         $is_auth $this->customerTwoFactorAuthService->isAuthed($Customer$route);
  292.         if (!$is_auth) {
  293.             log_info('[2段階認証] 実施');
  294.             if ($Customer->getTwoFactorAuthType() === null) {
  295.                 // 2段階認証未設定
  296.                 $this->selectAuthType($event$route);
  297.             } else {
  298.                 // 2段階認証設定済み
  299.                 $this->auth($event$Customer$route);
  300.             }
  301.         }
  302.     }
  304.     /**
  305.      * 多要素認証方式設定画面へリダイレクト.
  306.      *
  307.      * @param Event $event
  308.      * @param string|null $route
  309.      */
  310.     private function selectAuthType($event, ?string $route)
  311.     {
  312.         // [会員] 2段階認証が未設定の場合
  313.         // コールバックURLをセッションへ設定
  314.         $this->setCallbackRoute($route);
  315.         // 2段階認証選択画面へリダイレクト
  316.         $url $this->router->generate('plg_customer_2fa_auth_type_select', [], UrlGeneratorInterface::ABSOLUTE_PATH);
  318.         if ($event instanceof ControllerArgumentsEvent) {
  319.             $event->setController(function () use ($url) {
  320.                 return new RedirectResponse($url302);
  321.             });
  322.         } else {
  323.             $event->setResponse(new RedirectResponse($url302));
  324.         }
  325.     }
  327.     /**
  328.      * コールバックルートをセッションへ設定.
  329.      *
  330.      * @param string|null $route
  331.      */
  332.     private function setCallbackRoute(?string $route)
  333.     {
  334.         if ($route) {
  335.             $this->session->set(CustomerTwoFactorAuthService::SESSION_CALL_BACK_URL$route);
  336.         }
  337.     }
  339.     /**
  340.      * 2段階認証のディスパッチ.
  341.      *
  342.      * @param Event $event
  343.      * @param Customer $Customer
  344.      * @param string|null $route
  345.      */
  346.     private function auth($eventCustomer $Customer, ?string $route)
  347.     {
  348.         // コールバックURLをセッションへ設定
  349.         $this->setCallbackRoute($route);
  350.         // 選択された多要素認証方式で指定されているルートへリダイレクト
  351.         if ($Customer->getTwoFactorAuthType() !== null && $Customer->getTwoFactorAuthType()->isDisabled()) {
  352.             // ユーザーが選択した2段階認証方式は無効になっている場合、ログアウトさせる。
  353.             $event->setController(function () {
  354.                 return new RedirectResponse($this->router->generate('logout'), 302);
  355.             });
  357.             return;
  358.         }
  360.         $url $this->router->generate($Customer->getTwoFactorAuthType()->getRoute());
  362.         if ($event instanceof ControllerArgumentsEvent) {
  363.             $event->setController(function () use ($url) {
  364.                 return new RedirectResponse($url302);
  365.             });
  366.         } else {
  367.             $event->setResponse(new RedirectResponse($url302));
  368.         }
  369.     }
  371. }